blocking IPs to reduce spam

F

Fark_Maniac

2[H]4U
Joined
Feb 21, 2002
Messages
2,438
I'm working on a personal project to block all countries except the US and England. I've seen warnings a few times stating that it isn't a good idea to block entire countries to reduce spam...but they never say why it is a bad idea. In my case, I run a personal mail server and only interact with the US and England...nowhere else.

I don't see why this is a bad idea in my case.
 
It isn't. Not really. You do run the risk, in extreme cases, that some of the main providers having IPs in foreign countries which would be blocked by your setup. But honestly, I've never run in to that.
 
xphil3 said:
sounds like a good idea to me. Do it up.
Click to expand...

heh, this'll take a while...lots of ranges to block. I have all the IP ranges for the US and England...I've got them combined and sorted, now I need to go through all the lines and figure out what ranges to block.
 
Keep in mind that address ranges are allocated to a specific entity, really based on country. While entity the address space is allocated to is originating from one country, they may use address space else where outside of that region.
 
Fark_Maniac said:
heh, this'll take a while...lots of ranges to block. I have all the IP ranges for the US and England...I've got them combined and sorted, now I need to go through all the lines and figure out what ranges to block.
Click to expand...
Why not block everything and only allow what you already know(since you already did the leg work and found the ranges of the US and England). If this is on a Cisco(I have the problem of always assuming this :D) then its CAAAAAAAKE. GL man.
Xipher said:
Keep in mind that address ranges are allocated to a specific entity, really based on country. While entity the address space is allocated to is originating from one country, they may use address space else where outside of that region.
Click to expand...
http://www.ipaddresslocation.org/ip_ranges/get_ranges.php
I remember seeing this awhile back, granted you're right about ranges being registered to entities but I think his idea will probably help out with a good amount of "trash".
 
Last edited:
What software are you running for a mail server, or is this for your personal email account?
 
xphil3 said:
Why not block everything and only allow what you already know(since you already did the leg work and found the ranges of the US and England). If this is on a Cisco(I have the problem of always assuming this :D) then its CAAAAAAAKE. GL man.

http://www.ipaddresslocation.org/ip_ranges/get_ranges.php
I remember seeing this awhile back, granted you're right about ranges being registered to entities but I think his idea will probably help out with a good amount of "trash".
Click to expand...

originally, that's how I thought about doing it...but I'm really going to have to learn how IPTABLES work. I intend on doing this to two environments. One is my domain that I host on my residential line. Firewall is a WRT54G running DDWRT; blocking will have to be done using IPTABLES as the gui will not let you block by IPs. Second environment is a colo'd tower server I built for a local non-profit that is protected by a WatchGuard X10e firewall appliance...they don't need to be dealing with foreign connections either. There, I just copy/paste the IP ranges to block in CIDR format into the config file (following their syntax) and done and simple. In both environments, the OS is XP and the software is HMail. It is pretty nice software and does a really good job blocking most spam. This software combo is setup because I need an environment that is standard for me and easy to work with.
 
i was thinking cauxe Exchange has GFI mail tools, and you can choose countries to block, top level domains and so on, makes it dam easy to block %99 of spam in Exchange.
 
What if someone is mailing away on vacation?

I have always heard of people blocking countries IP ranges but I think it's a stupid idea!
 
I used to do it on our companies mail server, i also used to block all email from .info/.biz domains, it reduced the spam quite a lot. Another way to reduce a lot of spam is to simply add all of comcast/atts dynamic ip range and whitelist there mailservers.

However the best way might be to simply add the ips's to whatever spamfilters you have, so instead of getting them blocked outright you have them all drop into the spamfolder, this will at least give your users a chance to get the good emails.
 
xtox said:
What if someone is mailing away on vacation?

I have always heard of people blocking countries IP ranges but I think it's a stupid idea!
Click to expand...

If you are away on vacation...and use either your company account, your yahoo/gmail/hotmail or any other web-based accounts, then the mail will still originate from a mail server with an allowed IP...so long as the web based access isn't hosted on the server behind the firewall. That would only affect me and I don't get out of the country that often.
 
Fark_Maniac said:
If you are away on vacation...and use either your company account, your yahoo/gmail/hotmail or any other web-based accounts, then the mail will still originate from a mail server with an allowed IP...so long as the web based access isn't hosted on the server behind the firewall. That would only affect me and I don't get out of the country that often.
Click to expand...
Also keep in mind that if that country has any kind of presence(mail server wise) in another country(think gmail servers) they're going to use the closest server to route the mail out of as per their routing design. xtox did bring up a valid point but made himself look like an idiot with his next comment. Kids these days...
 
supposidly the only way you can get spam is releasing your email to places that you don't even know of. sometimes you gotta watch those sites cause they'll take your email add it to the listing and INSTANTANEOUS SPAM.

spam filters :/
 
You must log in or register to reply here.
Back
Top