On Wed, 2004-05-19 at 16:24, Eric A. Hall wrote:
extract hostname from url, dig on hostname, whois on addr, and nine times out of ten the host is in a CN netblock. that's from the spam that gets into my mailbox.
Yes I understand that is what you meant. I just did this on 5 spam in my mail box, I got: Domain Name: AAFMALE.BIZ (www.aafmale.biz) Registrant Country: Canada Resolves to address: 218.232.109.220 (KRNIC-K) (Korea) Domain Name: PLANENEWS.COM Registrant Country: France Resolves to address: 216.92.194.65 (PAIRNET-BLK-3) (United States) Domain Name: MIRGOS.ORG Registrant Country: Russia Resolves to address: 211.198.200.208 (KRNIC-KR) (Korea) Domain Name: WINSPR.BIZ (iityvzbtpvw.winspr.biz) Registrant Country: New Zealand Resolves to address: 221.233.29.33 (CHINANET-HB-JZ7) (China) While it is only 5 mails, and certainly nothing to judge by, it does not seem to be 90%. Although Korea under APNIC it is not China.
let me state AGAIN that what I really want is a plugin that allows for cidr match-lists so that I can also include the handful of non-enforcing hosters in Russia, New York, Florida, etc. One responder also suggested ASN matchlists but I'm not that mad.
What sort of plugin? MTA? MUA? Going back to my previous e-mail, all of this effort I think is being placed in the wrong direction. Focus should be placed on preventing forgery, and educating users. If we spent the money we are dropping on hardware and software to stop spam (its in the BILLIONS) on educating users and pushing anti-forgery / sender authentication/verification methods forward, we'd have an easier time of all this. Cheers, James -- James Couzens, Programmer ----------------------------------------------------------------- http://libspf.org -- ANSI C Sender Policy Framework library http://libsrs.org -- ANSI C Sender Rewriting Scheme library ----------------------------------------------------------------- PGP: http://gpg.mit.edu:11371/pks/lookup?op=get&search=0x6E0396B3