Slashdot Mirror

← Back to Stories (view on slashdot.org)

Choosing a Good DNSBL

Posted by CmdrTaco on from the can-it-filter-all-pr-firms dept.

stry_cat submitted a story about selecting a good DNSBL. It talks about some of the problems with DNS blacklists and the sorts of things that you should be looking for. Things like Speed, Selection Criteria, and Goals make the list. And of course not requiring payment to be removed from the blacklist.

7 of 152 comments (clear)

  1. Al Iverson is your FRIEND. by seebs · · Score: 5, Informative

    http://stats.dnsbl.com/

    Or, for commentary:

    http://www.dnsbl.com/

    Absolutely the best resource on the topic.

    --
    My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
  2. DNSBL for comment spammers? by _xeno_ · · Score: 4, Interesting

    This seems like as good a place to ask as any. Can mostly email-based DNSBLs be used to try and block comment spammers? I'd love to reduce the load I get from comment spammers trying to spam my website.

    I've been contemplating using an existing DNSBL, but all the well-known ones are focused on email spam. I expect that comment spambots and email spambots mostly overlap, but I'm not sure how effective such a measure would be.

    --
    You are in a maze of twisty little relative jumps, all alike.
    1. Re:DNSBL for comment spammers? by wytcld · · Score: 4, Informative
      Had a bunch of robot spam going through a home-grown PHP comment form - all of it from Russia. So I got the the Russia CIDR list from here and added this:

      $testip = $_SERVER['REMOTE_ADDR'];
      function ipCheck ($IP, $CIDR) {
        list ($net, $mask) = split ("/", $CIDR);
        $ip_net = ip2long ($net);
        $ip_mask = ~((1 << (32 - $mask)) - 1);
        $ip_ip = ip2long ($IP);
        $ip_ip_net = $ip_ip & $ip_mask;
        return ($ip_ip_net == $ip_net);
      }
      $CIDRs = file ("/path/to/ru.zone.file");
      foreach ($CIDRs as $CIDR) {
        if (ipCheck ($testip, $CIDR)) {
          $act = "view"; // switches to viewing old comments rather than posting new one
          break;
        }
      }
      It's fast, and when comment spam shows up from other countries I don't care about, I'll block them too.
      --
      "with their freedom lost all virtue lose" - Milton
  3. Requiring payment for delisting by dbolger · · Score: 5, Informative

    I used to work in the abuse department of an ISP which had been blacklisted by SORBS. SORBS require a "donation" to get your IP range off their list, and since we refused to hand over extortion money to these gangsters, there was no way for us to deal with them. Despite our best efforts, we also found that there was no way to get in contact with them, and as such no way to help our customers.

    Doing a Google search for information about this lot brought up so many horror stories that I can't fathom how so many people ended up using their "service". It got to the stage where if we had a customer having trouble with SORBS blocking their mail, the only advice we could give was to contact their recipient via other means and ask them to stop using these thugs to filter mail.

  4. Local Whitelisting! by HitekHobo · · Score: 5, Informative

    Choosing a good DNSBL (or three!) is definitely important, but IMHO, you should NEVER run DNSBL's without building a local override into the system. We run our own DNSWL (dns whitelist) which is consulted before hitting on BLs... if a customer has had problems with one of their contacts being blacklisted, we can selectively add their IP to the list.

    Unrelated to the above, I would also recommend looking at ironport systems if this is a commercial project with a decent sized budget. (I am not affiliated, just a happy customer).

    --
    A couple of 30-somethings embark on the ultimate roadtrip
  5. Re:NEVER use a DNSBL as an absolute block by Shaman · · Score: 4, Insightful

    Sounds good, except it's not true. I was just on one of our spam systems (Barracuda 400) and the stats look something like this:

    20,000,000 blocked e-mails
    480,000 tagged e-mails
    90,000 viruses found
    135,000 quarantined messages (user choice to quarantine or not)
    610,000 delivered/approved mail

    To nobody's surprise, some spam is still getting through. This is in less than two weeks, and there are two servers to handle the load, the other one is more or less as bad.

    So what were you saying about not using blacklists?

    --
    ...Steve
  6. This has a score of two?! by Anonymous Coward · · Score: 5, Funny

    Greetings, sir,

    Allow me to introduce myself. I'm a representative of the Consortium of Common Sense. I've noticed you recently posted to an Internet-based conversation, complaining about the reduction of a nine-letter word to two letters via acronym. Your post referenced such things as numbers of syllables.

    Please look at your desk now, and slam your head down as hard as you can on it. Do you feel those weird little indentations in your forehead?

    THEY'RE CALLED KEYS - DID YOU NOT REALIZE THAT THINGS ARE TYPED, NOT SPOKEN, ON THE INTERNET?

    Thank you. Please let us know if you have any other ridiculous complaints.

    - Consortium for Common Sense