[rbldnsd] how to make public (DNS)RBL?

Chris. cth at fastmail.ca
Fri May 15 09:04:53 MSD 2009 

> On 13-May-09, at 9:31 PM, Chris. wrote:
> 
>> Hello Gabrielle, and thank you for your reply...
>> 
>> On Wed, 13 May 2009 19:54:56 -0400, Gabrielle Singleton wrote...
>> 
>>> 
>>> On May 13, 2009, at 3:41 PM, Chris. wrote:
>>> 
>>>> So, here's the deal; I've been working on a "trap" system for about
>>>> a year. I can now say
>>>> it works better than anything else available on the net - so why
>>>> not share the benefits
>>>> with all?
>>> 
>>> Hi Chris:
>>> 
>>> My first thought is to wonder whether you have considered that your
>>> trap system might work better for you than anything else available
>>> because it is trapping your spam.  Others may benefit more if you
>>> share your trap method (scripts on sourceforge, etc) rather than
>>> publish the IPs, and this would involve a lot less set-up and
>>> support.  I am not sure how many users you are dealing with but
>>> here a
>>> subset of users get targeted from specific source IPs (snowshoe
>>> spam) that take a long time to be picked up by the big RBLs.  This
>>> leads to me to wonder to what degree there is spam-source-IP to
>>> target-domain specificity.  The IPs you trap at your domain may not
>>> apply to others or the timing could be off.
>>> 
>>> I could be completely off-base, maybe you have dozen or hundreds of
>>> traps across the internet, and all great ideas start somewhere, I
>>> was just wondering if you had considered this.
>>> 
>>> Gabrielle
>> 
>> All good points. I've been RP for a good number of /24's, and /16's
>> for
>> quite a few years. I also own (to the extent one /can/ own) a couple
>> hundred domains, and all the hosts that typically go along with them.
>> This has helped to get a fairly good "taste" of what one might
>> expect. But indeed, getting others involved would be even better.
>> part of my reason for wanting to make it a public list. This would
>> permit me to experience environments that I might not yet have had a
>> chance to. The (combined) list currently holds more than a billion
>> IP's. It took less than 7 months to reach the 1B mark. I'm pretty
>> sure I receive more than the average amount of opportunity to get
>> spam, or maybe the system is better that I think. I won't be able to
>> fully appreciate that
>> until I share the list. :)
>> 
>> Thanks again for taking the time to respond.
>> 
>> --Chris
>> 
>> P.S. I see you hail out of umich. They still maintain the Macintosh
>> archive?
>> 
On Thu, 14 May 2009 15:13:57 -0400, Roland Gaspar wrote...

> I'll offer one more comment to the thread from a position of actual
> experience.
> 
> I run multiple spamhaus mirrors and had to take *considerable*
> obfuscation steps to prevent the machines from being discovered and
> DDoS'd.
> 
> consider this a *real* and serious point to ponder. If your list is
> any good, and it grows in popularity, so will your effective target
> value increase proportionally.

LOL! :) I can assure you that I received /more/ than enough opportunities
to deal with "angry" spammers. I've been "online" since the late 70's. I
initially ran a BBS. Shortly after starting the BBS, I provided a gateway
to the internet for a FIDO tosser. So that email could be exchanged. The
internet - and even more, the DNS has changed dramatically since then. But
point being; all these years have provided me with vast amount of
opportunities to "deal" with miscreants. Most use the term "Hacker" (mistakenly)
in these situations. But the term Hacker was coined for a /completely/
different meaning. The press, and later, the media decided to use it for
those that perform illegal, or undesirable acts - let them live in their
darkness.

Anyway Roland, you are quite correct in your assertion. But I'm already
keenly aware of what can (and will) be lodged against me, and my servers.

I have another project that my ant-spam system is part of. It's a component
of an embedded system. Which can range in size from ~3Mb to 128Mb depending
on how much is required/desired, and what it is embedded in. Which can range
from legacy Cisco routers, to custom systems, made from "scratch". I've
received a lot of support and encouragement on/with it already. I'm having
great success with it in the R&D stages. I've purchased pallets of equipment
to test and develop it on. I've built (like the anti-spam component), all
the components virtually from scratch. Most have surprised me, by exceeding
my initial expectations. In the final analysis, I intend to have one of these
on everyones border. I'm quite close to installing a complete version on my
/own/ border. Which will render me immune to attacks, not unlike the ones
you've already mentioned.
I had dearly hoped to gain support on this list. I was hoping to /draw/
from others whom have had to deal with all that one can expect from running
a /public/ RBL. But as yet, I feel as though all I've received is /resistance/.
Don't get me wrong - I /fully/ appreciate that all that's been said is true,
and that embarking on an endeavor such as this is nothing to take lightly.
The warnings I've received are all justifiable. But enough already - I get it. :)
I'm ready to move ahead with this. :)

Best wishes, and thank you for taking the time to reply.

--Chris

> 
> -Roland
> 
>> _________________________________________________________________
>> http://fastmail.ca/ - Fast Secure Web Email for Canadians
>> _______________________________________________
>> rbldnsd mailing list
>> rbldnsd at corpit.ru
>> http://www.corpit.ru/mailman/listinfo/rbldnsd
> 
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd
_________________________________________________________________
    http://fastmail.ca/ - Fast Secure Web Email for Canadians

More information about the rbldnsd mailing list