Help with SPAM blocking

• Previous message: Steve Frank: "Re: I am searching for an good online infosec learning institution.. any suggestions?"
• Next in thread: David Gillett: "RE: Help with SPAM blocking"
• Reply: David Gillett: "RE: Help with SPAM blocking"
• Reply: Michael Gale: "Re: Help with SPAM blocking"
• Reply: Ned Fleming: "Re: Help with SPAM blocking"
• Reply: Kurt: "RE: Help with SPAM blocking"
• Reply: bernie_at_e-mich.com: "Re: Help with SPAM blocking"
• Reply: Sebastian Reitenbach: "Re: Help with SPAM blocking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 19 Jan 2005 10:38:25 -0800
To: <security-basics@securityfocus.com>

Greetings list,
 
I'm new to SPAM blocking and am trying to ramp up my knowledge of its
mechanisms. I've done several days of research all over the net and
there are still some points of confusion I can't seem to find
explanations for. Anything you can help clarify for me is most
appreciated. I also welcome reference to more focused mail lists I can
query.
 
First, I'm still looking for a good technical explanation of how
Realtime Blackhole Lists (RBLs) work. Many references have specific
implementation details (the syntax of the sendmail config lines, etc),
but not the overview of RBL technology. The overviews I have found are
too generic and mail-recipient/end-user oriented to be of much use.

Do RBL's have a standard file format? What's it look like?

What I can glean from FAQs and documentation implies there are two
types: SMTP based and DNS based. Is this correct? Or is DNSRBL
synonymous with RBL? Some lists (like njabl.org) imply they can be used
by a DNS server, but I'm not clear how that functions. Why do so many
references mention loopback addresses (see www.njabl.org/use.html, or
the declude.com database). What's the connection?
 
Is it best practice to use one list integrated with your DNS server, or
saved as a hosts file on your mail server, and another configured at
your SMTP gateway?
 
Also, is an RBL downloaded to your SMTP host, or is it used as a remote
query? If it's remote, how can one create exceptions when needed? Is
that where your SMTP gateway's white-list feature comes in?

Again, thanks for any info you can provide.

Dan Lynch, CISSP
County of Placer
Auburn, CA

dlynch at placer dot ca dot gov

• Previous message: Steve Frank: "Re: I am searching for an good online infosec learning institution.. any suggestions?"
• Next in thread: David Gillett: "RE: Help with SPAM blocking"
• Reply: David Gillett: "RE: Help with SPAM blocking"
• Reply: Michael Gale: "Re: Help with SPAM blocking"
• Reply: Ned Fleming: "Re: Help with SPAM blocking"
• Reply: Kurt: "RE: Help with SPAM blocking"
• Reply: bernie_at_e-mich.com: "Re: Help with SPAM blocking"
• Reply: Sebastian Reitenbach: "Re: Help with SPAM blocking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]