Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

dynamic IP pools smtp spam detection

Posted on 2008-06-17
4
325 Views
Last Modified: 2013-12-17
Hi,
ive got a gerneral question about detection of dynamic IP pools.
I know there are lots of blacklistprovider like spamhaus and so on...
I want to know which mechanism they are using to determine an ip address as static or dynamic (from a dialin pool).
- Do they get the information via a WHOIS lookup
- or via a reverse DNS lookup and checking it against a regular expression containing "%dialin-in%"
- or from RIPE?
- or just feeding there on database by any suspect information
It would be cool if anybody could make it more clearer.
Thx!"
0
Comment
Question by:netcrew
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 500 total points
ID: 21803491
These blacklists keep track of known IP ranges that are used for by ISP's consumer/dynamic internet accounts. These are well known and as such easily blocked.

Comcast for instance has different ranges for its business class service to which it provides static IP's and its consumer class service to which it only provides dynamic IPs.
0
 

Author Comment

by:netcrew
ID: 21804345
yes but where do they get the information from? who tells them this is a dynamic? is there a dns/ripe/whois flag, how to determine which comcast addresses are static and which one are not?
How can i get this information. Do i have to call comcast, hey comcast whats ur dialin range which is not static? or can i do a whois or reverse dns lookup and check for a flag which tells me its from a dynamic pool?
0
 
LVL 6

Assisted Solution

by:raptorjb007
raptorjb007 earned 500 total points
ID: 21804804
Well, typically there are multiple factors.

Most Blacklists include information gathered from internet spam sensors, these keep track of which IP's they are receiving spam from, and an infected machine with a dynamic IP tends to bounce from one IP to another eventually, over time and with many infected machines, an entire IP block gets added to the list, as they are consecutive IP's the actually range can be inferred.

They may even have inside sources who contribute such information from the various ISP's directly, however I don;t think this would be officially noted in any public space.

The various blacklist companies all have their various methods that they use to determine what to and not to include that makes any specific answer impossible, but generally I belive the Spam Sensors provide the majority of their information.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There was an incident about the POP3 issue for the double read receipts and delivery receipts in Exchange 2013.  There was huge research been done and found solution for the duplicate mails. Especially when the user gets  duplicate mails.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question