OpenDNS’s typo correction feature helps smooth one of the Internet’s daily annoyances. But for URIBLs (a kind of blacklist used by mail servers), typo correction has always been a deal breaker.

No longer!

Back in August 2006, we enhanced our nameserver software to stop doing typo correction for DNSBLs. Now, URIBLs can get the same special treatment. In fact, the popular URIBLs hosted at these three domains already do:

• surbl.org
• uribl.com
• uribl.org

If you previously disabled typo correction so you could use one of these URIBLs, you can now re-enable it.

And if you run a URIBL and would like us to add your domain to our URIBL list, please provide us with details either in the comments here or via our contact form. We’ll keep the latest list in our knowledge base.

By the way, our thanks go to the folks at SURBL and URIBL.COM for their assistance with this project.

I’m doing this blog post in two pieces; a short explanation up top and then a more technical explanation down below. Pick one or read both and learn a bit.

Just the facts

If you want to use OpenDNS nameservers and DNSBLs (DNS real-time Blacklists) on the same server, computer or network, go right ahead. We’ve rolled out a new feature today that allows you to use our much-loved typo-correction service without worrying about blocking email if you’re running a mail server, too. We went ahead and rolled this out as as a system upgrade so there’s no new preference for it. We’ve updated the FAQ entry on mail servers accordingly. Now DNSBL spam prevention and typo-correction go together like peanut butter and jelly (or chocolate… your choice).

If you were previously not using the typo-correction service because you also ran a mail server then head on over to the preferences page and re-enable it.

Talk nerdy to me

DNSBLs carry information about known IP addresses in their zone of DNS. This is often used to combat spam because a mail server can ask a DNSBL “Do you know anything about this IP?” They cleverly use the DNS to make this process quick and seamless. A mail server that gets a request to deliver mail from 192.168.1.2 asks a DNSBL: “Do you know anything about 2.1.168.192.in.yourdnsbl.tld?” and the DNSBL either says “yes I do” or “no I don’t.” The problem is created because when a mail server is using OpenDNS and asks us to correct typos, we interpret the “no I don’t” answer (called RCODE=3 or NXDOMAIN) as a typo that should be forwarded off to our typo-correction service. This causes a mail server to not see the “no I don’t” and instead believe that the answer was “yes I do” which can cause a mail server to block a message thinking it’s from a spam sender. Previously, the only way to fix this was to disable typo correction, one of the benefits of using OpenDNS.

Our solution has been to disable typo-correction for DNSBL-matching requests. What’s a DNSBL-matching request? Any request greater than six labels which has four numerical octets within the IPv4 addressing space for the last-most labels is considered a DNSBL-style request. This wasn’t offered as a preference as turning this off would only lead to confusion, especially with typo-correction enabled.

End of the story? You can get the typo-correction you want and run a mail-server that uses DNSBLs without worrying. Enjoy!