Re: increase in spam and what to do about it

In article <1164427612.373176.124490@xxxxxxxxxxxxxxxxxxxxxxxxxxx>, davidc@xxxxxxxxxxxx writes:
Bill Gunshannon wrote:
Which is the same set of "potential customers" - I'm just testing the
RBL at a different place.

But, if you just change RBL's you open yourself up to all the places the
other RBL had that the new one doesn't and your back where you started.

You still don't understand. An MTA typically checks for an MX record
to determine which host to send mail to. Rather than accept and drop
an SMTP connection based on the IP address being in a RBL, it would
save some traffic to not send respond to the DNS lookup if the
requesters IP address is on an RBL. It's the same RBL, just testing
the IP address at a different point of the SMTP process.

The DNS lookup of MX (or A records) is not part of the mail transaction.
The DNS lookup is done to the senders local DNS servers which either have the
information already cached or have to ask other DNS servers for the
information.
That makes it pretty much impossible to provide incorrect information
eg a 127.0.0.1 response or no response at all just to systems on an RBL.
(Also the DNS lookup is used for other types of connectivity not just email.)

A better way of doing this was actually devised and used. The original MAPS RBL
(realtime blacklist) provided routing information and allowed sites which
made use of it to basically cut the sites on the list off the internet as far
as they were concerned.
Since Trend Micro took over MAPS I'm not sure whether the RBL BGP feed is still
available.
This was at one point quite widely used. One of the UK Education Network
(JANET) transatalantic links was provided by Teleglobe who implemented this
blocking. Hence any US sites which managed to get themselves on
the RBL list were totally cut off from UK universities - no mail, no web , no
contact whatsoever. As far as they were concerned UK universities were no longer
on the same internet.

The disadvantages of this approach (especially when it was controlled by
someone outside your own organisation ie Teleglobe) are pretty obvious.


David Webb
Security team leader
CCSS
Middlesex University

.

Relevant Pages

  • Re: increase in spam and what to do about it
    ... RBL at a different place. ... The DNS lookup of MX is not part of the mail transaction. ... Security team leader ... Middlesex University ...
    (comp.os.vms)
  • Re: increase in spam and what to do about it
    ... save some traffic to not send respond to the DNS lookup if the ... requesters IP address is on an RBL. ... the IP address at a different point of the SMTP process. ... Also, with the way the receiver is setup as an auxiliary service (a process is created by the TCPIP Kernel for every incoming call), I am not sure if it is possible for such a process to obtain IP information prior to accepting the TCPIP call. ...
    (comp.os.vms)
  • Re: OT: Net Neutrality is far more serious than people realise
    ... applications using deep inspection and traffic shaping tools for years. ... The internet is and always has ... been a connected set of private networks. ... The classic example is the granddaddy of email blacklists the RBL. ...
    (comp.os.vms)
  • Re: increase in spam and what to do about it
    ... Setup mail maps again and have email exchanged only between ... agreeing hosts. ... machines on the INTERNET to send email anywhere. ... What I would like to do is have a DNS server that does an RBL check for ...
    (comp.os.vms)