Fighting spam with geographic blacklists

Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win

    Requires Free Membership to View

a prize.

Exchange 2003 natively supports third-party DNS blacklists. However, not all blacklists are created equal. Some of them are constructed for very specific purposes, and if used incorrectly, they can create more problems than they solve.

One potentially interesting new variety of blacklist is a geographic blacklist. (Blackholes.us is one common provider of geographic blacklists.) Geographic blacklists are designed to block everything from a specific country, Internet provider, or top-level domain.

In this case, "geography" doesn't just mean physical geography, but also the geography (maybe "topology" would be a better word) of the Internet itself.

Such blacklists are powerful tools against sudden spam floods. For instance, if a cadre of zombie PCs suddenly begins blasting your organization from Malaysia, you can temporarily blacklist all of Malaysia to free up the bandwidth needed to fight the problem a little more elegantly.

Geographic blacklists have one major drawback: they are indiscriminate. Everything that comes from a particular ISP, country or domain will be blocked, including any potentially legitimate mail.

This hasn't stopped some administrators from using them to create all-encompassing blacklists, though. One common rationale for blacklisting an entire geographic region -- China, for instance -- is that a large percentage of zombie spam is sent from there, and some administrators see little reason why a legitimate e-mail would come from there at all.

This is not a terribly sound policy, since permanently disabling an entire populace from reaching you by e-mail defeats the purpose of e-mail in the first place. As an emergency measure, that may be sound, but as an ongoing policy for how to handle e-mail, it doesn't make a lot of sense.

About the author: Serdar Yegulalp is editor of the Windows 2000 Power Users Newsletter and a regular contributor to SearchExchange.com.


Unlike the author, I think that this approach makes total sense. My company only does business with companies in the U.S. -- ANY e-mail from China, Russia, etc., will certainly not have any business purpose.
—Kevin F.

Do you have comments on this tip? Let us know.
More information from SearchExchange.com:

  • Quiz: In the spammer's lair
  • Chapter Download: Blocking spammers with DNS blacklists
  • Learning Guide: Spam, spyware and viruses
  • Topics Library: Spam prevention and management

    This was first published in April 2005

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.