[Dshield] Need some help testing

Tomas L. Byrnes tomb at byrneit.net
Tue Jul 10 14:43:02 GMT 2007 

I have specifically had multiple false positives on the dul, so often
that I don't use it. I haven't experimented with dsbl.

Glad it works for you. My guess is you have a fairly constrained set of
peers that are local (probably geographically) to you. 

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Tony Earnshaw
> Sent: Monday, July 09, 2007 8:55 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Need some help testing
> 
> Tomas L. Byrnes skrev, on 09-07-2007 05:20:
> 
> > I'm not even sure what points you are trying to make, so I 
> will try to 
> > address the ones I think you are, and give my responses:
> > 
> > Are you saying that "dynamic" IP filtering is widespread? If so, I 
> > agree.
> > 
> > Are you saying that blocking SMTP traffic from "Dynamic" IP 
> addresses 
> > is a best practice? If so, based on direct personal experience, I 
> > disagree vehemently. While, in theory, no-one should have a truly 
> > dynamic IP address as an MX or SMTP peer, the extant lists of what 
> > constitutes "Dynamic" address space are, in my direct 
> experience and 
> > NSHO, wildly inaccurate. As such, since there is no way, in the 
> > current Internet, to really know if an IP is static or dynamic, 
> > blocking "Dynamic" IP addresses exacerbates the "Scorched Earth" 
> > problem of traditional RBLs, for a limited net gain in SPAM 
> filtering.
> 
> Well, my main mail site (Postfix 2.4.3 with milters and all), 
> that of Barlaeus High School in Amsterdam (there's only one 
> real Amsterdam), uses 4 DNSBLs as one of our multiple 
> measures in blocking spam - list.dsbl.org, 
> dul.dnsbl.sorbs.net, zen.spamhaus.org and combined.njabl.org. 
> Of these, demonstrably dul and list block against dynamically 
> assigned ranges.
> 
> I have to say that I'm wildly, ecstatically, enthusiastic 
> about the results from these blocks, up to 1500 a day. I 
> monitor refused mail closely, every day (and have done for 
> the past 4 years), and have to now seen not one false 
> positive from these DNSBLs - YMMV.
> 
> Best,
> 
> --Tonni
> 
> --
> Tony Earnshaw
> Email: tonni at hetnet dot nl
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 
> courses, SANS top instructors, and a great tools and 
> solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
>

More information about the list mailing list