Is it good or bad? Well the answer is it depends. If your organization only operates within North-America, for instance, blocking the more prolific spam sources by country may be a very good way to reduce the amount of traffic hitting your MTA. For example, you could block all traffic coming from the top-10 spam sources listed by country on the Spamhaus Top 10 Worst Countries List (excluding your own, of course).
At writing time, Spamhaus Top 10 countries were:
1- United States
2- China
3- Russian Federation
4- United Kingdom
5- France
6- Brazil
7- South Korea
8- Japan
9- Argentina
10- Germany
Traditionally, the easiest method to block traffic based on national IP blocks was to use a DNS block list (DNSBL) provider that basically offered the IP zone files for each country. Until fairly recently, the most popular one in use was blackholes.us, which wasn’t really a DNSBL per se, but it did break down IP blocks by country. So, if you wanted to block traffic from China, for example, you could query cn.blackholes.us.
However, blackholes.us was shut down in 2002 and its IP address space was later assigned to another company. Email servers that continued to query those addresses began receiving a value of true on any lookup, meaning the whole Internet was blacklisted for them.
According to The MX Record, The issue is the maintainer of the blackholes.us DNSBL shut the list down some time back and the IP address space that the DNS servers for it were on was given back to ARIN. That address space has since been re-allocated to a new company and they are getting tired of the continual inbound DNS queries to the IP address of the old server. Apparently they have now stood up a DNS server to answer those queries with a wildcard record that effectively returns yes, the IP you are inquiring about is a spammer. As a result, lots of mail relays that are still configured to do lookups against this DNSBL are now being told that everyone on the Internet is a spam source.
We obviously need an alternative method, and one such option is the countries.nerd.dk DNSBL. To block a country from sending mail to your MTA, you’d simply prepend the IANA country code to .countries.nerd.dk.
Examples:
cn.countries.nerd.dk -> China
kr.countries.nerd.dk -> Korea
pl.countries.nerd.dk -> Poland
ru.countries.nerd.dk -> Russia
br.countries.nerd.dk -> Brazil
ar.countries.nerd.dk -> Argentina
Here’s a log extract from a mail server that receives a small amount of traffic (10 messages per second) after filtering out the spam-blocking DNSBL. The log covers approximately 15 seconds:
Leave a Comment