DNSBL — Taking Spam Down To Zero Cptn. Planet Style
Posted on May 17th, 2008 | by admin |Recently I’ve been dealing with all sorts of backscatter NDR spam from Yahoo Mail, Google Groups, you name it. Not to mention the massive spam increase in from our million or so Zombie friends who are too cool to run Windows Update. Seriously the signal to noise ratio looked like a mid-90s warez fserve.
The mail organizer was getting borky and the MTA stacks were going down on me, like, not in the good way.
Now I obviously don’t expect you all to understand this mail administrator technical jargon but suffice it to say the Exchange server was sucking in spam like a spam sucking vacuum cleaner set to medium.
Solution: DNS Blacklists. Basically they’re big DNS style lists of known spammy addresses that you can easily set your mail server to check new mail against and deal with accordingly.
I had been using the MAPS blacklist since 2003 but hadn’t looked into alternatives since. While researching the other day I ran across this site which has been comparing several blacklists weekly since 2001!
Since implementing the spamhaus, dsbl, sorbs, and spamcop blacklists a few days ago and setting the filters to tag I’ve noticed nearly all spam in my inbox tagged by these guys. I’ll give it a few more days before flipping the switch to send the crap to the bit bucket but for now I’m looking out for false positives.
Anyone else have similar experiences?
3 Responses to “DNSBL — Taking Spam Down To Zero Cptn. Planet Style”
By Jeppe Toustrup on May 17, 2008 | Reply
Blacklists can be very effective but, in my experience, nothing beats greylisting.
I’ve been working at a webhosting company in Denmark, where we had two mailgateways to keep most of the spammails away from the mailservers. They both used DNSBLs and greylisting.
Now I work at a company selling dedicated customers, and sometimes I check our entire IP range against the most common blacklists like Spamhaus, in order to get a hint on which of our customers we have to keep a closer eye on, in regard to spam activity.
By Ali on May 17, 2008 | Reply
I hate using DNS blacklisting as i found out once that our whole subnet was blacklisted just because one customer was sending spams… and getting those ip out was a pain…
anyhow I agree with Jeppe, greylisting is topnoch
By Lex on Jun 4, 2008 | Reply
I recently set up spamassassin, and I’ve been extremely pleased. I first tested it against several thousand known non-spam mails I’d received, and didn’t get a single false-positive. I set it to the default threshold, and it hasn’t let through a single spam yet. It uses several DNSBLs along with lots of other tests, and the combination of diverse tests seems to be the key to reliable spam filtering. The only downside is the CPU usage.