Repeated Blacklisting / IP reputation

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Tue Sep 8 19:15:10 UTC 2009


there is a fundamental disconnect here.  the IP space is neutral.
it has no bias toward or against social behaviours.  its a tool.
the actual/real target here are the people who are using these tools
to be antisocial.  blacklisting IP space is always reactive and 
should only beused in emergency and as a -TEMPORARY- expedient.

IMHO of course., YMMV.

--bill


On Tue, Sep 08, 2009 at 01:43:39PM -0400, John Curran wrote:
> Folks -
> 
>    It appears that we have a real operational problem, in that ARIN
>    does indeed reissue space that has been reclaimed/returned after
>    a hold-down period, and but it appears that even once they are
>    removed from the actual source RBL's, there are still ISP's who
>    are manually updating these and hence block traffic much longer
>    than necessary.
> 
>    I'm sure there's an excellent reason why these addresses stay
>    blocked, but am unable to fathom what exactly that is...
>    Could some folks from the appropriate networks explain why
>    this is such a problem and/or suggest additional steps that
>    ARIN or the receipts should be taking to avoid this situation?
> 
> Thanks!
> /John
> 
> John Curran
> President and CEO
> ARIN
> 
> On Sep 8, 2009, at 11:16 AM, Ronald Cotoni wrote:
> 
> > Tom Pipes wrote:
> >> Greetings,
> >>
> >> We obtained a direct assigned IP block 69.197.64.0/18 from ARIN in
> >> 2008. This block has been cursed (for lack of a better word) since
> >> we obtained it.  It seems like every customer we have added has had
> >> repeated issues with being blacklisted by DUL and the cable
> >> carriers. (AOL, AT&T, Charter, etc).  I understand there is a
> >> process to getting removed, but it seems as if these IPs had been
> >> used and abused by the previous owner.  We have done our best to
> >> ensure these blocks conform to RFC standards, including the proper
> >> use of reverse DNS pointers.
> >>
> >> I can resolve the issue very easily by moving these customers over
> >> to our other direct assigned 66.254.192.0/19 block.  In the last
> >> year I have done this numerous times and have had no further issues
> >> with them.
> >>
> >> My question:  Is there some way to clear the reputation of these
> >> blocks up, or start over to prevent the amount of time we are
> >> spending with each customer troubleshooting unnecessary RBL and
> >> reputation blacklisting?
> >> I have used every opportunity to use the automated removal links
> >> from the SMTP rejections, and worked with the RBL operators
> >> directly.  Most of what I get are cynical responses and promises
> >> that it will be fixed.
> >> If there is any question, we perform inbound and outbound scanning
> >> of all e-mail, even though we know that this appears to be
> >> something more relating to the block itself.
> >>
> >> Does anyone have any suggestions as to how we can clear this issue
> >> up?  Comments on or off list welcome.
> >>
> >> Thanks,
> >>
> >> --- Tom Pipes T6 Broadband/ Essex Telcom Inc tom.pipes at t6mail.com
> >>
> >>
> > Unfortunately, there is no real good way to get yourself completely
> > delisted.  We are experiencing that with a /18 we got from ARIN
> > recently and it is basically the RBL's not updating or perhaps they
> > are not checking the ownership of the ip's as compared to before.
> > On some RBL's, we have IP addresses that have been listed since
> > before the company I work for even existed.  Amazing right?
> >
> 
> 




More information about the NANOG mailing list