Hello,
Felix Schwarz writes:
I'm quite interested in blocking/recognizing dynamic ip addresses from
spam bots. One thing is not clear to me: How did you get the list of
dynamic ip addresses? Can this list be uses as dns black list to block
dynamic clients entirely?
The list is a set of patterns developed from heuristic analysis by studing
373+ million IP addresses over an 8 year period. Unfortunately, it can not
operate as a DNS black list. The IP addresses are evaluated in real time
with caching to keep speed high. DynaStop also supports whitelisting and
exclusions. If you can run it at the STMP level, it also has IP greylisting
with the ability to automatically green list good servers. Dynamoc IP
addresses can be taged or blocked, depending on how you choose to use the
results.
For DSpam training, the X-DynaStop tag can be used as a means of quickly
identifing spam. I have all my research online at the DynaStop website.
The primary theory and principle behind DynaStop is that many ISPs have
policies the forbid their dialup/DHCP/Dynamic IP blocks for sending mail
direct without the use of the ISP mail exchange server. DynaStop simple
enforces this (if used for blocking) or identifies them. The ISP has
already made the policy, wwhy not use that to stop the multitude of infected
machines in the Dynamic IP address block?
DynaStop has had tremendous success in doing this. As always though, YMMV.
---
DynaStop: Stopping spam one dynamic IP address at a time.
http://tanaya.net/DynaStop/
