EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)

Paul Vixie vixie at
Sun Jun 22 16:17:08 UTC 2008

jlewis at (Jon Lewis) writes:

> On Sun, 22 Jun 2008, Paul Kelly :: Blacknight wrote:
> > Has anyone any experience with Amazons abuse people?
> Yeah, if you can call them that.  There is no abuse coming from Amazon's 
> EC2 cluster.  I got the impression the only thing Amazon considers abuse 
> is use of their servers and not paying the bill.  If you're a paying 
> customer, you can do whatever you like.

it seems that amazon has succeeded where google and microsoft failed.  with
e-mail only services like hotmail and gmail, it was still possible to treat
an IP address as having a reputation, and to therefore blackhole hotmail
and gmail (and other free e-mail services) due to the spam emanating from
them, even though they are shared IP addresses and also emit much non-spam

since EC2 (and eventually google app engine) are used for server side, and
commerce, the mere fact that probes and spam and ddos comes from these
shared IP addresses won't be sufficient grounds to reject all traffic from
them.  i await with interest the final result: will most IP reputation
services simply whitelist EC2 and GAE and similar, and grit their teeth at
their inability to react to abuse from those IP addresses?

this is the end of an era.  since the day i started the first RBL i have
had to listen to operators of shared IP addresses whine at me about how
they had many non-spamming customers and it wasn't fair that i blackholed
them simply because they couldn't stop it all.  we went for many years
trying to find the equilibrium point between making sure IP address owners
were doing everything they could do (no pink contracts, fully staffed abuse
desk with the power to suspend or disconnect customers pending management's
later review, etc) while lots of other whiners said "vixie's gone soft on
spam, he's letting UUNET get away with murder, let's lynch him!"

with EC2, it's game-over for the IP reputation industry, other than
possibly lists of dynamic IP blocks (modems, DSL, etc) from which SMTP
ought not come.  but for the wider IP address space, we now return to
content based filtering, and i predict a mighty increase in the number of
pink contracts in colo rooms.  (the silver lining is, this could reduce
pressure on BGP piracy/injection.)

as randy bush often says, "it's just business."  amazon has solid business
reasons for creating EC2 and there's no way it could be profitable if they
can't scale the user base, and there's no way to scale the user base if
they have to police it at the application or "intent" level.  so, i'm not
whining, just pointing out that this is a sea change, the end of an era.
Paul Vixie

More information about the NANOG mailing list