First step is to understand how it works:
There are THREE different main types of data lists:
- DROP lists (You use this type of list to immediately refuse any incoming relay) – DNSBL (our example is dnsbl.ascams.com)
- SCORE RBL (You use this type of list to ADD a numeric number to the incoming relay score) – RBL (our examples are superblock.ascams.com and block.ascams.com)
- SCORE WL (You use this type of list to SUBTRACT a numeric number to the incoming relay score) – WL (our examples are whitefour.ascams.com and whitesix.ascams.com)
Why the different types of lists and scoring?
As an email server administrator, you are not in control of who is listed on which RBL or WL or DNSBL, and, more importantly, YOU CANNOT DROP REAL EMAIL for your client (or you will run out of clients quickly) BUT, you also cannot receive a lot of malware, spam and rubbish (or you will run out of clients quickly)
This has always been the crux of the problem with stopping spam and allowing ham to enter, until now. With the advent of scoring it has become possible for an email server administrator to ‘control’ more effectively how incoming emails are managed by email software. Clients are now able to set their own score number to mark as SPAM and even to set their own numbers to drop or delete or bounce suspected spam.
This is quite neat as the onus has shifted from the email server admin to the client and if the scoring is reasonably accurate, then the clients are happy!
Okay, so the next issue is that each lookup to an RBL or DNSBL or a WL places a delay on your que. If you have a high RPS (requests per second) allowance on the data lists you use, you are good to go, but if you are using public resources you need to be careful not to hit rate limited thresholds (This is why superblock has become so popular! it is a very large list and lists everyone where abuse is seen from and is/was leaking) BUT please do not even try to use superblock as a DROP list, 100% guarantee you will drop legit mail! – Large multinationals love mixing bulk spam with real transactional email, this makes it impossible for small operators to block or drop them, even if they are behaving like bullies. Superblock is an equal opportunity list. It lists ALL abuse)
Like email server software, there are two main scoring systems. Apache Spamassassin is the most used and our lists recommend scoring and DNSBL as follows:
DROP : If listed on dnsbl.ascams.com (is an DNSBL as per RFC returns 127.0.0.2) the IP numer is CURRENTLY (as in now) sending Malware/Abuse/Spam or is a non managed or an AS hijacked or dynamic IP range – You can simply DROP any incoming.
SCORING : First you need to decide your DROP/REJECT score, if your DROP score is 20 (this is at 5/15 or one third to, ratio – if you run hot, you may need to look at one quarter or less…as usual ymmv)
superblock.ascams.com (is an RBL does not return 127.0.0.2 as an RFC compliant DNSBL would – it returns the IP number as answer) Score between 5 and 8
block.ascams.com (is an RBL does not return 127.0.0.2 as an RFC compliant DNSBL would – it returns the IP number as answer) Score between 3 and 5
Of course if your drop score is 100, superblock would be 25 to 40 and block would be 15 to 25
White lists can be used exactly the same as if it were a black list, the ONLY difference is in your SCORE!
White list scoring: Instead of +15 do -15 (this gives the email server administrator more control and data lists can be truly judged in production)
On IPv6 White list with a 20 drop score do a -15 if listed on whitesix.ascams.com! (after 28 February 2022)
It is only YOU that “knows” it is a white list, it could also just as easily have been a black list, scoring list or whatever you decide!. The difference is in the application of the same already working technology.
PRO TIP: To ADD your ipv6 number to ascams.com WHITELIST – email your IPv6 number, your names, your phone number and abuse email address to whitesix@ascams.com
When asked ascams.com will answer with the IPv6 number and TXT of abuse contact email address.