Technology to counter abuse and technology to support abuse are in a never ending arms race.

Counter abuse technology can be divided into three main types: Reactive or responsive tech,  Real time tech and Pro active or pre abuse technology.

Reactive or responsive technology

RBL (Real Time Block Lists) Are reactive as factually they are not ‘real time’ but reactive as the abuse has to occur prior to the listing in the “real time block list” – RBL is usually published in various formats, as txt files, as DNS records, as TXT DNS records, as SQL (Structured Query Language) formats and more.

DNSBL (Domain Name Service Block List)  – DNSBL is usually published as TXT entries on a singular or multiple zone file record(s) Ascams uses DNS records internally as communication fields when establishing a private neural type network where abuse data is communicated and processed prior to publishing the public facing data in a standard singular zone file with each data entry reflected as two lines and a TXT type record is returned or answered on a standard DNS Query.

Ascams publishes three public facing email RBL and DNSBL

  • block.ascams.com
  • superblock.ascams.com
  • dnsbl.ascam.com

Ascams uses four neural DNS net systems to process data.  The largest number of public de-listings were in seven figures and as anyone can see, the current superblock contains millions of entries. As hardware capacity grows, it is possible for Ascams, with current resources, to index and supply reputational score(s) for the entire ipv4 range. As Ascams forsees ipv6 to operate on whitelist and the number of actual mail servers is currently significantly less than 1 million, the resources required to operate authoritative services, when restricting access and querry numbers, is manageable.

 

Real time technology

Ascams real time technology protocols (RTTP) uses standard https post and get, where all the questions are data and all questions could affect any answer, in real time. Any real time anti abuse technology has to answer any question based on data received at the same time (in real time) up to and including the time of the actual answer. Any answer based on old, stale or fixed data can never be real time as it is responsive and not “now”.

Ascams.com supplies a public database which uses applied real time abuse technology to manage comment spam and website comment form spam. This real time anti abuse technology applies a published and open ruleset to contributed data and delivers the data in real time because the question is asked and then answered after applying the question to the public facing data.

Pro active or pre abuse technology

This type of technology predicts abuse from resources before the abuse happens. Pre abuse technology is also probably the most closely guarded and less discussed of any of the technology types. Data related to pre abuse technology is usually not public and is not normally or commonly distributed/available to everyone.

One example of pre-abuse or pro active technology would be when a new AS is associated to a resource range (at a RIR) and that AS is previously known (for abuse, reputation or transactional)  and the entire and/or affected resource range is added (or published) to an RBL or a DNSBL.

Another example would be applying the signature of a botnet and bot traffic to extracting the resource information and then generating a cross reference to target the actual applied use of that network. Some networks are used for brute force, some networks are used for common dos (denial of service),  comment spam, normal email spam and of course more.

 

Close Menu