How to block spamming countries

bbaoIT Consultant
Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from the top spamming domains such as .cn and .ru. This is not a practical approach.

If you intend to identify the source IP addresses for specific domains for ALL incoming traffic to your site, you have to reverse resolve the host's domain name from each source IP address. This procedure is called Reverse DNS Lookup, or briefly rDNS.

Unfortunately, not all IPs can be reverse resolved because not every IP has its registered domain name. So technically you can't use this approach (IP to host name) to identify all country domains that you want to block. On the other hand, not all .cn or .ru hosts are using the IP addresses which are physically located in China or Russia. They may be located in the US or any other locations in the world.

Additionally, for every single IP, reverse resolving (rDNS) needs time to query your local DNS server, then ISP's DNS server, root DNS servers and all related DNS servers. It is acceptable for validating an email address, but not practical for filtering all TCP/IP connections.

However, if you really want to do that, you may consider simply blocking the IP ranges of China, Russia or other countries on your firewall or router facing the internet. As no rDNS is involved, the performance is better, but the performance is still reduced if too many ranges are filtered. This can be implemented at network layer using an edge router or firewall. A fully featured software gateway such as CheckPoint Appliance or Microsoft ISA Server can also handle this kind of job, but commonly it is not optimised and not recommended because IP filtering is best implemented at network layer using XOR mask calculation.

You may get the IP ranges from Country IP Blocks. This site also updates you about the top 10 global spammers and provides you several popular formats to export the Country IP data you need. As of the first quarter of 2010, the top three spamming countries are Korea, China and India. "The biggest surprise on the list is Korea, as it takes over the number one global spammer spot from China. With the improved high speed internet infrastructure in Korea and ease of network access, we knew Korea would be on the rise. We just did not expect it to be so soon."

Please be aware that this approach probably has impacts on your business if you are running commercial websites or Web Services behind the firewall or router blocking these countries, as all affected visitors from these countries can't see your websites at all, including your prospective clients just travelling in these countries.

According to MaxMind, there are 248,307,783 IP addresses for China, 86,613,071 for Korea, and 33,218,703 for Russia. Therefore you will must have a long list of IP ranges to be blocked.

The decision is up to you.
bbaoIT Consultant

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.