+1 for blocking all except where you have customers/ partners. While the US is the largest source for SPAM, (hormel not withstanding), it will help to limit your attack surface.
having said that, be aware that many users who use hosted email, e.g. using Microsoft, email can appear to route through any data center they have (uk etc) In $previous_job$ we blocked the UK (did not business there) and it caused people's email to be blocked. -- so we ended up having to find out MS's datacenter IPs and whitelisting them. there is no one solution, if there were this job would be SO much easier. good luck. ---------------- Goats are like mushrooms, if you shoot a duck, I'm scared of toasters. On Mon, Jan 5, 2015 at 11:26 AM, Andrew S. Baker <[email protected]> wrote: > Depends on who you do business with. > > And the US is a huge source of SPAM, too... > > > > > > > *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> > *Providing Virtual CIO Services (IT Operations & Information Security) for > the SMB market…* > > > > On Mon, Jan 5, 2015 at 1:49 PM, Kennedy, Jim <[email protected] > > wrote: > >> Not of much help for what you are doing, but cool as hell. >> >> >> >> http://map.ipviking.com/ >> >> >> >> Some from TREND. If you look at the SPAM one there you will see you need >> to block all of the world expect the US, Australia, Canada and some of the >> EU. Which is pretty close to what I do email wise. >> >> >> >> >> http://www.trendmicro.com/us/security-intelligence/current-threat-activity/global-botnet-map/ >> >> >> >> >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Jesse Rink >> *Sent:* Monday, January 5, 2015 11:29 AM >> *To:* NT >> *Subject:* [NTSysADM] Geo IP Filters >> >> >> >> I'm looking at enabling the Geo-IP Filter on a few of my Sonicwalls to >> prevent access to/from some 'suspect' countries that are more likely to >> pose security concerns/issues for internet related traffic. Is anyone >> aware of any list that shows which countries are more likely to be a >> security risk or for DoS attacks, viruses, bot-nets, etc.? I'm guessing >> China is a big one, but I'm not sure which other countries are the ones I >> should be blocking. >> >> >> >> Thanks. >> >> JR >> > >
