public dns

Hey, email nerds! Are you like me, running various random EC2 instances with scripts or applications that do a bunch of spam and email message analysis, checking (among other things) all the domains and IPs you find? Okay, there aren’t millions of us, but I know I’m not alone out there! Email nerds unite! Anyway, if you’re querying Spamhaus’s blocklists directly from your AWS-hosted infrastructure, be aware: Beginning October 18th, Spamhaus is likely to block those queries, responding instead with a 127.255.255.254 response code. Why? It sounds like AWS is a large source of traffic for Spamhaus, and it’s hard for them to sort out who’s who– including who should be getting access for free and who shouldn’t be. Don’t fret, though. Just sign up for the Spamhaus Data Query Service (DQS), and you should be able to keep the access flowing.Is this really surprising at this point? Not to me.

Remember how I warned that querying Spamhaus via public DNS resolvers wasn’t a great idea?”Spamhaus clearly doesn’t want to provide this IP reputation data via [public resolvers] and right now it’s just a question of how effective they are at blocking it. They’re not fully effective at it today, but I’m sure they’ll get better at it over time.”Well, here they are, getting better: This is a clear warning from Spamhaus that while it may work to query Spamhaus via Cloudflare’s 1.1.1.1/1.0.0.1 public DNS service today, it’s not going to work in the near future.

You’ll recall me warning recently that using Spamhaus data to protect your mail server is a bad idea if you’re using open or public DNS resolvers. TL;DR? Spamhaus is worried about too much traffic via public channels but blocking is implemented in a way that makes it effectively intermittent and potentially confusing. You could be fine for weeks and then suddenly you start bouncing all inbound mail accidentally. Or you could be querying a resolver that never shows ANY bad IPs to block, losing you out on the good spam filtering benefit that you were hoping for.Here’s what to do about that.No matter how you implement DNSBL usage, check your logs periodically. In the case of Spamhaus, look for the “127.255.255” response codes. That will indicate that your attempt to query Spamhaus data is being blocked, so you’ve got a problem. That problem is probably interfering with the delivery of…

Do you use any of the Spamhaus blocking lists (DNSBLs) to protect yourself from inbound spam and email threats? If so, you’re not alone. The Spamhaus data is quite popular and used by many ISPs as a front door gatekeeper for IP (and domain) reputation.If you do use any of Spamhaus’s DNSBLs, though, make sure you’re not doing it via a public DNS resolver or via any DNS server that is attempting a high volume of queries against Spamhaus without being registered with them. If you do, you risk the queries triggering blocks simply due to the sheer volume of DNS traffic Spamhaus is receiving. Meaning you’ll end up blocking mail that wasn’t spam and that you probably didn’t mean to block.Here’s how to catch that. Look in your server’s mail log for response codes or response text from Spamhaus queries. For text responses, look for things like “Error: open…