Blocking all DUL subnets is crudely effective, but, from what I see, almost no mail from direct DUL subnets to MXs is legit, so crudeness pays.
From what I have seen, this is a terrible way to block spam (although it may be useful as *part* of an overall anti-spam solution, if mail isn't blocked solely on this factor).
The original theory behind this started years ago when end users had dialup connections, which were almost exclusively using dynamic IPs. A mailserver couldn't function properly with a dynamic IP, so you could block any non-relay E-mail from a DUL (dial-up line).
The problem today, though, is that high-speed Internet access has changed everything. Many residential high-speed Internet providers (cable, DSL) provide dynamic IPs, while some provide static IPs. If you know that the static IPs are only residential, it *may* be OK to block them (as you would just block "hobby" mailservers). But what about the business connections offered by these services? They offer static IPs, but often the Internet provider won't provide customized reverse DNS entries.
So blocking E-mail with a reverse DNS that contains "dsl", the name of a cable/DSL company, etc. will block a *lot* of legitimate E-mail, mostly from smaller companies.
For example, in this area (the third largest city in New England (an area covering 6 U.S. states)), there isn't a single reasonably priced high-speed Internet access provider that will allow businesses to customize their reverse DNS entry. Small businesses that run their own mailservers can either [1] Pay about $100/month and get a high-speed Internet connection with a static IP (but no control over the reverse DNS), or [2] Pay about $1,000/month and get a high-speed Internet connection with a static IP (with control over the reverse DNS entry).
Few small businesses will pay $900/month just to deliver mail to a few mailservers that do a crummy job with spam control. If you can't tell the difference between a static IP belonging to a business and a dynamic IP belonging to a residential customer, it you can't safely block that mail (without combining the results with other spam tests).
FWIW, abuse.net tried something like this a couple months ago, but quickly turned it off as legitimate E-mail was getting caught.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
