TLD domain changes
Hugo van der Kooij
hvdkooij at vanderkooij.org
Sun Aug 3 12:23:59 IST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Rick Cooper wrote:
| > -----Original Message-----
| > From: mailscanner-bounces at lists.mailscanner.info
| > [mailto:mailscanner-bounces at lists.mailscanner.info] On
| > Behalf Of Scott B. Anderson
| > Sent: Thursday, July 31, 2008 9:41 AM
| > To: MailScanner discussion
| > Subject: OT: TLD domain changes
| > I can't block any email based solely upon its source TLD,
| > even if it is China and I have no Chinese clients because
| > some users may receive legit email from business contacts
| > there, and this goes for a lot of countries, so I think MTA
| > based domain filtering is out of the question. I've had a
| > list in SA to limit the damage this causes but I was
| > wondering about the infinite TLD change coming in a year or
| > so and how to handle it. Do I get a list of the current
| > ones and block everything from the new ones? I'm sure this
| > won't work in the long run, but listing all the bad guys is
| > impossible as well, so I'm thinking about doing something
| > like adding (Spam Score - .5) to all emails from the new
| > TLDs. Would this be easiest for MailScanner, SA, the MTA or
| > some other software (like a milter) to accomplish?
| I rsync the countries list from http://www.blackholes.us/ . I have a
| scripts that pull all the Korea and China ASN cidrs and build iptables
| to block them all together. I also have an exim->perl function that used
| IP::Country to pull the ASN for several other countries that we do not do
| business with and block them. I would imagine you could use either with
| whatever mail server you are using. In three years or so that I have been
| doing this we have only had one issue and that was because the owner was
| selling an aircraft to a Japanese fellow who was using a Taiwanese yahoo
I second the concept of blocking based on AS numbers or specific subnets
if the owner of the netblok is not fighting of spam/malware.
I also found out a way to educate network operators to increase their
awareness of spam/malware originating from their network.
~ 1. Document the complaint and send it to the owner of the netblock.
~ 2. If that fails to stop notorious senders go for the owner of the AS
(unless that happens to be the same team).
~ 3. If step 2 fails then contact all peers for said AS and show them why
they should review their peering deals with that AS and send a copy of
that complaint to the owner of the AS.
In at least 2 cases this resulted in shutting down infected machines
that were firing of spam/malware like machine guns for months.
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the MailScanner