When a mail server receives an incoming message, one of the first things it does is check the sending IP against a list of known bad senders. That list — and the thousands like it — is what an RBL is. Most are distributed via DNS, which makes them DNSBLs. DNS is a natural fit: every server already queries it, and IP addresses map cleanly to DNS records.
Types of Blacklists
There are hundreds of blacklists worldwide, maintained by a wide range of organizations and individuals. Each has its own methodology for building its database and its own process for delisting.
Crowd Sourced
When a recipient flags a message as spam, that report gets aggregated. If enough recipients flag the same sender, the sending IP gets added to the list. Gmail and Outlook both feed complaint data into their own and third-party lists. This is the most common model, and often the fastest to list and delist — complaint volume drives both.
A word on pay-to-delist lists: some RBLs charge a fee for removal. These are widely considered disreputable and shouldn't factor into mail filtering decisions. Well-established providers like Spamhaus are the benchmark: transparent criteria, documented processes, and no fees for legitimate removal requests.
Honey Pots
A honeypot is an email address that was never used for legitimate communication. It exists solely to attract spam crawlers. Any email that arrives is unsolicited by definition, and the sending IP gets flagged. Project Honey Pot runs one of the largest honeypot networks and feeds listing data to several downstream filters.
URIBLs
A URI Blackhole List (URIBL) works at the domain level rather than the IP level. Instead of flagging a sending mail server, it flags domain names found in message bodies that are associated with spam or phishing. URIBLs can affect any organization with a website, not just those running mail servers.
Generator Labs offers free blacklist monitoring that tracks hundreds of DNSBLs and URIBLs on your behalf, so you know immediately if any of your IP addresses or domains appear on a list. In Part 2 of this series, we cover how organizations actually use these lists to filter inbound mail.