Re: Repeated Blacklisting / IP reputation

[Suresh Ramasubramanian <ops.lists () gmail com>]

John, its about the same situation you get when people use manually
updated bogon filters.

A much larger problem, I must admit ..  having ISPs follow the maawg
best practices might help, that - and attending MAAWG sessions
(www.maawg.org -> Published Documents)

That said most of the larger players already attend MAAWG - that
leaves rural ISPs, small universities, corporate mailservers etc etc
that dont have full time postmasters, and where you're more likely to
run into this issue.

If you see actual large carriers with outdated blocklist entries after
they're removed from (say) the spamhaus pbl, then maybe MAAWG needs to
come to nanog / arin meetings .. plenty of maawg types attend those
that all that needs to be done is to free up a presentation slot or
two.

--srs

On Tue, Sep 8, 2009 at 11:13 PM, John Curran<jcurran () arin net> wrote:
> Folks -
>
>   It appears that we have a real operational problem, in that ARIN
>   does indeed reissue space that has been reclaimed/returned after
>   a hold-down period, and but it appears that even once they are
>   removed from the actual source RBL's, there are still ISP's who
>   are manually updating these and hence block traffic much longer
>   than necessary.
>
>   I'm sure there's an excellent reason why these addresses stay
>   blocked, but am unable to fathom what exactly that is...
>   Could some folks from the appropriate networks explain why
>   this is such a problem and/or suggest additional steps that
>   ARIN or the receipts should be taking to avoid this situation?
>
> Thanks!
> /John
>
> John Curran
> President and CEO
> ARIN
>
> On Sep 8, 2009, at 11:16 AM, Ronald Cotoni wrote:
>
> > Tom Pipes wrote:
> > > Greetings,
> > >
> > > We obtained a direct assigned IP block 69.197.64.0/18 from ARIN in
> > > 2008. This block has been cursed (for lack of a better word) since
> > > we obtained it.  It seems like every customer we have added has had
> > > repeated issues with being blacklisted by DUL and the cable
> > > carriers. (AOL, AT&T, Charter, etc).  I understand there is a
> > > process to getting removed, but it seems as if these IPs had been
> > > used and abused by the previous owner.  We have done our best to
> > > ensure these blocks conform to RFC standards, including the proper
> > > use of reverse DNS pointers.
> > >
> > > I can resolve the issue very easily by moving these customers over
> > > to our other direct assigned 66.254.192.0/19 block.  In the last
> > > year I have done this numerous times and have had no further issues
> > > with them.
> > >
> > > My question:  Is there some way to clear the reputation of these
> > > blocks up, or start over to prevent the amount of time we are
> > > spending with each customer troubleshooting unnecessary RBL and
> > > reputation blacklisting?
> > > I have used every opportunity to use the automated removal links
> > > from the SMTP rejections, and worked with the RBL operators
> > > directly.  Most of what I get are cynical responses and promises
> > > that it will be fixed.
> > > If there is any question, we perform inbound and outbound scanning
> > > of all e-mail, even though we know that this appears to be
> > > something more relating to the block itself.
> > >
> > > Does anyone have any suggestions as to how we can clear this issue
> > > up?  Comments on or off list welcome.
> > >
> > > Thanks,
> > >
> > > --- Tom Pipes T6 Broadband/ Essex Telcom Inc tom.pipes () t6mail com
> > Unfortunately, there is no real good way to get yourself completely
> > delisted.  We are experiencing that with a /18 we got from ARIN
> > recently and it is basically the RBL's not updating or perhaps they
> > are not checking the ownership of the ip's as compared to before.
> > On some RBL's, we have IP addresses that have been listed since
> > before the company I work for even existed.  Amazing right?



-- 
Suresh Ramasubramanian (ops.lists () gmail com)