|
|
How to Use |
||||||||||||||||||
  |
The Spamhaus whitelists are realtime DNS zones designed
primarily for use by internet mail systems. The whitelists are
published by spamhaus.org as two separate and distinct zones, the SWL
and the DWL, designed for use at different points in your email
filtering. See the Whitelist Technical FAQs for additional information on setups. |
|||||||||||||||||
|
The Spamhaus White List (SWL) comprises two datasets in a single zone: an IPv4 whitelist and an IPv6 whitelist (therefore the SWL responds to queries in either IPv4 or IPv6 format). Mail servers query the SWL in the same way as Spamhaus's DNSBLs are queried, a standard SWL DNS query looks like this: 2.0.0.127.swl.spamhaus.org The answer in this case would be: 2.0.0.127.swl.spamhaus.org. 3600 IN A 127.0.2.2 2.0.0.127.swl.spamhaus.org. 3600 IN TXT "http://www.spamhauswhitelist.com/query/127.0.0.2" Recommended Setup Spamhaus
recommends that mail servers apply the SWL IP Whitelist in front of and
therefore before any blocklist or other spam filter checks. As a
whitelisted IP or domain can not concurrently be in both the whitelist
and in a Spamhaus Project blocklist, and senders vetted to the Spamhaus
Whitelist are extremely unlikely to transmit spam, there is no reason
to put any type of spam filter either in front of or after the
whitelist, in fact doing so undermines the purpose and usefulness of
the whitelist.
|
|||||||||||||||||
|
The Domain White List (DWL) contains domains (such as ebay.com, expedia.com, etc.) and is a vouch-by-reference (VBR) domain whitelist designed to automate DKIM certification. See: http://en.wikipedia.org/wiki/Vouch_by_Reference and in particular RFC 5518 for implementation. A mail system sending mail with DKIM signatures in the DWL should include a VBR-Info: header line to encourage recipients to check the DWL, such as VBR-Info: md=<domain>; mv=dwl.spamhaus.org; mc=transaction; (for transactional mail) VBR-Info: md=<domain>; mv=dwl.spamhaus.org; mc=all; (for individual mail) The DWL is queried in this format: <domain>._vouch.dwl.spamhaus.org Where "<domain>" is the domain you want to look up. For example, the query: dwltest.com._vouch.dwl.spamhaus.org Returns the answer: dwltest.com._vouch.dwl.spamhaus.org. 1H IN A 127.0.2.12 dwltest.com._vouch.dwl.spamhaus.org. 1H IN TXT "all" Recommended Setup The
Domain White List (DWL) is designed to be used in conjunction with DKIM
checking on the receiving server. After the receiving server checks the
messages's DKIM signature, it should then check the DKIM signing domain
against the DWL.
|
|||||||||||||||||
|
|
||||||||||||||||||
 |
Whitelist Usage Terms The Spamhaus Whitelist DNS zones are published by the Spamhaus Project and are subject to the Spamhaus Project's standard Usage Terms for use of the Spamhaus DNSBLs/DNSWLs. Use of the Spamhaus Whitelists is free of charge for users who qualify for free use of the Spamhaus Project's public servers (See: Spamhaus Usage Terms). Large, high-traffic or commercial users are required to obtain a Spamhaus Datafeed contract
(if you are an existing Spamhaus Datafeed customer you automatically
have access to the Spamhaus Whitelists in your Datafeed at no extra
cost. Log in to your Datafeed Account Area for more information). |
|