DNS Blacklist Script?

Fri Aug 11 16:03:22 UTC 2006

> >   
> >> Does anyone know of a script (or application) to 
> automagically add a 
> >> host to a dns blacklist?  It would be very convenient to blacklist 
> >> all the e-mails sent from a spammer to a honeypot address, or to 
> >> blacklist all senders that thunderbird moves into the spam 
> sub-folder.
> >>     
> >
> > You need to be very careful implementing something like this.  Most 
> > Spam nowadays is bot-generated and uses forged 'From' 
> addresses culled 
> > from the address books on infected machines.  Unless you're 
> careful, 
> > you're going to end up blocking a lot of completely 
> innocent people, 
> > or worse, blocking your own legitimate e-mail users.
> >
> > Having said that, consider SpamAssassin's 'Auto white list' feature.
> > It also works as a black list, but it's not a binary 
> on-off.  Instead, 
> > anyone who sends e-mail to your server gets a spam score 
> depending on 
> > the ratings of their previous e-mails to you.  That's added to the 
> > spam score for the e-mail being processed.  So someone who 
> continually 
> > sends you spammy e-mails won't get the benefit of the doubt on a 
> > marginal e-mail, but someone else who sends a lot of ham will.
> >
> > Also included in SpamAssassin is a client for the Vipul's 
> Razor project.
> > That's a database of checksums of spam e-mails that is updated live.
> > Spammer starts sending a few million spam e-mails, but 
> after the first 
> > few, there's a mail signature in the Razor DB so that the 
> rest of the 
> > world can reject those spams straight away. (Port: 
> mail/razor-agents, WWW:
> > http://razor.sourceforge.net/)
> >
> > Integrating SpamAssassin into a mailing system can be done in many 
> > ways depending on what mail software is in use and so forth.  Ask 
> > again here with details of your mail setup if you're 
> interested in doing that.
> >
> > 	Cheers,
> >
> > 	Matthew
> >
> >   
> The Razor project looks interesting.  However, the site is 
> poorly written, and I can't seem to find out how it actually works.
> 
> I am still interested in setting up a honeypot account on my 
> server, then spreading this account all over the net so that 
> the harvesters that have picked up my e-mail address will 
> pick up the spamtrap address.  
> Then, any e-mail received to this account will get canned.
> 
> Chris Maness

Already many of the leading DNSBL lists like spamhaus.org and njbl.org uses such methods to detect new spammers. We've been using the SBL-XBL + dynablock + SURBL lists with much success reaching up to 95% reduction in spam and so far very very very little false positives.