[Asrg] Re: Asrg Digest, DNSBL BCP v.2.0
Dan Oetting
dan_oetting at qwest.net
Sat Mar 3 12:56:50 EST 2007
On Mar 2, 2007, at 5:01 PM, gep2 at terabites.com wrote:
> As you know, in a recent thread I commented on what a LOUSY
> solution IP-address-based blacklists are, in general.
>
> Part of the problem is that it is a VERY blunt instrument,
> especially for companies which operate a large network from behind
> a NAT router.
>
> Well, I've recently been personally involved in trying to put out
> just such a fire at one of my consulting clients.
Well, I recently presented a proposal that would have eliminated most
of the damage that you experienced. But you trashed my proposal
simply because it was based on blocking IP addresses.
You need to realize that blocking IP addresses that are sending spam
is one of the most effective and least costly tools admins have for
stopping the bulk of the spam tide. Even in your case, there was spam
coming from your IP address and blocking that address stopped the
spam and got your immediate attention. The problem as I see it is
that the current blacklists are too slow to remove the blocks once
the spamming has been stopped so there is no reward for quickly
cleaning up or shutting down the infected PC.
More information about the Asrg
mailing list