[SpamCop.net - protecting the internet through technology]

[SC-Help] Re: Understanding dsbl?

Mike Easter MikeE at ster.invalid
Tue Jun 21 18:08:08 EDT 2005 

Alan Harper wrote:
> One of the computers that a colleague uses has an IP in dsbl.org. The
> IP is 200.79.150.31, and it has been in dsbl for presumably over 1
> year.
>
> http://dsbl.org/listing?200.79.150.31
>
> I assume that this is a dynamically allocated IP, and that it is in
> the list because another computer at that IP was a source of spam.

200.79.150.31  rDNS  red-corp-200.79.150.31.telnor.net  is listed in
multiple blocklists for proxies, ahbl, blars, dnsbl, dsbl, jammd, njabl,
sorbs x3, and some others and clearly has a history of problems.

dsbl consists of 3 different lists;  list, multihop, & unconfirmed;  and
it is listed in list and unconfirmed.  The evidence shows 2004 Apr
positive tests for port 1080 socks4&5 positive tests.

The business of whether the IP is dynamic or whether it has current
problems or not is not obvious except that its senderbase activity
doesn't show and I can't find any fresh evidence of anything.

> I note that (a) only the postmaster responsible for this IP can
> initiate removal of the IP. Telnor is a monopoly, their service is
> (much) worse than US ISPs (hard to imagine) and I doubt that they will
> initiate removal of an IP, but I could try.
>
> I note also that senderbase doesn't seem to pick up the listing at
> dsbl.org
>
> http://www.senderbase.org/search?searchString=200.79.150.31
>
> Perhaps senderbase has a reason for ignoring this list.

The default sb config shows 3 lists, the 'show all' shows more when
something is listed, but I don't recall which ones they select.

> However, spamcop has dsbl near the top of the list of additional
> filtering lists (see options under Horde).
>
> So I guess my questions are
>
> * any advice on how to get this IP out of dsbl
> * do people really filter email using dsbl
> * is dsbl considered reliable

There's more than dsbl to consider;  but you could initiate the dsbl
process and the confirmation would go to pm or abuse at telnor and they
would respond or not however they do.  The responsibility for dealing
with these issues is really that of the role addresses.

You could also run around to the other blocklists I mentioned and
initiate whatever other processes you wanted to.

Which people use which blocklists varies all over the map.  I find dsbl
a useful source of information;  as you can see, it can harbor old
evidence.

For whatever it is worth, that IP 200.79.150.31 is currently online and
echoes pings.  How secure or insecure it is I couldn't tell you because
I didn't choose to test it, but it doesn't currently show a port 1080,
or 25 or 80.



-- 
Mike Easter
kibitzer, not SC admin

More information about the SpamCop-Help mailing list