Spamhaus to indicate DROP status via DNS

In addition to the blacklists we all know and respect, Spamhaus maintains two other special lists: The DROP (Don't Route Or Peer) and EDROP (Extended Don't Route Or Peer) lists.
These are lists of IP addresses and/or netblocks of the worst of the worst -- networks that are hijacked, usually meaning that bad guys forged the letterhead of an out-of-business company then tricked a network service provider to provide internet connectivity to them. The ISP doesn't even know who they're actually doing business with. (Or maybe does know but doesn't care.) The kind of stuff these kinds of people engage in is usually not just spam, but fraud and crime-related kinds of stuff. Yuck.

ISPs could use these two lists as part of their router or firewall configuration, to totally deny any connections from those bad guys. But that data wasn't necessarily available for other use-- until now!

Spamhaus explains that as of June 1st, SBL and ZEN DNSBL lookups will return a special, additional DNSBL result code, if a queried IP address is on the DROP or EDROP lists.

Click here to learn more about this and start thinking about how you might incorporate this data into your own spam or web filtering, or security process or appliance.

No comments:

Post a Comment

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.