Repeated Blacklisting / IP reputation
Jay Hennigan
jay at west.net
Wed Sep 9 23:13:18 UTC 2009
JC Dill wrote:
> Joe Greco wrote:
>> Answer queries to whether or not
>> IP space X is currently blocked (potentially at one of hundreds or
>> thousands of points in their system, which corporate security may not
>> wish to share, or even give "some random intern" access to)? Process
>> reports of new ARIN delegations? What are you thinking they're going to
>> do? And why should they care enough to do it?
>>
>
> Because if they don't, they are needlessly blocking re-allocated IP
> addresses, potentially blocking their own users from receiving wanted
> email. Organizations could (and should) setup a role account and
> auto-responder for this purpose.
Perhaps they should, but until there is sufficient pain from their own
users complaining about it there is no financial motivation to do so,
and therefore many will not. I would guess that there are thousands of
individual blocklists to this day blocking some of Sanford Wallace's and
AGIS's old netblocks.
As for a role account, there is "postmaster". I would think that the
best hope in the real world, rather than an autoresponder would be an
RFC that clearly defines text accompanying an SMTP rejection notice
triggered by a blocklist, detailing the blocklist and contact for
removal. Perhaps encouraging those who code MTAs and DNSBL hooks into
them to include such in the configuration files would be a good start.
This still puts the onus on the sender or inheritor of the tainted
netblock, but makes the search less painful and perhaps even somewhat
able to be scripted.
Note that this thread deals mostly with SMTP issues regarding DNSBLs, as
those are the most common trouble point. We should also consider other
forms of blocking/filtering of networks reclaimed from former
virus/malware/DoS sources.
--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the NANOG
mailing list