Spamhaus DNSBLs and DNSWLs
Spamhaus is responsible for a number of very widely used anti-spam DNS-based Blocklists (DNSBLs) and Whitelists (DNSWLs). Many internet service providers and Internet networks use these services to reduce the amount of spam they take on. The Spamhaus lists collectively protect over 1.77 billion e-mail users, according to Spamhaus' web page (November 2012) and are estimated to block 80 billion spam emails per day globally on the internet (almost 1-million spams per second). Like all DNSBLs, their use is considered controversial by some.
The Spamhaus Block List (SBL) targets "verified spam sources (including spammers, spam gangs and spam support services)." Its goal is to list IP addresses belonging to known spammers, spam operations, and spam-support services The SBL's listings are partially based on the ROKSO index of "spam gangs", for which see below.
The Exploits Block List (XBL) targets "illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, virus-infected PCs & servers and other types of trojan-horse exploits." That is to say, like several other DNSBLs it is a list of known open proxies and exploited computers being used to send spam and viruses. The XBL includes listings gathered by Spamhaus as well as by other contributing DNSBL operations such as the Composite Blocking List (CBL).
The Policy Block List (PBL) is a list that serves many of the same functions of a Dialup Users List, but really it is not a DUL. The PBL lists not only dynamic and DHCP type IP address space designated as 'not allowed to make direct SMTP connections', but static assignments that shouldn't be sending email without prior arrangement. Examples of such are an ISP's core routers, corporate users required by policy to send via their internal mail server, and unassigned IP addresses. Much of the data is provided to Spamhaus by the organizers (ISPs) of the IP address space.
The Domain Block List (DBL) was released in March 2010 and is a list of domain names, which is both a domain URI Blocklist and RHSBL. It lists spam domains including spam payload URLs, spam sources and senders ("right-hand side"), known spammers and spam gangs, and phish, virus and malware-related sites. It later added a zone of "abused URL shortners", a comment way spammers insert links into spam emails.
The Spamhaus White List (SWL) was released in October 2010 and is a whitelist of IPv4 and IPv6 addresses. The SWL is intended to allow mail servers to separate incoming email traffic into 3 categories: Good, Bad and Unknown. Only verified legitimate senders with clean reputations are approved for whitelisting and there are strict terms to keeping a Spamhaus Whitelist account.
The Domain White List (DWL) was released in October 2010 and is a whitelist of domain names. The DWL enables automatic certification of domains with DKIM signatures. Only verified legitimate senders with clean reputations are approved for whitelisting and there are strict terms to keeping a whitelist account.
Spamhaus's DNSBLs and DNSWLs are offered as a free public service to low-volume mail server operators on the Internet. Commercial spam filtering services and other large sites doing large numbers of queries must instead sign up for an rsync-based feed of these DNSBLs, which Spamhaus calls its Datafeed Service, at a moderate fee as long as they are not in Spamhaus's top ten worst spam service ISPs list.
Spamhaus also provides two combined DNSBLs. One is the SBL+XBL which allows users to query sbl-xbl.spamhaus.org once and get return codes from both lists. A newer combination is called ZEN (named after founder Linford's dog), which allows users to query zen.spamhaus.org once and get return codes from the SBL+XBL and the newer PBL.
Spamhaus outlines the way its DNSBL technology works in a document called Understanding DNSBL Filtering.
Read more about this topic: The Spamhaus Project