Does The AHBL Block E-Mail Addresses?

No. The AHBL blocks only IP addresses and domain names (in the RHSbl).

If you are being blocked, it is most likely because either the mail server you are using is being used by spammers, or is owned by an ISP which knowingly lets spammers use its network. It is also possible that your machine may be comprimised with a virus or trojan, or have an open proxy.

If your domain name is blocked, it is most likely because your domain is being used to support spammers and their services.

If you are unsure as to why you are blocked, see our Lookup Page, and put your domain name or mail server IP addresses in there.

How do I get removed?

By following the steps at the removals page you can request removal from the AHBL.

How does the AHBL differ from other DNSBLs?

The AHBL is an aggressive multifaceted blacklist of systems, networks, and domains that are abusive or open to widespread abuse.

It is not simply a spam blacklist, or an open proxy blacklist, or an open relay blacklist. We list for a variety of technical and non-technical criteria. We differ from other blacklists primarily in our broad scope, and willingness to expand that scope where appropriate to include new categories of internet abuse.

How does the AHBL work?

How Does The AHBL Work?

The AHBL is a real time blocking system. This means that data is collected from various sources 24 hours a day, 7 days a week in real time, and merged into our database.

Some of the sources for our database come from our own mail servers, some from our spam traps, others from exchanged information with other DNSbl type lists. Much of our data comes from our own users and our partners, who allow us the ability to scan their mail server logs and forward us different types of spam, which is then broken down into lists of IP addresses, From: addresses, etc.

Standard tests on a host known to be sending spam includes a proxy sweep, to try and determine if the machine is infected with one of the many Windows viruses and troans floating around on the Internet, running a relay check on the SMTP port (if open), and checking it against various other sources of information, including other lists such as SpamHaus, ORDB, DSBL, SORBS, and similar.

If the open proxy tests fail (meaning the host is open to relaying via the proxy), or the SMTP port test fails (meaning it is an open SMTP relay) the host is automatically added to the list within 30 minutes and propigated to all of our mirror servers in under an hour.

Other hosts that show signs of possibly being owned by a spamer, are cross-referenced with the AHBL's RHSbl system, which tracks known spammer domains (which includes WHOIS information, name server addresses, etc), and also cross-referenced with SpamHaus's ROKSO listings.

Should the host score highly enough, it is automatically queued for manual addition by an AHBL administrator. If the host does not pass enough of the automatic checks, but still shows signs of being a possible spam source, AHBL administrators will do an investigation on the host, using various tools and websites (including the usenet groups NANAS, NANAB, NANAE), and make a decision on if the host should be added.

How Are Removals Handled?
A user/provider can request a delisting of an open proxy/open relay host using our automated testing system. It takes between 1-5 days before a host will be tested by our automated system (it is done randomly), and provided that the host is no longer open, the listing will be removed.

If the listing is a Spam Source, Spam Support, or similar that was manually added by an AHBL administrator, the person/company/ISP that is being blocked must provide a reason for delisting via the online form from the lookup page. Most times, removals of these types requires a vote by the AHBL administration (which can take 2-7 days usually). Provided the majority of the votes are Yes for delisting, the host will be removed from the database and the ticket closed.

In the case of a Shoot On Sight listing, removals are rarely if ever accepted or considered. If a SOS removal is accepted, it must pass a vote of unamious Yes, or the host will not be removed.

What can a system administrator do to control spam?

A number of technical measures exists which can dramatically reduce the amount of UCE/UBE flowing through a system, and which can make it harder for users to send out spam undetected.

1. Verify that your servers are secured against third party mail relaying. A mailserver which allows third party mail relaying has the potential to become an unwilling contributor to the spam problem. Servers which are open to third party mail relaying should be fixed IMMEDIATELY. The cost of leaving an unsecured mailserver online may be extensive due to blacklists such as this one.
2. Monitor postmaster and abuse aliases closely. These are how the internet lets you know you have a problem. Ignoring these aliases, or not configuring them properly is irresponsible and inexcusable.
3. Understand your options for controling access to your mail server. These may include router ACLs, firewalls, packet filtering on the server itself, and rulesets enforced by the mailserver itself, such as sendmail's access_db.
4. Consider implementing and maintaining a local (private) blacklist for your mailserver(s). This lets you refuse mail from what you consider to be problem areas.
5. Monitor your mailserver logs for possible problems.
6. Consider implementing basic checks on the validity of sender addresses. This will potentially stop a lot of spam, as the forged addresses contained in spam are often poorly constructed, and are often invalid domains.
7. Consider implementing checks on the header of a message for possible indicators of spam. Spamware often adds poorly constructed or obviously falsified headers to messages in an effort to make them seem legitimate. A common example is the addition of X-UIDL headers, which are normally added by POP3 clients when they check mail, and normally aren't present in incoming SMTP mail.
8. Consider using one or more of the publicly queryable blacklists to block mail, or to add headers which individual users can easily use to block mail.
9. Consider blocking port 25 at your borders so that all mail must come through authorized mailservers. This will prevent unauthorized mailservers which you may not even know about from creating a spam problem. If you block in this way, consider blocking both inbound (to disable unauthorized mailservers), and outbound (to prevent direct access to outside mailservers).
10. If possible, provide individual users the means to filter their own mail.
11. Consider rate-limiting outgoing mail from each user. This won't stop your users from spamming, but it will slow them down, and it will limit the number of spams which can be sent before the problem is noticed.
12. Deal with spammers on your own system promptly. Users who have recently turned to spam can often be shown the error in their ways and turned away from spam. Hard core spam gangs are uneducatable, and should be terminated on sight.
13. Encourage your users to report spam to the originating provider promptly if they understand how to trace it. Educate users on how to understand mail headers.
14. If you don't have ethical objections to doing so, consider using content filtering to detect mail which is obviously spam

Why is the AHBL blocking me?

One of the first things to understand is that the AHBL is not blocking your e-mail. The people who own the mail server you are trying to send to is blocking you. The AHBL simply publishes a list of IP addresses and hostnames of networks and servers we believe are either abusive, spamming, insecure, or unsafe.

We allow anyone to use our list with the understanding that we are not responsible for any legit mail that may be blocked because of our listings.

If you have specific questions about what might have caused you to get listed, check the Lookup Page and the Listing Policy Page.