Any one interested in some real bad statistics?!
Check this!!!
http://www.digitaldaemon.com/Internet%20Services/blocked_email.html

-- 
ManiaC++
Jan Knepper

What's reverse DNS blocking?

"Jan Knepper" <jan@smartsoft.us> wrote in message news:bq5muh$21lk$1@digitaldaemon.com...
> Any one interested in some real bad statistics?!
> Check this!!!
> http://www.digitaldaemon.com/Internet%20Services/blocked_email.html
>
> --
> ManiaC++
> Jan Knepper
>

Reverse DNS blocking is the first level of SPAM blocking. It prevents the SPAM from actually being sent to the SMTP server(s)

1. Reporting/Registration:
- Some one report SPAM at www.spamcop.net for instance.
- Spamcop.net analyses the email and finds out where it comes from (IP address).
- The IP address is than added to bl.spamcop.net (http://www.spamcop.net/bl.shtml)

2. Using:
- The SMTP server(s) here are wrapped in rblsmtpd.
- When a connection is made to smtp.digitalmars.com:25 (for delivery of email) rblsmtpd is being activated and rblsmtpd check with bl.spamcop.net, list.dsbl.org and relays.ordb.org if the connecting IP address is reported as SPAMMER.
- If the connecting IP address is reported as SPAMMER the SMTP connection is denied, otherwise the connecting is accepted and the actual email is being received my the SMTP server.

CHKUSR is the second level of SPAM blocking. It prevents email to non-existent email addresses from making it to webmaster@ or postmaster@ the domains.

Once rblsmtpd fires up qmail-smtpd (the actual SMTP) server, qmail-smtpd checks the email headers for valid "From:" and "To:" headers. The "From:" domain has to exist and accept email. The "To:" email address has to exist. If there is something wrong with either an error is returned to the sender.

Thanks!
Jan



Walter wrote:
> What's reverse DNS blocking?
> 
> "Jan Knepper" <jan@smartsoft.us> wrote in message
> news:bq5muh$21lk$1@digitaldaemon.com...
> 
>>Any one interested in some real bad statistics?!
>>Check this!!!
>>http://www.digitaldaemon.com/Internet%20Services/blocked_email.html
>>
>>--
>>ManiaC++
>>Jan Knepper
>>
> 
> 
> 


-- 
ManiaC++
Jan Knepper

Ok, I understand. I had thought that very little spam came from a valid domain, so by checking to see if the domain existed or not, one could block spam without needing blacklists. That's what I thought reverse DNS lookup was. That looks like what chkusr is, though.

From the volumes being blocked, it's pretty clear that email is getting to be unusuable without some sort of blocking.

"Jan Knepper" <jan@smartsoft.us> wrote in message news:bq7ot7$2470$1@digitaldaemon.com...
> Reverse DNS blocking is the first level of SPAM blocking. It prevents the SPAM from actually being sent to the SMTP server(s)
>
> 1. Reporting/Registration:
> - Some one report SPAM at www.spamcop.net for instance.
> - Spamcop.net analyses the email and finds out where it comes from (IP
> address).
> - The IP address is than added to bl.spamcop.net
> (http://www.spamcop.net/bl.shtml)
>
> 2. Using:
> - The SMTP server(s) here are wrapped in rblsmtpd.
> - When a connection is made to smtp.digitalmars.com:25 (for delivery of
> email) rblsmtpd is being activated and rblsmtpd check with
> bl.spamcop.net, list.dsbl.org and relays.ordb.org if the connecting IP
> address is reported as SPAMMER.
> - If the connecting IP address is reported as SPAMMER the SMTP
> connection is denied, otherwise the connecting is accepted and the
> actual email is being received my the SMTP server.
>
> CHKUSR is the second level of SPAM blocking. It prevents email to non-existent email addresses from making it to webmaster@ or postmaster@ the domains.
>
> Once rblsmtpd fires up qmail-smtpd (the actual SMTP) server, qmail-smtpd checks the email headers for valid "From:" and "To:" headers. The "From:" domain has to exist and accept email. The "To:" email address has to exist. If there is something wrong with either an error is returned to the sender.
>
> Thanks!
> Jan
>
>
>
> Walter wrote:
> > What's reverse DNS blocking?
> >
> > "Jan Knepper" <jan@smartsoft.us> wrote in message news:bq5muh$21lk$1@digitaldaemon.com...
> >
> >>Any one interested in some real bad statistics?!
> >>Check this!!!
> >>http://www.digitaldaemon.com/Internet%20Services/blocked_email.html
> >>
> >>--
> >>ManiaC++
> >>Jan Knepper
> >>
> >
> >
> >
>
>
> --
> ManiaC++
> Jan Knepper
>

Walter wrote:
> Ok, I understand. I had thought that very little spam came from a valid
> domain, so by checking to see if the domain existed or not, one could block
> spam without needing blacklists. That's what I thought reverse DNS lookup
> was. That looks like what chkusr is, though.

