Repeated Blacklisting / IP reputation

Jay Hennigan jay at west.net
Wed Sep 9 23:13:18 UTC 2009


JC Dill wrote:
> Joe Greco wrote:

>>  Answer queries to whether or not
>> IP space X is currently blocked (potentially at one of hundreds or
>> thousands of points in their system, which corporate security may not
>> wish to share, or even give "some random intern" access to)?  Process
>> reports of new ARIN delegations?  What are you thinking they're going to
>> do?  And why should they care enough to do it?
>>   
> 
> Because if they don't, they are needlessly blocking re-allocated IP 
> addresses, potentially blocking their own users from receiving wanted 
> email.  Organizations could (and should) setup a role account and 
> auto-responder for this purpose.

Perhaps they should, but until there is sufficient pain from their own 
users complaining about it there is no financial motivation to do so, 
and therefore many will not.  I would guess that there are thousands of 
individual blocklists to this day blocking some of Sanford Wallace's and 
AGIS's old netblocks.

As for a role account, there is "postmaster".  I would think that the 
best hope in the real world, rather than an autoresponder would be an 
RFC that clearly defines text accompanying an SMTP rejection notice 
triggered by a blocklist, detailing the blocklist and contact for 
removal.  Perhaps encouraging those who code MTAs and DNSBL hooks into 
them to include such in the configuration files would be a good start.

This still puts the onus on the sender or inheritor of the tainted 
netblock, but makes the search less painful and perhaps even somewhat 
able to be scripted.

Note that this thread deals mostly with SMTP issues regarding DNSBLs, as 
those are the most common trouble point.  We should also consider other 
forms of blocking/filtering of networks reclaimed from former 
virus/malware/DoS sources.

--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV




More information about the NANOG mailing list