This is a discussion on DNS ISP Host List Available - SpamAssassin ; ...
I've also created a DNS based list of domains that provide consumer
dynamic IP address space. I'm using this list internally but thought I'd
make it public in case others can use it.
Trying to inspire innovation.
Example:
dig comcast.com.isphosts.junkemailfilter.com
This list was created by grabbing the registry barrier part of the
domain name of IPs from other DNS lists that list the IPs as dynamic.
On Thu, May 29, 2008 20:52, Marc Perkel wrote:
> Here's my list in dnsrbl format. I only do rsync so far to paid
> subscribers or people who I'm trading with.
could you atleast stop posting html on maillist ?
the list is around 60k and the recieved email here is doubled to 129k ://
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Marc Perkel wrote:
> Here's my list in dnsrbl format. I only do rsync so far to paid
> subscribers or people who I'm trading with.
>
Dude. Seriously. The data is appreciated but next time please post it
on a website or something. Your mail pissed off my smart phone! It
might not be the best device out there but it normally works for me.
I'm more disgruntled about the frozen device than the email itself so
feel free to wallop me with a frozen trout or whatever.
--Blaine
Marc Perkel wrote:
> I've also created a DNS based list of domains that provide consumer
> dynamic IP address space. I'm using this list internally but thought I'd
> make it public in case others can use it.
>
> Trying to inspire innovation.
>
> Example:
>
> dig comcast.com.isphosts.junkemailfilter.com
>
> This list was created by grabbing the registry barrier part of the
> domain name of IPs from other DNS lists that list the IPs as dynamic.
>
>
NJABL & PBL already provide this, AND they are already part of
SpamAssassin AND they work quite well.
So, while you are 'trying to inspire innovation', you should take note
of this potential problem:
http://www.rhyolite.com/anti-spam/you-might-be.html
Ken
--
Ken Anderson
Pacific.Net
Ken A wrote:
> Marc Perkel wrote:
>> I've also created a DNS based list of domains that provide consumer
>> dynamic IP address space. I'm using this list internally but thought
>> I'd make it public in case others can use it.
>>
>> Trying to inspire innovation.
>>
>> Example:
>>
>> dig comcast.com.isphosts.junkemailfilter.com
>>
>> This list was created by grabbing the registry barrier part of the
>> domain name of IPs from other DNS lists that list the IPs as dynamic.
>>
>>
>
> NJABL & PBL already provide this, AND they are already part of
> SpamAssassin AND they work quite well.
> So, while you are 'trying to inspire innovation', you should take note
> of this potential problem:
> http://www.rhyolite.com/anti-spam/you-might-be.html
>
> Ken
>
They have name based lists? Show me where.
On Thu, 29 May 2008, Ken A wrote:
> http://www.rhyolite.com/anti-spam/you-might-be.html
So how is a proponent of the "Hunt down and kill spammers very messily"
FUSSP classified?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Have you ever seen a more scarily useless group of people running
for president? -- Barry@blogspot
-----------------------------------------------------------------------
159 days until the Presidential Election
mouss wrote:
> are you using an old imode phoneThe message was about 125Ko.
> That's less than a small photo (I say this because that's what a
> "smartphone" is for, no?).
>
Samsung SCH-i760 on Verizon that takes forever to download mail so when
something longer than about 4k comes in it takes a while. Doesn't
really freeze the phone but it doesn't exactly respond well either. It
works...mostly.
> hope this mail is ok
Not a problem!
--Blaine
John Hardin wrote:
> So how is a proponent of the "Hunt down and kill spammers very
> messily" FUSSP classified?
In the US, they would be classified as a felon.
--Blaine
On Thu, 29 May 2008, Blaine Fleming wrote:
> John Hardin wrote:
>> So how is a proponent of the "Hunt down and kill spammers very
>> messily" FUSSP classified?
>
> In the US, they would be classified as a felon.
Nah, I think that one falls under "praiseworthy".
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Have you ever seen a more scarily useless group of people running
for president? -- Barry@blogspot
-----------------------------------------------------------------------
159 days until the Presidential Election
> >Marc Perkel wrote:
> >>I've also created a DNS based list of domains that provide consumer
> >>dynamic IP address space. I'm using this list internally but thought
> >>I'd make it public in case others can use it.
> >>
> >>Trying to inspire innovation.
> >>
> >>Example:
> >>
> >>dig comcast.com.isphosts.junkemailfilter.com
> >>
> >>This list was created by grabbing the registry barrier part of the
> >>domain name of IPs from other DNS lists that list the IPs as dynamic.
> Ken A wrote:
> >NJABL & PBL already provide this, AND they are already part of
> >SpamAssassin AND they work quite well.
