The first method involves dropping routes received via BGP. Unfortunately, we don't have the technical details at this time.
The second method is useful if you don't run BGP, for example if your site is an end node on the Internet. You probably already use router access lists to implement packet filtering for security purposes. Simply add the IP range of the spam sites to your packet filters, and no spam packets will reach your site.
On a Cisco router, this would look like:
access-list 100 deny ip ppp.qqq.rrr.0 0.0.0.255 anywhere ppp.qqq.rrr.0 is the address used by the spamming site.
The third method makes use of the TCP wrappers package. (The latest version is available in ftp://ftp.win.tue.nl/pub/security/ and is 7.4 as of this writing.) The TCP wrapper allows a site administrator to wrap services so that they can only be used by authorized hosts. For example, once the TCP wrapper has been installed, spammers can be denied access to your service ports like so:
In the file /etc/hosts.allow
service-name : ALLIn the file /etc/hosts.deny
service-name : badsite.com .badsite.comSee the section on mail blocking for an example of how to use the TCP Wrapper in conjunction with the TIS Firewall Toolkit to block spam sites from using your SMTP server.
Tools and techniques for limiting spam