Country-Based Blocking

Posted on 30 October 2009 at 07:52

Is it good or bad? Well the answer is it depends. If your organization only operates within North-America, for instance, blocking the more prolific spam sources by country may be a very good way to reduce the amount of traffic hitting your MTA. For example, you could block all traffic coming from the top-10 spam sources listed by country on the Spamhaus Top 10 Worst Countries List (excluding your own, of course).

At writing time, Spamhaus Top 10 countries were:

1- United States
2- China
3- Russian Federation
4- United Kingdom
5- France
6- Brazil
7- South Korea
8- Japan
9- Argentina
10- Germany

Traditionally, the easiest method to block traffic based on national IP blocks was to use a DNS block list (DNSBL) provider that basically offered the IP zone files for each country. Until fairly recently, the most popular one in use was, which wasn’t really a DNSBL per se, but it did break down IP blocks by country. So, if you wanted to block traffic from China, for example, you could query

However, was shut down in 2002 and its IP address space was later assigned to another company. Email servers that continued to query those addresses began receiving a value of true on any lookup, meaning the whole Internet was blacklisted for them.

According to The MX Record, The issue is the maintainer of the DNSBL shut the list down some time back and the IP address space that the DNS servers for it were on was given back to ARIN. That address space has since been re-allocated to a new company and they are getting tired of the continual inbound DNS queries to the IP address of the old server. Apparently they have now stood up a DNS server to answer those queries with a wildcard record that effectively returns yes, the IP you are inquiring about is a spammer. As a result, lots of mail relays that are still configured to do lookups against this DNSBL are now being told that everyone on the Internet is a spam source.

We obviously need an alternative method, and one such option is the DNSBL. To block a country from sending mail to your MTA, you’d simply prepend the IANA country code to

Examples: -> China -> Korea -> Poland -> Russia -> Brazil -> Argentina

Here’s a log extract from a mail server that receives a small amount of traffic (10 messages per second) after filtering out the spam-blocking DNSBL. The log covers approximately 15 seconds:




Leave a Reply


Questions? Call us.

Speak with Security Expert Engineers to learn more about how Vircom can help your Business IT Security.


Request a demo.

Schedule a demo to talk to a Security Expert Engineer about your specific needs.

Request a demo

Start a free trial.

Test drive the full Vircom experience, free for 30-days. Get started today!

Start a trial

Free Trial Free Email Security Grader