* * * * *
                                        
                            Spam from bogus IP space
                                        
Earlier today (okay, technically yesterday) I came across the concept of
bogons [1], or IP (Internet Protocol) address not officially allocated for
use. They even provide a current list of non-routed IP blocks [2]. Curious
about the effect of using said list to block potential spam, I setup a test,
consisting of 565,012 tuples (we've stepped up testing of the greylist daemon
[3] over the past week) previously processed (I'm keeping some extensive logs
here), added the 6,803 IP blocks not allocated, and let it rip.

An hour and a half later, I had my answer.

Of 565,012 tuples processed, only 6,117 came from non-allocated IP space.

It's a little over 1%.

I don't think it's worth adding the non-allocated IP space to the greylist
daemon. Not that it makes the daemon run slower, it's just that an IP list of
that size takes up quite a bit of memory due to the trie structure [4] used
to store the table, and for such a small gain, I don't feel it's really worth
it.

[1] http://www.completewhois.com/bogons/
[2] http://www.completewhois.com/bogons/data/bogons-cidr-all.txt
[3] gopher://gopher.conman.org/0Phlog:2007/08/16.1
[4] http://en.wikipedia.org/wiki/Trie

Email Sean Conner at sean@conman.org

.