nanog mailing list archives

Re: Repeated Blacklisting / IP reputation

From: Brian Keefer <chort () smtps net>
Date: Tue, 8 Sep 2009 11:33:43 -0700

On Sep 8, 2009, at 11:13 AM, Jay Hennigan wrote:

John Curran wrote:

<snip>

  I'm sure there's an excellent reason why these addresses stay
  blocked, but am unable to fathom what exactly that is...
  Could some folks from the appropriate networks explain why
  this is such a problem and/or suggest additional steps that
  ARIN or the receipts should be taking to avoid this situation?

I don't think there is an excellent reason, more likely inertia andno real incentive to put forth the effort to proactively removeaddresses.


<snip>

In addition there are several DNSBLs with different policiesregarding delisting. Some just time out after a period of timesince abuse was detected. Some require action in the form of adelisting request. Some require a delisting request and a timeperiod with no abuse. Some (the old SPEWS list) may not be easilyreached or have well defined policies.
In meatspace, once a neighborhood winds up with a reputation ofbeing rife with drive-by shootings, gang activity and drug dealingit may take a long time after the last of the graffiti is gonebefore some cab drivers will go there.
--
Jay Hennigan - CCIE #7880
<snip>

I think this most accurately reflects the reality I see dealing withmostly enterprises and mid-to-large xSPs.

A lot of mid-range enterprises out there have legacy "free" (oftenmeaning "subscriptions aren't enforced") DNSBLs in place that wereconfigured years ago as a desperate attempt to reduce e-mail load,before there were well-maintained alternatives. The problem is thatthese services usually don't have the resources to put a lot ofadvanced automation and sophisticated logic into place, so delistingis a huge hassle (and some times resembles extortion).

There are some quality "free" services, such as Spamhaus (speakingpersonally), but they're few and far between.

I've had better luck convincing customers (or customers of customers)to stop using the poorly-maintained legacy DNSBLs than I've hadgetting customers delisted from such services.


YMMV.

Brian Keefer
Sr. Solutions Architect
"Defend email.  Protect data."

Current thread:

Re: Repeated Blacklisting / IP reputation, (continued)
- - - Re: Repeated Blacklisting / IP reputation Jason Bertoch (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Suresh Ramasubramanian (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Justin Shore (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Seth Mattinen (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Jay Hennigan (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Justin Shore (Sep 08)
    - Re: Repeated Blacklisting / IP reputation J.D. Falk (Sep 08)
    - Re: Repeated Blacklisting / IP reputation William Astle (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Benjamin Billon (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Jay Hennigan (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Brian Keefer (Sep 08)
    - RE: Repeated Blacklisting / IP reputation Frank Bulk (Sep 09)
    - Re: Repeated Blacklisting / IP reputation Jon Lewis (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Jon Lewis (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Valdis . Kletnieks (Sep 08)
    - Re: Repeated Blacklisting / IP reputation bmanning (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 08)
    - Re: Repeated Blacklisting / IP reputation bmanning (Sep 08)
    - Re: Repeated Blacklisting / IP reputation Ronald Cotoni (Sep 08)

(Thread continues...)