EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)

Steven Champeon schampeo at
Mon Jun 23 18:28:04 UTC 2008

on Sun, Jun 22, 2008 at 01:24:43PM -0500, Al Iverson wrote:
> I'm not going to pretend I manage inbound mail service for
> thousands-to-millions of users (as most of the participants of other
> lists like SPAM-L are fond of imagining themselves), but I know enough
> about how IP reputation systems work at ISPs to know that if I did
> manage inbound mail for such a userbase, the EC2 IPs would be blocked
> repeatedly and often, and there would come a point where the blocks
> escalate to /24s and larger, and there would come a point where the
> blocks are removed slower and less often.

I don't pretend to manage inbound mail service for more than dozens, but
I do provide a service via enemieslist that is indirectly used by
millions, and out of the over 32K rDNS naming conventions I've
catalogued and classified, in terms of their dynamicity/staticity/etc.,
only four are related to Amazon/EC2.

Now, if the entire 'Net moved to a cloud computing model, I could agree
with Paul that this would be the end of IP reputation. But I'm only
aware of two such services (Amazon EC2 and Media Temple's in widespread use, so I haven't bothered to come up with
a new classification for them, and treat them as essentially dynamic
(with also classified as 'webhost').

I moved away from the strictly IP-based reputation model several years
ago (though I still use DNSBLs as a practical tool), and instead treat
classes of IPs as a set about which certain reputation-ish qualities can
be asserted, which works very well in a scoring-style context.


-- v: +1(919)834-2552 f: +1(919)834-2553 w:
antispam news, solutions for sendmail, exim, postfix:

More information about the NANOG mailing list