[Dshield] Need some help testing

Mar Matthias Darin BDarin at tanaya.net
Fri Jul 6 19:05:04 GMT 2007 

Hello, 

jayjwa writes: 

> The original poster posted and asked about something. The project was 
> moved/gone/moved on but I found out what happened to it. Not only that, but I 
> Googled for the download point, got the files home, zipped them up nicely, and 
> set them on their way with a small note referring to what was originally asked 
> about. Approx. 45 minutes was used to do this, for someone I never previously 
> had contact with.

Since I am the original poster of this message/thread, I belive you may have 
confused this thread with another of the same subject...

> I glad you created a tool to fight spam, and happy it's for Linux too, but you 
> created something to help people block and snuff out me, and those like me 
> (however small numbers there may be): not because of I'm a spammer or who I 
> am, or what I'm sending or how much, but because of the technical way that I'm 
> connected to the rest of you, which incidentally is a limitation on the 
> resources I have at hand for the time being. That's what it will be used for, 
> regardless of if you designed it to enforce AUP or anything else.

I have made every attemp possible to prevent false positives.  Plus several 
very nice people have contributed whitelists of IP addresses/domains that 
should be exclude from testing.  The SANS server that sends out the DShield 
list is a good example of a dynamic IP address that should not be filtered.  
Haphazard use of DynaStop will only lead to massive mail loss. 

DynaStop does not examine any emails at all, only the IP address based 
solely on patternistic analysis stemming from research I began in 1999. 

In 2005, the IETF realized the importantance of this research and made a 
draft for ISPs to begin moving to a formalized method that seperates  
dynamic and non-dynamic IP addresses: 

http://tools.ietf.org/wg/dnsop/draft-msullivan-dnsop-generic-naming-schemes- 
00.txt 

I do understand your frustration with antispam messures left unwatched.  I 
have been there enough times myself even with a full fledged server. 

DynaStop addresses a very specific type of spam and sets out (through 
concise analysis) to eliminate that spam.

More information about the list mailing list