Arrogant RBL list maintainers
matthew at sorbs.net
Wed Dec 16 10:40:31 CST 2009
Ronald Cotoni wrote:
> Very true. At my old place of employment a DUHL listed an ip since
> before my previous company existed. For some reason, when we obtained
> it, they still listed it. Sounds like a bug in the DUHL bot to me.
> Also the standard makes a lot of sense. You may be on Trend Micros
> DUHL by following the rules on SORBS DUHL and vica versa. Makes life
> a pain.
If you set non generic rDNS or generic following their suggestions you'd
be removed from the SORBS DUHL pretty much automagically (a request
initiates the rescan) - there is manual stuff on my behalf but nothing
for a requestor to worry about. The only reason you wouldn't be is if
you had a listing and too short a TTL for the robot to accept the
delisting request... A reply would result in a human (usually me)
processing netblocks of /24 or greater (greater as in number of IPs)
providing the TTLs were not shorter than 1 hour. That is well
documented in many places. Seems according to their rules if you follow
the SORBS DUHL rules you'll also be delisted from them.
To add my $0.02 I agree with many of the replies... If you have one
generic pattern for a /16 you either:
Don't care to setup DNS.
Don't know how to setup DNS.
Don't care what's in the netblock.
Don't have the competency to run a network/mailserver/dnsserver/<insert
In all the cases above I would not want your mail as it is 99.999%
likely to be abusive in nature (spam, viruses etc.)
Oh and many know I don't care if you are Peer1, Level 3 or Joe Blows
Backyard VISP in outback Australia, you're all the same to me, you
should all have competent people on staff, the only thing that changes
between you is the number of *your* customers, and the amount you
charge. Similar issues apply when looking at *.edu's vs *.com's,
*.au's, and *.mt's. Just because you come from a certain country or
certain type of establishment, doesn't make you different, it's only the
number of people you service, you should still have competent staff. If
you don't have enough staff that's not my problem (nor the rest of the
world's) though it usually results in our problem when abuse starts
flowing. I know most here are the admins and staff, so sorry if it
sounds like I'm having a go at you guys, but really most on this list
are the competent admins, a minority being people learning (nothing
wrong with that!) but unfortunately there are some who are not and they
don't care that they are not.
I know that makes me an arrogant w***er, or another one of those
"Arrogant RBL list maintainers" but think about it, and think about the
Would you like to be prioritised down the queue because someone else was
supposedly more important?
..... What happens to the poor mum and dad VISP in Somalia that never
gets delisted because Telstra is logging 100's of tickets every day
because their super size and constant rotating listings?
..... What happens if Telstra have a single IP blocked and Sprint come
along and request delisting for a spamming customer's netspace they once
Should we (RBL Maintainers, SORBS or anyone else) push the largest ISP
in Australia out of the way for the bigger USA based Sprint? If not
should we push the mum and dad operation out of the way for Telstra?
..... The obvious answer is if you have signed SLAs then you should
adhere to those SLAs as a minimum and give better service if time
allows... Hands up those who have an SLA (free or not) with an RBL
maintainer... I don't expect to see any hands...
..... my answer to the question above is a very obvious take every issue
in order, and if you get a super high priority issue, deal with it if
necessary, but size of the ISP (or size of the admin's d***) is _not_
the prioritising factor.
Note: Names chosen and mentioned above have no baring on any current
abuse level or any logged issue, they are for example only.
I don't want answers to the questions, I know some will post to the list
or me regardless... it's stuff for *you* to think about when dealing
with organisations such as RBLs.. especially when they are volunteer run.
A little example about "arrogance" when it comes to ISPs... I know at
least one member of this list (an ISP) has posted to every address in
GFI in the last few days that they could think of (including the CEOs
email) because their spamming netblocks have not been delisted. They
have previously stated they would not deal with SORBS, so what changed,
well as they found out in an email, nothing, they still need to log a
support ticket, and their out of band request just pushed them down the
queue. Sad thing based on their ticket ID, had they waited another 2
hours they would have been answered, now they have 112 manual processing
tickets before theirs. I'm sure they'll guess who they are, I'd advise
them to be patient or they might push themselves down further.
... and then of course there are some RBL Maintainers (and RBLs) that
are arrogant, maybe it comes with the territory...
No I don't take tickets to here, or my personal email addresses. Those
that have already mailed me, following my last post to NANOG, you've
been ignored as per my previous post.
If you have a problem with a robot response, read the response! Most of
the time it will tell you to respond to it for a human review! We will
always answer you, however how soon depends on how busy we are.
Messaging everyone/anyone in GFI *will* delay any ticket you may have,
because the time it wastes will result in your ticket being placed at
the back of the queue *without review*.
If there is a problem with the support system in itself feel free to
message me, but as I indicated before I have various sensors to tell me
there is an issue mostly before you'd even notice (examples: the robot
occasionally locks up so tickets to the DUHL will not get any auto reply
of any kind after a few hours... the sensor for this triggers after 20
hours so, mailing me after 6 hours will speed things up however,,,
support website down? I'll be paged within 5 minutes, which means
unless it crashed just before you tried to access it, I'll likely
already be logging in by the time you have started your email client.)
More information about the NANOG