Spam Checking
aspNetPOP3 has built-in spam checking using DNSbl servers. This brief summary will talk about checking messages for spam.

What is DNSbl?
DNSbl stands for DNS Blackl-ist or Block-list. It is a way of using DNS servers, as a database, to keep track of IPs that produce spam. Various organizations maintain these DNS servers for their own, and sometimes public, use. A listing of DNS servers that we tested can be found below.

How do you use it?
Basically you query one of these DNS server database, using the ip4r format. If the DNS responds with an agreed upon result, the IP address can be considered a source of spam.

Ok, so what does it really mean?
You grab the IP address an email came from, query a special DNS server, designated as a DNSbl, and the DNS server's response tells you if the IP Address is a previous source of spam. But we've done all the hard work for you.

How do you use the aspNetPOP3 DNSbl Features?
The POP3 object has a new property called the BlackListChecker and a new method called CheckBlackList. This object is responsible for DNSbl lookups and parsing. Basically you populate the BlackListChecker with the DNSbl servers of your preference (see some DNSbl servers below), and pass a message index to the POP3 object. Here are two quick code snippets:
[C#]

static void Main(string[] args){
    POP3 p = new POP3( true, false );
    p.BlackListChecker = CreateChecker();
    p.Connect();
    
    //check to see if the message is spam
    bool result = p.CheckBlackList( 0 );
    p.Disconnect(); 
    Console.WriteLine( "Message 0 is considered spam: {0}", result );
}
 
static BlackListChecker CreateChecker()
{
    BlackListChecker blc = new BlackListChecker();
 
    //add a few DNSbl servers
    blc.AddDNSBlackList( "sbl-xbl.spamhaus.org", "127.0.0.2" );
    blc.AddDNSBlackList( "dnsbl.sorbs.net", "127.0.0.2, 127.0.0.3, 127.0.0.4, 
    127.0.0.5, 127.0.0.6, 127.0.0.7, 127.0.0.8, 127.0.0.9, 127.0.0.10, 127.0.0.11, 127.0.0.12" );
 
    return blc;
 
}

Public Overloads Shared Sub Main()  
   Dim p As New POP3(True, False)
   p.BlackListChecker = CreateChecker()
   p.Connect()

   'check to see if the message is spam
   Dim result As Boolean = p.CheckBlackList(0)
   p.Disconnect()   
   Console.WriteLine("Message 0 is considered spam: {0}", result)
   
End Sub 'Main
 
 
 
Shared Function CreateChecker() As BlackListChecker
   Dim blc As New BlackListChecker()
   
   'add a few DNSbl servers
   blc.AddDNSBlackList("sbl-xbl.spamhaus.org", "127.0.0.2")
   blc.AddDNSBlackList("dnsbl.sorbs.net", "127.0.0.2, 127.0.0.3, 127.0.0.4, 127.0.0.5, 
   127.0.0.6, 127.0.0.7, 127.0.0.8, 127.0.0.9, 127.0.0.10, 127.0.0.11, 127.0.0.12")
   
   Return blc
End Function 'CreateChecker

Other DNSbl Lists
Want some more listings of DNS servers? Here are a few more lists.
http://www.declude.com/Articles.asp?ID=97
http://www.moensted.dk/spam/
http://www.dnsstuff.com/

Below is a table of DNSbl servers. We recommend you visit the links listed below and determine the best DNSbl for your scenario  Some servers are extreme, and blacklist on the smallest infraction, while others take a while to get listed. If you are aware a DNSbl, not listed below, feel free to email us, so we can update the list.

