Educause Security Discussion mailing list archives
Re: Blacklists - URL and IP
From: Joe St Sauver <JOE () OREGON UOREGON EDU>
Date: Thu, 16 Jun 2005 09:22:28 -0700
Hi Dennis, #Does anyone use blacklists to shut out suspected malicious URL's and IP #addresses? Are you thinking of something like using SURBL (www.surbl.org) in conjunction with SpamAssassin 3.0.4 to look at URI's in the the body of the message? Or did you just want a connect-time blacklist? (If the latter, check out the SBL+XBL list from www.spamhaus.org and the NJABL list from www.njabl.org) #It appears that hackers have been spoofing our email addresses as they #are unable to break through our security products - Cyber Secure Hard #Disk Drives. # #In particular they seem to like to break into other security company #computers and send emails to us showing that they are spoofing our #addresses from Fortress Technologies, Symantec, McAfee . etc. We would #like to make sure that we don't end up on lists erroneously. So are you trying to deal with backscatter (non-delivery notices for mail you didn't send), or are you attempting to protect your reputation w.r.t. spoofed mail that makes it through to its recipient (albeit not from you/your users)? If the latter scenario, you may want to check out SPF (see the excellent white paper by Meng Weng Wong at http://spf.pobox.com/whitepaper.pdf ). Regards, Joe
Current thread:
- Blacklists - URL and IP Dennis Meharchand, CEO Valt.x (Jun 16)
- <Possible follow-ups>
- Re: Blacklists - URL and IP Joe St Sauver (Jun 16)
- Re: Blacklists - URL and IP Bill Kyle (Jun 16)
- Re: Blacklists - URL and IP James Riden (Jun 16)
- Re: Blacklists - URL and IP Information Security (Jun 16)
- Re: Blacklists - URL and IP Joe St Sauver (Jun 16)
- Re: Blacklists - URL and IP Dave Koontz (Jun 16)
- Re: Blacklists - URL and IP Graham Toal (Jun 17)
- Re: Blacklists - URL and IP Dave Koontz (Jun 23)
- Re: Blacklists - URL and IP Valdis Kletnieks (Jun 23)