Recently it has been widely published that bl.open-whois.org, a blocklist which was included within the default install of spamassassin has been taken offline and is no more.

Users of the open source spamassassin application started to report that emails were being marked as spam wrongly. Upon investigation it appears that the domain open-whois.org had fallen into the hands of cyber squatters, presumably because the previous owner of the domain did not reregister the domain.

Although the cyber squatter probably didn’t take on the domain for any malicious reason, it does mean that they have the ability to control the DNS servers for the domain and return results which could cause spamassassin to block and/or bounce inbound emails scanned by spamassassin at worse case, or the best case is that spamassassin will have to do unnecessary lookups to a non-existent blocklist which will cause up to 60 second delays for each inbound email.

As I write this the domain is completely unresponsive to DNS requests and is not returning false positives but Email Manual advice to users of spamassassin would be to reconfigure spamassassin to not check the bl.open-whois.org blocklist to prevent this issue from impacting your inbound email.

This can be done by either upgrading spamassassin to 3.2.x version of spamassassin or by removing any rules which mention bl.open-whois.org from the rules/72_active.cf file within your spamassassin installation folder.

spamassassin 3.2.x is available for download here.