Solved

dynamic IP pools smtp spam detection

Posted on 2008-06-17
4
330 Views
Last Modified: 2013-12-17
Hi,
ive got a gerneral question about detection of dynamic IP pools.
I know there are lots of blacklistprovider like spamhaus and so on...
I want to know which mechanism they are using to determine an ip address as static or dynamic (from a dialin pool).
- Do they get the information via a WHOIS lookup
- or via a reverse DNS lookup and checking it against a regular expression containing "%dialin-in%"
- or from RIPE?
- or just feeding there on database by any suspect information
It would be cool if anybody could make it more clearer.
Thx!"
0
Comment
Question by:netcrew
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 500 total points
ID: 21803491
These blacklists keep track of known IP ranges that are used for by ISP's consumer/dynamic internet accounts. These are well known and as such easily blocked.

Comcast for instance has different ranges for its business class service to which it provides static IP's and its consumer class service to which it only provides dynamic IPs.
0
 

Author Comment

by:netcrew
ID: 21804345
yes but where do they get the information from? who tells them this is a dynamic? is there a dns/ripe/whois flag, how to determine which comcast addresses are static and which one are not?
How can i get this information. Do i have to call comcast, hey comcast whats ur dialin range which is not static? or can i do a whois or reverse dns lookup and check for a flag which tells me its from a dynamic pool?
0
 
LVL 6

Assisted Solution

by:raptorjb007
raptorjb007 earned 500 total points
ID: 21804804
Well, typically there are multiple factors.

Most Blacklists include information gathered from internet spam sensors, these keep track of which IP's they are receiving spam from, and an infected machine with a dynamic IP tends to bounce from one IP to another eventually, over time and with many infected machines, an entire IP block gets added to the list, as they are consecutive IP's the actually range can be inferred.

They may even have inside sources who contribute such information from the various ISP's directly, however I don;t think this would be officially noted in any public space.

The various blacklist companies all have their various methods that they use to determine what to and not to include that makes any specific answer impossible, but generally I belive the Spam Sensors provide the majority of their information.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question