CircleID

I would definitely not consider myself to be a "less-experienced" system administrator as you mention in your article; I have 24 years of such experience, of which the last 10 involves internet access and email servers.  Yet, I do regularly block large chunks of address space on countries like Brazil, China, Korea, Taiwan, and now even India.  The reasons for this is practicality.  Open relays and open proxies are popping up everywhere, and I do block them when I can.  I do use DNS based blacklists as a first line of defense, so my private blocking is limited to what leaks through beyond that.  And I use several for redundancy (minus a couple recently shut down).  I do broadly block a number of address categories, including those that do not have validated reverse DNS, those that are sequentially numbered (generic), and a certain few whole countries (using blackholes.us DNSBLs).

My goal is cutting costs.  So methods that increase processing (cost) are not suitable alternatives.  I try to block based on connecting address (hostname or IP address) as much as possible to mimimize that processing.

I do have one advantage that most of my community of users run Linux, and are not subject to the malware problem.  Those that do run Windows know what they are doing and I leave it up to them to deal with any malware that slips through.  Cutting the cost impact of spam is my primary goal.

I mentioned that I block lots of generic address space.  I am aware that many people run mail servers at home, and might be impacted by this.  But I also believe they have choices in dealing with that.  If they are smart enough, they know the choices and can decide for themselves the best course of action.  I'll whitelist by IP address.  Or they can just forward to their ISP smart host where that is practical (assuming their ISP doesn't filter them out for use of their own domain names).

Interesting article, I work for the abuse department for a large email and DNS provider. We block large IP addresses (sometimes whole class c blocks) and then whitelist any domain names that we determine to be innocent or a victim of another individuals actions. This is labor intensive as we do receive quite a few whitelist requests. We often use this opportunity to educate and inform Internet users and clueless mail admins but still wind up blocking around 80% of our mail traffic. I was staggered when I first heard that figure. The problem is getting worse not better. 

Hi Phil (Howard), no one is accusing you to be less experienced. I guess you read too much in the wrong direction. But still, what you do may be overly aggressive in the wrong direction, as those spaces you block out are mere victims of spammers who mostly originate from the USA. China, India and many other Asian domains do not yet have the same level of expertise as the USA, or in terms of usable budgets to get more sophisticated equipment and servers. To penalize them too much would be unwise, as China and India are the fastest growing economies, as the larger economies such as USA and Japan have been slowing.

Still, action is better than inaction, although we have to be careful with every little step we take.

Seamus, you might want to check out CAUCE Asia Pacific - http://www.apcauce.org

Antispam workshops / conferences every six months, at regional network operators conferences like APRICOT and SANOG.

Speakers like Dave Crocker, Meng Wong, David Harris (the author of pegasus mail / the mercury MTA) etc, plus a "regional update" panel where people from governments, regulatory authorities, ISP associations etc in asiapac regions discuss antispam legislation in their economies.

I guess these conferences are making a small, but significant difference.

If you'd like to attend / present a paper at one of these (the next ones are - Kathmandu, Nepal - July 28-30 2004, and Kyoto, Japan - feb 3rd wk 2005) then email me about it.

regards
--srs