Noel Jones August 23, 2010
* p...@alt-ctrl-del.org<p...@alt-ctrl-del.org>:
I find that a lot of spam comes from recently registered, throw away
domains. The new domain may be used as the sender, hostname, or name
server.
Are there any rbl type lists that block fresh domains, for the first
10-15 days of their existence?
I've also been playing with these:
http://spameatingmonkey.com/lists.html
The FRESH lists are what you're looking for.
Again, thanks.
The fresh15 list + log monitoring really worked out well. It's been a good
early warning system.
I have placed the fresh15 test, after all other tests. A few weeks of monitoring show that most of the positive hits
come from a few specific networks. The senders from these networks generally have proper fcrdns, and the helo and "from"
domain matches the fcrdns.
Blacklisting mail from these networks has made a significant dent.
Prior to blocking, >1 fresh15 hit per minute.
After blocking: as low as 1 fresh15 hit per 2-3 hours, up to 15 hits per hour.
