Distributed Realtime Black List

DRBL node Gremlin.RU


Main page   F.A.Q.   Software   Zones  





Q: Remove me from your list!!! NOW!!!

A: First of all, stop yelling. It won't help you anyway.

The second step towards getting removed is to understand what exactly happened to you. If you find your address in one of the working zones, than it is completely senseless to try to contact the owner of such a zone. And it is twice stupid to contact the maintainer of this or other DRBL sites, because we doesn't have any authority on the other DRBL node's zones. Don't try to reach any 'chief DRBL administrator' because there's no such officer in DRBL project. In fact, there's no central power here at all. If you're confused, try reading the rest of this FAQ.

Well now to the point. If you really want to get off the DRBL lists, what you need is to find out which voteing zones are listing you. These are the only hand-written and human-controlled sources where your address come to the other zones from. Once you're done, contact the people responsible for these zones. Click here for the list of known zones and their respective contacts. But you are strongly encouraged to check the next question before doing so.


Q: I'm not a spammer, why do they list me?

A: The DRBL project's main mission is to provide a mechanism to share local filters written for particular mail servers by their administrators. There are very different sites in the project, from large ISPs to private hobbysts' mailers. Each administrator has his/her own policies and considerations on what he/she doesn't want to accept. The only limitation is that the administrator must use his own zone himself. But you don't really need to be a spammer to get to someone's local filter. It's not an abuse to make a filter: when you own a server, it is your right and your privilege to make decisions what mail to accept and what to reject. Noone is forced to use anyone's voting zone, it's a matter of trust and private considerations. But noone can be forced not to use any filters as well.

This mean you can't demand to remove your address. You only can ask to do so. Please keep it in mind contacting the DRBL zones' administrators.


Q: What is DRBL?
A: DRBL stands for Distributed Realtime Black List. Instead of a proprietary database controlled by certain people, DRBL offers every network to establish its own database and share it with colleagues. DRBL method of operation is similar to other DNS-based black lists, but the main difference is in (1) using many "local" databases instead of one centralized and (2) sharing information among them, so many other networks can make decisions whether some server is a junk generator and has to be banned, and ever do that automatically by getting and analyzing such information from different sources.


Q: How does it work?
A: The network decided to use DRBL should carry two DNS zones - voting (hereafter VOTE) and working (hereafter WORK) usually called vote.drbl.<domain>.<tld> and work.drbl.<domain>.<tld>.
  Banned networks and hosts should be put into VOTE zone as a pair of A and TXT records - e.g.:

*.57.168.192	IN	A	127.0.0.2
		IN	TXT	"Spammers network blocked"
This blocks mail from 192.168.57.0/24 network giving "Spammers network blocked" as a comment.
  The next step is to set up policies used to generate WORK zone. You should decide which VOTE zones will be used and the measure of trust to their administrators. There should be a scalar value of weight assigned to each zone and a threshold value, which is used to generate a WORK zone. Each address from one or more zones gives weight equal to a sum of weights of all zones this address belongs to. If the weight of an address is greater then or equal to a threshold value, then the address is put to a WORK zone.
  Suppose we maintain network-1.ru network and have to use DRBL. So we create vote.drbl.network-1.ru and work.drbl.network-1.ru . Then we decide to generate our WORK zone using information from some other networks - vote.drbl.network-2.ru, vote.drbl.network-3.ru, vote.drbl.network-4.ru, vote.drbl.network-5.ru and vote.drbl.network-6.ru. The administrator of network-2 is our old fellow and, therefore, a trusted person. Less known person is the administrator of network-3, so less we trust, and finally, we don't know the administrators of network-4 , network-5 and network-6, but there are no reasons for us not to trust them (is there are such reasons, we simply won't use their zones at all). Then we decide to use a threshold value of 1 (or 100, to assign weights in a percentage of trust, or some other value) and assign the following weights to zones:
 
vote.drbl.network-1.ru     1 
vote.drbl.network-2.ru     1
vote.drbl.network-3.ru     0.8
vote.drbl.network-4.ru     0.4 
vote.drbl.network-5.ru     0.4
vote.drbl.network-6.ru     0.4 
Now, if some address apears in our own VOTE zone vote.drbl.network-1.ru or in a fully trusted VOTE zone vote.drbl.network-2.ru maintained by our fellow, then this address will be automatically put in our WORK zone, and incoming mail from this address will be rejected.
  If some address is banned in network-3, it will not be put into our WORK zone immediately - it's necessary for it to be banned in some other network. For example, if some address is banned in network-3 and network-5, then its total weight will be 1.2 , which exceeds the threshold value. In this case we suppose that blocking given address somewhere else is a good reason to do the same.
   Finally, if none of the network-1, network-2 or network-3 have blocked some given address, then it will be put into our WORK zone only in case of all three networks will vote for it.


Q: Why do I need it?
A: Most networks have their own mail filters, and many administrators are ready and wish to share the information with each other. DRBL, being the automated decision-making system, is expected to help in this task. Also, being distributed, DRBL can't become proprietary so you don't depend on any particular organization or person.


