Repeated Blacklisting / IP reputation
justin at justinshore.com
Mon Sep 14 18:58:57 UTC 2009
Frank Bulk wrote:
> With scarcity of IPv4 addresses, organizations are more desperate than ever
> to receive an allocation. If anything, there's more of a disincentive than
> ever before for ARIN to spend time on netblock sanitization.
> I do think that ARIN should inform the new netblock owner if it was
> previously owned or not. But if ARIN tried to start cleaning up a netblock
> before releasing it, there would be no end to it. How could they check
> against the probably hundreds of thousands private blocklist?
They could implement a process by which they announce to a mailing list
of DNSBL providers that a given assignment has been returned to the RIR
and that it should be cleansed from all DNSBLs. At this point the RIR
has done their due diligence for notifying the blacklist community of
the change and the onus is on the DNSBL maintainers to update their
records. Of course this does nothing to cleanse the assignment in the
hundreds of thousands of MTAs around the world. However this could be a
good reason to not blacklist locally (or indefinitely at least) and to
instead rely on a DNSBL maintained by people responsible for wiping
returned assignments from their records when RIRs give the word. I
suppose the mailing list could even be expanded to include mailing list
admins if need be so that they could also receive the info and wipe
their own internal DNSBLs.
The list should be an announcement-only list with only the RIRs being
able to post to it in a common and defined format. The announcement
should be made as soon as the assignment is returned to the RIR,
allowing for the cool off period of time for personal blacklists to
catch up to the official ones.
I would think that would be a fairly simple process to implement. It's
not fool-proof by any means but it's better than doing nothing. It's a
More information about the NANOG