[Dshield] RBL deaths OT?

Darren Gasser kaos at earthlink.net
Thu Sep 25 17:00:46 GMT 2003

David Sentelle wrote:
> So lots of RBLs are dying.  That's because they're free.  Why isn't
> there a commercial one?

There is/was.  MAPS ran the first successful RBL and took it commercial some
time ago.  Unfortunately, some bad decisions on their part coupled with
several good free RBLs marginalized them fairly quickly afterwards.  Of
course, there are also several non-RBL commercial anti-spam services like
Brightmail and Postini.

The Spamhaus Block List is still free and still running just fine.  As is
Wirehub (or whatever they're called now).  The big difference between these
guys and the ones that got DDoSed to death is adequate decentralization.
Osirusoft and Monkeys were both dependent on a small number of machines on a
single network, making them ideal targets for a DDoS.

> A network with 100 'average' users might receive 1000 emails daily?

A small business domain I administer with 65 users received 639 messages
yesterday, so this seems pretty close.

> What is that in bandwidth?  3k per positive spam lookup, maybe 1k for
> negative spam result lookups?  300k per site per day?  100,000 similar
> clients using the RBL would generate 30000Mb of bandwidth?  a T3 with
> 45Mbps should be able to handle that much data in under 2 hours,
> right,  so spread out over all day would work, right?  With room to grow?

I think your estimates per lookup are very high.  DNS is a fairly compact
protocol.  Also keep in mind that usage is not going to be uniform
throughout the day.  Over 50% of our e-mail volume happens in a four hour
window on weekdays.

> What's a T3 cost annually?  $500,000?  Any ideas?  I don't even have a
> full T1, and no way to gauge the cost of a T3.

Highly variable, depending on where you are and how much clout you've got
with the various telcos.  I'd estimate an "average" cost per T3 would be
around $10k/month.

> Would 4 servers be enough to handle the load?  Lets estimate that
> those 4 beefy servers would cost a total of $40,000.

Here's the rub.  Unless you decentralize the service and spread it across
many servers on multiple networks you're painting a big fat target on
yourself for the spammers.

I suggest checking out the SPAM-L mailing list; there's a fairly intense
discussion going on right now regarding the critical success factors for
RBLs and what the next generation of spam blocking tools might look like.


More information about the list mailing list