Landon Stewart lstewart at
Thu Apr 5 12:06:03 CDT 2012

> On Thu, 5 Apr 2012, Drew Weaver wrote:
>  Now, if we could only teach Senderbase that if their customers receive
>> 'questionable' smtp traffic from 1 IP address in a /24 it doesn't mean that
>> all IP addresses in that /24 are malicious we'd really be living it up in
>> 2012.
On 5 April 2012 09:48, <goemon at> wrote:

> This is often the only way to get peoples attention and get action.
> Providers dont care about individual /32's and will let them sit around
> and spew nigerian scams and pill spams without any consequences.
> But they will care about a /24.
> -Dan

If the purpose of blacklist is to block spam for recipients using that
blacklist then a /32 works.  If the purpose of a blacklist is to annoy
providers then a /24 works.  The most reputable and useful blacklists IMHO
are Spamhaus and Spamcop - they don't block /24s.  Spamhaus sometimes does
if your rwhois shows that a large amount of the /24 is owned by the
offending party but generally they don't.  In my opinion a blacklist is
useful when it notifies a provider of a listing, provides the reason for
the listing and gives you a way to remove the listing.

Spamhaus encourages companies to resolve all the issues while only blocking
/32s by showing all the listings under your responsibility and making nice
to see that list empty.  Pretty simple.  Incidentally SORBS usually blocks
/24s and, as far as I know, provides no way for you to lookup all listings
under a providers responsibility (by AS or otherwise).

Incidentally, I have yet to see anything from Proofpoint, SORBS or their
support system regarding the access issues we are having to their system.
 If anyone has another contact at Proofpoint other than Girish I'd
appreciate knowing what it is.

Landon Stewart <lstewart at <mailto"LStewart at Superb.Net>>
Sr. Administrator
Systems Engineering
Superb Internet Corp - 888-354-6128 x 4199
Web hosting and more "Ahead of the Rest":

More information about the NANOG mailing list