Mail Header Analyzer
3D Traceroute can analyze Mail headers and check the values against RBLs.
RBLs are 'realtime blackhole list'. These lists collect IP number that are
the source of 'well known' spam (more exact: UCE or UBE) senders.
So if the senders IP number is in this list it is a very good indicator that
the message is spam.
To use it just mark the header of the eMail and copy it into the list. And
here we have the most difficult part: how to get the header?
in Outlook Express:
|open message, View-Options
The list of RBLs is saved in a file with the name DNSBL.INI. You can create
your own entry by adding one into the ini file:
[unique name of the RBL]
web=a web adress, unused, enter something
Look into the file, it is not that difficult. Ignore sections that contain
colons. If this file has been exported from 3d Traceroute it won't be touched
again. So if a newer d3tr.exe contains a newer DNSBL.INI it will not be update.
DNSBL (domain name system blackhole lists) use 'databases' to determine,
whether the senders IP or domain name is a 'well known source' of spam.
Main advantage is, that accessing these databases
is quite fast and reliable. Just simply query the database and know whether
a IP is known as spam suspect.
The disadvantage are the various 'policies' of listing spam the DNSBL-list
owners follow. These policies can be more or less strict, some are very conservative
in listing, some are more aggressive. The aggressive ones might raise the
number of false positives , the conservatives might let spam slip through.
List of All Known DNS-based Spam Databases: http://www.declude.com/Articles.asp?ID=97
Blacklists Compared: http://www.sdsc.edu/%7Ejeff/spam/Blacklists_Compared.html