Home  |  Lookup  |  Report Abuse  |  FAQs

The Spamhaus Whitelist
Spamhaus Whitelist Logo

Frequently Asked Questions

Whitelist General FAQ

Whitelist Technical FAQ

Whitelist Setup FAQ

About

Eligibility

Rationale

How to use

Whitelist Technical FAQ

The Whitelists
Return Codes
SWL Query Method
SWL Filter Behaviour
What if there is no return because the whitelist system is down?
DWL Query Method
DWL Filter Behaviour
Filter Behaviour in General



The Whitelists

The Spamhaus Whitelist is actually made up of two whitelists: an IP address whitelist called the 'SWL' and a domain whitelist called the 'DWL'. These are published as swl.spamhaus.org and dwl.spamhaus.org respectively.

The SWL is both an IPv4 and IPv6 whitelist. It responds to queries of either IPv4 or IPv6 addresses. (Note: IPv6 handling is not yet active. Spamhaus estimates IPv6 service starting in 2011)

The DWL is a VBR (vouch-by-reference) domain whitelist designed to automate DKIM certification.


Return Codes
Spamhaus has assigned 127.0.2.0/24 for whitelist return codes.

In practice any response in 127.0.2.0/24 should be taken as a positive "whitelist this" response.

Specific return codes are:

Return Code Description
127.0.2.2 IP sending individual mail
127.0.2.3 IP sending transactions
127.0.2.102 IP sending individual mail - Temporary Listing (entry will expire)
127.0.2.103 IP sending transactions - Temporary Listing (entry will expire)


Return Code Description
127.0.2.12 domain signing individual mail
127.0.2.13 domain signing transactions
127.0.2.112 domain signing individual mail - Temporary Listing (entry will expire)
127.0.2.113 domain signing transactions - Temporary Listing (entry will expire)
TXT record string Description
all domain signing individual mail
transaction domain signing transactions


SWL Query Method
The SWL is queried in the same way as a normal DNSBL/DNSWL, with a IP address (in the case of IPv4). To see if 127.0.0.2 is listed, you send the DNS query in the format:

Query:
2.0.0.127.swl.spamhaus.org

Answer:
2.0.0.127.swl.spamhaus.org. 3600 IN A 127.0.2.2
2.0.0.127.swl.spamhaus.org. 3600 IN TXT "http://www.spamhauswhitelist.com/query/127.0.0.2"

SWL Filter Behaviour

The Spamhaus White List (SWL) is designed to be used at SMTP connect time in front of any spam filtering, before any DNSBLs and any other types of spam filters, content filters, etc.

A positive return from the SWL should cause all spam filters and content filters to be bypassed.

Spamhaus software controls ensure that an IP address can not be at the same time on both the SWL and a Spamhaus DNSBL, therefore a situation where the SWL whitelists a source that is on, say the SBL or any ZEN zone, should never exist.

If there is no return from the SWL, the mail system should proceed as normal.


What if there is no return because the whitelist system is down?
In over ten years of operation the Spamhaus public DNSBL servers have never once been down, not even for a second. Spamhaus's DNS (DNSBL & DNSWL) infrastructure was built to ensure reliability and redundancy and currently consists of over 70 global public mirror servers.


DWL Query Method
The DWL uses Vouch by Reference, defined in RFC 5518. A mail system sending mail with DKIM signatures in the DWL should include a VBR-Info: header line to encourage recipients to check the DWL, such as

VBR-Info: md=; mv=dwl.spamhaus.org; mc=transaction; (for transactional mail)
VBR-Info: md=; mv=dwl.spamhaus.org; mc=all; (for individual mail)

VBR defines TXT record string values in DNS records. Clients must do a TXT query, not an A or other record query.

The result record will contain "transaction" if the entry is marked as being transactional mail, and "all" otherwise.

VBR Query :
<domain>._vouch.dwl.spamhaus.org

VBR Answer:
<domain>._vouch.dwl.spamhaus.org. 1H IN TXT "all"

VBR Test Query:
dwltest.com._vouch.dwl.spamhaus.org

VBR Test Answer:
dwltest.com._vouch.dwl.spamhaus.org. 1H IN TXT "all"

DWL Filter Behaviour

The Domain White List (DWL) a VBR (vouch-by-reference) domain whitelist designed to automate DKIM certification. VBR is designed to be used in conjunction with DKIM checking on the receiving server. After the receiving server checks the messages's DKIM signature, it should then check the DKIM signing domain against the DWL.

For VBR implementation see: http://en.wikipedia.org/wiki/Vouch_by_Reference and in particular RFC 5518 for implementation.

Note: The Domain White List (DWL) should not be used to whitelist messages based on domains seen in email bodies or headers. Only the d= domain identity in a valid DKIM signature provides a usable domain for the DWL. Domain names or URLs in other contexts are easy to forge and are not reliable identifiers.


Filter Behaviour in General
The purpose of the Spamhaus Whitelist is to ensure mail from vetted whitelisted senders is delivered to destination unimpeded by any spam or content filters. On receiving an incoming SMTP connection, mail servers should check the connecting IP address against the SWL and, if the IP address returns positive (listed), should then route the message past all spam filters and content filters.

The Spamhaus Whitelist can be used to reverse a bad score in a scoring system such as SpamAssassin, however that is not its intended prime function. Its principle intended use is to enable mail servers to decide immediately whether to route an incoming message to any spam filters at all, knowing that the sender has no history of spam and has been vetted to comply with Spamhaus's strict Whitelist policy and is extremely unlikely to ever send spam.

If a sender is on the Spamhaus Whitelist it is pointless and a waste of resources to then check to see if the IP is on any Spamhaus blocklist such as Zen, because it can not be. If the IP is on a third party blocklist you would need to decide whether the third party blocklist is right or to give Spamhaus the benefit of the doubt. That decision comes down to you alone.

Incoming mail should however still be put through virus filters, as the Spamhaus Whitelist certifies only that the sender is not a spam sender. Virus's slipping out of legitimate servers as attachments to legitimate emails can occur and one should never take any chances in regards to viruses.


Copyright © 2010 The Spamhaus Whitelist Company
Company Info   |   Contacts   |   Legal Notices   |   Privacy