Cisco Cisco Email Security Appliance X1050 Fehlerbehebungsanleitung
Is SenderBase on the ESA another DNS RBL?
Document ID: 117910
Contributed by Nasir Shakour and Enrico Werner, Cisco TAC
Engineers.
Jul 10, 2014
Engineers.
Jul 10, 2014
Contents
Question
Is SenderBase another DNSBL?
SenderBase is no ordinary DNSBL. In the anti−spam community, there are many DNS−based blacklists. A
technique developed over ten years ago, DNS−based blacklists provide a way of adding a standardized API
(application programming interface) to a widely distributed database. Because network devices, such as mail
servers, all have a DNS client application built−in (sometimes called a 'resolver'), using the DNS to look up
information about IP addresses is a very natural operation for most systems. The idea of DNS−based
blacklists is to provide an easy way for a widely distributed community of users to efficiently query an
IP−oriented list without having to worry about database replication, authentizcation, or more complex APIs.
technique developed over ten years ago, DNS−based blacklists provide a way of adding a standardized API
(application programming interface) to a widely distributed database. Because network devices, such as mail
servers, all have a DNS client application built−in (sometimes called a 'resolver'), using the DNS to look up
information about IP addresses is a very natural operation for most systems. The idea of DNS−based
blacklists is to provide an easy way for a widely distributed community of users to efficiently query an
IP−oriented list without having to worry about database replication, authentizcation, or more complex APIs.
The strategy for most DNS−based blacklists is to state some description of a blacklist (e.g., "systems which
are known to be open relays") and then allow anyone to query the list to see if an IP address is on the list. If
the address appears, then the list owner asserts that the IP address has met the qualifications to be on the list.
In other words, DNS−based blacklists are "yes/no" answers−−−you either are on the list, or you are not.
are known to be open relays") and then allow anyone to query the list to see if an IP address is on the list. If
the address appears, then the list owner asserts that the IP address has met the qualifications to be on the list.
In other words, DNS−based blacklists are "yes/no" answers−−−you either are on the list, or you are not.
DNS−based blacklists are generally managed by volunteers (although there are a few which are available on a
for−pay subscription basis). They also tend to be very idiosyncratic in their operation. As volunteer−run
projects, they are operated by individuals or groups who feel very strongly about the problem of spam and
generally tend to err on the side of blocking legitimate mail. Enterprises who have chosen to use DNS−based
blacklists either find them minimally effective for reducing spam (i.e., it's hard to get on the list and the list
updates are not timely) or they find that these lists generate a very high false positive rate (i.e., it's too easy to
get on the list).
for−pay subscription basis). They also tend to be very idiosyncratic in their operation. As volunteer−run
projects, they are operated by individuals or groups who feel very strongly about the problem of spam and
generally tend to err on the side of blocking legitimate mail. Enterprises who have chosen to use DNS−based
blacklists either find them minimally effective for reducing spam (i.e., it's hard to get on the list and the list
updates are not timely) or they find that these lists generate a very high false positive rate (i.e., it's too easy to
get on the list).
SenderBase was created to both reduce the problem of idiosyncratic behavior in DNS−based blacklists and to
give the network manager the opportunity to make their own decisions about how conservative or how
aggressively they will use the list. With proper use of SenderBase, in conjunction with an ESA's throttling
capabilities, the rate of false positives can be dropped dramatically at the same time that a large proportion of
spam is kept out of the corporate network.
give the network manager the opportunity to make their own decisions about how conservative or how
aggressively they will use the list. With proper use of SenderBase, in conjunction with an ESA's throttling
capabilities, the rate of false positives can be dropped dramatically at the same time that a large proportion of
spam is kept out of the corporate network.
Updated: Jul 10, 2014
Document ID: 117910