Security Basics mailing list archives
Re: Blocking traffic by Country to reduce spam
From: Jason Kolpin <jasonk () ncat org>
Date: Mon, 22 Jun 2009 16:35:56 -0600
paavan.shah () gmail com wrote:
I think more information needs to be shared here in order to give you a decent answer. The biggest question is what measures have already been taken to block the spam and how effective has it been? If you just have an email server out there with no antivirus scanning, no spam system implemented (like Spamassassin or something), a HELO trick or two, and no DNSBLs set up, then these are steps you should probably take first. The other question is just how "bad" is the spam problem? Are your users complaining about a few that keep getting through or are they showing up in the morning, opening up their email client and spending two hours shuffling through their new email which is plastered with bad mail? One thing I do know is DO NOT take a client's spam concerns too seriously until they can provide you with some numbers and statistics about the number of spam emails they get daily/weekly/monthly. I've had clients that thought 1 or 2 getting through a day was waaay out of hand and made it sound as if it were the end of the world when most of us know a spam or two a day isn't anything to be concerned about and it definitely isn't impacting daily production. These screaming folks almost always seem to be someone that checks their email once a week instead of handling it daily or a couple times a day like they should as professionals. I do know for Spamassassin it is pretty easy for a server admin to create custom rules that apply to those recurring text-only spams which is probably much better than starting to block entire Class A or B subnets.Hello List, One of our clients is based in USA and has most of the business in USA and UK. To reduce spam we are planning to propose them a solution to filter traffic by country. We can add IP Blocks for USA and UK as a whitelist and allow only incoming access to those IP Blocks,everything else is blocked. Has anyone implemented this change on their production networks?Has it been effective to reduce spam? Please share your views and experiences ------------------------------------------------------------------------ This list is sponsored by: InfoSec InstituteNeed to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
So with that I want to add:I've actually done what you are saying before. At the time I got dramatic effect, I also got a few calls from across the Atlantic asking why they cannot connect anymore, had to go back and alter the rules yadda yadda. It should also be mentioned that I had no clue about DNSBLs at that time either. I must say that DNSBLs are hands down one of the most effective tools you can use BUT since you have no control over them can also cause great grief when important client Bob just got blocked by a DNSBL because he has a bot/trojan on his machine that he had no clue was there. My simple suggestion is to try everything else before going postal and blocking entire chunks of the planet.
"If we could just get rid of the average user, everything would be just PEACHY!" :-D
J L Kolpin ------------------------------------------------------------------------ This list is sponsored by: InfoSec InstituteNeed to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!
http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Blocking traffic by Country to reduce spam paavan . shah (Jun 22)
- Re: Blocking traffic by Country to reduce spam Stephen Mullins (Jun 22)
- Re: Blocking traffic by Country to reduce spam Pierj (Jun 22)
- Re: Blocking traffic by Country to reduce spam Guilherme Marconi de Oliveira (Jun 22)
- Re: Blocking traffic by Country to reduce spam Micheal Espinola Jr (Jun 22)
- Re: Blocking traffic by Country to reduce spam Jason Kolpin (Jun 23)
- RE: Blocking traffic by Country to reduce spam Tom Farrar (Jun 29)
- <Possible follow-ups>
- Re: Blocking traffic by Country to reduce spam hellkyng (Jun 22)
- Re: Re: Blocking traffic by Country to reduce spam chmod1777 (Jun 23)
- Re: Re: Re: Blocking traffic by Country to reduce spam bharanee_j (Jun 24)
- Re: Blocking traffic by Country to reduce spam Andre Pawlowski (Jun 25)
- Re: Re: Re: Re: Blocking traffic by Country to reduce spam chmod1777 (Jun 29)
- Re: Blocking traffic by Country to reduce spam J. Oquendo (Jun 29)