Solved

dynamic IP pools smtp spam detection

Posted on 2008-06-17
4
326 Views
Last Modified: 2013-12-17
Hi,
ive got a gerneral question about detection of dynamic IP pools.
I know there are lots of blacklistprovider like spamhaus and so on...
I want to know which mechanism they are using to determine an ip address as static or dynamic (from a dialin pool).
- Do they get the information via a WHOIS lookup
- or via a reverse DNS lookup and checking it against a regular expression containing "%dialin-in%"
- or from RIPE?
- or just feeding there on database by any suspect information
It would be cool if anybody could make it more clearer.
Thx!"
0
Comment
Question by:netcrew
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 500 total points
ID: 21803491
These blacklists keep track of known IP ranges that are used for by ISP's consumer/dynamic internet accounts. These are well known and as such easily blocked.

Comcast for instance has different ranges for its business class service to which it provides static IP's and its consumer class service to which it only provides dynamic IPs.
0
 

Author Comment

by:netcrew
ID: 21804345
yes but where do they get the information from? who tells them this is a dynamic? is there a dns/ripe/whois flag, how to determine which comcast addresses are static and which one are not?
How can i get this information. Do i have to call comcast, hey comcast whats ur dialin range which is not static? or can i do a whois or reverse dns lookup and check for a flag which tells me its from a dynamic pool?
0
 
LVL 6

Assisted Solution

by:raptorjb007
raptorjb007 earned 500 total points
ID: 21804804
Well, typically there are multiple factors.

Most Blacklists include information gathered from internet spam sensors, these keep track of which IP's they are receiving spam from, and an infected machine with a dynamic IP tends to bounce from one IP to another eventually, over time and with many infected machines, an entire IP block gets added to the list, as they are consecutive IP's the actually range can be inferred.

They may even have inside sources who contribute such information from the various ISP's directly, however I don;t think this would be officially noted in any public space.

The various blacklist companies all have their various methods that they use to determine what to and not to include that makes any specific answer impossible, but generally I belive the Spam Sensors provide the majority of their information.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question