Repeated Blacklisting / IP reputation

Brian Keefer chort at
Tue Sep 8 18:33:43 UTC 2009

On Sep 8, 2009, at 11:13 AM, Jay Hennigan wrote:

> John Curran wrote:
>>   I'm sure there's an excellent reason why these addresses stay
>>   blocked, but am unable to fathom what exactly that is...
>>   Could some folks from the appropriate networks explain why
>>   this is such a problem and/or suggest additional steps that
>>   ARIN or the receipts should be taking to avoid this situation?
> I don't think there is an excellent reason, more likely inertia and  
> no real incentive to put forth the effort to proactively remove  
> addresses.
> <snip>

> In addition there are several DNSBLs with different policies  
> regarding delisting.  Some just time out after a period of time  
> since abuse was detected.  Some require action in the form of a  
> delisting request.  Some require a delisting request and a time  
> period with no abuse.  Some (the old SPEWS list) may not be easily  
> reached or have well defined policies.
> In meatspace, once a neighborhood winds up with a reputation of  
> being rife with drive-by shootings, gang activity and drug dealing  
> it may take a long time after the last of the graffiti is gone  
> before some cab drivers will go there.
> --
> Jay Hennigan - CCIE #7880
> <snip>

I think this most accurately reflects the reality I see dealing with  
mostly enterprises and mid-to-large xSPs.

A lot of mid-range enterprises out there have legacy "free" (often  
meaning "subscriptions aren't enforced") DNSBLs in place that were  
configured years ago as a desperate attempt to reduce e-mail load,  
before there were well-maintained alternatives.  The problem is that  
these services usually don't have the resources to put a lot of  
advanced automation and sophisticated logic into place, so delisting  
is a huge hassle (and some times resembles extortion).

There are some quality "free" services, such as Spamhaus (speaking  
personally), but they're few and far between.

I've had better luck convincing customers (or customers of customers)  
to stop using the poorly-maintained legacy DNSBLs than I've had  
getting customers delisted from such services.


Brian Keefer
Sr. Solutions Architect
"Defend email.  Protect data."

More information about the NANOG mailing list