Realtime Blackhole Lists (RBL) are directories that contain lists of domain names, email servers or IP addresses that are known to help, host, produce or forward spam. Ok, but how does it work? We will explain everything to you 😉

When an email arrives on an email server that uses the RBLs, the latter will query it: if the server sending the email is known to one of these lists, then it will automatically be considered spam.

How are these lists populated?

There are numerous RBL servers, some private, others public, populated in different ways. Beware: some set traps by creating an email address called “spam trap”. But what is this? It is simply an active email address but not used. So, if an email arrives at this address, it is necessarily a spam and the sending server will be registered on an RBL list. Easy, right?

Manual “flagging” is also used a lot. Just mark an email as spam and your email server will take it into account. If several people mark the same email as spam, then after several flaggings the sending server is listed.

Other methods are also used to populate RBL lists. For example: the detection of servers that don’t comply with the recommendations of the RFC, a server open to everyone or servers hosted in certain countries that may be considered spammers.

Do these methods have limitations?

These methods all have their share of controversy because some RBLs are known to be more effective than others. Their choice therefore directly influences the effectiveness of the anti-spam system used. In addition, some RBLs have more flexible rules than others for adding a server to their list, further complicating the situation. Is it possible to overcome these flaws? Of course! To deal with this problem and increase security, it is recommended to consult several RBL lists and only block a source if it is present on two lists.

Sometimes a legitimate server is listed as a result of address spoofing and massive spamming. In this case, the phenomenon has to be stopped and its good faith proven to the owner of the RBL list so the address can be removed from the list. Unblacklisting from these lists sometimes only requires a written request for the simplest case but can include payment for some lists, and usually lasts a few hours.


So, is the RBL concept clearer to you now? We hope so 😉

Justine pampers Mailinblack's communication! Event organization and project management is her priority :)

Nos experts vous accompagnent
gratuitement dans votre projet de cybersécurité

saisissez votre numéro de téléphone