> >So, while you are 'trying to inspire innovation', you should take note
> >of this potential problem:
> >http://www.rhyolite.com/anti-spam/you-might-be.html
On 29.05.08 14:49, Marc Perkel wrote:
> They have name based lists? Show me where.
why should anyone need name-based lists?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
John Hardin wrote:
> On Thu, 29 May 2008, Ken A wrote:
>
>> http://www.rhyolite.com/anti-spam/you-might-be.html
>
> So how is a proponent of the "Hunt down and kill spammers very messily"
> FUSSP classified?
>
I'm suggesting that some homework should be done before creating a list
of this or that and then promoting it as something that it's NOT on the
SA users list.
A list of dynamic IP addresses is already available in the
correct/usable form. There's no need for a 'name based' version.
Marc said "This list was created by grabbing the registry barrier part
of the domain name of IPs from other DNS lists that list the IPs as
dynamic."
That would seem to translate to doing a reverse lookup or whois on PBL
or NJABL IPs. That's fine, but then he claims that his list is a "list
of domains that provide consumer dynamic IP address space".
But it's not. It may give you IP address ownership information if your
list is created using whois, but it doesn't tell you what ISP (domain)
assigned the address to the customer. If you are depending on reverse
lookups, then the info is more suspect, since ISPs are not very good at
keeping in-addr.arpa zones up to date. Also, many larger network
operators and ISPs trade/lease/rent consumer IP address space to other
ISPs very frequently. These addresses roam around to various ISPs. There
is no 1-to-1 mapping.
Ken
--
Ken Anderson
Pacific.Net
Matus UHLAR - fantomas wrote:
>>> Marc Perkel wrote:
>>>
>>>> I've also created a DNS based list of domains that provide consumer
>>>> dynamic IP address space. I'm using this list internally but thought
>>>> I'd make it public in case others can use it.
>>>>
>>>> Trying to inspire innovation.
>>>>
>>>> Example:
>>>>
>>>> dig comcast.com.isphosts.junkemailfilter.com
>>>>
>>>> This list was created by grabbing the registry barrier part of the
>>>> domain name of IPs from other DNS lists that list the IPs as dynamic.
>>>>
>
>
>> Ken A wrote:
>>
>>> NJABL & PBL already provide this, AND they are already part of
>>> SpamAssassin AND they work quite well.
>>> So, while you are 'trying to inspire innovation', you should take note
>>> of this potential problem:
>>> http://www.rhyolite.com/anti-spam/you-might-be.html
>>>
>
> On 29.05.08 14:49, Marc Perkel wrote:
>
>> They have name based lists? Show me where.
>>
>
> why should anyone need name-based lists?
>
>
Name based DNS lists are more reliable because IP addresses can change.
The name based list covers all IP addresses where the FCrDNS resolves to
that name.
Marc Perkel wrote:
>
>
> Matus UHLAR - fantomas wrote:
>>>> Marc Perkel wrote:
>>>>
>>>>> I've also created a DNS based list of domains that provide consumer
>>>>> dynamic IP address space. I'm using this list internally but
>>>>> thought I'd make it public in case others can use it.
>>>>>
>>>>> Trying to inspire innovation.
>>>>>
>>>>> Example:
>>>>>
>>>>> dig comcast.com.isphosts.junkemailfilter.com
>>>>>
>>>>> This list was created by grabbing the registry barrier part of the
>>>>> domain name of IPs from other DNS lists that list the IPs as dynamic.
>>>>>
>>
>>
>>> Ken A wrote:
>>>
>>>> NJABL & PBL already provide this, AND they are already part of
>>>> SpamAssassin AND they work quite well.
>>>> So, while you are 'trying to inspire innovation', you should take
>>>> note of this potential problem:
>>>> http://www.rhyolite.com/anti-spam/you-might-be.html
>>>>
>>
>> On 29.05.08 14:49, Marc Perkel wrote:
>>
>>> They have name based lists? Show me where.
>>>
>>
>> why should anyone need name-based lists?
>>
>>
>
> Name based DNS lists are more reliable because IP addresses can change.
Obviously dynamic IPs and names change. Thats all built into DHCP (lease
time) and DNS (TTLs). So, please elaborate on your thinking here.
> The name based list covers all IP addresses where the FCrDNS resolves to
> that name.
Okay, so only domains that have dns setup correctly get into the list?
That leaves out huge chunks of the world. How is this more reliable? It
is probably a small subset of dynamic address space.
The botnet plugin does a good job of making use of broken & dnynamic DNS
names in SA. PBL and NJABL do a good job of identifying IP address space
that is dynamic. What can this method do better or is it supposed to do
something else?
Ken
>
>
--
Ken Anderson
Pacific.Net
IMHO regex setups are even more reliable we do this with our postfix setup.
For example:
/^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/ REJECT
dynamic ip address use isp for outgoing email - access.regex
I think is more reliable than just by name or especially by IP since IP
allocations do change.
