nanog mailing list archives
Re: DNS Whois Requirements
From: Rob McEwen <rob () invaluement com>
Date: Sat, 27 Jul 2013 19:20:21 -0400
On 7/27/2013 6:11 PM, John Curran wrote:
Excellent pointer Frank...
I confess, I haven't followed this conversation very closely (which meandered around much, given the random few messages I saw.. who has the time to read them all?). So forgive me if I'm repeating some of the info already covered. But I think you all would be very interested in some of my experiences this past year! To ARIN's credit, they revamped their requirements for data access just this past year. They cut off all access, then made members resend in new Bulk Whois agreements to keep their access turned on. So ARIN is obviously doing some GOOD things to try to prevent their data from being used by marketers! I think our usage of that data might be one of the most credible situations in existence. I manage an anti-spam blacklist which is used by hundreds of organizations across the world, including multiple Fortune 500 technology companies and even a few notable ISPs. One of our three blacklists preemptively blocks /24 blocks if/when we see a pattern where a snowshoe spammer is burning through the IPs on that block one at a time... we then blacklist that /24 block (well... sort of...). But our ivmSIP/24 list is no ordinary /24 list. We OFTEN set up boundaries if/when we detect either (a) any other IP(s) on that block that we deem as legit, and/or (b) a situation where portions of the same /24 block are delegated to DIFFERENT organizations. In those cases, we only blacklist the subsection of the /24 block belonging to the spammers, making ivmSIP/24 a much safer list for outright blocking or high scoring... in comparison to what can be accomplished with other /24 anti-spam blacklists. Having ARIN data is an invaluable tool that helps ivmSIP/24 do a better job of only blacklisting the spammers, while leaving the innocent bystandards untouched, in situations where the /24 block is shared by spammers and non-spammers. I know it is frustrating that marketers somehow continue to game the system... but I hope that this never causes the legit uses of that data, such as what we're doing... to be discontinued. -- Rob McEwen http://dnsbl.invaluement.com/ rob () invaluement com +1 (478) 475-9032
Current thread:
- Re: ARIN WHOIS for leads, (continued)
- Re: ARIN WHOIS for leads Scott Howard (Jul 26)
- Re: ARIN WHOIS for leads Matt Hite (Jul 26)
- Re: ARIN WHOIS for leads Jimmy Hess (Jul 26)
- Re: ARIN WHOIS for leads Valdis . Kletnieks (Jul 27)
- Re: ARIN WHOIS for leads Jimmy Hess (Jul 27)
- Re: ARIN WHOIS for leads John Curran (Jul 27)
- Re: ARIN WHOIS for leads Matthew Petach (Jul 28)
- Re: ARIN WHOIS for leads Jimmy Hess (Jul 26)
- Re: ARIN WHOIS for leads Ryan Pavely (Jul 26)
- RE: ARIN WHOIS for leads Frank Bulk (Jul 27)
- DNS Whois Requirements (was: Re: ARIN WHOIS for leads) John Curran (Jul 27)
- Re: DNS Whois Requirements Rob McEwen (Jul 27)
- Re: DNS Whois Requirements Rob McEwen (Jul 27)
- Re: DNS Whois Requirements Eric Brunner-Williams (Jul 27)
- Re: ARIN WHOIS for leads Daniel Seagraves (Jul 26)
- RE: ARIN WHOIS for leads Warren Bailey (Jul 25)
- Re: ARIN WHOIS for leads Justin Vocke (Jul 25)
- Re: ARIN WHOIS for leads Warren Bailey (Jul 25)