Pointer: Foiling spam by using this huge IP blocking list

[Mail Man]

Here is my SMTP server's IP blocking list as of March 23, 2014.

Who should use this list:

Anyone operating an server used in an organizational or commercial
setting where you do not expect to receive or have never received legit
email from Mexico, Africa, Central and South America, Eastern Europe
(including Russia, Ukraine, Poland*, China*, arab/muslim countries).

(*) Off the top of my head, we have some active contact with servers
located in Poland, China, Cyprus, Singapore, Hong Kong, Taiwan, and
Korea, so not all IP subnets in those countries are blocked by this
list.

Since we operate a small commercial biotech company in either the US or
Canada (I won't say which one) and we sell our products world-wide, it
is not in our financial interest to block contact with either existing
or "OTB" (Out-of-the-blue) customers or potential customers.

That said, given a decade of experience and about 100k email samples and
history of receiving email from a variety of IP subnets assigned to
commercial, institutional and residential users, I find that this list,
as it exists now, allows "legit" servers from a wide range of the "WASP"
world and even some of the Yellow world to contact us through e-mail.

This list also includes numerous B-2-B bulk-mail servers who I find
easier to block vs going through any sort of list-unsubscribe process
(even if I trusted those entities to abide by such a process).

If you (whom-ever you are) cross reference this list against a server
who you find to be a "legit" server but would be blocked by this list,
I'd be happy to investigate that server and carve out an exception.

This is not a white list. It's a black list- because the SMTP server
I'm running (post.office) does not have white-listing capability.

The entire list can be downloaded from here:


https://backup.filesanywhere.com/fatemp/23/50/4XTOP22VY13VIYSNJ1OYBR5NMQK2OUX5/SMTP-IP-blocklist.txt

I will, from time to time, update this list, and/or post new additions
on a weekly basis. These additions will most likely be /16 net-block
entries, because I add such entries based on new incoming spam.

Below are the 43 A-class entries for those that are curious or might
find that having just these entries in your own IP blocking list would
cut down on the amount of garbage and direct-to-mx spam hitting your
server.

1.0.0.0/8
2.0.0.0/8
5.0.0.0/8
31.0.0.0/8
36.0.0.0/8
37.0.0.0/8
41.0.0.0/8
46.0.0.0/8
58.0.0.0/8
61.0.0.0/8
78.0.0.0/8
79.0.0.0/8
80.0.0.0/8
81.0.0.0/8
83.0.0.0/8
86.0.0.0/8
87.0.0.0/8
99.0.0.0/8
101.0.0.0/8
109.0.0.0/8
110.0.0.0/8
111.0.0.0/8
112.0.0.0/8
113.0.0.0/8
114.0.0.0/8
115.0.0.0/8
116.0.0.0/8
117.0.0.0/8
118.0.0.0/8
119.0.0.0/8
123.0.0.0/8
177.0.0.0/8
178.0.0.0/8
181.0.0.0/8
182.0.0.0/8
186.0.0.0/8
187.0.0.0/8
188.0.0.0/8
189.0.0.0/8
190.0.0.0/8
196.0.0.0/8
197.0.0.0/8
201.0.0.0/8

[Wolfgang Schelongowski]

Mail Man <Ma...@Man.com> writes:

>Here is my SMTP server's IP blocking list as of March 23, 2014.

...

>This is not a white list. It's a black list- because the SMTP server
>I'm running (post.office) does not have white-listing capability.
>
>The entire list can be downloaded from here:
>
>
>https://backup.filesanywhere.com/fatemp/23/50/4XTOP22VY13VIYSNJ1OYBR5NMQK2OUX5/SMTP-IP-blocklist.txt

I copied the above line to firefox with the mouse, so there were not
any typos on my behalf. Still, my firefox said "File not found".

>Below are the 43 A-class entries for those that are curious or might
>find that having just these entries in your own IP blocking list would
>cut down on the amount of garbage and direct-to-mx spam hitting your
>server.

>83.0.0.0/8

You probably have entered this above area when 83.128.0.0/9 was
delegated to a spanish DSL provider. I noticed a lot of interesting
activity (trying ports 22, 445, ...) from them. They appear to have been
replaced by lots of /16s or /21s now, and they're all over Europe
(.RU, .NL, .PL, .HR, ... .DE).

BTW I've set Followup-To: news.admin.net-abuse.email because that's
where any activity foiling spam is best posted. Just ignore the
kooks and the trolls.
--
The first entry of Sin into the mind occurs when, out of cowardice or
conformity or vanity, the Real is replaced by a comforting lie.
-- Integritas, Consonantia, Claritas

[Mail Man]

Wolfgang Schelongowski wrote:

> > Here is my SMTP server's IP blocking list as of March 23, 2014.

> I copied the above line to firefox with the mouse, so there were not
> any typos on my behalf. Still, my firefox said "File not found".

Try this:

http://snk.to/f-ctjiqk9t

> BTW I've set Followup-To: news.admin.net-abuse.email because that's
> where any activity foiling spam is best posted. Just ignore the
> kooks and the trolls.

That newsgroup is a freakshow - a complete waste of time. Nothing of
any merit or consequence in terms of understanding or countering spam
happens there.

Those of us that _really_ want to discuss spam and all it's dimensions
should really be using one or several of these groups:

alt.comp.issues.spam
alt.comp.mail.misc
alt.current-events.net-abuse.spam
alt.spam
comp.mail.headers
comp.mail.misc

There once was a some-what useful set of threads about spam happening in
alt.spam, but over the past 2 years it has been used by kooks (or a
single kook -> "SpamBuster") and (and perhaps someone can explain this)
as a clearing house or exchange for stolen credit-card data.