![](https://secure.gravatar.com/avatar/4ddb908ef5b47f943048d4979c998d16.jpg?s=120&d=mm&r=g)
On Sun, 14 Jan 2007, Tony Finch wrote:
On Sun, 14 Jan 2007, Peter Corlett wrote:
For the benefit of those of us who have been lucky to Recover from ISP work and now herd blogs, would you be so kind as to share which blacklists are worthwhile and worth consulting on this front?
I would expect the lists of compromised hosts to be fairly effective - open proxies of various kinds and perhaps botnet hosts. As for SMTP the blacklists would only be a starting point that either provide a cheap preliminary check or feed a more sophisticated filtering system.
Honestly, the more advanced we get we still can't get a hold on this issue. Imagine you run a blog services web site, and each blog gets between 1000 and 1,000,000 comment spams a day. Or even just one blog with several thousand such. Advanced systems based on "time on page", "direct to post link", capctahs, Javascript captchas or challenges, URL in name, URL in DATA, # OF URLs, etc. are all fine scoring rules, add to that a DNSBL and you will be fine to a level... until next week. There are quite a bit of botnets involves, but a lot of "mass-mailers" are still in this business. This is not very NANOG relevant and I feel I contributed enough on the subject (unless the membership keeps responding), but it is a very serious issue. There is a mailing list dedicated to this subject, you can ping me off list if you are interested in the topic.
Tony. -- f.a.n.finch <dot@dotat.at> http://dotat.at/ SOUTH UTSIRE: NORTHWEST BACKING SOUTHWEST 6 TO GALE 8, OCCASIONALLY SEVERE GALE 9. VERY ROUGH OR HIGH. RAIN OR SQUALLY SHOWERS. MODERATE OR GOOD.