Fighting E-Mail Spam with RBL &
RWL servers (Realtime
Blackhole and White List Servers).
We support the use of RBL servers (Realtime Blackhole List),
RWL (realtime whitelist servers), and Spam Trap Servers to prevent known spammers and relay servers flooding email
servers.
Unsolicited email now constitutes the majority of
all email and without filters it would overwhelm most mail servers so that they
could not function properly.
whitelist.webengr.com
This is a realtime white list that is
updated manually as needed to balance automated lists. To setup to use a white
list is not always straight forward, but useful. For example if you are using
sendmail you will have to add rulesets possible with a m4 macro under hack or
features.
dictspam.webengr.com
This is a realtime blackhole list that is
updated three times an hour. It uses several thousand fake email
addresses to gather the outbound email server addresses. Then if the
address has still been generating significant spam in over the last several
hours it is added, if not removed. Because the fake email addresses were
generated by sifting through log files for the tell tale signatures of
dictionary attacks, this blacklist is unique. Because it updated frequently
and for a niche, it is small typically between 100-900 addresses. Because other blacklists are used
prior to the gathering of email it is likely to have addresses not covered by
spamcop.net, spamhaus.org nor some other frequently used blacklists.
What is a Dictionary Attack?
A Dictionary Attack is a spamming technique where spammers submit thousands or millions of email messages with random addresses, such as joe@domain.com, john@domain.com, etc. Very often these email messages contain hidden code that reports back to the spammer when the email has been opened, thus letting the spammer know which email addresses are valid.
However just not getting a feedback saying the email was rejected is also
sufficient for spammers to beleive it is a legitimate email address sometimes.
These addresses are then suspected to be added automatically to the spammer's list, which is then resold to spammers world wide.
If you are familiar with using blacklists, then
use dictspam.webengr.com as you would for any other rbl lists. Here is an
example for a sendmail configuration file:
FEATURE(`enhdnsbl', `dictspam.webengr.com', `"550 Mail from your
outbound server IP " $`'&{client_addr} " was auto refused -
many accounts recvd alot of recent spam from same IP - may
auto delist soon - can mesg www.webengr.com/us/contact
to ask removal - probable cause - your internet provider does
not block infected computers spamming."')dnl
For more information about implementing rbl
with your mail server you may want to look into these other RBL lists:
The Spamhaus Block List and the Exploits Block List
http://www.spamhaus.org/sbl/index.lasso
The SBL is a realtime database of IP addresses of verified spam sources (including spammers, spam gangs and spam support services), maintained by the Spamhaus Project team and supplied as a free service to help email administrators better manage incoming email streams.
The SBL is queriable in realtime by mail systems thoughout the Internet, allowing email administrators to identify or block incoming connections from IP addresses involved in the sending of Unsolicited Bulk Email.
http://www.spamhaus.org/xbl/index.lasso
The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of
trojan-horse exploits.
Distributed Server Boycott List
http://dsbl.org/
The DSBL lists contain the IP addresses of servers which have relayed
special test messages to listme@listme.dsbl.org;
SpamCop Blocking List
http://www.spamcop.net/bl.shtml
The SpamCop Blocking List (SCBL) lists IP addresses
which have transmitted reported email to SpamCop users. SpamCop, service
providers and individual users then use the SCBL to block and filter unwanted
email. The SCBL is a fast and automatic list of sites sending reported mail,
fueled by a number of sources, including automated reports and SpamCop user
submissions. The SCBL is time-based, resulting in quick and automatic
delisting of these sites when reports stop
Spam and Open Relay Blocking System
http://www.dnsbl.us.sorbs.net/
The Spam and Open Relay Blocking System (SORBS) was conceived as an anti-spam project where a daemon would check "on-the-fly", all servers from which it received email to determine if that email was sent via various types of proxy and open-relay servers.
Spam Prevention and Early Warning System
http://www.spews.org/
SPEWS is a list of areas on the Internet which several system administrators, ISP postmasters, and other service providers have assembled and use to deny email and in some cases, all network traffic from.
|
