Oh no! Not another infected PC or BotNet sending me spam... Well, maybe if you blocked the RATS at the SMTP level of your server, this would not be a problem. We have several lists of IP Addresses that have all the indicators of being RATS, and you can use them just like any of your favourite Real Time Blacklists (RBLs).
Based on statistics, the most abusive types of connections are those that either run dictionary attacks or mass mailings. They usually conform to the following four types:
The use of IP Reputation is one of the most effective ways to reduce overhead, bandwidth, and of course Unwanted Bulk Email (UBE). The most common way to achieve this, is to check connections against IP Address lists and block them. Since we consistently receive large amount of spam information from ISPs, we are able to compile this data and use it in our anti-spam tools which we have made available to the public.
SpamRATS is dedicated to helping ensure that all forms of mail servers can choose to only accept messages from other properly configured mail servers. "Best Practices" dictates that mail servers should have correct Reverse DNS that reflects the operator of the mail servers.
SpamRATS is a completely automated system available to the general public. We hope this service helps protect you against one of the most problematic types of resources draining your email systems.
RATS-Dyna - Probable PC or home connection infected with a trojan, bot, or emailer program
RATS-NoPtr - An IP Address which has no reverse DNS, and probably the home of a spambot
RATS-Spam - An IP Address that has been shown to be abusive (Use at your own risk)
RATS is very simple and easy to use. You can access our public lists, just like any other RBL. Most mail servers support this functionality. We have also included references for several of the common mail servers. All you have to do is remember the correct hostnames to use for each list. Simple, and easy to use (copy from any instructions on using RBL)!
Here are some links to resources on how to use RBLs with your favourite email server.
Due to popular demand, you can now do a single query to RATS-All by using "all.spamrats.com". Before doing so, you should consider a few things. Depending on how you use your lists, you could end up blocking some of your own customers that are on RATS-Dyna. RATS-Dyna should be configured in such a way that it only checks inbound connections, and not your customers. Most of the time it is done either by separating your MX IP Addresses, from your mail.domain.com MTA, or by exempting those who use SMTP authentication, or have relay clients set (Consult your individual MTA documentation). In most mail servers you can still use the "all.spamrats.com" list, by looking at the return codes. In Postfix for example you could use:
This results in a single query, but would only reject mail that was on either Dyna (36) or Spam (38). It would ignore entries which were on Noptr (37). This obviously halves the bandwidth usage and latency for both us and for them over querying each of those lists separately. This is supported with Postfix, Exim, Sendmail and Exchange 2003 as far as we are aware.
Currently there are no limits, and we would like to keep this service free for as long as possible. But if the demand by larger ISPs becomes too great, we MAY, at some time in the future, ask for a fee to defray the costs. Currently this project is sponsored by http://www.linuxmagic.com, who use these lists in their systems. LinuxMagic uses the BMS System so they don't have any risk of interruption of service at the DNS server level. (See BMS)
Addendum: Sept. 12, 2015 - Some new limits are being placed on our RBL Lookups. Unfortunately there have been others abusing the lookup privileges, and/or in some cases commercial operators who aren't attributing our efforts, or even worse using the data and packaging it as their own protection without offering to contribute to this effort. This RBL is the result of years of efforts and many hours of work and experience. While we try to give back to the community and we want this to remain a free service, it isn't fair for others to profit from our efforts without contributing. As a result, we have had to implement a few restrictions:
If you are a commercial spam protection company, please contact us for permission to use this data, and/or ask about our subscription services, otherwise you may find your company's queries rejected. If you are a very large email provider (+10,000 users) please ask how you can contribute to this effort.
Remember that there is a risk of using a normal RBL service. Potential interruption in DNS lookups may cause some emails to be rejected or flagged as spam if not used correctly. There are many resources on the internet regarding RBL list safety, so please visit those pages.