[Dshield] Where should you start - I'll wrap it myself

Kenneth Coney superc at visuallink.com
Sun Apr 11 18:57:30 GMT 2004


For the at home user, do what I did.  I was up to 300 Spam or virus 
emails a day.  I took a days worth of Spam and spent a few hours with 
"who is" and the different headers and made a discovery.  Configure your 
firewall or browser (maybe both on some depending on the system 
configuration) fil;ters to decline (not bounce) any IP email sources 
that are not from someone in your own country.  Using Netscape 7.1 that 
weould be "received, contains, [203., etc.."  Here in the US I found 
that about two thirds of  the Spam and viruses I was getting was coming 
from the Asia Pacific group 201., 202., etc and once they were filtered 
and gone I was down to 60 a day.  I next eliminated the RIPE IP numbers 
and that cut the Spam down to a mere trickle (mostly from Canadian IPs) 
of about 10 a day.  After a week of that, I set the filter to decline 
them too.  The two or eight Spam a week from US IPs (mostly RR and Pac 
Bell) I get are forwarded to "abuse@" with intact headers.  I don't know 
if they go in a dead letter box or not, but two to eight a week 
notifying the abuse department is not a chore and that might actually 
accomplish something.   If I want to receive a specific email from a 
specific group, i.e., Diamond labs (203.163.., etc.) in AU, I adjust 
that one specific [203 string to allow their email.  I.e., [203.11, 
[203.12, {203.13, [203.14, [203.14, [203.15, [203.17. [203.18, [203.19, 
[203.2, [203.3, [203.4, [203.5, [203.6, [203.7, [203.8, [203.9  See the 
hole?  Their email fits through nicely although with a little work the 
hole can be made even more narrow while still allowing their email.  And 
once the email exchange is done, I close the hole.  The point is I see 
very little spam and no false positives from the people I want to get 
email from.  I find I have maintained full browser function when surfing 
and get only the emails I want to see.








More information about the list mailing list