EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)

Sun Jun 22 19:43:48 UTC 2008

On Sun, 22 Jun 2008, Paul Vixie wrote:

> it seems that amazon has succeeded where google and microsoft failed.  with
> e-mail only services like hotmail and gmail, it was still possible to treat
> an IP address as having a reputation, and to therefore blackhole hotmail
> and gmail (and other free e-mail services) due to the spam emanating from
> them, even though they are shared IP addresses and also emit much non-spam
> traffic.

Even assuming Amazon will do as bad a job of policing EC2 as Paul suspects 
they will, I'm not at all convinced that customers would miss EC2 more 
than they'd miss mail from Hotmail or GMail.

Paul has said in the past that he refuses e-mail from the various free 
webmail services.  If that works for him, great, but I suspect the typical 
e-mail service customer wouldn't consider the resulting spam savings worth 
the potential downside.  If I did that on my own servers, I'd probably 
miss out on most of the e-mail I care most about receiving, since my 
friends and relatives seem to like free webmail services.  Given the 
number of legitimate free webmail users out there, and the number of 
people who like getting mail from them, I suspect any service provider who 
tried to block them would end up with a lot of angry former customers.

Likewise, anybody blocking EC2 would miss out on whatever bad stuff might 
be coming out of EC2, but would miss out on being able to access services 
hosted there as well.  Would they miss it more than they'd miss their 
friends on GMail?  That seems far from guaranteed.

So yeah, if big shared services that include important stuff aren't being 
adequately policed, that's probably a problem for IP address reputation 
services.  But that's not really a new problem being introduced by EC2.

-Steve