Busting Blocklist Myths

1. Blocklists are old technology

The delivery mechanism for DNSBLs has been around for years. However, the threat intelligence within blocklists is continually evolving to reflect current dangers, as are the means by how this data is researched and published.

Tried and tested

There is a vast difference between “old and dated” and “tried and tested.” One can’t deny that blocklist data’s delivery mechanism, i.e. via DNS zone, is decades old.  In fact, the first DNSBL was created in 1997 by Eric Ziegast, who was working at MAPS with its founder, Paul Vixie.

But, and this is a big BUT, DNSBLs are a light, robust, and convenient real-time delivery mechanism for reputation data relating to IPs, domains, and content.  They are continually developing to counter nefarious online activity.

New research technologies

The early days of blocklist creation involved hours of tireless manual research and the use of heuristics.  Today, machine learning enables us to process an ever-increasing amount of data, with our researchers still undertaking manual investigations and applying heuristics.

The type of datasets that are produced is also advancing.  In addition to IP and domain reputation data, hashes of low reputation resources are compiled, enabling specific content such as email addresses, malware files, and cryptowallet addresses to be listed.

By leveraging new tools and technologies, we continue to identify bad actors and bad behavior while limiting the number of false positives.  We spend considerable resources advancing our threat hunting capabilities, allowing our customers to place their focus elsewhere.

So, while DNSBLs’ delivery mechanism might be considered “old,” the actual data within is carefully researched using up to the minute technology and techniques to deliver IP, domain, and content reputation data that protects against current threats.

2. Blocklists only stop spam…

Read The Full Article at Spamhaus