Based on an article by Hal Pomeranz, and on the lovely host file provided by mvps, we take spam blocking to the level of DNS by creating a dns blackhole for major spam sites.

The zone lines can be generated from the provided domains.txt on the spam database page.

Then, we created the db.spam. zone-file:

 ;GUID=41FEF5ED-EEF7-44D4-9CE0-2078F78104A4
 
$TTL 24h
@       IN SOA server.local. office.server.local. (
               2003052800  86400  300  604800  3600 )
 
	IN      NS   server.local.
@       IN      A    0.0.0.0
*       IN      A    0.0.0.0

where server.local is the gateway server providing the hostname resolution.

The results can easily be seen, so that browsing to different spam-infested websites does not load banners and the usual problems with resource consuming scripts were gone.

The twist is that we use a null address such as 0.0.0.0 that cannot exist on the local network. Previously, similar tricks include pointing to 127.0.0.1 but if a local web-server would be running on the local computer, then that server would have to reply to the request.

The list can be extended, perhaps to include other domains from easylist or the likes. One particular advantage is that the zones will match all the sub-level domains recursively, without needing to keep re-adding hosts once a spam provider decides to open up a new machine to serve ads.

Note that under OSX, you will need to include the new spamView.conf.apple before the:

include "/etc/dns/publicView.conf.apple";

in /etc/named.conf.