I have been asked to find out what DNSBLs are in use so my employer can see
what the incidence of its being blacklisted is and how much impact this is
likely to have had on their business.
What DNSBLs are being used by the various agencies represented on NANOG and
how much weighting do you give them. Are there any DNSBLs you would
completely ignore due to data quality issues?
Thanks
Paul
Does this mean that your employer is a spam operator?
T
Nope,
Just an ISP with normal ISP type operational spam problems. I'm trying to
quantify how often we actually appear on RBL, but I want to get some idea of
how much credence to give to appearing on any given list.
For example something like the old Dorkslayers lists should be ignored because
they would blacklist you if you sneezed at the wrong time, however MAPS is
probably a good list.
P.
I run the Abusive Hosts Blocking List (http://www.ahbl.org). We list
everything from spam sources, to spam supporters, open proxies, open relays,
drones, etc.
Its in use on all of the mail servers I help administrate (which includes
several fortune 500 companies, half a dozen regional ISPs, and several .edu
sites), plus SpamHaus, SpamCop BL, SORBS, EasyNet, and several others, which
help balance out protection.
A good list of all known ones is up at:
http://www.declude.com/junkmail/support/ip4r.htm
The only DNSbl which you really should avoid like the plague is the XBL
(which I believe is gone at this point).
In the various places where I've gotten a look at their spam protection,
SpamHaus is very popular, as is SpamCop's BL.
Paul S. Brown writes on 11/20/2003 10:51 AM:
For example something like the old Dorkslayers lists should be ignored because they would blacklist you if you sneezed at the wrong time, however MAPS is probably a good list.
You need a fairly wide coverage of BLs.
# Open proxies - http://opm.blitzed.org and http://proxies.blackholes.easynet.nl
# Open relays - http://www.ordb.org
# Dialup and DSL/cable dynamic IPs - http://dynablock.easynet.nl
# Current spam sources - http://cbl.abuseat.org [strongly recommended]
# Direct spam sources - SBL (http://www.spamhaus.org) and possibly spews.org as well, though spews tends to produce a lot of collateral damage by design. SBL is a lot more surgical.
srs
Suresh Ramasubramanian wrote:
You need a fairly wide coverage of BLs.
# Open proxies - http://opm.blitzed.org and http://proxies.blackholes.easynet.nl
I would add the SORBS http and SORBS socks lists to this.
# Open relays - http://www.ordb.org
I'd add VISI to that too.
# Dialup and DSL/cable dynamic IPs - http://dynablock.easynet.nl
# Current spam sources - http://cbl.abuseat.org [strongly recommended]
CBL tends to list only open proxies and spam trojans, but there's a few "classic viri emitters" (ie: Yaha) and a _very_ small number of "grossly misconfigured mail servers" in it too. All of which you want to know about anyway.
What you can do is do zone downloads of the open relay/proxy/CBL lists above and correlate them to your own netblocks. _Very_ helpful in finding compromised systems.
With dynablock, you may want to audit it for accuracy against your IP allocations. They're responsive to update requests.
SBL/SPEWS identifies your spammers. But as Suresh says, be careful to interpret the SPEWS listings correctly, so you nail the spammer, not the collateral damage.
There are a lot more DNSBLs, but the above ones are the most respected, important and useful for your purposes. XBL & Spambag, for example, are too rabid to worry about. Anybody who uses them gets what they deserve.
Based on what you said in
http://groups.google.com/groups?selm=bneav9%2410frig%241%40ID-169718.news.uni-berlin.de&oe=UTF-8&output=gplain
you appear to be working for BT (British Telecom).
BT have (quite rightly) been repeatedly blocked by DNSBL's and private
lists as a result of their poor record in handling abuse incidents (whether
that's by intent or negligence by way of a colossal management failure is
another debate entirely).
Are you looking to apply leverage internally to arrange for that situation
to change, or are you (perhaps) attempting to gather information which your
employer can use to harass or pursue DNSBL maintainers or other spam foes
in some way?"
I have several individuals privately voicing this suspicion to me, along
with other wild suspicions, like: has BT hired Mark E. "Felonstein" Felstein
to provide legal advice based on his impeccable experience gained in the
E-Marketers of America vs. SPEWS et.al. case?
(http://www.spamhaus.org/legal/index.html)
bye,Kai
Brian Bruns wrote:
I run the Abusive Hosts Blocking List (http://www.ahbl.org). We list
everything from spam sources, to spam supporters, open proxies, open relays,
drones, etc.Its in use on all of the mail servers I help administrate (which includes
several fortune 500 companies, half a dozen regional ISPs, and several .edu
sites), plus SpamHaus, SpamCop BL, SORBS, EasyNet, and several others, which
help balance out protection.
Like what .edu's and fortune 500 companies?
-davidu