North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: example.com/net/org DNS records

  • From: Brian Bruns
  • Date: Mon Jan 05 16:12:45 2004

On Sunday, January 04, 2004 4:43 PM [GMT-5=EST], Roger Marquis
<[email protected]> wrote:

>>  If UCE happens to contain a forged sender
>> of roble.com, would you consider that even remotely useful in a filter?
>
> Yes.  Roble manages several email gateways for companies other than
> ourselves and we've found that rejecting invalid domains and senders
> is an indispensable component of spam filtering.  Not only is it
> effective it is also 100% false-positive proof (so far).

But, it has to be done carefully.  Our RHSBL (part of the AHBL) is based on
this idea - but, we are extremely careful in what we block exactly.  A single
wrong block (aol.com for example) could have really bad side affects for
anyone using the list.  As such, the best way to use a domain style block is
to try and only use it on the mainsleeze spammers for example, that spam from
their (many) domains they own.

We had to do this with topic's spammy domains in order to allow our users to
keep getting messages from mailing lists hosted off of topica's main domain.

Each type of blacklisting has to be carefully thought out, and implemented
correctly.  A combination of a DNSbl, a RHSbl, a whitelist, and something
similar to spamassassin gives you the flexability to block alot of spam
without needing to block everything outright.


-- 
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org

The AHBL - http://www.ahbl.org