RBL for zombie farm spam?

Gary Mills mills@cc.umanitoba.ca
Sun Nov 26 23:08:28 UTC 2006


On Sun, Nov 26, 2006 at 02:48:55PM -0700, Vernon Schryver wrote:
> > From: Paul Vixie 
> From: Gary Mills
> > > These days, a great deal of spam seems to be coming from networks of
> > > compromised Windows desktop computers.  These can be located anywhere in the
> > > world.  Is there a DNS RBL that's specialized for these spam sources?
> >
> > there are quite a few.  there's the MAPS QIL (now a property of trendmicro),
> > the SpamHaus XBL, the Blitzed OPM, and at least one list at SORBS.  all of
> > these specialize in bot-infected transient spam sources.
> 
> I think the CBL is the component of SpamHaus' XBL that lists bots. 
> I also think that other compoents of the XBL are worthwhile.  See
> http://www.spamhaus.org/xbl/index.lasso
> and
> http://cbl.abuseat.org/

Thanks for all the suggestions.  I'll investigate them.

> Mailboxes that should not receive messages even mentioning evil URLs
> such as web pages hosted on bots can profit by rejecting mail containing
> evil URLs.  I've forgotten which software SpamHaus recommends for that,
> but it can be done with dccm, dccifd, and dccproc -B.  However, if I
> recall correctly that Gary Mill's installation neither scores as with
> SpamAssassin nor uses per-user dccm whiteclnt files, dccm -B would probably
> not be useful to him.

Yes, we use a single client whitelist that incorporates nominations
from all users.  I could create per-user whitelists for a few
mailboxes.  Are you saying that checking URLs in e-mail against a DNS
blacklist would result in too many false positives?  How is that
possible?  Are the blacklists contaminated?

-- 
-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.