The trick is that spammers these days use domains like yahoo.com for instance as 'fake' "From:" domain. Although the account @yahoo.com does not exist, this SPAM would still come through the system, yet reverse DNS indeed might block these once reported as they most likely would not come from an IP address associated with yahoo.com.

Than they also setup domains, just for the purpose of spamming... Domains that for the period of the SPAM being processed are actually on the internet... <sigh>

chkusr only checks for existence of *local* email addresses, i.e. "To:" email addresses @digitalmars.com, @smartsoft.us, etc.

> From the volumes being blocked, it's pretty clear that email is getting to
> be unusuable without some sort of blocking.

Yes, it's definitely becomming unusuable. Blocking helps some, but realized that the bandwith required for the email and for the blocking to work is becoming serious.

Jan


-- 
ManiaC++
Jan Knepper

Jan Knepper wrote:

> Walter wrote:
> 
>> Ok, I understand. I had thought that very little spam came from a valid
>> domain, so by checking to see if the domain existed or not, one could block
>> spam without needing blacklists. That's what I thought reverse DNS lookup
>> was. That looks like what chkusr is, though.
> 
> 
> The trick is that spammers these days use domains like yahoo.com for instance as 'fake' "From:" domain. Although the account @yahoo.com does not exist, this SPAM would still come through the system, yet reverse DNS indeed might block these once reported as they most likely would not come from an IP address associated with yahoo.com.
> 
> Than they also setup domains, just for the purpose of spamming... Domains that for the period of the SPAM being processed are actually on the internet... <sigh>
> 
> chkusr only checks for existence of *local* email addresses, i.e. "To:" email addresses @digitalmars.com, @smartsoft.us, etc.
> 
>> From the volumes being blocked, it's pretty clear that email is getting to
>> be unusuable without some sort of blocking.
> 
> 
> Yes, it's definitely becomming unusuable. Blocking helps some, but realized that the bandwith required for the email and for the blocking to work is becoming serious.
> 
> Jan
> 
> 


This is so insidious!  I was talking to my brother the other day, and we just couldn't fathom how spammers could be so tenaciously pushy.  They are sending spam to millions of people who wouldn't in a million years buy their products.  But they'll do anything to force these people get the mail.  I jsut don't understand this. It must be a virus-makers mentality or something.  I REALLY wish these people could be held accountable for their actions.

Excuse my rant! But I can't stand it! :-)

Oh and thanks Jan.  That was informative.  You're doing a great job protecting us from that insanity.

Later,

John

"Jan Knepper" <jan@smartsoft.us> wrote in message news:bq81mf$2hgv$1@digitaldaemon.com...
> Yes, it's definitely becomming unusuable. Blocking helps some, but realized that the bandwith required for the email and for the blocking to work is becoming serious.

I don't understand why some of this isn't blocked at the backbone level.

Walter escreveu:
> "Jan Knepper" <jan@smartsoft.us> wrote in message
> news:bq81mf$2hgv$1@digitaldaemon.com...
> 
>>Yes, it's definitely becomming unusuable. Blocking helps some, but
>>realized that the bandwith required for the email and for the blocking
>>to work is becoming serious.
> 
> 
> I don't understand why some of this isn't blocked at the backbone level.
> 
> 

While the backbone gets paid by the otherwise 'wasted' bandwidth. . .

-- 
Cesar Rabak
GNU/Linux User 52247.
Get counted: http://counter.li.org/

> This is so insidious!  I was talking to my brother the other day, and we just couldn't fathom how spammers could be so tenaciously pushy.  They are sending spam to millions of people who wouldn't in a million years buy their products.  But they'll do anything to force these people get the mail.  I jsut don't understand this. It must be a virus-makers mentality or something.  I REALLY wish these people could be held accountable for their actions.

Because some people believe this is "working from home".  Helping a "genuine" company in their promotion.  This way, they (housewives, mentally challenged unemployed) effective become spammers and the real crook can get away.

Just like in Australia - one guy who just got caught by "Give $14,500 and I will teach you how to become rich by buying a $400,000 apartment from me".  Go figure.

"KarL" <karl@kimay.net> wrote in message news:bqdub7$1mdi$1@digitaldaemon.com...
> Just like in Australia - one guy who just got caught by "Give $14,500 and I will teach you how to become rich by buying a $400,000 apartment from me".  Go figure.

Oops, forgot the URL: http://www.smh.com.au/articles/2003/11/28/1069825986592.html?from=storyrhs