blocking brand new domains - follow-up
Noel Jones August 23, 2010 * p...@alt-ctrl-del.org: I find that a lot of spam comes from recently registered, throw away domains. The new domain may be used as the sender, hostname, or name server. Are there any rbl type lists that block fresh domains, for the first 10-15 days of their existence? I've also been playing with these: http://spameatingmonkey.com/lists.html The FRESH lists are what you're looking for. Again, thanks. The fresh15 list + log monitoring really worked out well. It's been a good early warning system. I have placed the fresh15 test, after all other tests. A few weeks of monitoring show that most of the positive hits come from a few specific networks. The senders from these networks generally have proper fcrdns, and the helo and "from" domain matches the fcrdns. Blacklisting mail from these networks has made a significant dent. Prior to blocking, >1 fresh15 hit per minute. After blocking: as low as 1 fresh15 hit per 2-3 hours, up to 15 hits per hour.
Re: blocking brand new domains
> >http://www.mail-archive.com/us...@spamassassin.apache.org/msg57008.html > >Dunno if Marc is still active > > > > Yes, the "hostkarma" lists are active, IMO best used in SA because > they mix whitelist with blacklist using different return codes. reject_dnsbl_client hostkarma.junkemailfilter.com=127.0.0.6 should work for that particular purpose. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: blocking brand new domains
Noel Jones wrote: I've also been playing with these: http://spameatingmonkey.com/lists.html The FRESH lists are what you're looking for. Very nice. I'm now using their geobl.spameatingmonkey.net, right before I accept a delivery. But not for blocking. Just for statistics at this point.
Re: blocking brand new domains
On 8/23/2010 8:48 AM, Ralf Hildebrandt wrote: * p...@alt-ctrl-del.org: I find that a lot of spam comes from recently registered, throw away domains. The new domain may be used as the sender, hostname, or name server. Are there any rbl type lists that block fresh domains, for the first 10-15 days of their existence? http://www.mail-archive.com/us...@spamassassin.apache.org/msg57008.html Dunno if Marc is still active Yes, the "hostkarma" lists are active, IMO best used in SA because they mix whitelist with blacklist using different return codes. (Might be time to revisit DNS whitelists in postfix.) http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists I've also been playing with these: http://spameatingmonkey.com/lists.html The FRESH lists are what you're looking for. -- Noel Jones
Re: blocking brand new domains
* p...@alt-ctrl-del.org : > I find that a lot of spam comes from recently registered, throw away > domains. The new domain may be used as the sender, hostname, or name > server. > > Are there any rbl type lists that block fresh domains, for the first > 10-15 days of their existence? http://www.mail-archive.com/us...@spamassassin.apache.org/msg57008.html Dunno if Marc is still active -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: blocking brand new domains
* p...@alt-ctrl-del.org : > I find that a lot of spam comes from recently registered, throw away > domains. The new domain may be used as the sender, hostname, or name > server. > > Are there any rbl type lists that block fresh domains, for the first > 10-15 days of their existence? I'd like to know that as well. There used to be the "day old bread" BL. > -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
blocking brand new domains
I find that a lot of spam comes from recently registered, throw away domains. The new domain may be used as the sender, hostname, or name server. Are there any rbl type lists that block fresh domains, for the first 10-15 days of their existence?