[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Re: Country numbers

To: ASRG list <asrg at ietf.org>
Subject: Re: [Asrg] Re: Country numbers
From: "Walter Dnes" <waltdnes at waltdnes.org>
Date: Sun, 11 Dec 2005 01:19:40 -0500
In-reply-to: <439A2AA0.1E8F@xyzzy.claranet.de>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <B0000001849@nts1.terabites.com> <20051209212444.17559.qmail@xuxa.iecc.com> <439A2AA0.1E8F@xyzzy.claranet.de>
Sender: asrg-bounces at ietf.org
User-agent: Mutt/1.5.11

On Sat, Dec 10, 2005 at 02:08:48AM +0100, Frank Ellermann wrote
> John Levine wrote:
> 
> > By the way, what does any of this have to do with spam?
> 
> Some users try to block IPs "by country", a horrible idea
> for various reasons.

  Hey, I resemble that remark.  From my main blocking filter (I'm a
customer of clss.net)...

###########################
PIREJECTTAIL ar,br,cl,cn,fr,gb,gt,hk,in,id,il,it,jp,kr,my,nl,ng,pl,ro,ru,su,sg,es,za,tw,uk Certain countries (pireject-tail) If yours was a legitimate email see http://www.waltdnes.org/bypass.html to bypass block.
SIREJECTTAIL ar,br,cl,cn,fr,gb,gt,hk,in,id,il,it,jp,kr,my,nl,ng,pl,ro,ru,su,sg,es,za,tw,uk Certain countries (sireject-tail) If yours was a legitimate email see http://www.waltdnes.org/bypass.html to bypass block.

[...deletia...]

# 0.32 = Argentina; 0.76 = Brazil; 0.152 = Chile 0.156 = China; 0.250 = France;
# 1.88 = Hong Kong; 1.100 = India; 1.104 = Indonesia; 1.120 = Isreal;
# 1.124 Italy; 1.136 = Japan; 1.154 = Korea, South; 1.202 = Malaysia;
# 2.16 = Netherlands; 2.54 = Nigeria; 2.104 = Poland; 2.131 = Russia;
# 2.190 = Singapore; 2.198 = South Africa; 2.212 = Spain; 0.158 = Taiwan;
# 3.58 = United Kingdom
REJECT zz.countries.nerd.dk A 127.0.0.32,127.0.0.76,127.0.0.152,127.0.0.156,127.0.0.250,127.0.1.88,127.0.1.100,127.0.1.104,127.0.1.120,127.0.1.124,127.0.1.136,127.0.1.154,127.0.1.202,127.0.2.16,127.0.2.54,127.0.2.104,127.0.2.131,127.0.2.190,127.0.2.198,127.0.2.212,127.0.0.158,127.0.3.58 %TXT% (zz.countries.nerd.dk) If yours was a legitimate email see http://www.waltdnes.org/bypass.html to bypass block.
###########################

  Those seem to be the main sources of spam (aside from the US, which I
can't really block) aimed at me.  YMMV.  For the US, I block 4/8, 12/8,
24/8, and use various heuristics.  I put the DNSbls last in the checking.
This...
  a) Allows whitelist entries to do their thing
  b) Allows heuristics to check for rejection first.  This, in turn,...
     - Reduces IP traffic for the ISP
     - Reduces load on the DNSbls

  The beautiful part about variable-return DNSbls is that they allow me
to filter umpteen countries *WITH JUST ONE DNS LOOKUP*.

-- 
Walter Dnes <waltdnes at waltdnes.org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- [Asrg] Re: Country numbers
  - From: Frank Ellermann

References:
- [Asrg] Re: Country numbers
  - From: gep2
- Re: [Asrg] Re: Country numbers
  - From: John Levine
- [Asrg] Re: Country numbers
  - From: Frank Ellermann

Prev by Date: [Asrg] Re: A new (?) wrinkle on the spamming problem
Next by Date: Re: [Asrg] draft-irtf-asrg-dnsbl-02.txt
Previous by thread: [Asrg] Re: Country numbers
Next by thread: [Asrg] Re: Country numbers
Index(es):
- Date
- Thread