dnswl.org is conscious of the value of data privacy, and strictly limits the use of personally identifiable and other relevant data. Most dnswl.org data is public and/or not personally identifiable information by its nature and thus the potential for privacy violations is limited.
Published dnswl.org data is made available via DNS queries as described in the technical articles published on the dnswl.org website. The same data is also made available to subscribers for file download. The use of the data is subject to dnswl.org Terms and Conditions.
Having said that, it is important to show how the dnswl.org project uses data – how data is collected, processed, stored and distributed.
Description of dnswl.org data
Published data and history
dnswl.org data means all the data we have for our whitelist of “known good” mail servers. We store the history of all elements in our database from the first time we add an element to our database. When we stop publishing an element, the history is kept for some period of time before it is fully deleted (usually 6 months).
As part of the history, we keep a record of what we call “trust signals”. This includes the sending volume (which we determine indirectly through log files of DNS requests), blacklist entries and spam trap hits. Due to the volume created by the collection of these trust signals, the detail data is stored for a limited period of time, typically 30 to 90 days. This data is only accessible to dnswl.org Editors.
In addition to the data published, the database contains non-published data elements. They have the same structure as the published data, but they may not yet be published, may not be fit for publishing (eg because they emit too much spam), or may have been deleted from the published data (and awaiting final deletion after a grace period).
We describe our justification of the use of data in the editorial policy.
Organisation of data
dnswl.org data is organised around so-called “DNSWL Ids“. These are numbers which identify a group of records belonging together (eg related IP addresses or domain names). The DNSWL Id is a convenient help to refer to a group of data elements (IP addresses, domain names etc) that belong together.
For a given DNSWL Id, we store the following meta data in a structured way: country (or “ZZ” if no particular country is applicable), type of organisation (as described in the technical descriptions on our website), and flags whether to (not) publish a certain data element.
During evaluation of an entry, editors may chose to use additional publicly available data, eg to consult a website connected with a domain name or IP address, to consult public data providers, and to use search engines (eg using the domain name). In order to minimise the data collected, the data itself from such sources is not stored, but specific findings may be noted as comments.
The dnswl.org Self Service is a function of our website which allows interested parties (administrators etc) to provide us with structured input regarding their own IP addresses and domain names. Access to the Self Service requires registration using an email address (the use of a non-personal account is suggested).
The password for the Self Service is generated by the server and can not be changed by the user to avoid the potential re-use of passwords. This email address is used for notifications about IP addresses and domain names; an email address is required for contact with the interested parties. The email address may be deleted, but this would also remove access to the Self Service function.
We store the relationship between these interested parties (the “owners” of the IP addresses and domain names) and our internal records, and we store an email address with these records.
Through the public DNS servers, we collect log files of DNS queries. We log the source IP address of a query (ie, the IP address of the DNS server), and the content of the query (ie, typically the IP address or domain name which is queried).
In order to minimise data collection, the data is disassociated before being stored: IP address of DNS servers are separated from the content of the query. Further, the data is aggregated over the timespan of a query collection period (usually a few minutes).
After being sent to the backend servers every few minutes, the data is further aggregated on an hourly basis and transformed into daily and monthly magnitudes. This ensures that it is in practice highly unlikely that an actual DNS query could be reproduced or that an actual communication pattern could be detected.
Daily magnitude data is removed after one month, monthly magnitude is stored as long as associated base data elements (IP addresses and domains) remain in the dnswl.org databases.
Subscriber data is only collected from users who wish to subscribe for data access. This data access provides the same data as the regular public access in multiple formats for download (as opposed to one-by-one access via DNS). Subscribers are contractually barred from disseminating the file contents to users outside of the contractually agreed scope.
Data collected about subscribers include contact email address(es), organisation and contact name(s), VAT/company number and address. This data is required for payment and tax purposes, and for operational or administrative contacts. Further data may be exchanged between the subscriber and dnswl.org (eg contractual documents). This data is stored for 10 years as per legal regulations concerning storing business records.
Protection of dnswl.org data
Confidentiality: All dnswl.org data and subscriber data is kept in databases which are accessible only on a need-to-know basis. These databases are stored on dedicated, secured servers, and have appropriate information security controls in place. All network access to these databases is secured over encryption (HTTPS for web-based access, SSL for shell-based access etc).
The applications used to manage the dnswl.org data and subscriber data use a role-based access management model to restrict access on a need-to-know basis.
Integrity: The dnswl.org editors are selected based on their technical expertise and after an assessment of their trustworthiness.
All changes made by editors (and by imports etc) to the data are logged and can be reconstructed. This log information is part of the history data explained above and subject to the same rules.
Updates to published dnswl.org data are signed with a PGP signature. Subscribers are encouraged to verify this PGP signature prior to using any data.
Availability: The public access to dnswl.org data is provided by a world-wide network of DNS mirrors. These mirrors only have a copy of the data to be published (and collect DNS log files as described above). The mirrors are updated at least hourly from the main distribution database to ensure no stale, removed or corrected data is presented to users.
Rights to view, rectify and delete data
After proving ownership of the IP addresses and domain names, users of the Self Service function can view the currently stored data (without internal history data), and request changes (fix errors and omissions, delete data and so forth).
These change requests are subject to the editorial policy of dnswl.org. If an owner does not agree with the editorial decision (or for any other reasons), he/she can request suppression of the data in the published dnswl.org data.
All rights to view, rectify and delete data are governed by the data privacy laws of the jurisdiction as defined in the dnswl.org Terms and Conditions.
Other data related to dnswl.org
In addition to the dnswl.org data as described above, we use a request tracking tool for all emails sent to and from our published addresses. If email correspondence is related to a specific element in the dnswl.org data, the email is linked to that data (using the DNSWL Id). As these e-mails may be regarded as business records, we store them for 10 years.
For the dnswl.org website we use industry-standard measures to monitor the overall performance and operations, including collecting log files and using Google Analytics.
The webserver log files are regularly searched for patterns of undesired activity (especially scraping dnswl.org data through the search function). dnswl.org reserves the right to block access in case of such undesired activity.
The dnswl.org website does not contain advertising (neither self-acquired nor through third parties).
Notifications to dnswl.org
dnswl.org accepts notifications about privacy issues (and in general, about information security-related matters) by email to firstname.lastname@example.org or by writing to