North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: RBLs in use
Suresh Ramasubramanian wrote: You need a fairly wide coverage of BLs. # Open proxies - http://opm.blitzed.org and http://proxies.blackholes.easynet.nl I would add the SORBS http and SORBS socks lists to this. # Open relays - http://www.ordb.org I'd add VISI to that too. CBL tends to list only open proxies and spam trojans, but there's a few "classic viri emitters" (ie: Yaha) and a _very_ small number of "grossly misconfigured mail servers" in it too. All of which you want to know about anyway.# Dialup and DSL/cable dynamic IPs - http://dynablock.easynet.nl # Current spam sources - http://cbl.abuseat.org [strongly recommended] What you can do is do zone downloads of the open relay/proxy/CBL lists above and correlate them to your own netblocks. _Very_ helpful in finding compromised systems. With dynablock, you may want to audit it for accuracy against your IP allocations. They're responsive to update requests. SBL/SPEWS identifies your spammers. But as Suresh says, be careful to interpret the SPEWS listings correctly, so you nail the spammer, not the collateral damage. There are a lot more DNSBLs, but the above ones are the most respected, important and useful for your purposes. XBL & Spambag, for example, are too rabid to worry about. Anybody who uses them gets what they deserve.
|