On Tuesday 07 December 2004 21:24, Jeff Kinz wrote: >On Tue, Dec 07, 2004 at 06:04:14PM -0800, Rick Stevens wrote: >> Gene Heskett wrote: >> > Another that bears blocking completely is 64.0.0.0/24 as its >> > 100% spam of the non-edible variety. Ditto for 66.0.0.0/24. >> > >> > Anybody else have any more to contribute? >> >> Whoa, buddy. The entire 64.0.0.0/8 is NOT a spam source. We have >> a /19 in that space and we're not spammers. > >Rick (As usual) has a valid point. > >Hotmail is in that range: >(OK - they may be Korean spammers.... ;-) >NetRange: 64.4.0.0 - 64.4.63.255 OrgName: MS Hotmail OrgID: > MSHOTM > >XO Communication also in that range: >NetRange: 64.0.0.0 - 64.3.255.255 > >Pangea in Canada >NetRange: 64.4.64.0 - 64.4.95.255 > >"/24" mask blocking hits large chunks. You may want to do something >more finely grained. Humm is that not t'other way around? Its my understanding that a /24 means the first 24 bits are valid, and a /8 would lock only on the leftmost 8 bit number of the quad. Understand that I'm talking in an extremely historical sense about this. In the time when my only tool to filter this was an ip comparator, I wrote a prefilter that would track the good vs bad emails from any /8 address block. Tested against known good addresses it worked just fine, so I let it run for a week using the 64.xx.xx.xx/8 trigger and inspected each mail it caught for validity. Of the nearly 5000 checked in that week, it properly stashed them all in the spam folder, and did not trigger any as non-spam. I checked everyone it caught. Bored me to tears or made me laugh my head off with the miss-spellings and general mangling of the 'engrish' language that came thru. As I was on a dialup via long distance at the time, I figured those 5000 messages (on a 14.4 modem, I did say this was historical didn't I?) cost me about a 20 dollar bill just in the ld time. So for those that claim html doesn't hurt, that also adds to the online time that an ld user has to pay for in addition to his his ISP connection. I left that block filtered, and went on to 218 and wiped it out too. ISTR I had the 62 block, the 211, 213 and the 69 blocks in there too, but many with /16 or /24 qualifiers. But I don't recall at this late date where they came from. Memory, second thing to go you know. :-) I do recall that it came to a screeching halt when korea, refusing to do anything about it, managed to get the whole country on a couple of temporary 10 day black holes. Talk about gored oxen. The silence was deafening... Now of course they're concentrating on phishing, and getting damned good at it. Now we have considerably better filters, like spamassassin, and I don't pay that much attention to the src ip now. However, if they ever bring back the wanted, dead or alive posters from yesteryear, I'd go out and do some serious bounty hunting. But TPTB don't seem to want to count the cost to us since the cost to us is a profit to someone else and they're all for that, yessiree Bob. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.30% setiathome rank, not too shabby for a WV hillbilly Yahoo.com attorneys please note, additions to this message by Gene Heskett are: Copyright 2004 by Maurice Eugene Heskett, all rights reserved.
