Rant: blocking entire countries from e-mail

Topic

New Reply

Somebody in Korea is spoofing our domain and sending e-mail (so it looks like it is coming from our domain – even though it is a nonsense e-mail like 234klkjsdk@our-domain). I have done the IP lookup for the actual sender (reading the e-mail header, obviously) and have tried several times to contact the abuse@ e-mail for the offending ISP in Korea. The contact info listed for that ISP is fake and my e-mails get bounced back to me. Um, as an ugly American, is there some way I can block entire IP ranges (e.g. countries) from e-mail? I know this is a bit of an over-reaction, but this has been going on for over a year. Perhaps if enough of us block entire countries from e-mail, we might get better monitoring of spam? The horribly ironic thing is that recently I read that the US is the biggest sender of spam. Going back to my rant – the countries with the most spoofing of our domain are in order: Korea, Turkey, Poland. Anything I can do? At this point our domain has been on and off several spam lists as a sender of spam – which we are not, but the stupid lists don’t consider spoofing of e-mail addresses………. AAAAAAAaaaaaaaaaaaaaaa!!!!

Reply | Quote

Replies

Hi Eric

We have had a similar question in here just recently but the guy who asked was being an awfully decent English chap and just blocking one particular IP address…not a whole darn country .. I can say that about the Englishman ‘cos I am one too

Yep, I feel for you but these spammers/ hoaxers/spoofers are clever little chaps and have a habit of not having a fixed IP address but the methods discussed recently is updating your site using the .htaccess file to block IP addresses.

If you have the IP range you could put a block range in but it maybe a big job anyway have a look at Banning Ip address from website with the associated links in the thread, it’s a start but wow a whole country

Reply | Quote

Thanks – I am familiar with the .htaccess file, however that only prevents them from visiting the website – I believe they can still e-mail –TO– the website, can’t they? If not, then that is what I will do. My point is to get these IP ranges to tighten up how they run things — I know it is probably a few people causing problems for the many, but still – having a fake or inactive email for the IP range contact (“for abuse contact”) is either sloppy or devious…

Reply | Quote

Sorry Eric, I get your point, that will teach me to scan read too quickly.

Personallay I think you are on to a hiding for nothing if you are going to try and do this yourself… I think the company will have to spend a little money and get some software to do this for them. My company is inundated with spoof/phish/spam etc on a daily basis. We use Mimesweeper as our preferred choice. You probably know that suspect mails get quarantined and each user on the domain gets a summary email of the quarantined mails daily or they can check ad hoc and educate the system to accept specific domain names.

We use a big company name because they can go off and collect the bad list of dodgy IP addresses and we just update regularly. All known emails get automatically dumped and the system has a maintenance program to delete it…no response from domain tends to stop the messages after a while…..

Reply | Quote

We have a rather nice spam-checker on our Exchange Server called Hexamail Guard, and I have no qualms at all about blocking .ru and .biz, since we would never ever get anything relevant from these domains. Now about .com…

It also uses the SpamHaus black-list of spammers…

John

Reply | Quote

John, I need to check into Hexamail Guard — sounds like you are doing what we are talking about — I hate to say it, but we get nothing useful from Korea, Russia, etc. Man, I never thought I would be the “protectionist” type, but this is just @#$!% me off. If Korea et al can’t get their e-mail under control — we’ll just block them.

Reply | Quote

Eric,

Just to make sure: you can use a filter to ensure that your PC or server won’t let through e-mails from a certain IP range. But this won’t prevent someone in Korea from sending out e-mails to others spoofing your name/e-mail address as sender. As has already been pointed out, there is nothing you can do do against that directly.

Reply | Quote

I know, I know — I guess I’m being a bit of a socialist (???) or such by thinking that if several organizations started blocking irresponsible IP ranges, at some point, those IP ranges would be irrelevant…
.
It really sucks that you can have somebody impersonating your organization — and likewise tarnishing your name — and there does not seem to be anything you can do about it. As I stated earlier, I have tried to contact the ISP of these IP ranges, but the contact info is bogus. That’s what got me all (over-reacting, I know) annoyed…

Reply | Quote

I sympathize! Last year, I sent out a mailing from my private e-mail address to universities all over the world, including some in Russia. A few days later, I got reports that I was spreading a virus. Turned out that someone in Russia was spoofing my e-mail address to send out e-mails with viruses
Fortunately, this stopped by itself after a few days (without action from me)

Reply | Quote

Feel lucky at least you are NOT at the top of most peoples address book, it appears that the first enties get sent a lot of email but the others tend to be the ones sending the emails

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

Agreed – and I love the quote in your signature – you made my day!

Reply | Quote

When you say you want to “block entire IP ranges (e.g. countries) from e-mail” are you saying you want to block emails coming into your domain, or you want to stop them from sending emails in the first place? If the former, and you have your own mail server, that is where you would block it. If not, or the latter, I think you need to take it up with your ISP or a higher authority – I think it is beyond us mere mortals to (legally) prevent emails being sent from a remote IP address, however much in the wrong they may be.

I’ll move this thread to the Security Forum which I think may be slightly more appropriate – see post 603,091 for a similar issue.

Reply | Quote

Of course I’m not talking about blocking the sending of e-mail — I would like to put something in place that anything coming from a particular IP range is refused.

Reply | Quote

I very much doubt you can identify the actual sender. At best you can trust the header information for the destination mail server and the immediately previous relay. Any skillful spammer will have forged everything else.

In the old days, spam generally was delivered through unsecured email servers (open relays) which could be blocked by most ISPs. Unfortunately, with the spread of spam-bots into home, office, and university networks, there are now orders of magnitude more “mail servers” on the ‘net. I still believe the long-run solution is a tax imposed on the telecom companies that operate the “backbone” of the network serving the United States. By imposing a simple charge per SMTP transaction traversing the net, we can gradually push the cost out to ISP subscribers (like mobile phone text message plans with the first so many free each month). I would like to reach the point that indiscriminate spamming is uneconomical, or at least no more economical than paper junk mail.

(Won’t innocent victims of botnets lose out in this scenario? ISPs will need to provide customers with solutions to that problem, like local phone companies handle complaints about calls to “900” numbers: an ISP-level block on outbound SMTP transmissions other than to the ISP’s own mail servers.)

Reply | Quote

> an ISP-level block on outbound SMTP transmissions other than to the ISP’s own mail servers

Interestingly, my ISP has just implemented this. I received an email from them saying that they believe it is the only way to avoid getting black-listed themselves and if it causes me problems then I should raise a ticket with them.

StuartR

Reply | Quote