Dead Letter Office: What is an Internet Black Hole?

internet black hole

The day has come, you are launching your website, throwing open the doors of your business and putting yourself out to the world. You wait, anticipation building, for that first customer to appear. Your inbox clicks up from zero to one, and you open it to address your first client only to find?

It’s spam.

Of course, it is spam. Spam counts for 60%+ of all email traffic. Individual spam emails are annoying, but for a business, it is an annoying EXPENSE.

Every email you have to delete manually takes time out of your budget. Spam email invites phishing schemes, trojans, and worms. Combatting these problems can be an involved task if one goes in unprepared.

This is why solid web hosting sites and IT professionals use email defense programs and protocols. One of the most effective ways of handling spam and junk email is the internet black hole.

What is that and how does it help you? Read on for a complete breakdown of this widely used technique.

Internet Black Hole Defined

A black hole is a fairly emotive descriptor for what is basically a way to not see undirected emails. People in the publishing and letter carrier fields have been using such evocative language for a long time.

Unsolicited manuscripts go into slush piles, letters without enough postage or incorrect information go into the dead letter office. We like to toss unwanted communications into trash bins, to terminate them, or to shred them.

Naming a process of removing clutter after the most destructive force in the universe isn’t just tempting but appropriate. The more you learn about the real thing, the more the metaphoric use seems fitting.

Essentially, an internet black hole, as well as its reactionary cousin, the remotely triggered black hole (RTBH), removes the undirected email by not allowing it to arrive.

Internet black holes prevent emails that are not directed from even arriving. these are not bounced or strictly speaking, sorted. They fall off of the internet before they hit your ISP, meaning no drain on your resources. Best of all, the sender has no idea what happened, providing them only the feedback that the email vanished.

The first version is an always-on style that looks for whitelisted or directed emails to allow through. The second version, RTBH, scans for selected flags in email and then drops them into the void once detected.

The purpose of black holes goes beyond limiting spam and junk emails. Blackholing protects resources and prevents further reaching problems from forming. To understand these effects, you need to understand how spammers make their attacks.

Spammer Methods

Spammers utilize a combination of techniques to get their bogus emails to your inbox. The purpose behind these efforts is to acquire data that can be used for their gain.

Gains can include direct monetary profiting from selling the information they acquire or from fraudulently requesting money from recipients.

Information can also be used in-house. Worm emails locate and extract information on client databases and profiles. This information is then used to send spam to your clients and contact lists.

In some rare cases, spam is sent specifically to overload and overtax a business. This may be about increasing costs to filter the good information from the bad. Most often, this is done to overload the system and shut it down altogether.

These types of Direct Denial of Service (DDOS) attacks are incredibly common, with nearly 33% of businesses being effected in 2017.

Traditional Spam Handling Problems

Clearly, restricting and banishing spam have benefits for a business. It prevents damage to their limited resources and protects their employees and customers.

However, traditional methods of email filtering have side effects. To clarify, the methods at stake here are:

  • email forwarding
  • email bouncing

These methods can be started by creating a white list for accepting the content or a blacklist for rejecting.

Email Forwarding

Forwarding first requires an email server or service to take in all of the spam and then move it to a secondary location(s). You can see the problem immediately; this not only allows the problems of DDOS and worm implanting to occur, it then duplicates the issue by doubling resource use.

Working in the opposite direction isn’t the kind of solution anyone wants.

On top of this, emails have protocols embedded in the headers that indicate if an email was received, opened, or otherwise directed. These header tags were designed to help email services from constantly sending bad emails and are sued internally by offices to confirm if emails are being received or viewed.

Like all tools built for benign purposes, spammers have found ways to use these for ill. Specifically, if they know an email has been opened, they have a reason to try again. If an email is received, but not opened, they know it is a real address.

A real address hit has a value in itself for selling lists of active and answering addresses to other spammers. This value comes from the way that most spam begins, in which a dictionary attack is used to spam words to an address matrix.

Email Bouncing

Bouncing emails works better by not multiplying resource usage. However, a bounced email still arrives, which can reveal that an email is active. The more significant problem is that most spam is not sent from a fake address but a stolen or spoofed address.

Bouncing emails, especially a large number of emails sent wholesale to an business address, can result in hundreds of emails bouncing into an unsuspecting civilian’s inbox.

Not only does this ruin the day of some civilian, but it can also lead to poor advertising for your company. These emails, showing information directed at or including your addresses. This makes those receiving the bounced email think it is you spamming them.

The Scalability Problem

Even if you don’t see a problem with spammers at the moment, the burden on resources increases significantly as you scale up your website.

First, your scaling efforts may be triggered by a data error. You assume a traffic flow that justifies the scaling based on users that don’t exist.

Second, the drain on resources as you scale isn’t a linear curve. The actual website that generated the term slashdot effect may no longer exist, but the problem does. A sudden tip in traffic can disable your site causing loyal users to turn away and new users to not try again.

Building an Internet Black Hole

There are multiple ways to build black holes into a network. The direct effect of dropping emails out of existence remains the same, but the scope of what gets obliterated changes.

  • Stealth Ports
  • MTU Black Hole

These common setups range in difficulty of execution and where in a network chain they occur.

Stealth Ports

You create this black hole inside a network firewall. The firewall forbids the information and also refuses requests for a ping. This both rejects the content and provides the sender with no information on the layout or scope of a network.

This is especially handy when you don’t want to reveal if your IP is being used through a commercial or residential port.

MTU Black Hole

You don’t want your black hole filter to toss things you need. One place this gets tricky is when ICMP packets are too large and get discarded based on their size alone. Changing a maximum transmission unit (MTU) size keeps this from happening.

In cases where limiting responses and requests to strict text is allowed, a low MTU is a great way to remove virus loads. This also stops clogs to your network from unsolicited picture and video files.


A blanket approach to creating a black hole, this is the domain name system (DNS) version.

This uses information created through an ISP to create a zone defense, blocking or blacklisting known spammers.

As a DNSBL is a software filter, not a policy filter, it is programmed and maintained outside of your control. These are great plug-ins for getting a black hole started, but are not one size fits all.

There are many DNSBLs out there, so finding the right one for your needs is a matter of shopping around.

Additional Benefits

Internet black holes aren’t only defensive tools. You can send messages from a black hole address to prevent replies.

This is useful for avoiding email chains when dealing with frivolous or nuisance questions about your business.

Another place to use a black hole is when there is no reply required. If you change the date of an event, update an address, or deliver other information to customers there is no reason to make that a two-way door.

Get Hosted

As the Internet continues to mature (going on 35 years now), it continues to change. Staying on top of the knowledge needed to use it as a useful tool must change as well.

For a business, knowledge of techniques like internet black hole filters is crucial to maintaining an edge.

Fortunately, outsourcing this knowledge acquisition is both easy and affordable. Contact us for more information on all of your web hosting and web security needs.