Fighting spam with geographic blacklists

Geographic blacklists are designed to block everything from a specific country, Internet provider, or top-level domain. This tip discusses their benefits and drawbacks.

Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.


VIEW MEMBER FEEDACK TO THIS TIP

Exchange 2003 natively supports third-party DNS blacklists. However, not all blacklists are created equal. Some of them are constructed for very specific purposes, and if used incorrectly, they can create more problems than they solve.

One potentially interesting new variety of blacklist is a geographic blacklist. (Blackholes.us is one common provider of geographic blacklists.) Geographic blacklists are designed to block everything from a specific country, Internet provider, or top-level domain.

In this case, "geography" doesn't just mean physical geography, but also the geography (maybe "topology" would be a better word) of the Internet itself.

Such blacklists are powerful tools against sudden spam floods. For instance, if a cadre of zombie PCs suddenly begins blasting your organization from Malaysia, you can temporarily blacklist all of Malaysia to free up the bandwidth needed to fight the problem a little more elegantly.

Geographic blacklists have one major drawback: they are indiscriminate. Everything that comes from a particular ISP, country or domain will be blocked, including any potentially legitimate mail.

This hasn't stopped some administrators from using them to create all-encompassing blacklists, though. One common rationale for blacklisting an entire geographic region -- China, for instance -- is that a large percentage of zombie spam is sent from there, and some administrators see little reason why a legitimate e-mail would come from there at all.

This is not a terribly sound policy, since permanently disabling an entire populace from reaching you by e-mail defeats the purpose of e-mail in the first place. As an emergency measure, that may be sound, but as an ongoing policy for how to handle e-mail, it doesn't make a lot of sense.

About the author: Serdar Yegulalp is editor of the Windows 2000 Power Users Newsletter and a regular contributor to SearchExchange.com.


MEMBER FEEDBACK TO THIS TIP

Unlike the author, I think that this approach makes total sense. My company only does business with companies in the U.S. -- ANY e-mail from China, Russia, etc., will certainly not have any business purpose.
—Kevin F.


Do you have comments on this tip? Let us know.
More information from SearchExchange.com:

  • Quiz: In the spammer's lair
  • Chapter Download: Blocking spammers with DNS blacklists
  • Learning Guide: Spam, spyware and viruses
  • Topics Library: Spam prevention and management



  • This was first published in April 2005
    This Content Component encountered an error

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchWindowsServer

    SearchEnterpriseDesktop

    SearchCloudComputing

    SearchSQLServer

    Close