MoonPoint Support Logo


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals

Advanced Search
Sun Mon Tue Wed Thu Fri Sat

Mon, May 10, 2004 8:36 pm

Bogon Block

I received an email today advertising "FDA approved druugs". This spam message was filled with misspellings, e.g. "Special Offeer for limiteed time only", "Saave upt to 70% now", and "Clickk heree to saave 70%+", a technique spammers use in an effort to bypass spam filters which look for common phrases often found in spam. When I checked the originating IP address in the email headers, I saw an IP address of I checked that address in a number of block lists without finding it listed. However, when I tried dr. Jorgen Mash's DNS database list checker, I found the address listed as a "bogon".

A bogon is an IP address that should not normally be routed on the Internet. Some address blocks, e.g. the private address block, are not normally routed on the Internet, because they are reserved for special uses. The Bogon IPs webpage provides a means to check on whether a particular address is a bogon. The List of all Bogon IPs in Netrange format shows that the range - contains unallocated or reserved address space. And the Internet Assigned Numbers Authority, which is the organization that allocates IP address space, lists addresses beginning with 77 as reserved addresses. So I should not be seeing this address as a source IP address for an email address. The fact that it is listed as the origination point for the message indicates it is likely from a system being used for dubious purposes, such as the transmission of spam.

The Completewhois Project provides a DNS block list that can be used with sendmail to automatically block email from bogons. They also provide other subsets of the complete block list, which are listed on their Using IP Lists page.

I added their block list to those I have sendmail check each incoming message against by taking the following steps:

  1. I added the following line beneath the FEATURE(`blacklist_recipients')dnl line in /etc/mail/

    FEATURE(`dnsbl', `', `"550 Mail from " $`'&{client_addr} " refused see"')dnl

  2. I then issued the command below

    m4 /etc/mail/ > /etc/mail/

  3. I then stopped and restarted sendmail with the command below

    /etc/init.d/sendmail restart


  1. Bogon IPs
  2. Internet Protocol V4 Address Space

[/network/email/spam] permanent link

Once You Know, You Newegg AliExpress by

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo