Editing Domain Name System blocklist (section)

== History ==
The first DNSBL was the Real-time Blackhole List (RBL), created in 1997, at first as a [[Border Gateway Protocol]] (BGP) feed by [[Paul Vixie]], and then as a DNSBL by Eric Ziegast as part of Vixie's [[Mail Abuse Prevention System]] (MAPS); Dave Rand at Abovenet was its first subscriber.<ref>{{cite web |url=http://sunsite.uakom.sk/sunworldonline/swol-12-1997/swol-12-vixie.html |title=What will stop spam? |access-date=2008-05-16 |author-last=McMillan |author-first=Robert |date=December 1997}}</ref> The very first version of the RBL was not published as a DNSBL, but rather a list of networks transmitted via BGP to [[router (computing)|router]]s owned by subscribers so that network operators could drop all [[TCP/IP]] traffic for machines used to send spam or host spam supporting services, such as a website. The inventor of the technique later commonly called a DNSBL was Eric Ziegast while employed at Vixie Enterprises.

The term "blackhole" refers to a [[black hole (networking)|networking black hole]], an expression for a link on a network that drops incoming traffic instead of forwarding it normally. The intent of the RBL was that sites using it would refuse traffic from sites which supported spam — whether by actively sending spam, or in other ways. Before an address would be listed on the RBL, volunteers and MAPS staff would attempt repeatedly to contact the persons responsible for it and get its problems corrected. Such effort was considered very important before black-holing all network traffic, but it also meant that spammers and spam supporting ISPs could delay being put on the RBL for long periods while such discussions went on.

Later, the RBL was also released in a DNSBL form and Paul Vixie encouraged the authors of [[sendmail]] and other mail software to implement RBL support in their clients. These allowed the mail software to query the RBL and reject mail from listed sites on a per-mail-server basis instead of black-holing all traffic.

Soon after the advent of the RBL, others started developing their own lists with different policies. One of the first was Alan Brown's [[Open Relay Behavior-modification System]] (ORBS). This used automated testing to discover and list mail servers running as [[open mail relay]]s—exploitable by [[spammers]] to carry their spam. ORBS was controversial at the time because many people felt running an open relay was acceptable, and that scanning the Internet for open mail servers could be abusive.

In 2003, a number of DNSBLs came under [[denial-of-service attack]]s (DOS). Since no party has admitted to these attacks nor been discovered responsible, their purpose is a matter of speculation. However, many observers believe the attacks are perpetrated by spammers in order to interfere with the DNSBLs' operation or hound them into shutting down. In August 2003, the firm [[Osirusoft]], an operator of several DNSBLs including one based on the [[Spam Prevention Early Warning System|SPEWS]] data set, shut down its lists after suffering weeks of near-continuous attack.

Technical specifications for DNSBLs came relatively late in RFC5782.{{ref RFC|5782}}

=== URI DNSBLs ===
A [[Uniform Resource Identifier]] (URI) DNSBL is a DNSBL that lists the domain names and sometimes also IP addresses which are found in the "clickable" links contained in the body of spams, but generally not found inside legitimate messages.

URI DNSBLs were created when it was determined that much spam made it past spam filters during that short time frame between the first use of a spam-sending IP address and the point where that sending IP address was first listed on major sending-IP-based DNSBLs.

In many cases, such elusive spam contains in their links domain names or IP addresses (collectively referred to as a URIs) where that URI was ''already'' spotted in previously caught spam and where that URI is not found in non-spam e-mail.

Therefore, when a spam filter extracts all URIs from a message and checks them against a URI DNSBL, then the spam can be blocked even if the sending IP for that spam has not yet been listed on any sending IP DNSBL.

Of the three major URI DNSBLs, the oldest and most popular is '''[[SURBL]]'''.<ref>{{cite web |url=http://www.surbl.org/ |title=SURBL |publisher=SURBL |access-date=2012-05-06}}</ref> After SURBL was created, some of the volunteers for SURBL started the second major URI DNSBL, '''URIBL'''.<ref>{{cite web |url=http://www.uribl.com/ |title=URIBL |publisher=URIBL |access-date=2012-05-06}}</ref> In 2008, another long-time SURBL volunteer started another URI DNSBL, '''ivmURI'''.<ref>{{cite web |url=http://dnsbl.invaluement.com/ivmuri/ |title=ivmURI |publisher=Dnsbl.invaluement.com |date=2008-05-31 |access-date=2012-05-06 |url-status=dead |archive-url=https://web.archive.org/web/20120505190857/http://dnsbl.invaluement.com/ivmuri/ |archive-date=2012-05-05}}</ref> [[The Spamhaus Project]] provides the Spamhaus Domain Block List ('''DBL''') which they describe as domains "found in spam messages".<ref>{{cite web|url=http://www.spamhaus.org/dbl/ |title=The Domain Block List |publisher=The Spamhaus Project |access-date=2014-10-10}}</ref> The DBL is intended as both a URIBL and RHSBL, to be checked against both domains in a message's envelope and headers and domains in URLs in message bodies. Unlike other URIBLs, the DBL only lists domain names, not IP addresses, since Spamhaus provides other lists of IP addresses.

URI DNSBLs are often confused with RHSBLs (Right Hand Side BLs). But they are different. A URI DNSBL lists domain names and IPs found in the body of the message. An RHSBL lists the domain names used in the "from" or "reply-to" e-mail address. RHSBLs are of debatable effectiveness since many spams either use forged "from" addresses or use "from" addresses containing popular free mail domain names, such as [[gmail.com]], [[yahoo.com]], or [[hotmail.com]] URI DNSBLs are more widely used than RHSBLs, are very effective, and are used by the majority of spam filters.