Mail Header Analyzer

3D Traceroute can analyze Mail headers and check the values against RBLs. RBLs are 'realtime blackhole list'. These lists collect IP number that are the source of 'well known' spam (more exact: UCE or UBE) senders.

So if the senders IP number is in this list it is a very good indicator that the message is spam.

To use it just mark the header of the eMail and copy it into the list. And here we have the most difficult part: how to get the header?

in Outlook Express:	press ctrl-F3
in Outlook:	open message, View-Options

DNSBL.INI

The list of RBLs is saved in a file with the name DNSBL.INI. You can create your own entry by adding one into the ini file:

[unique name of the RBL]
web=a web adress, unused, enter something
name=the.dotted.name.of.the.list
zone=the.zone.name.the.dns.query.is.done.for
type=IP4
visible=1

Look into the file, it is not that difficult. Ignore sections that contain colons. If this file has been exported from 3d Traceroute it won't be touched again. So if a newer d3tr.exe contains a newer DNSBL.INI it will not be update.

about DNSBLs

DNSBL (domain name system blackhole lists) use 'databases' to determine, whether the senders IP or domain name is a 'well known source' of spam.

Main advantage is, that accessing these databases is quite fast and reliable. Just simply query the database and know whether a IP is known as spam suspect.

The disadvantage are the various 'policies' of listing spam the DNSBL-list owners follow. These policies can be more or less strict, some are very conservative in listing, some are more aggressive. The aggressive ones might raise the number of false positives , the conservatives might let spam slip through.

Links

List of All Known DNS-based Spam Databases: http://www.declude.com/Articles.asp?ID=97
Blacklists Compared: http://www.sdsc.edu/%7Ejeff/spam/Blacklists_Compared.html