WyseLabs Internet Marketing Forum :: Start Sharing

A Dedicated Room for Testing, Experimenting, Listing & Discussing Internet Marketing Innovation

This forum consists of only people that work for TechWyse and contribute to the WyseLabs community. We invite all of you to read many of the helpful things that we find in our daily lives! That is why we have built this section after all!
Register Now

IP Blackholing

Programming for Search Engines 101. An area for avid PHP and .NET developers to chat about Programming techniques and how to make better use of search engines.

Moderator: Moderators

Post a reply

IP Blackholing

Postby Mike » Tue Sep 22, 2009 9:35 am

The proliferation of form spammers is getting well beyond annoying. Clients are presistently emailing and calling in complaining about the ever-increasing amount of form spam poluting their leads management systems and inboxes.

Several DNS blalckhole lists have started over the years, providing bolt-ons for sendmail and other MTAs to block incoming spam BEFORE it gets to the end user.

Of course, it didn't take long before the spammers got smart and started by-passing email clients altogether and turning our own tools against us - the contact form that most sites use to permit visitors to send an email internally.

One of the most controversial methods of combatting form spammers is outright IP blocking. And I don't mean blocking individual IP addresses - I mean blackholing entire network segments, and even entire countries. This method does have some drawbacks. For example, if you have a client hosted on a server and that client does business with a country or company that has its network blocked you're going to get a phone call. A recent implementation I did migrating 400 domains with approximately 2000 email addresses to a server with the entire Asian Pacific blocked resulted in phone calls from 2 clients that had suppliers or customers in China that couldno longer see their website or send them email. The net result however was not only astonishing, but passed the cost / benefit analysis of losing those 2 clients' hosting business. The machine experienced a 75% drop in form spam, and an 85% drop in email spam.

The IP filtering was then expanded to block all of Russia, The Netherlands, Brazil, Venezuela, and both Koreas. A special whitelist has ot be added to recover parts of Australia that had their IP blocks intertwined with parts of APNIC. The net result of that exercise was a further drop in form and email spam, and not one phone call from a client.

While there are a number of known spam operations in Canada they are few and far between. Blackholing anything other than individual IP addresses in the U.S. is simply out of the question. But adding some basic firewall rules and dropping packets from a small group of countries that offer little other than the source of spam and other unwanted network traffic goes a long way to removing some of the burden a server deals with day to day, and keeping a lot of clients happier with a much cleaner INBOX and CRM.

Mike
Mike
 
Top
Post a reply

Return to Programming

Who is online

Users browsing this forum: No registered users and 9 guests

Powered by phpBB® Forum Software © phpBB Group