RBL for zombie farm spam?

Vernon Schryver vjs@calcite.rhyolite.com
Sun Nov 26 21:48:55 UTC 2006


> From: Paul Vixie 

> > These days, a great deal of spam seems to be coming from networks of
> > compromised Windows desktop computers.  These can be located anywhere in the
> > world.  Is there a DNS RBL that's specialized for these spam sources?
>
> there are quite a few.  there's the MAPS QIL (now a property of trendmicro),
> the SpamHaus XBL, the Blitzed OPM, and at least one list at SORBS.  all of
> these specialize in bot-infected transient spam sources.

I think the CBL is the component of SpamHaus' XBL that lists bots. 
I also think that other compoents of the XBL are worthwhile.  See
http://www.spamhaus.org/xbl/index.lasso
and
http://cbl.abuseat.org/

Mailboxes that should not receive messages even mentioning evil URLs
such as web pages hosted on bots can profit by rejecting mail containing
evil URLs.  I've forgotten which software SpamHaus recommends for that,
but it can be done with dccm, dccifd, and dccproc -B.  However, if I
recall correctly that Gary Mill's installation neither scores as with
SpamAssassin nor uses per-user dccm whiteclnt files, dccm -B would probably
not be useful to him.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.