Skip to main content


Home DNS-based Blackhole List

DNS-based Blackhole List

DNS-based Blackhole List definition

In cybersecurity, a DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) can be described as a list of various domain names and IP addresses that are recognized as a source of spam, malware, or other known malicious activities. DNSBLs filter and control incoming network traffic, like emails from these sources. When a server recognizes the message from an IP address listed in DNSBL, it can reject it or mark it as spam. That way, potentially harmful content is reduced. DNS-based Blackhole Lists are recognized to be valuable tools in the field of cybersecurity for reducing harmful content from known malicious sources. Conversely, legitimate traffic can be blocked unintentionally, so careful management is mandatory.

See also: DNS a record

Common DNS-based Blackhole Lists (DNSBLs) applications in cybersecurity:

  • Email filtering: DNSBLs are commonly used in email security systems to filter and block spam messages. Usually, email servers monitor sender email IP addresses against DNSBLs and reject emails from IPs listed as sources of spam, phishing, or malware distributors.
  • Intrusion detection and prevention systems (IDPS): Various IDPS system solutions utilize DNSBLs to filter, identify, and block traffic from known malicious IP addresses. That protects networks and systems from attackers connecting to those systems.
  • Web content filtering: DNSBLs can be suited for web content filtering to block access to websites hosted on IP addresses with malicious or inappropriate content. That can favor organizations regarding web usage. For example, it can stop users from accessing sites with harmful content.