[Dshield] DNSBL
Tomas L. Byrnes
tomb at byrneit.net
Thu Jul 12 21:34:18 GMT 2007
I have found spamhaus to be pretty reliable, although of late they have
taken to being a bit heavy handed in blocking large amounts of IP space
that has not actually spammed, just because it is in the same AS as
others that have:
http://www.spamhaus.org/organization/statement.lasso?ref=6
http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/articl
e1895457.ece
No PTR or MAIL FROM with no MX for the domain are clearly good reasons
to block.
MAIL FROM where the MX of the zone isn't the corresponding MTA is more
problematic, since there are often send-only MTAs for larger networks.
Actually, more often there are lots of receive only MTAs, since
filtering SPAM takes much more resources than simply sending mail, but
you don't want the sending MTA to be bogged down processing the
spammers, so you don't publish it as an MX, or allow inbound SMTP to it.
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Tom
> Sent: Thursday, July 12, 2007 7:25 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] DNSBL
>
> At 9:56 AM -0400 7/10/07, Rick Leir wrote:
> >list-request at lists.dshield.org wrote:
> >
> > > list.dsbl.org, dul.dnsbl.sorbs.net, zen.spamhaus.org and >
> > combined.njabl.org. Of these, demonstrably dul and list
> block against
> > > dynamically assigned ranges.
> >
> > > I have to say that I'm wildly, ecstatically,
> enthusiastic about the
> > > results from these blocks, up to 1500 a day. I monitor
> refused mail
> > > closely, every day (and have done for the past 4 years),
> and have to
> > > now seen not one false positive from these DNSBLs - YMMV.
> >
> >1/ Your efforts are commendable. Most admins are not able
> to put that
> >much effort into it.
> >
> >2/ False positives are needles in a haystack, laborious to identify.
>
> Actually not so hard especially if you provide an informative error
> response.
>
> >3/ If a system depends on labour at the level you have exerted, I am
> >sorry to say, it is in general sure to fail. We will have to put up
> >with a nonzero rate of false positives.
>
> zen.spamhaus.org is extremely reliable, imho, as is rejecting on no
> PTR records and on a MAIL FROM that does not have valid entry (per
> 2821)
>
> Tom
> --
>
> Tom Shaw - Chief Engineer, OITC
> <tshaw at oitc.com>, http://www.oitc.com/ US Phone Numbers: 321-984-3714,
> 321-729-6258(fax), 321-258-2475(cell/voice mail,pager) Text Paging:
> http://www.oitc.com/Pager/sendmessage.html
> AIM/iChat: trshaw at mac.com
> Google Talk: trshaw at gmail.com
>
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC. 56 courses, SANS
> top instructors, and a great tools and solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
>
More information about the list
mailing list