-L
--
Larry Ludwig
Empowering Media
1-866-792-0489 x600
Managed and Unmanaged Xen VPSes
http://www.hostcube.com/
_____
From: Marc Perkel [mailto:marc@perkel.com]
Sent: Friday, May 30, 2008 12:04 PM
To: users@spamassassin.apache.org
Subject: Re: DNS ISP Host List Available
Matus UHLAR - fantomas wrote:
Marc Perkel wrote:
I've also created a DNS based list of domains that provide consumer
dynamic IP address space. I'm using this list internally but thought
I'd make it public in case others can use it.
Trying to inspire innovation.
Example:
dig comcast.com.isphosts.junkemailfilter.com
This list was created by grabbing the registry barrier part of the
domain name of IPs from other DNS lists that list the IPs as dynamic.
Ken A wrote:
NJABL & PBL already provide this, AND they are already part of
SpamAssassin AND they work quite well.
So, while you are 'trying to inspire innovation', you should take note
of this potential problem:
http://www.rhyolite.com/anti-spam/you-might-be.html
On 29.05.08 14:49, Marc Perkel wrote:
They have name based lists? Show me where.
why should anyone need name-based lists?
Name based DNS lists are more reliable because IP addresses can change. The
name based list covers all IP addresses where the FCrDNS resolves to that
name.
On Thu, May 29, 2008 at 11:25:19AM -0700, Marc Perkel wrote:
> I've also created a DNS based list of domains that provide consumer
> dynamic IP address space. I'm using this list internally but thought I'd
> make it public in case others can use it.
>
> Trying to inspire innovation.
>
> Example:
>
> dig comcast.com.isphosts.junkemailfilter.com
>
> This list was created by grabbing the registry barrier part of the
> domain name of IPs from other DNS lists that list the IPs as dynamic.
How is one supposed to use this list? You posted a _very_ general list that
will match all the ISPs legimate outgoing MX servers too. So it's must not
be for blocking or even positive scoring.
Henrik K wrote:
> On Thu, May 29, 2008 at 11:25:19AM -0700, Marc Perkel wrote:
>
>> I've also created a DNS based list of domains that provide consumer
>> dynamic IP address space. I'm using this list internally but thought I'd
>> make it public in case others can use it.
>>
>> Trying to inspire innovation.
>>
>> Example:
>>
>> dig comcast.com.isphosts.junkemailfilter.com
>>
>> This list was created by grabbing the registry barrier part of the
>> domain name of IPs from other DNS lists that list the IPs as dynamic.
>>
>
> How is one supposed to use this list? You posted a _very_ general list that
> will match all the ISPs legimate outgoing MX servers too. So it's must not
> be for blocking or even positive scoring.
>
>
As I said. I'm trying to inspire innovation. For example, if you have an
URIBL list and subtract out the ISP hosts then you woud have a name
based blacklist. That's one of the ways I'm using it. It is not a
blacklist. I'm making it available for anyone who might find it useful
but you will have to figure it out for yourself. I am just providing the
information.
On Sat, May 31, 2008 at 07:38:19AM -0700, Marc Perkel wrote:
>
>
> Henrik K wrote:
>> On Thu, May 29, 2008 at 11:25:19AM -0700, Marc Perkel wrote:
>>
>>> I've also created a DNS based list of domains that provide consumer
>>> dynamic IP address space. I'm using this list internally but thought
>>> I'd make it public in case others can use it.
>>>
>>> Trying to inspire innovation.
>>>
>>> Example:
>>>
>>> dig comcast.com.isphosts.junkemailfilter.com
>>>
>>> This list was created by grabbing the registry barrier part of the
>>> domain name of IPs from other DNS lists that list the IPs as dynamic.
>>>
>>
>> How is one supposed to use this list? You posted a _very_ general list that
>> will match all the ISPs legimate outgoing MX servers too. So it's must not
>> be for blocking or even positive scoring.
>>
>>
>
> As I said. I'm trying to inspire innovation. For example, if you have an
> URIBL list and subtract out the ISP hosts then you woud have a name
> based blacklist. That's one of the ways I'm using it. It is not a
> blacklist. I'm making it available for anyone who might find it useful
> but you will have to figure it out for yourself. I am just providing the
> information.
Ok, you should have been clear on that from the beginning to reduce list
noise.
I can't think of any use for DNS list though, you should provide a
downloadable list if you want it to be free.
Hi Marc,
Am 2008-05-29 11:52:50, schrieb Marc Perkel:
> Here's my list in dnsrbl format. I only do rsync so far to paid
> subscribers or people who I'm trading with.
Missing Domains:
.freenet.de
.arcor.de
.arcor.com
Thanks, Greetings and nice Day
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFIQfk/C0FPBMSS+BIRAgoWAKCDfVNcjfx0KIhl4Bz7l5+O8PRylwCeMV Tn
6gWZ/ztLf/CQaD9KIu8/cpo=
=lZk3
-----END PGP SIGNATURE-----
