[70584] in North American Network Operators' Group
RE: Barracuda Networks Spam Firewall
daemon@ATHENA.MIT.EDU (Brian Battle)
Wed May 19 20:18:12 2004
From: Brian Battle <nanog@confluence.com>
To: "'Eric A. Hall'" <ehall@ehsco.com>
Cc: nanog@merit.edu
Date: Wed, 19 May 2004 20:14:47 -0400
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C43DFF.758AEC10
Content-Type: text/plain;
charset="iso-8859-1"
Eric,
> There's one rule that will wipe out ~90% of spam, but nobody seems to have
> written it yet.
>
> if URL IP addr is in China then score=100
>
> support for a generic lookup list of cidr blocks would get another 9%
I agree that geographically classifying the URL's embedded in the spams
would be pretty slick, using the china.blackholes.us and cn-kr.blackholes.us
RBLs has been pretty effective at reducing our spamload, as a supplement to
the standard lookup services.
They do not descriminate between legit mails and spam mails from china.
Everything from those IP blocks gets classified as spam. Luckily we don't
ever get any client emails from those countries at this point and can use
these filters without worrying about false-positives. (I think the
doubleclick.blackholes.us is pretty funny too)
There are others at:
http://www.blackholes.us/
Is anyone else out there using these blackholes? I wonder how often they
get updated.
Brian Battle
Confluence
------_=_NextPart_001_01C43DFF.758AEC10
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: Barracuda Networks Spam Firewall</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>Eric,</FONT>
</P>
<P><FONT SIZE=3D2>> There's one rule that will wipe out ~90% of =
spam, but nobody seems to have</FONT>
<BR><FONT SIZE=3D2>> written it yet.</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>> if URL IP addr is in China then =
score=3D100</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>> support for a generic lookup list of cidr =
blocks would get another 9%</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>I agree that geographically classifying the URL's =
embedded in the spams would be pretty slick, using the =
china.blackholes.us and cn-kr.blackholes.us RBLs has been pretty =
effective at reducing our spamload, as a supplement to the standard =
lookup services.</FONT></P>
<P><FONT SIZE=3D2>They do not descriminate between legit mails and spam =
mails from china. Everything from those IP blocks gets classified =
as spam. Luckily we don't ever get any client emails from those =
countries at this point and can use these filters without worrying =
about false-positives. (I think the doubleclick.blackholes.us is =
pretty funny too)</FONT></P>
<P><FONT SIZE=3D2>There are others at:</FONT>
<BR><FONT SIZE=3D2><A HREF=3D"http://www.blackholes.us/" =
TARGET=3D"_blank">http://www.blackholes.us/</A></FONT>
</P>
<P><FONT SIZE=3D2>Is anyone else out there using these =
blackholes? I wonder how often they get updated.</FONT>
</P>
<P><FONT SIZE=3D2>Brian Battle</FONT>
<BR><FONT SIZE=3D2>Confluence</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C43DFF.758AEC10--
