williams spamhaus blacklist

Hank Nussbacher hank at att.net.il
Thu Sep 25 10:50:58 UTC 2003


At 07:42 PM 24-09-03 -0400, Richard Welty wrote:

>the blacklisting of ISP ranges is very rare, it only occurs perhaps once a
>year, in extreme cases. several years ago, the sbl listed sprint's coporate
>mail servers during a period when sprint was providing connectivity for
>many spamhausen. sprint responded by appointing a new head of abuse, and
>giving him the power to terminate spammers. sprint's corporate mail servers
>were delisted, and their network is now fairly clean. we don't jokingly
>call their service "sprintpink" any more.

AS3339 has a zero tolerance for spamming.  With just one spam complaint we 
block the IP in question.  We have a downstream customer that has many 
cybercafes in Africa that generate http and smtp spam and we block each 
complaint within 48 hours.

None the less, here is a recent email extract I received from someone:

"Hank, I am not a Spamhaus.org representative in any shape or form.
I do not claim to speak for Spamhaus.org in any capacity.  The
University of xxxxxx is, however, a customer (i.e. as of this
morning, we block e-mails from IP addresses listed on Spamhaus SBL).

I am just guessing what might happen if the problem is not sorted out.

I am sure you already know that the standard escalation procedure for
many blocklists is first to block the single offending IP address, then
the immediate smallest block that it is contained in according to WHOIS,
then the entire block of the ISP, and if that fails to stop the spam,
then the corporate MXes of the upstream ISP may be blocklisted."

Basically, we are being told if we don't drop the customer, our corporate 
MXes will be blocked.  I would not call this an "extreme case", but it 
would appear that overzealous anti-spammers are perhaps going a bit overboard.

Regards,
Hank





More information about the NANOG mailing list