Real-Time Blacklists (RBLs) are a simple but effective way for organizations around the world to share information about email systems known to send spam. Most RBLs are distributed via DNS, which makes them DNS-based Blacklists (DNSBL). DNS is a natural fit: it's already ubiquitous, every server already has access to it, and IP addresses and domain names map cleanly to DNS records.
Types of Blacklists
There are hundreds of blacklists worldwide, maintained by a wide range of organizations and individuals. Most are free to use, some are commercial, and each has its own methodology for building its database and its own process for delisting. The two most common data collection methods are crowd-sourced reports and honey pots.
Crowd Sourced
Crowd-sourced RBLs are the most common and often the most reliable. When a recipient flags a message as spam, that report gets aggregated. If enough recipients flag the same sender, the sending IP gets added to the list. This is the model used by large free email providers like Gmail and Outlook.
Honey Pots
A honey pot is an email address that was never used for legitimate communication and isn't owned by any real user. It exists solely to attract spam crawlers. Any email that arrives at one of these addresses is, by definition, unsolicited, and the sending IP gets flagged.
URIBLs
A URI Blackhole List (URIBL) works at the domain level rather than the IP level. Instead of flagging a sending mail server, it flags domain names found in message bodies that are associated with spam or phishing. This means URIBLs can affect any organization with a website, not just those running mail servers.
Worth noting: some RBLs have no delisting process, and others charge a fee for removal. Pay-to-delist lists are widely considered disreputable and shouldn't be relied on by mail administrators. Well-established providers like Spamhaus are the gold standard: transparent criteria, clear processes, and no fees for legitimate removal requests.
Generator Labs monitors hundreds of DNSBLs and URIBLs on your behalf, so you know immediately if any of your IP addresses or domains appear on a list. In Part 2 of this series, we cover how organizations actually use these lists to filter inbound mail.