Q: Why distributed?
A: At primary decision, making the system distributed was intended to keep the system from being vulnerable to the legal prosecution by the blocked spammers.
   Under the conditions of law anarchy, it is practically useless to maintain a centralized database - the higher is its popularity among the administrators of mail servers, the greater are dissatisfyed spammers, whose addresses were put in this database. It becomes necessary to be to ready to constant expenditures for attorneys and judicial expenses - otherwise any spammer with a big moneybag and a smart lawyers will be able to destroy the whole system.
   Being distributed, DRBL lacks this problem. In the majority of the cases there is noone to sue (case "against all at once" can't be considered seriously) - moreover, it's useless. Anyone can block any mail within their own network, so anything is legal. As for other networks using such information, this is voluntary - DRBL has a great amount of concurrent zones. Finally, if some node will be exterminated, the whole system will keep its functionality.
   Furthermore, the distributed system has other merits. Its mechanism of automatic mutual consulting seems to be more flexible, compared to the bureaucratized procedures of nominating spammers network to centralyzed systems. And if some network can't use a particular centralized database for political reasons, there are no contras to use DRBL. As opposed to proprietary information sources, where you have only two alternatives (to use or not to use), DRBL has a number of intermediate states, which could be acieved by using weights which do not exceed threshold value.

Q: So, how do I get out of all these voting zones?

A: Surely, you have received a bounce message similar to this:

550 Rejected: 192.168.62.14 is listed at work.drbl.example.net
This is well enough to investigate, who (and ever why) had listed your host. First of all, who:
% host -t any 14.62.168.192.work.drbl.example.net
14.62.168.192.work.drbl.example.net has address 127.0.0.2
14.62.168.192.work.drbl.example.net descriptive text
"vote.drbl.example.net@ns.example.net"
Why:
% host -t any 14.62.168.192.vote.drbl.example.net
14.62.168.192.vote.drbl.example.net has address 127.0.0.2
14.62.168.192.vote.drbl.example.net descriptive text
"Open SOCKS proxy"
Fix the SOCKS issue - e.g., by setting up NAT - and do one more NS query:
% host -t soa vote.drbl.example.net
vote.drbl.example.net SOA ns.example.net postmaster.example.net(
                        1067889002      ;serial (version)
                        10800   ;refresh period
                        1800    ;retry refresh this often
                        604800  ;expiration period
                        86400   ;minimum TTL
                        )
Now, write to "postmaster AT example DOT net" and ask them to re-test your server.


Q: Whether to use generated work zones as a source for creating other work zones?
A: The answer is NO. The reason is that the existence of the oriented cycles in the graph of the information flows can arise the positive feedback, causing self-excitation. Given address may exist in the system, flowing from one generated WORK zone to other, even if it was already removed from all hands-written VOTE zones. This may put the system in the unpredictable state.
   This is the main reason for only hands-written VOTE zones to be used to automatically generate a WORK zone.


Q: What software do I need?

A: There are two different schemes of a DRBL node. Click here for details.


Q: How should I select zones and set weights?
A: There's no common answer. We recommend using all available zones. The list of known zones is available
here. As for assigning weights, it's simple: the larger and better known is the network, the higher should be its weight. But do not forget, that your own VOTE zone's weight should exceed the threshold value - don't you trust yourself?


Q: Ok, I've made a voting zone. Are there any restrictions for what I can put there?
A: The only restriction is: your network must use your zone yourself. Making this zone publicly accessible means "I don't accept mail from this network". This assertion has substantially larger weight than "I don't like this network". Indeed, it would be very strange if someone has blocked mail connectivity with some given network using your VOTE zone, but you didn't. First of all, you should protect yourself.
   Also you should realize that distribution of some VOTE zone which is not used in originating network is an abuse. Such practice will cause others to assign it low weight values, therefore making it ineffective.
   Even if you do really use your VOTE zone to filter incoming mail, you should keep it with a sufficient degree of responsibility.


Q: I can't (or don't want) to create my own DRBL node. May I still use it to protect my network?
A: Of course. You may use one or more external WORK zones - they are usually publicly accessible. Just put a list of such zones into RBL domains list in your MTA.
   However, setting up your own node is quite simple and there are no real reasons to refuse to set it up.


Q: Well, I have set up my own DRBL node. What should I do to make it available to other networks?

A: You can contact one of the current DRBL members and ask to annonce your zone to the others (please do not contact many of the DRBL members at once -- remember, they hate spam!). There's a closed mailing list used by several of the DRBL members, any of them can annonce your zone to the (almost) whole project.

Please include names of VOTE and WORK zones, address of name server capable of AXFR zone transfer from any address, and the name of the network your zone is used in. Also it would be a good thing to describe your policy of creating the VOTE zone.

Last advise: think before you do. Only in that case your VOTE zone could be popular and have a respectable weight.

Good luck!