Instructions
How to use EmailReg.org to help protect you from spam and accidentally blocking email:
Emailreg.org provides the Registered Email Send List (RESL) as a free lookup to anyone that would like to use it. It is also provided to those who have registered a domain here at EmailReg.org.
The RESL is provided using a system that is similar to a DNS lookup. It is even more similar to a DNSRBL lookup. The RESL, however, requires looking up a DOMAIN and a IP address in order to determine if that IP address is a legitimate sender of email from that DOMAIN.
The RESL provides a whitelist of IP's that are sending email for a particular domain. The organizations that have registered their domain and IP address are listed and will remain listed as long as they do not send spam from their IP with the domain listed. If spam emanates from their IP, but with OTHER domains (such as from an infected computer) it will not impact their standing on EmailReg.org.
How To Query EmailReg.org
The query should always go to the DNS Zone of "resl.emailreg.org" in the following format:
(from domain).(ip).resl.emailreg.org
For example. If you receive an email from IP address 1.2.3.4 with a from address of fred@example.com, you would do a query of "example.com.4.3.2.1.resl.emailreg.org" to learn if the IP address and domain are registered.
The return codes are structured to provide as much information as possible about the IP address and domain. The return codes are structured similarly to most RBL like services: 127.0.x.y Where X is a EmailTypes and Y is the registration status.
Status Codes:
| Code | Status | Recommended Action |
|---|---|---|
| 0 | Domain is registered and IP is registered to that domain. IP and domain in good standing. | Skip Spam Scanning |
| 1 | Domain is pre-registered and IP is pre-registered to that domain. | Skip Spam Scanning |
| 10 | IP is registered on the Emailreg.org Forwarder List. | Take the next IP address in the email and look up on EmailReg.org again. |
| 20 | Domain is registered, but IP is not registered to that domain, however, IP is registered to another domain. | Fully scan email for spam. |
| 21 | Domain is registered, but IP is not registered to that domain or any domain. | Fully scan email for spam. |
| 22 | Domain is not registered, IP is registered to some domain. | Fully scan email for spam. |
| 23 | Domain is not registered, IP is not registered to any domain. | Fully scan email for spam. |
| 24 | IP and domain registered but suspended for sending spam. | Fully scan email for spam. |
| 30 | IP and domain registered but email service provider and unable to fully control spam. Registered but will sometimes send spam. | Fully scan email for spam, but do not block based on IP address. |
EmailType Codes:
This is a bit mask of the types of email that are suppose to originate from this email sender. There are may types of legitimate email that are sent on the Internet. We would want all of these to be properly received.
| Code | Code Description | |
|---|---|---|
| 1 | Corporate Email | This is your typical corporate or personal email sent from an organization. |
| 2 | Automated Notification | This is a an email that is automatically generated such as a receipt from a purchase. |
| 3 | Forwarded Email | Email that has been forwarded. Headers are preserved, the envelope recipient is changed for the new destination. |
| 4 | Resent Email | Email that is being resent. Envelope recipient is changed for the new destination and the envelope from is changed, and other Headers may be modified. |
| 5 | Email Service Provider | Provides email as a service to the public via web interface typically. Attempts to block spam, but is not 100% successful all the time. |
| 6 | Marketing Newsletter | This is email that is sent (and properly subscribed too) that contains marketing information. |
| 7 | List server | This is email that is part of a subscription list and is forwarded by the server. |
| 8 | Fax forwarded | This is a fax forwarded as email, typically in PDF or TIFF format. |
Querying Without Domain
It is possible to do a query with ONLY the IP address. This would be identical to a standard DNSRBL query. If the domain is missing the response will be limited.
The return codes will be structured as: 127.0.0.y where y is Status.
In this case only Status codes 10, 20, 21 will be returned.
SpamAssassin Configuration
Add the following rules to your SpamAssassin configuration
header __RCVD_IN_EMAILREG eval:check_rbl('emailreg-trusted', 'resl.emailreg.org.')
header RCVD_IN_EMAILREG_0 eval:check_rbl_sub('emailreg-trusted', '127.0.\d+.0')
describe RCVD_IN_EMAILREG_0 Sender listed at http://www.emailreg.org/
tflags RCVD_IN_EMAILREG_0 nice net
header RCVD_IN_EMAILREG_1 eval:check_rbl_sub('emailreg-trusted', '127.0.\d+.1')
describe RCVD_IN_EMAILREG_1 Sender listed at http://www.emailreg.org/
tflags RCVD_IN_EMAILREG_1 nice net
score RCVD_IN_EMAILREG_0 -100
score RCVD_IN_EMAILREG_1 -100