RBLs can be used for outright blocking of email or for scoring as part of SpamAssassin configuration.
In my case I use RBL’s in the Exim config on cPanel servers for outright blocking, this is to minimise how much email needs to be processed by SpamAssassin, reducing server load.
Because I choose to reject email outright based on RBL blacklists, I use some RBL whitelists to first verify if email should be blocked and help minimise false positives and collatoral damage :-) They run sequentially with first match = email accepted and passed on to SpamAssassin for processing.
I currently use the JMF No Blacklist as first check, I’ve alternated between this one and DNSWL as first in the processing. JMF have several whitelist categories, recently I tried adding the JMF
yellowlisted hosts to whitelisting and it created quite a few false positives so I changed back to just the whitelist/nobl lists.
From the JMF site:
127.0.0.1 = whitelisted - accept as good 127.0.0.5 = nobl listed - not a spam source - do not blacklist - maybe whitelist
MailSpike are a multi score / category RBL, I originally used their single hostname whitelist
wl.mailspike.net that contains anything in their 4 best categories H2-H5. However I found there were some false positives in being so broad so I’ve ended up specifying to use just their highest 3 categories.
DNSWL are a multi score / category RBL, they categorise the sender IP as well give a trustworthiness score. In the past I’ve run config that only whitelisted any IP with a score of medium/high, however at present I’m experimenting with whitelisting any IP that’s in the whitelist.
I use a number of RBL blacklists and I specify them in my Exim configuration in order of their efficiency, the one that blocks the highest percentage of spam received goes first. I do this to save unneccesary DNS lookups against the RBL services while processing email. From time to time I move them around in order for a few weeks at a time to check their effectiveness.
These are processed sequentially by Exim with first match = email rejected and a message logged.
Excellent blacklist which is a combination list of several RBLs, no false positives and catches the most spam for the mail profile that I handle.
Excellent blacklist with no false positives, number 2 in my list of most efficient RBLs.
These guys have several blocklists, the one I use is only single IP addresses where as some others include whole subnets.
I have seen the occasional false positives in the past where large ISP mailservers get listed, I mitigate these by using the whitelist RBLs to err on the side of caution.
Efficient block list.
Barrucuda used to be a decent performer catching spam that other lists don’t, however it’s efficiency has dropped so I’ve moved it down the list.
One of the original Blacklists, this far down in the priority order it doesn’t catch a lot of spam however it’s another zero false positive list so you can block with confidence.
Given it’s the last in my list it doesn’t catch a lot of spam, however it’s a good backstop list with zero false positives.