Saturday, May 29, 2010

How to block spamming countries

I was recently asked about how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, just like what a spam filter does on an email server, such as blocking all emails sent from the top spamming domains such as .cn and .ru.

If you intend to identify the source IP addresses for specific domains for ALL incoming traffic to your site, you have to reverse resolve the host's domain name from each source IP address. This procedure is called Reverse DNS Lookup, or briefly rDNS.

Unfortunately, not all IPs can be reverse resolved because not every IP has its registered domain name. So technically you can't use this approach (IP to host name) to identify all country domains that you want to block.

On the other hand, not all .cn or .ru hosts are using the IP addresses which are physically located in China or Russia. They may be located in the US or any other locations in the world.

Additionally, for every single IP, reverse resolving (rDNS) needs time to query your local DNS server, then ISP's DNS server, root DNS servers and all related DNS servers. It is acceptable for validating an email address, but NOT practical for filtering all TCP/IP connections.

However, if you really want to that, you may consider simply blocking the IP ranges of China, Russia or other countries on your firewall or router facing the internet. As no rDNS is involved, the performance is better, but the performance is still reduced if too many ranges are filtered.

You may get the IP ranges from Country IP Blocks. This site also updates you about the top 10 global spammers and provides you several popular formats to export the Country IP data you need. As of the first quarter of 2010, the top three spamming countries are Korea, China and India. "The biggest surprise on the list is Korea, as it takes over the number one global spammer spot from China. With the improved high speed internet infrastructure in Korea and ease of network access, we knew Korea would be on the rise. We just did not expect it to be so soon", the site comments.

Please be aware that this approach probably has impacts on your business if you are running commercial websites or Web Services behind the firewall or router blocking these countries, as all affected visitors from these countries can't see your websites at all, including your prospective clients just travelling in these countries.

According to MaxMind, there are 248,307,783 IP addresses for China, 86,613,071 for Korea, and 33,218,703 for Russia. Therefore you will must have a long list of IP ranges to be blocked.

The decision is up to you.


Anonymous said...

why can't we do what Facebook does as just restrict countries we would like our blog to go to.

jim said...

No modern office would be complete without office programs. While there are major brands, there are also open source options, and they all share common features. With these programs it becomes possible to do anything from making interactive presentations to file reports. | | | | |

Unknown said...

Things are very open and intensely clear explanation of issues. Was truly information. Your website is very beneficial. Appreciate your sharing. |

Unknown said...

I¡¦ll right away grab your rss as I can not in finding your email subscription link or newsletter service. Do you have any? Please let me understand so that I may subscribe. Thanks.
sportsaround |