Security Basics mailing list archives

Re: Blocking traffic by Country to reduce spam

From: Stephen Mullins <steve.mullins.work () gmail com>
Date: Mon, 22 Jun 2009 11:39:45 -0400

From Wikipedia by way of Sophos:


"In terms of volume of spam: According to Sophos, the major sources of
spam in the fourth quarter of 2008 (October to December)
were:[20][46][47][48][49][50][51][52][53][54]

    * The United States (the origin of 19.8% of spam messages, up from
18.9% in Q3)
    * China (9.9%, up from 5.4%)
    * Russia (6.4%, down from 8.3%)
    * Brazil (6.3%, up from 4.5%)
    * Turkey (4.4%, down from 8.2%)

When grouped by continents, spam comes mostly from:

    * Asia (37.8%, down from 39.8%)
    * North America (23.6%, up from 21.8%)
    * Europe (23.4%, down from 23.9%)
    * South America (12.9%, down from 13.2%)"

Based on this information alone and simple logic (blocking entire
countries eliminates spam from being delivered from those countries) I
would say the answer is yes.

You need to be ready to white list foreign addresses in the countries
you are blacklisting as it is unlikely that nobody in your
organization will ever need to communicate with someone outside of the
U.S./U.K.

Steve Mullins


On Mon, Jun 22, 2009 at 10:38 AM, <paavan.shah () gmail com> wrote:

Hello List,

One of our clients is based in USA and has most of the business in USA and UK.

To reduce spam we are planning to propose them a solution to filter traffic by country.

We can add IP Blocks for USA and UK as a whitelist and allow only incoming access to those IP Blocks,everything else 
is blocked.

Has anyone implemented this change on their production networks?Has it been effective to reduce spam?

Please share your views and experiences

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. 
Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

Blocking traffic by Country to reduce spam paavan . shah (Jun 22)
- Re: Blocking traffic by Country to reduce spam Stephen Mullins (Jun 22)
- Re: Blocking traffic by Country to reduce spam Pierj (Jun 22)
- Re: Blocking traffic by Country to reduce spam Guilherme Marconi de Oliveira (Jun 22)
- Re: Blocking traffic by Country to reduce spam Micheal Espinola Jr (Jun 22)
- Re: Blocking traffic by Country to reduce spam Jason Kolpin (Jun 23)
- RE: Blocking traffic by Country to reduce spam Tom Farrar (Jun 29)
- <Possible follow-ups>
- Re: Blocking traffic by Country to reduce spam hellkyng (Jun 22)
- Re: Re: Blocking traffic by Country to reduce spam chmod1777 (Jun 23)
- Re: Re: Re: Blocking traffic by Country to reduce spam bharanee_j (Jun 24)
- Re: Blocking traffic by Country to reduce spam Andre Pawlowski (Jun 25)
- Re: Re: Re: Re: Blocking traffic by Country to reduce spam chmod1777 (Jun 29)

(Thread continues...)