[Dshield] Need some help testing
Tony Earnshaw
tonni at hetnet.nl
Tue Jul 10 03:55:19 GMT 2007
Tomas L. Byrnes skrev, on 09-07-2007 05:20:
> I'm not even sure what points you are trying to make, so I will try to
> address the ones I think you are, and give my responses:
>
> Are you saying that "dynamic" IP filtering is widespread? If so, I
> agree.
>
> Are you saying that blocking SMTP traffic from "Dynamic" IP addresses is
> a best practice? If so, based on direct personal experience, I disagree
> vehemently. While, in theory, no-one should have a truly dynamic IP
> address as an MX or SMTP peer, the extant lists of what constitutes
> "Dynamic" address space are, in my direct experience and NSHO, wildly
> inaccurate. As such, since there is no way, in the current Internet, to
> really know if an IP is static or dynamic, blocking "Dynamic" IP
> addresses exacerbates the "Scorched Earth" problem of traditional RBLs,
> for a limited net gain in SPAM filtering.
Well, my main mail site (Postfix 2.4.3 with milters and all), that of
Barlaeus High School in Amsterdam (there's only one real Amsterdam),
uses 4 DNSBLs as one of our multiple measures in blocking spam -
list.dsbl.org, dul.dnsbl.sorbs.net, zen.spamhaus.org and
combined.njabl.org. Of these, demonstrably dul and list block against
dynamically assigned ranges.
I have to say that I'm wildly, ecstatically, enthusiastic about the
results from these blocks, up to 1500 a day. I monitor refused mail
closely, every day (and have done for the past 4 years), and have to now
seen not one false positive from these DNSBLs - YMMV.
Best,
--Tonni
--
Tony Earnshaw
Email: tonni at hetnet dot nl
More information about the list
mailing list