Blog , 01 Dec 2022

Why is rsync not necessary for your blocklist?

Larry Ellis,

Content Creator

  • A blocklist is a dynamic list of items observed in known spam, and Rsync is a utility designed for synchronizing files between servers and local storage.
  • DNS query is faster reporting new threats, thus making users of your mail system more secure.
  • You might consider rsync if you have: Government security or privacy concerns or have more than 50 million queries daily.

The short answer is that a  DNS query is always faster in reporting new threats than rsync, regardless of whose service you use. Its simple DNS query makes your email users more secure.

But before diving in, let’s start with the basics.

What are Blocklists and Rsync?

  • A blocklist (DNSRBL or DNS real-time blocklist) is a dynamic list of items (e.g., IPs, domains, etc.) observed in known spam.  
  • Rsync, first used in 1996, is a utility designed for synchronizing files between blocklist servers and local storage.

Abusix Mail Intelligence is a set of email blocklists that allow you to run public DNS queries or local DNS queries on a copy e of the blocklist updated via RSYNC.  

Within 1/10th of a second of new threats hitting our sensors, it lists IP Addresses, domains, email addresses, and short and disk storage URLs. 

 

How can Abusix Mail Intelligence blocklist help you?

Here we are 26+ years after the first version of rsync was deployed. While rysnc has not changed, many other related things have changed.

1. Today’s DNS is more stable.

DNS is more stable today than it was 26 years ago. 

Also, instead of only mirrors scattered around the globe, we use modern DNS services like anycast routing, which significantly adds to DNS and our blocklist’s resiliency.

In the words of one of our oldest customers querying our blocklist across DNS: “Abusix is as good as it gets.”

2. Failover services are automatic and more resilient

The Abusix Mail Intelligence service is also designed with new state-of-the-art automatic failover services between available zones. This ensures our customers an uptime of 100%.

As a testament to our resilience, we have never had an outage.

3. Bad Actors are more aggressive.

Bad actors also have become more prevalent and aggressive.

Their shape change extremely fast, so blocklists must be equally quick if they are genuinely real-time DNSRBLs.

Since we manage all our sensors and handle all our data, we keep our customer’s users safer because our data is fresher.


Adding Abusix’s blocklists as the first layer of protection against spam, malware, and phishing emails can help eliminate the most obvious bad stuff!

The differences between rsync vs. DNS Query

Before talking about rsync vs. DNS query, rest assured we offer a very robust rsync option. 

But that said, we also need to be honest about this standard internet architecture utility.

While DNS and blocklist architecture have become more robust, and bad actors are more aggressive, rysnc and rbldnsd have remained unchanged. 

Given this, it’s important to revisit the two choices:

1. Rsync takes more work to maintain than DNS query.

Our messaging security team members have experience over several years running these service components. 

Their consensus is that running rsync and rbldnsd requires substantially more IT management to ensure it’s up-to-date and working correctly.

With DNS query, Abusix handles all of the management of the DNS information resource, so you don’t have to.

2. DNS query is more straightforward to configure than rsync

Like all modern cloud services, a DNS query is easier and faster to get up and run.

A DNS query service only requires a few lines of configuration to go live, while rsync requires substantially more work and setup.

3. DNSRBLs are supposed to be “real-time” anyway

In email security, speed in identifying threats makes a difference.

Since it always takes time to rsync files, latency will always occur when using the rsync utility.

When you use rsync, you aren’t using a “real-time” blocklist, and so you lose some of the benefits of any service you might use. 

Regardless of the blocklist service you use, you will always find newer threats via DNS query than your last rsync of the same service. DNS query makes your users more secure.

90% of cyber attacks start with an email

Why rsync might still make sense for you

There may still be reasons why rsync makes sense for you. If these two conditions don’t apply, you should use the faster DNS Query method.

  1. You have government security or privacy concerns.
    If you operate a secure government or military mail service or have privacy concerns about which IP addresses are attempting to send you email, like a financial services company, you might consider rsync. 
  2. 50 million and more queries per day
    Suppose you operate a large mail service with 1 million mailboxes or more. In this case, you should talk to us about using rsync or an alternative, more modern file transfer to get you the freshest data.

In summary, DNS query is faster reporting new threats, thus making users of your mail system more secure.

But if you still want to use rsync, we are here to help and will support you with your requirements.

We are always here if you still have questions about rsync and DNS queries. 

Just say hi in any chat window or email us at support@abusix.com

Share
Linkedin Icon Twitter Icon Facebook Icon E-mal Icon
Two computer monitors showing AbuseHQ

What’s next?

Why not see if Abusix Mail Intelligence is faster for you?

Sign up for a free trial here!

Products & Tools

Type

Topic

Get in touch

Talk to us

Do you want to remove your IP/domain from one of our blocklists?
Please use our lookup-service and follow the instructions there in order to get that resolved.