I’m doing this blog post in two pieces; a short explanation up top and then a more technical explanation down below. Pick one or read both and learn a bit. :-)

Just the facts

If you want to use OpenDNS nameservers and DNSBLs (DNS real-time Blacklists) on the same server, computer or network, go right ahead. We’ve rolled out a new feature today that allows you to use our much-loved typo-correction service without worrying about blocking email if you’re running a mail server, too. We went ahead and rolled this out as as a system upgrade so there’s no new preference for it. We’ve updated the FAQ entry on mail servers accordingly. Now DNSBL spam prevention and typo-correction go together like peanut butter and jelly (or chocolate… your choice).

If you were previously not using the typo-correction service because you also ran a mail server then head on over to the preferences page and re-enable it.

Talk nerdy to me

DNSBLs carry information about known IP addresses in their zone of DNS. This is often used to combat spam because a mail server can ask a DNSBL “Do you know anything about this IP?” They cleverly use the DNS to make this process quick and seamless. A mail server that gets a request to deliver mail from asks a DNSBL: “Do you know anything about” and the DNSBL either says “yes I do” or “no I don’t.” The problem is created because when a mail server is using OpenDNS and asks us to correct typos, we interpret the “no I don’t” answer (called RCODE=3 or NXDOMAIN) as a typo that should be forwarded off to our typo-correction service. This causes a mail server to not see the “no I don’t” and instead believe that the answer was “yes I do” which can cause a mail server to block a message thinking it’s from a spam sender. Previously, the only way to fix this was to disable typo correction, one of the benefits of using OpenDNS.

Our solution has been to disable typo-correction for DNSBL-matching requests. What’s a DNSBL-matching request? Any request greater than six labels which has four numerical octets within the IPv4 addressing space for the last-most labels is considered a DNSBL-style request. This wasn’t offered as a preference as turning this off would only lead to confusion, especially with typo-correction enabled.

End of the story? You can get the typo-correction you want and run a mail-server that uses DNSBLs without worrying. Enjoy!

  • http://factoryjoe.com/blog Chris Messina

    Hey David, I pinged you on IM about this the other day, but what about personal shortcut services? I know it might fragment the web, but as a personal service, if you know what you’re doing, I think it might be ok…

    I’m mostly interested in solving the Web2.0 problem where I can never remember where those darn periods go (was it de.li.cio.us or del.icio.us?). If you added this service, I could just use magnolia.com or flicker.com to get to the dropped-vowel and periodfull domains.

    What do you think?

  • http://www.opendns.com David Ulevitch


    If we put this together it would definitely be a per-user option. I can think of a lot of people who wouldn’t want this. Then again, our whole point here is to provide users with the tools and choices to get DNS the way the want so we’re definitely taking it under advisement.

    To be clear for folks who don’t know what you’re talking about: you want something where all the web2.0 sites like flickr can be loaded when you accidentally type flicker.com. Right?

  • Pingback: Yeraze's Domain 2.0()