/24 blocking by ISPs - Re: Problems sending mail to yahoo?

Suresh Ramasubramanian ops.lists at gmail.com
Fri Apr 11 03:56:51 UTC 2008

On Fri, Apr 11, 2008 at 1:22 AM, Raymond L. Corbin
<rcorbin at hostmysite.com> wrote:
> Yeah, but without them saying which IP's are causing the problems you can't really tell
> which servers in a datacenter are forwarding their spam/abusing Yahoo. Once the /24
> block is in place then they claim to have no way of knowing who actually caused the block
> on the /24. The feedback loop would help depending on your network size.

Almost every large ISP does that kind of "complimentary upgrade"

There are enough networks around, like he.net, Yipes, PCCW Global /
Cais etc, that host huge amounts of "snowshoe" spammers -
http://www.spamhaus.org/faq/answers.lasso?section=Glossary#233 (you
know, randomly named / named after a pattern domains, with anonymous
whois or probably a PO box / UPS store in the whois contact, DNS
served by the usual suspects like Moniker..)

a /27 or /26 in a /24 might generate enough spam to drown the volume
of legitimate email from the rest of the /24, and that would cause
this kind of /24 block

In some cases, such as 63.217/16 on CAIS / PCCW, there is NOTHING
except spam coming from several /24s (and there's a /20 and a /21 out
of it in spamhaus), and practically zero traffic from the rest of the

Or there's Cogent with a similar infestation spread around 38.106/16

ISPs with virtual hosting farms full of hacked cgi/php scripts,
forwarders etc just dont trigger /24 blocks at the rate that ISPs
hosting snowshoe spammers do.

/24 blocks are simply a kind of motivation for large colo farms to try
choosing between hosting spammers and hosting legitimate customers.

srs ..

More information about the NANOG mailing list