DNSbl Service	Results	Comments (taken from respective DNSbl website)
ADNSBL http://antispam.or.id/ Lookup Server: dnsbl.antispam.or.id	127.0.0.2	We identify spam sources - whether intentional or not - at the time they are sending spam. Not before and not after. Since knowing EXACTLY when a host is sending spam is as easy as sending people to Pluto, we decide to do the next best thing. We ESTIMATE when a host is sending spam or not based on the number of recent spam samples from that particular host.
AHBL Abusive Hosts Blocking List www.ahbl.org Lookup Server: dnsbl.ahbl.org	127.0.0.2 - Open Relay 127.0.0.3 - Open Proxy 127.0.0.4 - Spam Source 127.0.0.5 - Provisional Spam Source Listing block (will be removed if spam stops) 127.0.0.6 - Formmail Spam 127.0.0.7 - Spam Supporter 127.0.0.8 - Spam Supporter (indirect) 127.0.0.9 - End User (non mail system) 127.0.0.10 - Shoot On Sight 127.0.0.11 - Non-RFC Compliant (missing postmaster or abuse) 127.0.0.12 - Does not properly handle 5xx errors 127.0.0.13 - Other Non-RFC Compliant 127.0.0.14 - Compromised System - DDoS 127.0.0.15 - Compromised System - Relay 127.0.0.16 - Compromised System - Autorooter/Scanner 127.0.0.17 - Compromised System - Worm or mass mailing virus 127.0.0.18 - Compromised System - Other virus 127.0.0.127 - Other	The AHBL is a project of the Summit Open Source Development Group. It is designed to replace the old and no longer functional blackholes.2mbit.com (AKA Summit BL). More Info www.ahbl.org
Blars Block List www.blars.org Lookup Server: block.blars.org	127.0.0.1 Spam sending domain 127.0.0.2 Multi-hop relay 127.0.0.4 Dialups not in MAPS DUL 127.0.0.8 Wants spam compainers to jump through hoops 127.0.0.16 No working abuse address 127.0.0.32 Hosts spamers web sites 127.0.0.64 Hosts spammers email dropboxes 127.0.0.128 breakin attempts ------------------------------- 127.0.1.x sued or prosecuted DNSBL lister 127.0.2.x DOS attack 127.0.4.x supplier of spamware 127.0.8.x knowingly supports spammers 127.0.16.x Legal threats 127.0.32.x attempted mail relay exploits 127.0.64.x attempted formmail exploits	The BlarsBL is maintained by Blars at his wim. Use for any purpouse should be done at your own risk, and Blars is not responsible for use by anyone but himself. In general, an entire netblock is added rather than just a single IP or customer of a larger ISP. (For example, if hugeisp has a /16 that they allocate a single /24 to spamcustomer, the /16 will be listed rather than just the /24.) An entire ISP may be added if they show a pattern of rejecting valid spam complaints for invalid reasons.
Blitzed Open Proxy Monitor opm.blitzed.org   Lookup Server: opm.blitzed.org.	In opm.blitzed.org, the A record has an IP address of 127.1.0.x where x is a bitmask of the types of proxy that have been reported to be running on the host. The values of the bitmask are as follows: WinGate 1 SOCKS 2 HTTP CONNECT 4 Router 8 HTTP POST 16	Blitzed is an IRC network, and therefore the DNSBL was originally focused on and built from evidence of IRC abuse. Very quickly however it became obvious that spamtraps could provide just as much (if not more) evidence of open proxy abuse, and now more than 50% of our list content comes from spam.
Composite Blocking List cbl.abuseat.org Lookup Server: cbl.abuseat.org	127.0.0.2	The CBL takes its source data from very large spamtraps, and only lists IPs exhibiting characteristics which are specific to open proxies of various sorts (HTTP, socks, AnalogX, wingate etc) which have been abused to send spam, worms/viruses that do their own direct mail transmission, or some types of trojan-horse or "stealth" spamware, without doing open proxy tests of any kind.
CSMA bl.csma.biz Lookup Server: bl.csma.biz	127.0.0.2	McFadden Associates professionally manages a number of high-volume Internet mail servers. These servers run software packages including MailScanner and SpamAssassin to scan all mail passing through these servers. Based on a number of algorithms, a "score" is assigned to each e-mail. Whenever a "high sscoring" SPAM is received--mail that is junk beyond reasonable doubt--it is filtered and its details recorded in this database. (For more information on MailScanner and SpamAssassin, see their respective websites.) We currently maintain two databases: bl.csma.biz and sbl.csma.biz. The first database contains only aggressive hosts that have spammed repeatedly during a short timeframe. The second database is a bit more aggressive, recording all hosts that have generated spam within a 45-day period.
CSMA bl.csma.biz Lookup Server: sbl.csma.biz	127.0.0.2	The more aggressive of the McFadden Associates databases, recording all hosts that have generated spam within a 45-day period.
DeadBeef.Com spam.deadbeef.com   Lookup Server: bl.deadbeef.com	127.0.0.2	Why do I have a blacklist? Because I don't want to get spam from irresponsable ISPs. Basically, if there is no way to contact an ISP to report abuse, then they are auto-blacklisted.
Distributed Server Boycott List dsbl.org Lookup Server: list.dsbl.org	127.0.0.2	(trusted users only): single stage open smtp relays open proxies allowing the CONNECT command webservers using a non-secure formmail
