nanog mailing list archives

Re: SORBS?!

From: Jon Lewis <jlewis () lewis org>
Date: Fri, 6 Apr 2012 15:02:49 -0400 (EDT)

On Thu, 5 Apr 2012, Landon Stewart wrote:

If the purpose of blacklist is to block spam for recipients using that
blacklist then a /32 works.  If the purpose of a blacklist is to annoy
providers then a /24 works.  The most reputable and useful blacklists IMHO
are Spamhaus and Spamcop - they don't block /24s.  Spamhaus sometimes does
if your rwhois shows that a large amount of the /24 is owned by the
offending party but generally they don't.

Spamhaus may not default to doing /24 listings for a /32 spam emitter, butthey certainly do list /24s or shorter subnets when they feel it'sappropriate. They even do "escalations" to corporate mail servers on rareoccasions when a provider appears to be complicit with spammers andignoring their SBLs.

The purpose thing is an interesting question though. Is the purpose ofDNSBLs simply to help admins avoid accepting spam from spammers or toattempt to prevent spammers from operating on the internet? For most ofthe DNSBLs I'm familiar with, I'd say they're trying to do both.

Spamhaus encourages companies to resolve all the issues while onlyblocking /32s by showing all the listings under your responsibility andmaking nice to see that list empty. Pretty simple. Incidentally SORBSusually blocks /24s and, as far as I know, provides no way for you tolookup all listings under a providers responsibility (by AS orotherwise).

That's really either not true or an oversimplification. Spamhaus blocksshorter than /32 pretty frequently. You could maybe argue that Spamhausworks harder to avoid innocent collateral damage. Having not used SORBSfor many years, I couldn't say if that's true or not. The vast majorityof my recent years interactions with SORBS have been trying to getinappropriately listed IPs removed from their DUHL.


----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Current thread:

Re: The day SORBS goes away ..., (continued)
- - - Re: The day SORBS goes away ... John Levine (Apr 14)
    - Re: The day SORBS goes away ... Patrick W. Gilmore (Apr 09)
    - Re: SORBS?! Jon Lewis (Apr 06)
  - Re: SORBS?! Mike Andrews (Apr 04)
  - Re: SORBS?! Alain Hebert (Apr 04)
    - Re: SORBS?! Landon Stewart (Apr 04)
- Re: SORBS?! Sam Oduor (Apr 05)
  - RE: SORBS?! Drew Weaver (Apr 05)
    - RE: SORBS?! goemon (Apr 05)
    - Re: SORBS?! Landon Stewart (Apr 05)
    - Re: SORBS?! Jon Lewis (Apr 06)
    - Re: SORBS?! Nick Hilliard (Apr 05)
    - Re: SORBS?! PC (Apr 05)
    - Re: SORBS?! Brett Frankenberger (Apr 06)
    - RE: SORBS?! Drew Weaver (Apr 06)
    - Re: SORBS?! Valdis . Kletnieks (Apr 06)
    - RE: SORBS?! Drew Weaver (Apr 06)
    - Re: SORBS?! Valdis . Kletnieks (Apr 06)
    - Re: SORBS?! Jimmy Hess (Apr 06)
    - Re: SORBS?! Robert Bonomi (Apr 06)
    - Re: SORBS?! William Herrin (Apr 06)

(Thread continues...)