DNSWL

From Wikipedia, the free encyclopedia
Jump to: navigation, search

DNSWL (DNS-based whitelist) is both a generic term and a specific list. The specific list DNSWL.org, lists over 150,000 legitimate SMTP senders.[1]

Generic need for whitelisting[edit]

Natural language understanding is not a mature field. Common computer processes used for spam filtering apply heuristics to avoid presenting too many useless messages to email recipients. This has the severe impact of reducing SMTP reliability[2] by creating false positives; i.e., silently dropping legitimate messages. Whitelists tackle the task of vouching for a sender, which implies identifying an accountable party that the sender belongs to.

DNS whitelisting can also be applied to web traffic when doing incident response or network forensics, since it helps the analyst to tell malicious domains apart from "normal" web surfing.[3] It is, however, not recommended to actively block web traffic not on the whitelist, since this would cause even legit web surfing to be blocked.

For IPv6, blacklisting is not a realistic option, because of the greatly increased addresses. So whitelisting can be used to reduce a huge address space to a set of manageable size: first build a global whitelist of IPv6 registered senders, and second blacklist within that. By accepting all authentic sender registration request, it is at least possible to eliminate spambots.[4]

DNSWL.org[edit]

DNSWL.org was founded on 1 November 2006 by Matthias Leisi.[5] Legitimate senders can register for free. Most DNS servers are sponsored by various organizations worldwide.[6]

DNSWL.org lists IP addresses, but also holds domain names, category, and email contact addresses. Each IP address is given a "trustworthiness" level; applications (e.g., SpamAssassin) typically decrease the "spamminess" score of a message by a value proportional to that level.

See also[edit]

References[edit]

  1. ^ Matthias Leisi (27 January 2009). "50'000!". Retrieved 16 July 2009. 
  2. ^ See Bounce message for a discussion about delivery errors, and backscatter (e-mail) for why they cannot always be noticed to the sender.
  3. ^ "DNS whitelisting in NetworkMiner, NETRESEC Network Security Blog". Netresec.com. 2013-10-02. Retrieved 2013-10-03. 
  4. ^ Paul Vixie (7 June 2011). "Two Stage Filtering for IPv6 Electronic Mail". CircleID. Retrieved 17 June 2011. 
  5. ^ Matthias Leisi (1 November 2008). "Happy Birthday, dnswl.org". Retrieved 16 July 2009. 
  6. ^ DNSWL's thanks page doesn't list its sponsors extensively. Robtex's page and whois data at PIR.org are more up to date.

External links[edit]