Distributed Server Boycott List dsbl.org Lookup Server: multihop.dsbl.org	127.0.0.2	(trusted users only): outputs of multi-hop open relay
Distributed Server Boycott List dsbl.org/usage Lookup Server: unconfirmed.dsbl.org	127.0.0.2	open smtp relays open proxies allowing the CONNECT command webservers using a non-secure formmail servers with unaccountable users, since a user of an ISP will be able to submit the mail servers of his/her own ISP for inclusion into DSBL; this will probably get many of the free email services and free ISPs listed, especially the unattentive ones that let spammers use their services
JAMM Consulting's spam blocklist www.jammconsulting.com Lookup Server: dnsbl.jammconsulting.com	127.0.0.2	This blocklist is very aggressive and will likely lead to false positives. Anyone using it understands and agrees: Anyone using this list does so at their own volition and JAMM Consulting is not liable for any outcomes from the use and/or misuse of this list.  If you disagree with this policy, do not use this list for any purposes whatsoever.
kundenserver relaytest.kundenserver.de Lookup Server: relays.bl.kundenserver.de	127.0.0.2	When our mail cluster receives mail from a host, this host is scheduled to be checked for being an open relay (see http://mail-abuse.org/tsi/ for closer information on the subject of such unsecured mail servers and how to fix this security problem). Relaytest.kundenserver.de attempts to relay a mail via this host and as soon as the mail is received at relaytest.kundenserver.de, we'll list the affected host as an open relay.
LNSG www.leadmon.net Lookup Server: spamguard.leadmon.net	127.0.0.2 127.0.0.3 127.0.0.4 127.0.0.5 127.0.0.6	This is a personal RBL, not intended for any specific usage. If you use this list, then use it at your own risk, as it's here for me to personally use to stop SPAM to my personal servers.. I do my best to not list any innocents, only legit sites that fit the categories below. Still I can't assure anyone of 100% accuracy. Comments on the results Dial-Up/Cable/DSL IP Addresses. These are generally determined by manually looking at the reverse DNS names. If you have a real mail server in one of these blocks, please let me know so I can correct this list, but you will also be tested to verify you're not an open relay. Note that this list contains Cable Modems, DSL, Dial-Up netblocks. Being on this list does NOT mean you are a SPAMMER, it means you are connected to the net via DSL/Cable/Dial-Up Modem, and your DNS shows this to be the case. You *should* be using your upstream ISP's mailserver. So writing to us cursing that we are acusing you of being a SPAMMER and to remove you from this list will not get a reply. We don't force any ISP to use this part of the list, it's here for information only, people can do what they please with it. The IP returned by this list on a positive query is 127.0.0.2 if you care to test for it specifically.   Individual SPAM Sources. The addresses in here are gotten from E-Mail that I have received that was SPAM. If you have inherited such IP address space, please let me know and we will remove you, but should we get additional SPAM from your IP will be added back to the list. The IP returned by this list on a positive query is 127.0.0.3 if you care to test for it specifically.   Bulk mailers that don't require confirmed opt-in from their customers, or that have allowed known spammers to become clients and abuse their services. The IP returned by this list on a positive query is 127.0.0.4 if you care to test for it specifically.   Single-Stage Open Relays that are not listed on one of the other active RBL's. The IP returned by this list on a positive query is 127.0.0.5 if you care to test for it specifically.   Multi-Stage Open Relays. chains that have sent spam to us, and are not listed on of the other active RBL's. The IP returned by this list on a positive query is 127.0.0.6 if you care to test for it specifically.   SpamBlock Sites Sites on this listing have sent us direct SPAM, but when looking up the rDNS information on the spam's IP, we realize it's an entire Class-C that has NO DNS mappings as well. So as it's a range with identified SPAM, and no way to isolate the range, we block the entire block.
NETHER puck.nether.net Lookup Server: relays.nether.net	127.0.0.2	Any host that sends e-mail to an invalid username @ puck.nether.net or @nether.net is tested to insure that it is not an open-relay. due to the proliferation of spam due to open-relays we have found this to be a necessity.
NJABL Not Just Another Bogus List njabl.org Lookup Server: dnsbl.njabl.org	127.0.0.2 - open relays 127.0.0.3 - dial-up/dynamic IP ranges  127.0.0.4 - Spam Sources 127.0.0.5 - Multi-stage open relays 127.0.0.8 - Systems with insecure formmail.cgi 127.0.0.9 - Open proxy servers	NJABL.ORG is Not Just Another Bogus List. This effort began out of frustration with the amount of spam coming into our networks and with the lack of options for an existing dnsbl with policies and stability we could live with.
ORDB www.ordb.org Lookup Server: relays.ordb.org	127.0.0.2	ORDB.org is the Open Relay Database. ORDB.org is a non-profit organisation which stores a IP-addresses of verified open SMTP relays.
