Spamhaus announced that it is rolling out two new sets of return codes for its Domain Block List (DBL) beginning July 1, 2014. The first set is used to list malware domains and botnet command and control (C&C) domains. The second set is used to list legitimate domains that are compromised. The announcement from Spamhaus states “This new data makes DBL more effective and versatile yet maintains DBL’s goal for near zero false positives and widespread usability in production environments.” In particular, use of these new codes can enable users of the DBL to identify and remediate compromised users and websites.
For Return Path customers, this data will be valuable because it will provide insight into whether Spamhaus believes a domain is spammy or is legitimate but being abused to send spam (or phish, or as part of a botnet, etc.).
Below is a table of the DBL return codes, taken from the Spamhaus site, with the new codes highlighted. (http://www.spamhaus.org/news/article/713/changes-in-spamhaus-dbl-dnsbl-return-codes). Note that return code 127.0.1.3 is being replaced by 127.0.1.103, since the intent is to identify when a legit redirector or URL shortener is being used to send spam.
For more information on this change, see the Spamhaus announcement and DBL FAQ, or reach out to your Return Path relationship manager. To understand how email blacklists like this can affect email marketing campaign performance, check out our email blacklist infographic.