Repeated Blacklisting / IP reputation

Wed Sep 9 21:02:29 UTC 2009

On Wed, 09 Sep 2009 15:13:44 EDT, Martin Hannigan said:
> Not sure that this is an ARIN problem more than an operational problem since
> RBL's are opt-in. An effort to identify RBL's that are behaving poorly is
> probably more interesting at this point, no?

I suspect the problem isn't poor RBLs, it's all the little one-off block lists
out there.  The NANOG lurker in the next cubicle informs me that we currently
carry an astounding 52,274 block entries (to be fair, a large portion is due to
our vendor's somewhat-lacking block list - if we decide a /24 is bad, but then
want to whitelist 1 IP, we have to de-aggregate to 254 black entries instead).
We get maybe 5-6 blocked e-mail complaints a day - which *still* represents
better performance for our end users than if we didn't carry around that many
blocks (for comparison, we get at least 3-4 times that many tickets a day for
people who forgot their e-mail password and need a reset).

And yes, it's *very* intentional that we have a business process in place
that makes it trivially easy for one of our users to open a "I can't get
e-mail from <here>" and get it taken care of *very* quickly, but opening a
"We can't send e-mail to your users" is a lot more challenging and time
consuming (at least for the complaintant).

Now, if we didn't have a dedicated, hard-working, and skeptical lurker in the
next cubicle, our block list *would* be a mess.. ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090909/ae1a5d96/attachment.sig>