Passive Spam Block List psbl.surriel.com Lookup Server: psbl.surriel.com	127.0.0.2	An easy-on, easy-off blacklist that doesn't rely on testing and should reduce false positives because any user can remove their ISP's mail server from the list.
RANGERS rbl.rangers.eu.org Lookup Server: rbl.rangers.eu.org	127.0.0.1 see TXT record 127.0.0.2 spam source 127.0.0.3 spam supporting ISP 127.0.0.4 dynamic IP range, dial-up or DSL line with randomly assigned address 127.0.0.5 multistage open-relay 127.0.0.6 abusable web2email gateway 127.0.0.7 abusable unconfirmed subscription 127.0.0.8 other spam source 127.0.0.9 virus/worm source 127.0.0.10 misconfigured anti-virus scanner sending false notifications	IP addresses and ranges are listed based on spam received by users of several mail servers and a number of published and unpublished spamtraps (reactive listings) as well as publicly available evidence of spammer operations (preventive listings). No nominations are accepted.
Spamhaus www.spamhaus.org Lookup Server: sbl-xbl.spamhaus.org	127.0.0.2	The SBL is a realtime database of IP addresses of verified spam sources (including spammers, spam gangs and spam support services), maintained by the Spamhaus Project team and supplied as a free service to help email administrators better manage incoming email streams.
SORBS www.dnsbl.us.sorbs.net Lookup Server: dnsbl.sorbs.net	127.0.0.2 - Spam and Open Relays 127.0.0.3 - Open SOCKS servers 127.0.0.4 - Open Proxy Servers 127.0.0.5 - Open SMTP Relays 127.0.0.6 - Sent SPAM to SORBS admins 127.0.0.7 - Vulnerable Lists 127.0.0.8 - Blocks 127.0.0.9 - Network Hijacked 127.0.0.10 - Dynamic IP 127.0.0.11 - Bad DNS Setup 127.0.0.12 - No Mail Should be Sent from this Domain	SORBS is an acronym for Spam and Open Relay Blocking System. This is not strictly accurate as a description though, as it stops Open Proxy servers and machines that appear to be hacked sorces of spam, as well as Open Relays.
SPAMBAG www.spambag.org  Lookup Server: blacklist.spambag.org	127.0.0.2	This is the traditional distribution method, via a DNS zone. The DNS zone is blacklist.spambag.org. It is suitable to be used as a typical E-mail filters, and most popular mail servers already have the ability to access DNS-based lists.
SpamCannibal www.spamcannibal.org Lookup Server: bl.spamcannibal.org	127.0.0.2	SpamCannibal is a free software toolkit to help stop DoS attacks, UBE (Unsolicited Bulk Email), UCE (Unsolicited Commercial Email), and other spam from reaching your network and your mail servers.
SpamCop www.spamcop.net Lookup Server: bl.spamcop.net	127.0.0.2	This blocking list is somewhat experimental. This system and most other spam-filtering systems should not be used in a production environment where legitimate email must be delivered. Many end-users and administrators have decided that risking the loss of legitimate email is worth the benefit of blocking most spam. As a result, this list is now used widely and it's reputation for blocking spam while reducing the risk of erronious blocking is growing.
SPEWS1 www.spews.org Lookup Server: l1.spews.dnsbl.sorbs.net	127.0.0.2	The SPEWS Level 1 & Level 2 data can be accessed from their multi-zone spam prevention database (l1.spews.dnsbl.sorbs.net / l2.spews.dnsbl.sorbs.net). Use of their system is also free.
SPEWS2 www.spews.org Lookup Server: l2.spews.dnsbl.sorbs.net	127.0.0.2	A less strict list of l1 (contains all of l1's entries).
UCEB www.uceb.org Lookup Server: blackholes.uceb.org	127.0.0.2: The address is known to us as an open SMTP relay server. 127.0.0.3: The address is known to us as a host that has sent spam in the past. 127.0.0.4: The address is known to us as part of a network of spam originating hosts. 127.0.0.5: The address identified as dial-up host that has sent spam in the past. 127.0.0.6: The ISP that holds this address is not willing to undertake any actions against spam or does not answer spam complaints. 127.0.0.7: The holder of this address asked us not to test the SMTP servers open relay status. 127.0.0.8: The address is known to us as a host that has sent spam in the past and fakes the SMTP head to prevent domain name based spam	In late summer 2001 I started a new blackhole list of sites that send SPAM to me. I add any IP addresses of mailservers that are used to send SPAM, mailservers that are used as relay to send SPAM and mailservers of organizations that support or even make money with sending these floods of commercial emails! I am a "hardcore spam blocker". My motto is: first block the access, then talk. If I recevie a SPAM mail I add the senders address to my list without informing any abuse@ or postmaster@ accounts or ISP's who own the address.
WPBL - Weighted Private Block List http://www.wpbl.info/ Lookup Server: db.wpbl.info	127.0.0.2	WPBL is a fully automated real-time blocklist that uses distributed mail sightings from many users to list IP addresses that are relaying spam. Our goal is to list individual IP addresses that are actual spam sources as judged by highly accurate statistical (mostly bayesian) filters running on real email accounts.