[Dshield] RBL deaths OT?

Stephane Grobety security at admin.fulgan.com
Thu Sep 25 16:49:36 GMT 2003


DS> So lots of RBLs are dying.  That's because they're free.  Why isn't
DS> there a commercial one?  

Actually, there is several paying RBLs services you can use but most
of them only make you pay for zone transfer (check
http://mail-abuse.org/feestructure.html for instance).

Another semi-paying service is spamcop (which I find rather
effective). It's paid by people that want to submit mail "in bulks"
and want to report spam faster than simply using the free interface.

DS> A network with 100 'average' users might receive 1000 emails daily? 
DS> What is that in bandwidth?  3k per positive spam lookup, maybe 1k for
DS> negative spam result lookups?  300k per site per day?  100,000 similar
DS> clients using the RBL would generate 30000Mb of bandwidth?  a T3 with
DS> 45Mbps should be able to handle that much data in under 2 hours, right,
DS> so spread out over all day would work, right?  With room to grow?

Actually, the problem isn't the "users", it's the DDoS. Modern
spammers have created networks of zomby machines that they use for
relaying their crap and, once they have been effectively blocked, are
then used to DDoS the RBLs. This is made worse by the fact that DNS
queries are extremely easy to spoof so blocking the source is rather
hard. But it takes only a few users on DSL/Cable to overload a T3.

For the rest, you might want to contact the folks at MAPS
(http://mail-abuse.org/) and ask your questions... if they are willing
to answer.

Good luck,
Stephane




More information about the list mailing list