>I've been noticing that almost *all* the spam that is still getting
>through and not caught by ORDB and the other databases seems to
>always originate from korea, japan, china, or other foreign
>hosts.
That's the way most spammers operate. It seems that a higher percentage of
open relays are in non-US countries, and the smarter spammers intentionally
use them because they are less likely to complain.
>Is there a feature available (or planned) in declude to block
>all mail coming from "foreign" country hosts?
The SPAMROUTING test will attempt to see if the E-mail took a very poor
route to get to its destination, following typical spam patterns -- for
example, going from a mail server in the U.S. to another U.S. recipient,
but going through a server in Japan.
>Ideally, selectable country-by-country?
The ability to determine the country of origin based on an IP address would
be very, very useful. And it can be done -- but whoever knows how to do it
isn't speaking.
>Or - is there a way to generate a DNS database that would have
>the entire IP address range for selected countries in it that
>could be used in our custom DNS server "spam database"?
Unfortunately, this isn't very easy to do. I'm aware of one company that
is able to determine the country based on the IP (and claims about 99%
accuracy), but it would likely require a lot of time and money to duplicate
their efforts.
>I seem to recall that the InterNIC and foreign registrys have
>pre-allocated address blocks so it should be feasible to
>do a country-to-address-range mapping?
There are a couple of problems. First, some IP ranges contain a mix of
countries. Second, IP ranges such as IBM's Class A range could belong to
offices in a number of different countries.
I believe the answer may be in BGP, but that would require a *lot* of work,
and would require special setup to get a BGP feed.
-Scott
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
