SORBS on autopilot?

Dave Martin darkmoon at
Tue Jan 12 21:14:17 UTC 2010

On Tue, Jan 12, 2010 at 11:11:13AM -0800, Michael Thomas wrote:
> On 01/12/2010 10:48 AM, Dave Martin wrote:
> >On Tue, Jan 12, 2010 at 11:51:47AM -0500, Jed Smith wrote:
> >>On Jan 11, 2010, at 11:11 AM, Jon Lewis wrote:
> >>The vibe I got from a number of administrators I talked to about it was "why
> >>would a standards document assume an IPv4/IPv6 unicast address is a residential
> >>customer with a modem, forcing those with allocations to prove that they are
> >>not residentially allocated rather than the other way around?"
> >
> >Because a default allow policy doesn't work in today's environment.
> >
> >Blocking generic and residential addresses is the single most effective
> >thing we've ever done to reduce spam.
> Really? You mean that if you stopped doing this you'd have trillions,
> or quadrillions of spams per day instead now? I'm skeptical.

We did stop.  We used to maintain our own list.  Dealing with it, and the
support issues it caused ate up a lot of time.  It stopped about half of
the mess that was offered to us.  Right now we're quarantining and
blocking via other means a lot more than we used to.

And no, it doesn't mean we get trillions or quadrillions of spams a day
now.  No single method we use stops even 60%.  (and probably not even
that.)  Now we can point the users at our vendor, and use the time for
other things.  We do get more spam, but we're probably coming out ahead
in cost/return sense.

I'll note that we blocked generic names, as well as obvious end user

I'd love a more standard nameing policy.  

Nobody believed that I could build a space station here.  So I built it anyway.
It sank into the vortex.  So I built another one.  It sank into the vortex.  
The third station burned down, fell over then sank into the vortex.  The fourth
station just vanished.  And the fifth station, THAT stayed!

More information about the NANOG mailing list