15/04/2010
Greek spammers email addresses blacklist
GrRBL
In the beginning of the year I announced my RBL for Greek spam emails. The blacklist is growing larger by the day, thanks to some really kind people forwarding me their Greek spam emails, and has reached more than 120 IP addresses of verified Greek spammers.This alone though is not enough.
Why
Some spammers use their aDSL lines which have dynamic IPs to send their massive email “newsletters”. These people are split into 2 sub-categories. The ones that use their own PC as an SMTP server and the ones who use their ISP’s mail server as SMTP. I’ve tried to complain to some of their ISPs…some replied back saying that they were willing to look into the issue (but did nothing at all in the end) and others did not even reply to me. For both sub-categories, GrRBL is ineffective since I can’t add dynamic IPs in the blacklist nor can I add the IPs of the email servers of those major Greek ISPs.
Another category of spammers is the one that uses their gmail/yahoo accounts to send their emails. GrRBL is ineffective for this category as well since I can’t add gmail/yahoo to the blacklist…
What
So there was no alternative but to gather all those email addresses of these 2 categories above and add them to a new blacklist, one that will contain email addresses. I use this blacklist with my spamassassin configuration to eliminate Greek spam that GrRBL can’t. Each time I receive (or someone forwards me) a new Greek spam, I add the “From:” email address to this new blacklist. This new blacklist grows far more aggressively than GrRBL since it’s a lot easier to gather the data and already has more than 140 addresses.
Distribution
There are two available formats of the blacklist, one ready for use by spamassassin and another one with clear formatting ready to be used even by SMTPs to drop these spam emails without even touching your inbox.
The blacklist is currently only distributed to a group of well trusted people and it is available only through rsync with a username/password.
I don’t want to make the list completely public yet, but if you are interested you can request it at the contact email of GrRBL and I will reply to you about accessing it.
Sidenote
If you need a good tool to check a host again some RBLs, adnsrblcheck by Yiorgos Adamopoulos is the way to go (and it includes GrRBL!)
Filed by kargig at 23:15 under Linux,Networking
Tags: blacklist, email, Greek, greek spam, grrbl, Internet, Linux, Networking, spam, spamassassin
3 Comments | 18,363 views
Hi, Don’t you think that a blacklist of email addresses is a wasted effort? There are two things going on, 1) spoofing From:, 2) the abundance of free addresses will quickly make your list obsolete and/or worthless.
Also, I just found http://mxtoolbox.com/blacklists.aspx the other day. I think it is a pretty neat tool to check on alot of info about a smtp host.
Thanks for the reply Jeremy, you are not wrong about blacklisting email addresses in general, but this blacklist has a very specific target, “greek spammers”. And I can tell you that it’s quite effective, since most of them use the same From: addresses over and over to send their “newsletters”. Of course this will change sometime in the near future, but we’ll see about future anti-spam techniques when this time comes.
What I am trying to do is make it a bit more “expensive” for spammers to send these emails, they must try harder and harder if they want their emails to get to their destinations.
Blacklisting email addresses in general to prevent spam is totally futile.
Ah, ok then, thanks for explaining.