Thursday, July 29, 2010

Interesting concept: Blocking entire continents.

Now this is a very interesting concept. If you do business only in the US, this could be useful in further securing your network. If you run your own Exchange server, this could even tremendously lower your incoming spam volume at your network point of access (firewall). If you host on your own webserver, this could easily further secure it. Face it, the vast majority of security breaches and spam originate from outside of the US, and if you don't communicate with people or do business with people outside of the US, why allow any connections from those countries?

I give you the link:

I may investigate this further for our own use.


  1. Country blocking is a stop-gap measure. We've tried it with spam blocking. The spammers just moved their relays. In today's inter-connected world, country blocking becomes more of a problem than a solution. Too many potential customers are out there for a business to keep filters in place for long.

  2. I see what you mean, but in our case, we have zero customers outside of the US and the market we serve is only in the US. It could work in our case. Our email filtering isn't done at our network perimeter. It's handled by a third-party. We only allow SMTP connections from their IP block. I'm not as concerned with spam filtering using this method. It's mainly to lower the activity of script-kiddies probing and prodding our network as a second-layer in addition to the firewall rule-base restrictions.