Main
index

Clients
Overview
pf.conf configuration
bgpd.conf configuration
spamd.conf configuration

Spamd-source Server
Coming soon

Route Server
Overview
bgpd.conf configuration
pf.conf configuration

Announce mailing list
Papers
Hosting is generously provided by Sonic.net

 

Client Configurations


Frequently Asked Questions


How do I use this?

Connect to the route server(s) with BGP, then feed the two lists to two different mechanisms. The two lists are marked with different BGP Communities, so you can easily determine which is which.
  • 65066:42 - whitelist. These are entries that are semi-trusted, and may be used to bypass your greylisting. Of course, they are not guaranteed to not be spammers, so you should still use content-based methods to check.
  • 65066:666 - blacklist. These are entries that sent mail to a "spam trap" address, and are considered spammers.

Shouldn't I just blackhole these IPs?

It may be tempting to simply nullroute or blackhole all members in the blacklist feed. You don't want to.
By blackholing them, you have no knowledge if they are continuing to send you mail, or of telling them that they are blacklisted. If they are a legitimate email server, the email administrator on the sending side can detect the rejects and fix the source of spam.
Additionally, letting them get "451-try again later" for 24 hours wastes more of their resources than letting see a tcp timeout.

How do entries get added?

While clients are able to connect and fetch this feed, any addresses submitted WILL be rejected. Addresses will only be added to this list from a very restricted set of upstream servers. Each upstream server will be vetted by the Route Server administrator, and agrees with the selection criteria.
Whitelist entries are IP addresses that have sent a minimum of 10 emails in the last 75 days. These values are to make it more difficult for a system sending spam to be accidentally whitelisted.
Blacklist entries are IP addresses that have sent an email to a SPAMTRAP email address within the last 24 hours. ONLY the specific IP address that sent the email will be listed.

What use is the Whitelists?

Our goal is to distribute entries that we are confident are "real" mailservers based on the information in the spamdb database. The advantage of this is that "likely good mailservers" mailservers communicating regularly with any participant will not be subjected to greylisting delays at all participants.

What if someone adds netblocks to block an ISP or subnet?

We WILL NOT list netblocks of any size, just because a "neighbor" sent any amount of messages to a SPAMTRAP email address.
The Route Server is configured to reject any address on the White list or Black list that is not a host-specific entry.

BGP is normally used to send routes, what happens to my routes?

In short: They will not be changed.
Clients are required to not modify their routes, based on the received information.
The next-hop entries distributed are bogus, and non-sensical for your network. Our distribution mechanism (BGP) requires a next-hop entry, and these are currently set to the originating server.

May I use this?

All clients are able to connect and use this feed without registering, and without requiring a dedicated AS assignment. We do allow connections from non-direct connections, and even through NAT. Due to technical reasons, we only allow ONE connection from an IP address at a time. Client systems will NOT be allowed to add any addresses to this feed. All such entries will be rejected.
Commercial entities are allowed to use this list, HOWEVER they should be aware this service is considered experimental and may be closed at any time. Commercial entities are requested to contact me before using, to be a "Good Neighbor".

I don't use OpenBSD, how can I use this?

Yes, non-OpenBSD clients can use these lists. While we do not have specific configurations yet, a client would need to:
  • Fetch lists using BGP
  • Extract entries marked with the Whitelist Community, and feed these addresses to their Whitelist mechanism
  • Extract entries marked with the Blacklist Community, and feed these addresses to their Blacklist mechanism
Please let us know how to configure any additional software to use these lists, and we will add them to the site.

Does this replace my other anti-spam methods?

In short: No
This is a network-based solution, intended to block the low-hanging fruit of spam. Content based scanning is still recommended.

How can I add my entries to this feed?

For the reference server implementation, I wish to be very conservative. If you have a large list (i.e. have more than 20k entries each on your White list and Black list) AND agree to our selection criteria, please contact me so we can discuss this in more detail.


© 2013-2017 Peter Hessler