Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.mail.headers > #16 > unrolled thread

Pointer: Foiling spam by using this huge IP blocking list

Started byMail Man <Mail@Man.com>
First post2014-03-23 11:47 -0400
Last post2014-03-28 13:58 -0700
Articles 4 — 3 participants

Back to article view | Back to comp.mail.headers


Contents

  Pointer:  Foiling spam by using this huge IP blocking list Mail Man <Mail@Man.com> - 2014-03-23 11:47 -0400
    Re: Pointer: Foiling spam by using this huge IP blocking list Wolfgang.Schelongowski@gmx.de (Wolfgang Schelongowski) - 2014-03-27 16:48 +0100
      Re: Pointer: Foiling spam by using this huge IP blocking list Mail Man <Mail@Man.com> - 2014-03-28 09:10 -0400
        Re: Pointer: Foiling spam by using this huge IP blocking list "D. Stussy" <spam+newsgroups@bde-arc.ampr.org> - 2014-03-28 13:58 -0700

#16 — Pointer: Foiling spam by using this huge IP blocking list

FromMail Man <Mail@Man.com>
Date2014-03-23 11:47 -0400
SubjectPointer: Foiling spam by using this huge IP blocking list
Message-ID<532F0228.D798BE28@Man.com>
Here is my SMTP server's IP blocking list as of March 23, 2014.

Who should use this list:

Anyone operating an server used in an organizational or commercial
setting where you do not expect to receive or have never received legit
email from Mexico, Africa, Central and South America, Eastern Europe
(including Russia, Ukraine, Poland*, China*, arab/muslim countries).

(*) Off the top of my head, we have some active contact with servers
located in Poland, China, Cyprus, Singapore, Hong Kong, Taiwan, and
Korea, so not all IP subnets in those countries are blocked by this
list.

Since we operate a small commercial biotech company in either the US or
Canada (I won't say which one) and we sell our products world-wide, it
is not in our financial interest to block contact with either existing
or "OTB" (Out-of-the-blue) customers or potential customers.

That said, given a decade of experience and about 100k email samples and
history of receiving email from a variety of IP subnets assigned to
commercial, institutional and residential users, I find that this list,
as it exists now, allows "legit" servers from a wide range of the "WASP"
world and even some of the Yellow world to contact us through e-mail.

This list also includes numerous B-2-B bulk-mail servers who I find
easier to block vs going through any sort of list-unsubscribe process
(even if I trusted those entities to abide by such a process).

If you (whom-ever you are) cross reference this list against a server
who you find to be a "legit" server but would be blocked by this list,
I'd be happy to investigate that server and carve out an exception.

This is not a white list.  It's a black list- because the SMTP server
I'm running (post.office) does not have white-listing capability.  

The entire list can be downloaded from here:


https://backup.filesanywhere.com/fatemp/23/50/4XTOP22VY13VIYSNJ1OYBR5NMQK2OUX5/SMTP-IP-blocklist.txt

I will, from time to time, update this list, and/or post new additions
on a weekly basis.  These additions will most likely be /16 net-block
entries, because I add such entries based on new incoming spam.

Below are the 43 A-class entries for those that are curious or might
find that having just these entries in your own IP blocking list would
cut down on the amount of garbage and direct-to-mx spam hitting your
server.

1.0.0.0/8
2.0.0.0/8
5.0.0.0/8
31.0.0.0/8
36.0.0.0/8
37.0.0.0/8
41.0.0.0/8
46.0.0.0/8
58.0.0.0/8
61.0.0.0/8
78.0.0.0/8
79.0.0.0/8
80.0.0.0/8
81.0.0.0/8
83.0.0.0/8
86.0.0.0/8
87.0.0.0/8
99.0.0.0/8
101.0.0.0/8
109.0.0.0/8
110.0.0.0/8
111.0.0.0/8
112.0.0.0/8
113.0.0.0/8
114.0.0.0/8
115.0.0.0/8
116.0.0.0/8
117.0.0.0/8
118.0.0.0/8
119.0.0.0/8
123.0.0.0/8
177.0.0.0/8
178.0.0.0/8
181.0.0.0/8
182.0.0.0/8
186.0.0.0/8
187.0.0.0/8
188.0.0.0/8
189.0.0.0/8
190.0.0.0/8
196.0.0.0/8
197.0.0.0/8
201.0.0.0/8

[toc] | [next] | [standalone]


#17 — Re: Pointer: Foiling spam by using this huge IP blocking list

FromWolfgang.Schelongowski@gmx.de (Wolfgang Schelongowski)
Date2014-03-27 16:48 +0100
SubjectRe: Pointer: Foiling spam by using this huge IP blocking list
Message-ID<lh1h88$ljg$1@ID-102910.user.uni-berlin.de>
In reply to#16
Mail Man <Mail@Man.com> writes:

>Here is my SMTP server's IP blocking list as of March 23, 2014.
...
>This is not a white list.  It's a black list- because the SMTP server
>I'm running (post.office) does not have white-listing capability.  
>
>The entire list can be downloaded from here:
>
>
>https://backup.filesanywhere.com/fatemp/23/50/4XTOP22VY13VIYSNJ1OYBR5NMQK2OUX5/SMTP-IP-blocklist.txt

I copied the above line to firefox with the mouse, so there were not
any typos on my behalf. Still, my firefox said "File not found". 

