In message <[EMAIL PROTECTED]>, yo
u wrote:
>On Sun, 21 Mar 1999, Ronald F. Guilmette wrote:
>
>> You can take out essentially all of the world's problematic dialups in one
>> feel swoop via the comprehensive DSSL list. See http://www.imrss.org/dssl/
>> for more info.
>
>Sorry if this is the wrong place to ask, but what's the difference between
>DSSL and DUL? I didn't know about DSSL until now.
What is today called the MAPS DUL started out a long time ago when I
realized that a lot of spammers were sending spam direct from dialup
lines. I put togther a small list of IP address ranges for the most
common sources of this ``direct-from-dialup'' spam, for blocking purposes,
and then I published the list on the spamtools mailing list.
Later on, the head abuse guy at Erols Internet (a big East Coast ISP) took
over the list and maintained it and enhanced it with more address ranges.
Then it got given to a guy in Canada who added some more address ranges.
Then he couldn't deal with it anymore, so it got given to the MAPS RBL
folks. It then got renamed as the MAPS RBL.
Meawhile, I was trying to find a better way to do this same sort of thing,
i.e. provide a blocking list for SMTP direct from dialup lines. I wanted
some mechanism that was easier to maintain, even as various ISPs changed
what IP address blocks they were using. The best way to do this seemed
to be to have some sort of a blocking list that would be based in some way
on the reverse DNS name of the node that was connecting to your SMTP server.
After some substantial arguments about how to make this work, I, working
with a brilliant fellow who also happened to be a subscriber to the spamtools
list (and who prefers to remain mostly anonymous) created a dialups blocking
list based primarily upon reverse DNS names (and patterns for those) and we
made it accessible in a 100% compatible way to the pre-existing access
mechanism that had already been established by the users and promoters of
the MAPS RBL blocking list. (That is to say it is accessed via DNS from
our central server, where I maintian the list constantly.) Thus was born
the DSSL.
I have been maintaining and enhancing the DSSL in a daily basis ever since.
This list now covers the dialup blocks of over 2,000 different providers of
dynamic dialup service (essentially all of whom are either ISPs or else
Universities).
My original idea for the DSSL was to agressively include any any all reverse
DNS name patterns for _everybody's_ dialup blocks... at least all of the ones
that I could find, by hook or by crook, and also patterns for cable modem
lines and also xDSL lines. But a lot of criticism caused me to back off and
be a lot less agressive in the way the list was constructed. Now the DSSL
list contains _only_ patterns for blocks of dialups that I (or my extensive
spamtraps) *have* actually gotten one or more spams from, and (as far as I
know) it contains _no_ patterns that match any ``static'' IP address spam
sources such as cablem modes lines or xDSL lines. (Those can be blocked
via other means, when necessary, e.g. the MAPS RBL.) Still, the DSSL list
is quite extensive, and by using it, you can probably block in excess of 98%
of all of the direct-from-dialup spam that would otherwise come into your
mail server. This is made all the more remarkable by the fact that use of
_this_ spam blocking list typically produces virtually ZERO false positives
(i.e. good non-spam message incorrectly rejected). The reason for this is
obvious... essentially nobody but spammers does SMTP direct from dialups.
More info is available at http://www.imrss.org/dssl/. Note that the docu-
mentation there is a bit out-of-date, as it still talks about cable modems
and xDSL lines, even though there are none of those (as far as I know) on
the current DSSL list.
P.S. One fellow who computed some modest and informal statistics on the
``catch rates'' produced by the MAPS RBL versus the DSSL published some
results that indicated that the DSSL had an approximately 40% better catch
rate over the MAPS RBL. I have not seen any stats, to dat, relating to
false positives for these lists, but I firmly believe that the name based
approach is far less likely to produce _any_ false positives, whereas mere
static IP address ranges can often accidently include legitimat non-dialup
mail servers (thus producing false positives, perhaps many of them).
-- Ron Guilmette, Roseville, California ---------- E-Scrub Technologies, Inc.
-- Deadbolt(tm) Personal E-Mail Filter demo: http://www.e-scrub.com/deadbolt/
-- Wpoison (web harvester poisoning) - demo: http://www.e-scrub.com/wpoison/
"Ping can be used offensively, and it's shipped with every windows CD"
-- Steve Atkins
