[talk] blacklists

Pete Wright pete at nomadlogic.org
Thu Feb 6 13:23:34 EST 2020



On 2020-02-06 07:21, George Rosamond wrote:
> Curious to hear about others dealing with (external) blacklists/RBLs,
> both from the perspective of getting removed from them or using them
> defensively. I'm not referring to blacklists generated locally by spamd
> etc. And it's certainly beyond just MTA IPs.
>
> (Yes, I know this seems like a back to 1999 discussion about ???haus,
> extortion and email...)
>
> I know there are (still) good and bad lists. I'm finding something
> annnoying about an alleged usenix site
> (http://www.usenix.org.uk/content/rbl.html). There are lists that aren't
> really blacklists, but rather just Tor IP addresses (both all the public
> Tor IPs and also just Tor exit nodes).
>
> There's some interesting stuff to dive into here:
>
> https://github.com/hslatman/awesome-threat-intelligence
>
> including apility.io, firehol's, and abuseipb.com, some of which have APIs.
>
> So some questions would be:
>
> * Are there public lists that others trust and utilize either
> defensively or that they work to keep off of?
>
> * Does NANOG and similiar groups have some list that I can't find?
>
> * are RBLs now just a playground for the Ciscos etc as proprietary services?


I'm glad you brought this up.  Just last week I wanted to improve my ad 
filtering at home and was reading up on the pi-hole linux stuff 
(https://pi-hole.net <https://pi-hole.net/>) and it looked pretty neat 
but seems really linux specific.

i ended up deploying pfblockerNG on my pfsense router at home.  i 
personally think this is still a valid way to add an additional layer of 
security to a network.  i'm not sure i'd go as far as implementing this 
on a per-host basis in a server environment, but for helping protect 
networks it seems pretty sweet.

i understand that this doesn't really address your original question 
about using RBLs for mail servers, but it looked like there were still 
loads of very active and open filtering lists out there...

-pete

-- 
Pete Wright
pete at nomadlogic.org
@nomadlogicLA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20200206/5cd6bba2/attachment.htm>


More information about the talk mailing list