The Kempt.net DNS Black List

The Kempt.net DNS Black List (DNSBL) operates identically to other such lists on the Internet. See Spam Links for more information on the DNSBL concept.

If you are a mail server administrator attempting to remove your host from the black list, please see the Kempt.net spam policy page.

Unique aspects of this DNSBL

The goal of the Kempt.net black list is to catch and react to new hosts used for spamming purposes as quickly as possible. We leave long-known open relays and established spam sources to be listed by other DNSBLs.

Via an automated process, hosts are listed within minutes of the first time we catch them sending or relaying spam, and they are removed from the list a day later. Any further offenses by the same host will cause it to be listed again, but for a longer period of time for each subsequent offense.

As a result, the Kempt.net DNSBL lists a fairly small number of hosts at any given time. Although the back-end database contains all the hosts that have ever been listed, the subset visible via DNS consists of only the hosts that are currently active spam sources or relays.

Furthermore, it does not list hosts that are listed by other more comprehensive (but often slower to react) DNSBLs. Since the mail hosts involved in maintaining the Kempt.net black list also use other DNSBLs to block known spammers, the Kempt.net DNSBL will never see spam from those blocked hosts, and so the software will not be triggered.

Because of the properties described above, the Kempt.net DNSBL is best used in conjunction with other DNSBLs that systematically test for open relays or that list known sources of spam. Use the larger lists to filter out the long-term problem hosts, and use the Kempt.net list at the same time to catch the transient, newly-active sources.

Listing Policy

Any known-spam message detected by the kempt.net mail servers will cause the sending host to be listed immediately. Messages are identified by the way in which they are sent and the addresses to which they are sent, not by their content. In this way, no message will be misidentified as spam simply because it matches some criteria for spam-like content. The list does not target any particular spammers or any particular spam messages. The most commonly identified spam messages are those that are sent to one of several email addresses that have never existed in the history of the Internet, and yet which, for some unknown reason, each receive dozens of spam messages a day.

As mentioned above, offending hosts are delisted fairly quickly, with the "penalty" time determined by the number of times this particular host has relayed or originated spam in the past. This way, transient spammers are listed for a short time, and will be delisted once the problem is corrected. Persistent spammers will be listed for a longer time, and will presumably sooner or later show up in many of the larger lists of known open relays or spam sources.

Technical details

The A record (IP address) returned by the list is currently always 127.0.0.2. That is, no differentiation is made between open relays, spam sources, and backscatter sources. The intent is to list the offending host quickly, rather than investigate the exact nature of the offense.

Along with the A record, a TXT record is returned containing an English-language description of the last time that host has been caught sending spam.

Statistics

Unfortunately, statistics are not currently available. We hope to add a statistics page including a form to query the list in the future.

How to use the list

Anyone is welcome use the Kempt.net DNSBL, but we ask that you send email to <service@kempt.net> so that we can notify you of any changes to the service in the future. The domain name to use is dnsbl.kempt.net.

Configuring your mail server or router to use the list is discussed in numerous resources on the web. If you happen to be using Sendmail, you can simply add this line to your mc file:

FEATURE(dnsbl, `dnsbl.kempt.net', `"553 Message from " $&{client_addr} " rejected due to recent spam activity - see <http://www.kempt.net/spam-policy.html>"')

If you use Postfix, you can add something like this to your main.cf: (Thanks to Jim Woodworth for the tip.)

smtpd_recipient_restrictions = reject_rbl_client dnsbl.kempt.net

You may have multiple restrictions listed for smtpd_recipient_restrictions, using commas or multiple lines. Similarly, Sendmail allows you to use the 'dnsbl' FEATURE multiple times to check several DNSBLs.

As mentioned above, you will also want to use one or more DNSBLs that list known open relays and spam sources. The sites drbcheck and Declude may help you choose appropriate DNSBLs to use. The lookup engines at openrbl.org, DNS Stuff, and Kloth.net allow you to test a host to see whether it is listed by a number of popular DNSBLs.