SPAM RATS

About SpamRATS!

Oh no! Not another infected PC or BotNet sending me spam... Well, maybe if you blocked the RATS at the SMTP level of your server, this would not be a problem. We have several lists of IP Addresses that have all the indicators of being RATS, and you can use them just like any of your favourite Real Time Blacklists (RBLs).

Description

Based on statistics, the most abusive types of connections are those that either run dictionary attacks or mass mailings. They usually conform to the following four types:

  • Botnet/Spammers from IP's with no Reverse DNS
  • Botnet/Spammers from infected PC's (Dynamic or Generic Reverse DNS)
  • Email Marketing Companies
  • Compromised Servers

The use of IP Reputation is one of the most effective ways to reduce overhead, bandwidth, and of course Unwanted Bulk Email (UBE). The most common way to achieve this, is to check connections against IP Address lists and block them. Because we consistently receive large amount of spam information from ISPs, we are able to compile this data and use it in our anti-spam tools which we have made available to the public.

SpamRATS is dedicated to helping ensure that all forms of mail servers can choose to only accept messages from other properly configured mail servers. "Best Practices" dictates that mail servers should have correct Reverse DNS that reflects the operator of the mail servers.

SpamRATS completely automated system available to the general public. We hope this service helps protect you one of the most problematic types of resources draining your email systems.

RATS-Dyna - Probable PC or home connection infected with a Trojan, Bot, or Emailer Program

RATS-NoPtr - An IP Address which has no reverse DNS, and probably the home of a SpamBot

RATS-Spam - An IP Address that has been shown to be abusive (Use at your own risk)

Using RATS!

RATS is very simple and easy to use. You can access our public lists, just like any other RBL. Most mail servers support this ability. We have included references for several of the common mail servers. All you have to do is remember the correct hostnames to use for each list. Simple, and easy to use (copy from any instructions on using RBL)!

  • RATS-Dyna - Use "dyna.spamrats.com"
  • RATS-NoPtr - Use "noptr.spamrats.com"
  • RATS-Spam - Use "spam.spamrats.com"

Here are some links to resources on how to use RBL's with your favourite email server.

NEW - SpamRats All

Due to popular demand, you can now do a single query to RATS-All, by using "all.spamrats.com". You should consider a few things. Depending on how you use your lists, you could end up blocking some of your own customers that are on RATS-Dyna. RATS-Dyna should be configured in such a way that it only checks inbound connections, and not your customers. Most of the time it is done either by separating your MX IP Addresses, from your mail.domain.com MTA, or by exempting those who use SMTP authentication, or have relay clients set. (Consult your individual MTA documentation) But in most mail servers you can still use the "all.spamrats.com" list, by looking at the return codes. In Postfix for example you could use:

reject_rbl_client all.spamrats.com=127.0.0.36
reject_rbl_client all.spamrats.com=127.0.0.38

which would result in a single query but would only reject mail that was on either Dyna (36) or Spam (38). It would ignore entries which were on Noptr (37). This obviously halves the bandwidth usage and latency for both us and for them over querying each of those lists separately. This is supported with at least Postfix, Exim, Sendmail and Exchange 2003 as far as we are aware.

Limits!

Currently there are no limits, and we would like to keep this service free for as long as possible. But if the demand by larger ISPs becomes too great, we MAY, at some time in the future, ask for a fee to defray the costs. Currently this project is sponsored by http://www.linuxmagic.com, who use these lists in their systems. LinuxMagic uses the BMS System so they don't have any risk of interruption of service at the DNS server level. (See BMS)

Caveats!

Remember that there is a risk of using normal RBL service. The risks is that an interruption in DNS lookups may cause some emails to be rejected or flagged as spam if not used correctly. There are many resources on the internet about using RBL lists safely, so please examine those.