>Below are the 43 A-class entries for those that are curious or might
>find that having just these entries in your own IP blocking list would
>cut down on the amount of garbage and direct-to-mx spam hitting your
>server.

>83.0.0.0/8

You probably have entered this above area when 83.128.0.0/9 was
delegated to a spanish DSL provider. I noticed a lot of interesting
activity (trying ports 22, 445, ...) from them. They appear to have been
replaced by lots of /16s or /21s now, and they're all over Europe 
(.RU, .NL, .PL, .HR, ... .DE).

BTW I've set Followup-To: news.admin.net-abuse.email because that's
where any activity foiling spam is best posted. Just ignore the
kooks and the trolls.
-- 
The first entry of Sin into the mind occurs when, out of cowardice or
conformity or vanity, the Real is replaced by a comforting lie.
  -- Integritas, Consonantia, Claritas

[toc] | [prev] | [next] | [standalone]


#18 — Re: Pointer: Foiling spam by using this huge IP blocking list

FromMail Man <Mail@Man.com>
Date2014-03-28 09:10 -0400
SubjectRe: Pointer: Foiling spam by using this huge IP blocking list
Message-ID<533574A8.F8930627@Man.com>
In reply to#17
Wolfgang Schelongowski wrote:
 
> > Here is my SMTP server's IP blocking list as of March 23, 2014.

> I copied the above line to firefox with the mouse, so there were not
> any typos on my behalf. Still, my firefox said "File not found".

Try this:

http://snk.to/f-ctjiqk9t

> BTW I've set Followup-To: news.admin.net-abuse.email because that's
> where any activity foiling spam is best posted. Just ignore the
> kooks and the trolls.

That newsgroup is a freakshow - a complete waste of time.  Nothing of
any merit or consequence in terms of understanding or countering spam
happens there.

Those of us that _really_ want to discuss spam and all it's dimensions
should really be using one or several of these groups:

alt.comp.issues.spam
alt.comp.mail.misc
alt.current-events.net-abuse.spam
alt.spam
comp.mail.headers
comp.mail.misc

There once was a some-what useful set of threads about spam happening in
alt.spam, but over the past 2 years it has been used by kooks (or a
single kook -> "SpamBuster") and (and perhaps someone can explain this)
as a clearing house or exchange for stolen credit-card data.

[toc] | [prev] | [next] | [standalone]


#19 — Re: Pointer: Foiling spam by using this huge IP blocking list

From"D. Stussy" <spam+newsgroups@bde-arc.ampr.org>
Date2014-03-28 13:58 -0700
SubjectRe: Pointer: Foiling spam by using this huge IP blocking list
Message-ID<lh4npe$uqc$1@snarked.org>
In reply to#18
"Mail Man"  wrote in message news:533574A8.F8930627@Man.com...
> Wolfgang Schelongowski wrote:
> > Here is my SMTP server's IP blocking list as of March 23, 2014.
>
> I copied the above line to firefox with the mouse, so there were not
> any typos on my behalf. Still, my firefox said "File not found".

Try this:

http://snk.to/f-ctjiqk9t

> BTW I've set Followup-To: news.admin.net-abuse.email because that's
> where any activity foiling spam is best posted. Just ignore the
> kooks and the trolls.

That newsgroup is a freakshow - a complete waste of time.  Nothing of
any merit or consequence in terms of understanding or countering spam
happens there.

--------------------
Not completely true.  Occasionally (but rarely), something intelligent 
happens there.  However, it would help if all the idiots who go there asking 
to be removed from SPEWS-derived blacklists would get a clue.
--------------------

Those of us that _really_ want to discuss spam and all it's dimensions
should really be using one or several of these groups:

alt.comp.issues.spam
alt.comp.mail.misc
alt.current-events.net-abuse.spam
alt.spam
comp.mail.headers
comp.mail.misc

There once was a some-what useful set of threads about spam happening in
alt.spam, but over the past 2 years it has been used by kooks (or a
single kook -> "SpamBuster") and (and perhaps someone can explain this)
as a clearing house or exchange for stolen credit-card data.

[toc] | [prev] | [standalone]


Back to top | Article view | comp.mail.headers


csiph-web