Arrogant RBL list maintainers

Michelle Sullivan matthew at sorbs.net
Wed Dec 16 10:40:31 CST 2009


Ronald Cotoni wrote:
> Very true.  At my old place of employment a DUHL listed an ip since
> before my previous company existed.  For some reason, when we obtained
> it, they still listed it. Sounds like a bug in the DUHL bot to me.
> Also the standard makes a lot of sense.  You may be on Trend Micros
> DUHL by following the rules on SORBS DUHL and vica versa.  Makes life
> a pain.
>
>   


If you set non generic rDNS or generic following their suggestions you'd 
be removed from the SORBS DUHL pretty much automagically (a request 
initiates the rescan) - there is manual stuff on my behalf but nothing 
for a requestor to worry about.  The only reason you wouldn't be is if 
you had a listing and too short a TTL for the robot to accept the 
delisting request... A reply would result in a human (usually me) 
processing netblocks of /24 or greater (greater as in number of IPs) 
providing the TTLs were not shorter than 1 hour.  That is well 
documented in many places.  Seems according to their rules if you follow 
the SORBS DUHL rules you'll also be delisted from them.

To add my $0.02 I agree with many of the replies...  If you have one 
generic pattern for a /16 you either:

Don't care to setup DNS.
Don't know how to setup DNS.
Don't care what's in the netblock.
Don't have the competency to run a network/mailserver/dnsserver/<insert 
what ever>.

In all the cases above I would not want your mail as it is 99.999% 
likely to be abusive in nature (spam, viruses etc.) 

Oh and many know I don't care if you are Peer1, Level 3 or Joe Blows 
Backyard VISP in outback Australia, you're all the same to me, you 
should all have competent people on staff, the only thing that changes 
between you is the number of *your* customers, and the amount you 
charge.  Similar issues apply when looking at *.edu's vs *.com's, 
*.au's, and *.mt's.  Just because you come from a certain country or 
certain type of establishment, doesn't make you different, it's only the 
number of people you service, you should still have competent staff.  If 
you don't have enough staff that's not my problem (nor the rest of the 
world's) though it usually results in our problem when abuse starts 
flowing.  I know most here are the admins and staff, so sorry if it 
sounds like I'm having a go at you guys, but really most on this list 
are the competent admins, a minority being people learning (nothing 
wrong with that!) but unfortunately there are some who are not and they 
don't care that they are not.

I know that makes me an arrogant w***er, or another one of those 
"Arrogant RBL list maintainers" but think about it, and think about the 
following...

Would you like to be prioritised down the queue because someone else was 
supposedly more important? 

..... What happens to the poor mum and dad VISP in Somalia that never 
gets delisted because Telstra is logging 100's of tickets every day 
because  their super size and constant rotating listings?

..... What happens if Telstra have a single IP blocked and Sprint come 
along and request delisting for a spamming customer's netspace they once 
hosted? 

Should we (RBL Maintainers, SORBS or anyone else) push the largest ISP 
in Australia out of the way for the bigger USA based Sprint?  If not 
should we push the mum and dad operation out of the way for Telstra?
..... The obvious answer is if you have signed SLAs then you should 
adhere to those SLAs as a minimum and give better service if time 
allows...  Hands up those who have an SLA (free or not) with an RBL 
maintainer... I don't expect to see any hands...
..... my answer to the question above is a very obvious take every issue 
in order, and if you get a super high priority issue, deal with it if 
necessary, but size of the ISP (or size of the admin's d***) is _not_ 
the prioritising factor.

Note: Names chosen and mentioned above have no baring on any current 
abuse level or any logged issue, they are for example only.

I don't want answers to the questions, I know some will post to the list 
or me regardless...  it's stuff for *you* to think about when dealing 
with organisations such as RBLs.. especially when they are volunteer run.

A little example about "arrogance" when it comes to ISPs...  I know at 
least one member of this list (an ISP) has posted to every address in 
GFI in the last few days that they could think of (including the CEOs 
email) because their spamming netblocks have not been delisted.  They 
have previously stated they would not deal with SORBS, so what changed, 
well as they found out in an email, nothing, they still need to log a 
support ticket, and their out of band request just pushed them down the 
queue.  Sad thing based on their ticket ID, had they waited another 2 
hours they would have been answered, now they have 112 manual processing 
tickets before theirs.  I'm sure they'll guess who they are, I'd advise 
them to be patient or they might push themselves down further.

... and then of course there are some RBL Maintainers (and RBLs) that 
are arrogant, maybe it comes with the territory...

Lastly....

No I don't take tickets to here, or my personal email addresses.  Those 
that have already mailed me, following my last post to NANOG, you've 
been ignored as per my previous post.

If you have a problem with a robot response, read the response! Most of 
the time it will tell you to respond to it for a human review!  We will 
always answer you, however how soon depends on how busy we are.  
Messaging everyone/anyone in GFI *will* delay any ticket you may have, 
because the time it wastes will result in your ticket being placed at 
the back of the queue *without review*.

If there is a problem with the support system in itself feel free to 
message me, but as I indicated before I have various sensors to tell me 
there is an issue mostly before you'd even notice (examples: the robot 
occasionally locks up so tickets to the DUHL will not get any auto reply 
of any kind after a few hours... the sensor for this triggers after 20 
hours so, mailing me after 6 hours will speed things up however,,,  
support website down?  I'll be paged within 5 minutes, which means 
unless it crashed just before you tried to access it, I'll likely 
already be logging in by the time you have started your email client.)


Michelle





More information about the NANOG mailing list