Distributed
Server Boycott List (DSBL)
It receives relay messages and publishes the results
online. DSBL never sends messages.
The Tester
This could be anybody who has the DSBL test software
or a compatible program installed. The recommended
way to run a tester is to feed spam into the spamtrap
program (or operate a spamtrap and let spammers
feed it), this will test all the hosts that have
sent spam. Of course each tester is free to determine
his/her own test policy.
Relay test message in order to see if a host that
transferred the spam was a vulnerable open relay
or proxy the software run by the tester emulates
what the spammers do and tries to relay a test
message to DSBL, using the various ways spammers
use.
Cookie
Before doing a test the tester asks DSBL for a
unique string, which is used as the test identification.
DSBL uses this cookie to determine whether the
relay message comes from a trusted user or not.
Open relay
Email host that allows anybody to send messages
anywhere, often only using obscure SMTP syntax.
These hosts are often abused by spammers to get
their messages sent out for free.
Open proxy
Proxy server or firewall that allows anybody to
connect anywhere, often used by spammers to obscure
their point of origin, also used in combination
with open relays.
How
are hosts tested?
- The tester asks dsbl for
a unique cookie, giving username/password
if the tester has them.
- DSBL returns a cookie and
remembers the cookie in the database, noting
down whether the cookie was for a trusted
user or not.
- The tester runs relay tests
on the host.
- If the test message is
relayed to DSBL, a server will be listed in
the DSBL database
In which list
is a server listed?
There are 3 lists
list.dsbl.org, here all single hop
relays that were tested by trusted testers get
listed. multihop.dsbl.org, the outputs of multihop
relays tested by trusted testers get listed
here. unconfirmed.dsbl.org, the output servers
of tests by untrusted and anonymous users get
listed here.
| 
