Policy

Principle

There is no legal or other entitlement for anyone to be included in the list or to exclude a certain entity from the list. It will be at the editors sole discretion when and how to list, modify or delist IP addresses or entities.

The only exception is that the rightful owner of an IP address (range), as identified through IP-based whois or any other reasonably verifiable data source, can request to be excluded from the list.

IP address “owner”

Due to the nature of the dnswl.org data, only entities controlling their own IP address(es) can be listed. “Ownership” over IP addresses must be reasonably verified (eg through whois or forward/reverse DNS lookups). If it can be shown that an IP address in “foreign” IP space is dedicated to the entity (eg an outsourced mailserver), this counts as “controlling their own IP address”. Of course, dynamically assigned individual IP addresses can not be listed.

Listing Criteria

The following criteria will be applied to listing entities on dnswl.org:

  • It can be reasonably believed or it is known that the “owner” of an IP address or IP range handles abuse coming from it’s own network in a responsible, responsive and timely manner.
  • The network (IP address range) is duly and correctly registered in whois (ie does not contain bogus, anonymized or obviously outdated information).
  • New entries are checked against public and private sources in order to detect past (spam-) problems for a given domain and/or IP address(es).
  • The level of control that can be exercised by the network owner over it’s users determines the “trustworthiness” level that is returned for a given network. Networks with public users are assigned a lower level, while networks with administrative close control over their users and systems can be assigned a higher level.
  • Single IP addresses (IPv4 /32 and IPv6 /128) are added by default. Address ranges are generally not accepted.
  • Networks are assigned to the best matching category in order to allow users of dnswl.org to selectively whitelist certain categories.
  • Network ranges which are part of a DNSWL Id claimed by a Self Service user can get a higher trust level due to the ability to contact a person in case of issues.

The fact that an IP address is listed on some blocklist is not sufficient justification for a listing at dnswl.org. On the contrary, IP addresses currently and/or repeatedly listed on blocklists will usually be denied. Exceptions are possible if reasonable justification can be provided. Misconfigurations (open relays etc) are not considered reasonable justification.

Delisting Criteria

The goal of dnswl.org is to avoid false positives. In order to achieve this goal, users of dnswl.org data accept the occasional spam or other form of abuse coming from a whitelisted network.

However, a listing in dnswl.org is no “get out of jail for free” card. Continued abuse with no reasonable action will get a network removed from dnswl.org, or will result in significantly reduced trust levels. The following criteria and escalations will be applied where reasonable:

  • Considerable number of reports in public sources.
  • Non-public information (eg notification by e-mail)
  • A Spamhaus SBL listing.
  • Support for spam and other operations (including, but not limited to DNS- and webhosting).
  • Considerable number of abuse reports / spamtrap hits.
  • Considerable number of blacklist hits.

“Considerable number” is always weighted against the number of IP addresses in a given DNSWL Id.

List categories

The list of categories is subject to change. It will always be adapted to identify categories of senders with common characteristics. Categories will not be deleted, but they may become empty over time.

Listing Data

A listing in dnswl.org usually consists of the following (items indicated by * are exported through DNS and datafeed services):

  • A domain name* identifying the controlling entity (ie company, project, individual, …).
  • A category* assigned to the domain name which most closely describes the nature of the controlling entity (eg specific industry, governments, individuals etc).
  • One or more IP addresses or ranges of IP addresses*, assigned with a “trustworthiness” level.
  • Source of the data
  • Contact information, if provided (mandatory for Self Service users)
  • Comments and notes for internal use (eg special considerations, “see also” etc)
  • Automatically collected data about past blacklist / abuse issues
  • Automatically collected data about (in-) consistencies in DNS

Note

If anything in this policy does not fit with your own local policy, you should not use dnswl.org for whitelisting or similar purposes.