Repeated Blacklisting / IP reputation
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Tue Sep 8 19:15:10 UTC 2009
there is a fundamental disconnect here. the IP space is neutral.
it has no bias toward or against social behaviours. its a tool.
the actual/real target here are the people who are using these tools
to be antisocial. blacklisting IP space is always reactive and
should only beused in emergency and as a -TEMPORARY- expedient.
IMHO of course., YMMV.
On Tue, Sep 08, 2009 at 01:43:39PM -0400, John Curran wrote:
> Folks -
> It appears that we have a real operational problem, in that ARIN
> does indeed reissue space that has been reclaimed/returned after
> a hold-down period, and but it appears that even once they are
> removed from the actual source RBL's, there are still ISP's who
> are manually updating these and hence block traffic much longer
> than necessary.
> I'm sure there's an excellent reason why these addresses stay
> blocked, but am unable to fathom what exactly that is...
> Could some folks from the appropriate networks explain why
> this is such a problem and/or suggest additional steps that
> ARIN or the receipts should be taking to avoid this situation?
> John Curran
> President and CEO
> On Sep 8, 2009, at 11:16 AM, Ronald Cotoni wrote:
> > Tom Pipes wrote:
> >> Greetings,
> >> We obtained a direct assigned IP block 220.127.116.11/18 from ARIN in
> >> 2008. This block has been cursed (for lack of a better word) since
> >> we obtained it. It seems like every customer we have added has had
> >> repeated issues with being blacklisted by DUL and the cable
> >> carriers. (AOL, AT&T, Charter, etc). I understand there is a
> >> process to getting removed, but it seems as if these IPs had been
> >> used and abused by the previous owner. We have done our best to
> >> ensure these blocks conform to RFC standards, including the proper
> >> use of reverse DNS pointers.
> >> I can resolve the issue very easily by moving these customers over
> >> to our other direct assigned 18.104.22.168/19 block. In the last
> >> year I have done this numerous times and have had no further issues
> >> with them.
> >> My question: Is there some way to clear the reputation of these
> >> blocks up, or start over to prevent the amount of time we are
> >> spending with each customer troubleshooting unnecessary RBL and
> >> reputation blacklisting?
> >> I have used every opportunity to use the automated removal links
> >> from the SMTP rejections, and worked with the RBL operators
> >> directly. Most of what I get are cynical responses and promises
> >> that it will be fixed.
> >> If there is any question, we perform inbound and outbound scanning
> >> of all e-mail, even though we know that this appears to be
> >> something more relating to the block itself.
> >> Does anyone have any suggestions as to how we can clear this issue
> >> up? Comments on or off list welcome.
> >> Thanks,
> >> --- Tom Pipes T6 Broadband/ Essex Telcom Inc tom.pipes at t6mail.com
> > Unfortunately, there is no real good way to get yourself completely
> > delisted. We are experiencing that with a /18 we got from ARIN
> > recently and it is basically the RBL's not updating or perhaps they
> > are not checking the ownership of the ip's as compared to before.
> > On some RBL's, we have IP addresses that have been listed since
> > before the company I work for even existed. Amazing right?
More information about the NANOG