HASHBL blocklists store blocklisted data as one-way cryptographic hashes (tokens) rather than as unencrypted strings. Otherwise, they work in the same way as IP or domain-based blocklists; they provide a list that mailservers or spam filters consult to determine whether to accept, filter, or reject inbound email.
Cryptographic hashes are a useful method of listing data in blocklists for several reasons:
- Hashes are secure and private. Cryptographic hashes are one way: they render data elements unidentifiable and unretrievable unless you already have the unhashed element. For example, you can check an email address, telephone number, or instant messaging (IM) account against an appropriate HASHBL, but you cannot recover the unhashed list from that HASHBL. HASHBLs avoid legal constraints on the storage and sharing of personally identifying information (PII) because they do not contain that information in a retrievable form.
- Hashes consist of usable data types. All cryptographic hashes used for HASHBLs consist of alphanumeric characters only, all of which can be used in hostnames. A HASHBL can be used to list data elements of any length or type that can be hashed, even if the unmodified elements could not be listed on a DNS-based blocklist.
- Hashes are of predictable lengths. A cryptographic hash of a particular type is always the same length. Two common types of cryptographic hash, MD5 and SHA1 hashes, fit the size constraints of hostname sections (labels) in DNS.
The first MSBL project, the Email Blocklist (EBL), makes use of hashes for all of these reasons. Additional blocklists that list other types of email addresses, and other data, are currently being planned or under development.