dyndns.rbl.jp (for use with SpamAssassin)

A recent trend that has been seen in the Japanese spamming circle recently is spammers using free dynamic DNS services to temporarily have a hostname for their server and using that hostname as the base for their URL and/or mail address in the spam they send.

Dynamic DNS services are indeed a very good and convenient service for ADSL/dial-up internet users but spammers are abusing this service to send out the advertisements and filth.

To combat such spam there is dyndns.rbl.jp.

This service is not intended to block dynamic DNS services themselves but rather the object is to identify and reject spammers who abuse such services.

Business related e-mails usually will not originate from such servers using dynamic DNS services so you if you're a business you can probably use this RBL without too much worry about false positives.

There's a higher chance of an e-mail being tagged as spam from this service in the case of individuals, for example in the case of a friend who is using a dynamic DNS service for his mail server to send you a mail etc.

Furthermore, if you have a personal server with its own hostname, even if you use a dynamic DNS service, under normal circumstances your server won't be affected by listings in dyndns.rbl.jp.

How to use

Add the following to your SpamAssassin local.cf file or user_prefs for user-specific configuration:
urirhssub URLBL_DYNDNS_RBLJP  dyndns.rbl.jp.    A   4
body      URLBL_DYNDNS_RBLJP  eval:check_uridnsbl('URLBL_DYNDNS_RBL')
describe  URLBL_DYNDNS_RBLJP  URL uses Dynamic DNS service
tflags    URLBL_DYNDNS_RBLJP  net
score   URLBL_DYNDNS_RBLJP      4.0

uridnsbl_skip_domain plala.jp
Then restart spamd.

The "score URLBL_DYNDNS_RBLJP 4.0" is the number of SpamAssassin points that will be given to the spam if there is any domains found in the e-mail that are registered in dyndns.rbl.jp. The default in SpamAssassin is that if the total number of points is greater than 5.0 then the e-mail is tagged as spam. You may modify this value (4.0) to a higher or lower number if you please.

The "uridnsbl_skip_domain" configuration is a whitelist of domains that will be ignored even if they are found in an e-mail. It is advisable to include your server's domain name in here just in case it is accidentally registered by someone. You can specify more than one server (delimited by a space) on the one line or you can repeat the configuration on a different line for different domains.

If an e-mail is detected with either a URL or e-mail address whose dynamic DNS domain is registered in dyndns.rbl.jp then the associated number of SpamAssassin points will be added to the total (in the above configuration the number of points is 4.0). If the e-mail comes from that host but there is no record of the dynamic DNS domain in the body or Subject: field then there will be no points added.

Confirming things are working

If an e-mail marked as spam has something like the following in it things are working:
4.0 URLBL_DYNDNS_RBLJP URL uses Dynamic DNS service [URIs: zapto.org]
If you use a dynamic DNS service on your server and you'd like to see if it is registered in dyndns.rbl.jp or not you can check here or type the following add ".dyndns.rbl.jp" to the end of your dynamic DNS service's domain and do an nslookup:
$ nslookup freedyndnsservice.com.dyndns.rbl.jp
If you know in advance that a friend or someone who will send you mail is sending from a dynamic DNS service enabled mail server then we recommend putting their dynamic DNS hostname in your whitelist.

After some time has passed check your maillog and hopefully you'll see some entries of detected spam:
grep URLBL_DYNDNS_RBLJP /var/log/maillog

Testing

For testing purposes we have prepared the domain we-wish-nobody-register-this-domain2.co.jpin dyndns.rbl.jp. To test you'll send an e-mail from your mail client to the mail server you've configured to use dyndns.rbl.jp.

Add the following to the body of your test e-mail:
http://we-wish-nobody-register-this-domain2.co.jp/
http://www.we-wish-nobody-register-this-domain2.co.jp/
http://asdfafdafasd.we-wish-nobody-register-this-domain2.co.jp/
hello@subdom.we-wish-nobody-register-this-domain2.co.jp
You could also trying sending one URL/e-mail address per e-mail to test individually.

Once the mail has been delivered, if there is a part in the header close to the X-Spam-Status: field that says "URLBL_DYNDNS_RBLJP" then things are working.

You can do further testing by adding the we-wish-nobody-register-this-domain2.co.jp domain to the uridnsbl_skip_domain configuration. After having restarted spamd and sending the same test e-mail as above then the same "URLBL_DYNDNS_RBLJP" message should not be displayed in the header.


RBL.JP Services Top