Re: Repeated Blacklisting / IP reputation

[Justin Shore <justin () justinshore com>]

Martin Hannigan wrote:
> Well, I haven't even had coffee yet and...
>
> Get the removals:
>
> curl -ls 
> http://lists.arin.net/pipermail/arin-issued/2009-September/000270.html | 
> grep Remove | grep -v "<PRE>"
>
> Get the additions:
>
> mahannig$ curl -ls 
> http://lists.arin.net/pipermail/arin-issued/2009-September/000270.html | 
> grep Add | grep -v "<PRE>"

That appears to be it.  I've also been told that there is a RSS feed of 
the same thing.  My understanding is that a posting is made to the 
mailing list or RSS feed when a new subnet is assigned.  I'd like to see 
them do something with the assignment is first returned to ARIN, not 
months later when the assignment is ready to be handed out again.  I 
think the extra time would help those people that download copies of the 
DNSBL zone files and manually import them once a week or less often.

Lots of place still use the zone files.  Personally I prefer to do so 
too, rather than tie my mail system reliability on an outside source 
that may or may not tell me when they have problems that affect my 
service.  GoDaddy and their hosted mail service would be a great example 
since they can't be bothered to update their DNSBL zone files.  Their 
mail admins are using a copy of SORBS that is 3 years old.  3 damn years 
old.  How do I know this?  3 years ago a mistake in a Squid 
configuration turned one of my services into an open proxy for about a 
week.  Even today mail from that server to a domain with mail hosted at 
GoDaddy results in a bounce citing the ancient SORBS listing as the reason.

Thanks for the pointer.  Looks like they've already thought of what I 
suggested and implemented a solution.  I still voice for announcing 
returned assignment instead of announcing when an old assignment gets 
reassigned.

Thanks
 Justin