nanog mailing list archives

Re: Spamhaus BGP feed experiences?

From: Matthias Leisi <matthias () leisi net>
Date: Wed, 20 May 2015 22:37:29 +0200

At dnswl.org <http://dnswl.org/> we check our data against the DROP list every once in a while. The overlap of DROP 
with legitimate sources of SMTP traffic is very, very small: a low single-digit number, and most of them are crappy to 
start with (so we don’t publish them, but only keep them in our database for reference purposes). 

— Matthias

Am 19.05.2015 um 20:38 schrieb Max Tulyev <maxtul () netassist ua>:

How much false positives (i.e. blackholing traffic users want to reach)?

On 18.05.15 21:04, Marco d'Itri wrote:

On May 17, Mike Lyon <mike.lyon () gmail com> wrote:

Any ISPs out there (big or small) ever used the Spamhaus BGP feed to
prevent against botnet, spam, etc? If so, how has your experience been? Is
it worthwhile? Has it helped? On / off list responses are appreciated in
advance.

We use Spamhaus DROP (not the BGP version: our software asks a human to 
review each change).
The benefits are not obvious since we do not have access customers, but 
it will blackhole some networks you obviously do not want to talk to,
and it has not caused any troubles either.

Attachment: smime.p7s
Description:

Current thread:

Spamhaus BGP feed experiences? Mike Lyon (May 16)
- Re: Spamhaus BGP feed experiences? Marco d'Itri (May 18)
  - Re: Spamhaus BGP feed experiences? Max Tulyev (May 19)
    - Re: Spamhaus BGP feed experiences? John Levine (May 19)
    - Re: Spamhaus BGP feed experiences? Matthias Leisi (May 20)
- Re: Spamhaus BGP feed experiences? Frederik Kriewitz (May 19)