Repeated Blacklisting / IP reputation

Rich Kulawiec rsk at
Sat Oct 3 15:11:46 UTC 2009

On Tue, Sep 15, 2009 at 09:22:02PM -0400, Christopher Morrow wrote:
> > build expertise on managing it. If you go to SpamHaus you will see a major
> > ISP and their netblocks listed and associated with known spammers. What is
> > this ISP doing about this? Nothing! ?My guess is that they look at their
> 'nothing' that you can see? or nothing? or something you can't see or
> that's taking longer than you'd expect/like? There certainly are bad
> actors out there, but I think the majority are doing things to keep
> clean, perhaps not in the manner you would like (or the speed you
> would like or with as much public information as you'd like).

[ engage cynical mode] 

It's the responsibilty of all operations to ensure that they're not
persistent or egregious sources of abuse.  *Some* operations handle that
reasonably well, but unfortunately many do not -- which is why there
are now hundreds of blacklists (of varying intent, design, operation,
and so on).

If ISPs were doing their jobs properly, there would be no need
for any of these to exist.  But they're not, which is why so many people
have taken the time and trouble to create them.  Overall ISP performance
in re abuse handling is miserable and has been for many years, and that
includes everything from a lack of even perfunctory due diligence ("30
seconds with Google") to failure to handle the abuse role address properly
and promptly to alarming naivete' ("what did you THINK they were doing
with an entire /24 full of nonsense domain names?") to deployment of
"anti-spam" measures that make the problem worse and inflict abuse on
third parties to...

This is hardly surprising: there are few, if any, consequences for
doing so, and of course it's far more profitable to not just turn a
blind eye to abuse (which used to be common) but moreso these days to
actively assist in it with a smile and a wink and a hand extended for the
payoff, while simultaneously making a public show of "deep concern" and
issuing press releases that say "We take the X problem seriously..." and
participating in working groups that studiously avoid the actual problems
-- or better yet, which invite well-known/long-time abusers to have a
seat at the table.


More information about the NANOG mailing list