[Dshield] Blocking Offending Countries

Kenneth Coney superc at visuallink.com
Tue Jun 28 17:46:33 GMT 2005

Reading the entire thread would have answered your question.  The fact 
that people keep changing it's name every time they reply (as you did) 
probably makes it harder to track the entire thread..  You read a reply 
in the piece in "cut off China," however the thread started in "firewall 
spam reduction link."   China isn't being singled out.  (They are merely 
one of the worst offenders.)  If they send me endless spam or make 
hostile probes I block em.  Cn or Ca or De, don't matter to this PC.  I 
do no business with foreign countries from this PC or with this email 
address.  In 22 years I received one email I wanted to get from someone 
I needed to communicate with in Canada, and about 2,000+ spam from 
there.  Ca is mostly blocked here.  The joy of filters is you can leave 
holes in them.  Simply refusing mail from foreign IPs is good business 
for any stand alone PC.  I doubt that it matters what country the owner 
of the PC is in.  I am hard pressed to come up with a reason someone 
with a stand alone PC in kr or bz or any other country would actually 
want to receive foreign spam or probes. 

The situation does change if we are talking about corporate or 
educational institutions.  The decision making process then becomes 
harder and more complex.  You can't cut off a country your CEO has 
decided to do business with, or in which you have employees.  You can 
however determine which IP ranges in that country generate unwanted 
noise, but no wanted signals, and block them.  You can also (if you have 
authority) block out those ranges from countries you have never and 
probably will never do business with.  Involves time, research and work, 
something we all love.  I see no downside for anyone in blocking out any 
mail from any foreign range you don't do business, plan to do business 
with, or have communications with.  Especially if you get spam on a 
regular basis from that IP range. 

I do not advocate over reliance on the black lists as you are then 
allowing other people to do your work for you (a good thing) and make 
and implement their decisions for/on you (a potentially very bad 
thing).  Use them as a general guide but build your own.  Someone else 
mentioned RAM.  Yes having enough available RAM and CPU speed to deal 
with the filter list when the emails arrive is helpful.  In todays 
world, both should be in the gig range.


More information about the list mailing list