• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 334
  • Last Modified:

dynamic IP pools smtp spam detection

Hi,
ive got a gerneral question about detection of dynamic IP pools.
I know there are lots of blacklistprovider like spamhaus and so on...
I want to know which mechanism they are using to determine an ip address as static or dynamic (from a dialin pool).
- Do they get the information via a WHOIS lookup
- or via a reverse DNS lookup and checking it against a regular expression containing "%dialin-in%"
- or from RIPE?
- or just feeding there on database by any suspect information
It would be cool if anybody could make it more clearer.
Thx!"
0
netcrew
Asked:
netcrew
  • 2
2 Solutions
 
raptorjb007Commented:
These blacklists keep track of known IP ranges that are used for by ISP's consumer/dynamic internet accounts. These are well known and as such easily blocked.

Comcast for instance has different ranges for its business class service to which it provides static IP's and its consumer class service to which it only provides dynamic IPs.
0
 
netcrewAuthor Commented:
yes but where do they get the information from? who tells them this is a dynamic? is there a dns/ripe/whois flag, how to determine which comcast addresses are static and which one are not?
How can i get this information. Do i have to call comcast, hey comcast whats ur dialin range which is not static? or can i do a whois or reverse dns lookup and check for a flag which tells me its from a dynamic pool?
0
 
raptorjb007Commented:
Well, typically there are multiple factors.

Most Blacklists include information gathered from internet spam sensors, these keep track of which IP's they are receiving spam from, and an infected machine with a dynamic IP tends to bounce from one IP to another eventually, over time and with many infected machines, an entire IP block gets added to the list, as they are consecutive IP's the actually range can be inferred.

They may even have inside sources who contribute such information from the various ISP's directly, however I don;t think this would be officially noted in any public space.

The various blacklist companies all have their various methods that they use to determine what to and not to include that makes any specific answer impossible, but generally I belive the Spam Sensors provide the majority of their information.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now