Good afternoon, all,
On Fri, 11 Nov 2005, OpenMacNews wrote:
Anyone have a list of what country domain extensions are fairly Ok to
block?
There's a politically charged question.
FWIW, most spam still comes from the US.
imho, it's not an issue of where most spam comes from, nor is it a politically
charged question.
rather it's a pragmatic one: what % of email you rec'v/expect from any given
country is spam?
e.g., as one of my clients (a) does no business with CN/KR, and (b) noted that
~100% of email
rec'd from servers there was spam, adding:
I heard that same argument from a respected coworker; he asked the
company owner whether we could _possibly_ do business with "Country S" now
or in the future. Given an answer of "no" and the fact that we were
receiving sustained attacks from Country S, he blocked the entire country.
A few years later I found myself teaching a perimeter security
course _in the capital of Country S_, explaining to a classroom full of
paying students that we banned the entire country for a number of months
because - *gulp* - there was no possible way we'd ever do business with
that country.
Here's another way to look at the issue. Lets say that you knew
that a state/county/province in your own country had an inordinately low
signal/attack ratio. Would you ban that region?
Can you ever be sure enough that you'll _never_ get a legitimate
mail from that region? I've got one counter-example above....
If you really do believe you've got some political area with a
sufficiently low signal/noise ratio, I'd suggest making an SA rule to
_raise the score_, instead of an unconditional block.
One last note, Jerry. If you unconditionally blocked mail from
.nl and .br, you'd have respectively blocked 688 and 258 (out of 56,910)
posts from this list alone. One of which might someday have an answer you
need. :-)
Cheers,
- Bill
---------------------------------------------------------------------------
Boucher's Observation:
He who blows his own horn always plays the music several octaves
higher than originally written.
(Courtesy of "Brett W. McCoy" <[EMAIL PROTECTED]>)
--------------------------------------------------------------------------
William Stearns ([EMAIL PROTECTED]). Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
--------------------------------------------------------------------------
