Re: IP reputation lookup (prefix not single IP)

[Eric Kuhnke <eric.kuhnke () gmail com>]

Nothing more than anecdotal evidence, when I last looked into the
externally available network details on a number of low-budget VPS hosting
companies...   I would say that if anything, a person who really knows what
they're doing operating a properly MX, will face more difficulties today
than they did 3, 5 or 7 years ago operating the system in the same
netblocks as IPs which have been previously abused.

For obvious reasons the IP reputation systems and antispam tools at the
biggest destinations (gsuite/gmail, office365, etc) are treated as closely
guarded proprietary data.

My personal theory on a whole /24 acquiring a poor reputation, is that it
does have some correlation with the density of random $5/mo VPS customers
and the turnover of different customers between the same small group of
IPs. And exactly how many misconfigured smtp sources have existed in that
block within some previous range of time, how much spam has been
reported/flagged, etc.



On Thu, Mar 25, 2021 at 8:28 PM Randy Bush <randy () psg com> wrote:

> > I think you will find that most SMTP / anti-spam focused RBL tools
> > give a very similar result for IP reputation on a per /24 block basis
>
> got cites?  this got me curious the other day.
>
> randy
>
> ---
> randy () psg com
> `gpg --locate-external-keys --auto-key-locate wkd randy () psg com`
> signatures are back, thanks to dmarc header butchery