Barracuda Networks Spam Firewall

• Previous message (by thread): Barracuda Networks Spam Firewall
• Next message (by thread): Barracuda Networks Spam Firewall
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2004-05-19 at 16:24, Eric A. Hall wrote:
> extract hostname from url, dig on hostname, whois on addr, and nine times
> out of ten the host is in a CN netblock. that's from the spam that gets
> into my mailbox.

Yes I understand that is what you meant.  I just did this on 5 spam in
my mail box, I got:

Domain Name: AAFMALE.BIZ (www.aafmale.biz)
Registrant Country: Canada
Resolves to address: 218.232.109.220 (KRNIC-K) (Korea)

Domain Name: PLANENEWS.COM
Registrant Country: France
Resolves to address: 216.92.194.65 (PAIRNET-BLK-3) (United States)

Domain Name: MIRGOS.ORG
Registrant Country: Russia
Resolves to address: 211.198.200.208 (KRNIC-KR) (Korea)

Domain Name: WINSPR.BIZ  (iityvzbtpvw.winspr.biz)
Registrant Country: New Zealand
Resolves to address: 221.233.29.33 (CHINANET-HB-JZ7) (China)

While it is only 5 mails, and certainly nothing to judge by, it does not
seem to be 90%.  Although Korea under APNIC it is not China.

> let me state AGAIN that what I really want is a plugin that allows for
> cidr match-lists so that I can also include the handful of non-enforcing
> hosters in Russia, New York, Florida, etc. One responder also suggested
> ASN matchlists but I'm not that mad.

What sort of plugin?  MTA? MUA?

Going back to my previous e-mail, all of this effort I think is being
placed in the wrong direction.  Focus should be placed on preventing
forgery, and educating users.  If we spent the money we are dropping on
hardware and software to stop spam (its in the BILLIONS) on educating
users and pushing anti-forgery / sender authentication/verification
methods forward, we'd have an easier time of all this.

Cheers,

James

-- 
James Couzens,
Programmer
-----------------------------------------------------------------
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://gpg.mit.edu:11371/pks/lookup?op=get&search=0x6E0396B3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040519/7eda07bf/attachment.sig>

• Previous message (by thread): Barracuda Networks Spam Firewall
• Next message (by thread): Barracuda Networks Spam Firewall
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]