RBL for zombie farm spam?

Paul Vixie paul@vix.com
Sun Nov 26 21:23:29 UTC 2006

> These days, a great deal of spam seems to be coming from networks of
> compromised Windows desktop computers.  These can be located anywhere in the
> world.  Is there a DNS RBL that's specialized for these spam sources?

there are quite a few.  there's the MAPS QIL (now a property of trendmicro),
the SpamHaus XBL, the Blitzed OPM, and at least one list at SORBS.  all of
these specialize in bot-infected transient spam sources.

> We receive legitimate e-mail from all over the world, so I can't use RBLs
> that list entire countries or that indiscriminately list /24 networks
> containing both clients and servers.

if you can't tolerate false positives, then you're not a candidate for DNSBL
subscription.  for my own networks, i'm ready to simply firewall off TCP/25
altogether, and so any legit e-mail i still receive after subscribing to the
nastiest DNSBL's i can find is a pure bonus for me.

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.