Re: Blacklists - URL and IP

[Joe St Sauver <JOE () OREGON UOREGON EDU>]

Hi Dennis,

#Does anyone use blacklists to shut out suspected malicious URL's and IP
#addresses?

Are you thinking of something like using SURBL (www.surbl.org) in
conjunction with SpamAssassin 3.0.4 to look at URI's in the the body of
the message? Or did you just want a connect-time blacklist? (If the
latter, check out the SBL+XBL list from www.spamhaus.org and the NJABL
list from www.njabl.org)

#It appears that hackers have been spoofing our email addresses as they
#are unable to break through our security products - Cyber Secure Hard
#Disk Drives.
#
#In particular they seem to like to break into other security company
#computers and send emails to us showing that they are spoofing our
#addresses from Fortress Technologies, Symantec, McAfee . etc. We would
#like to make sure that we don't end up on lists erroneously.

So are you trying to deal with backscatter (non-delivery notices for
mail you didn't send), or are you attempting to protect your
reputation w.r.t. spoofed mail that makes it through to its recipient
(albeit not from you/your users)?

If the latter scenario, you may want to check out SPF (see the excellent
white paper by Meng Weng Wong at http://spf.pobox.com/whitepaper.pdf ).

Regards,

Joe