Tuesday, December 21, 2010

NiX Spam is a fairly good DNSBL

The German Anti-Spam blacklist "NiX Spam" of the iX magazine is under the Top 10 of several blacklist monitoring sites.

The higher the overall worldwide spam volume, the higher is the accuracy of NiX Spam DNSBL. Currently the spam volume is low and therefor the rank of NiX Spam dropped but is still under the Top 10. The weeks before they were even under the Top 5.
Blacklists Compared lists NiX Spam at Rank 27 but as they check all logfiles not at time of occurrence but at the end of the week, more than 90 percent of all entries are already outdated. This is due to the very short lifetime of 12 hours for all IPs at NiX Spam.

The NiX Spam DNSBL follows these rules
  • Fully automated. IPs are added to the blacklist if they are sending spam to several spamtraps, the employees of Heise Zeitschriften Verlag GmbH & Co. KG and to employees of manitu GmbH.
  • One IP only. They do not add ranges of IP addresses, so if there is a spamming IP the IPs in the neighborhood are not affected.
  • List on spam. If an IP sent spam, then it gets listed. If they do not see spam from an IP, the IP is not listed.
  • Short lifetime. All IPs are listed for a limited time period. This is currently 12 hours. After that time the IP is removed from the database.
  • Quick remove. If there is a false listing of an IP, it can be easily delisted manually. Visit the removal website to see the instructions.
  • Internal safelist. They have a very big internal whitelist of IPs that will not be included on the blacklist. These include millions of IP addresses, for example IPs of Hotmail, Google, Yahoo, WEB.DE, GMX and many others.
  • Transparency. For each IP listing you can see the timestamp of the incident and also the server the spam mail was sent to. In most of the cases you can even see the email header of the incident. If an ISP or ESP is on the whitelist or has an ARF-Feedback-Loop he will also see the full spam message of the incident.
  • nearly RFC compliant. At the moment they try to fulfill the RFC blacklist draft. But they are fully compliant to RFC 5782.
So if you want to give them a try then you should add the DNS zone ix.dnsbl.manitu.net to your anti-spam solution. In case of SpamAssassin this would look like this:

header    RCVD_IN_NIX_SPAM  eval:check_rbl('nix-spam-lastexternal','ix.dnsbl.manitu.net.')
describe  RCVD_IN_NIX_SPAM  Listed in NIX-SPAM DNSBL (heise.de)
tflags    RCVD_IN_NIX_SPAM  net
score     RCVD_IN_NIX_SPAM  2 # please adjust the score value

No comments: