SORBS?!
Jon Lewis
jlewis at lewis.org
Fri Apr 6 19:02:49 UTC 2012
On Thu, 5 Apr 2012, Landon Stewart wrote:
> If the purpose of blacklist is to block spam for recipients using that
> blacklist then a /32 works. If the purpose of a blacklist is to annoy
> providers then a /24 works. The most reputable and useful blacklists IMHO
> are Spamhaus and Spamcop - they don't block /24s. Spamhaus sometimes does
> if your rwhois shows that a large amount of the /24 is owned by the
> offending party but generally they don't.
Spamhaus may not default to doing /24 listings for a /32 spam emitter, but
they certainly do list /24s or shorter subnets when they feel it's
appropriate. They even do "escalations" to corporate mail servers on rare
occasions when a provider appears to be complicit with spammers and
ignoring their SBLs.
The purpose thing is an interesting question though. Is the purpose of
DNSBLs simply to help admins avoid accepting spam from spammers or to
attempt to prevent spammers from operating on the internet? For most of
the DNSBLs I'm familiar with, I'd say they're trying to do both.
> Spamhaus encourages companies to resolve all the issues while only
> blocking /32s by showing all the listings under your responsibility and
> making nice to see that list empty. Pretty simple. Incidentally SORBS
> usually blocks /24s and, as far as I know, provides no way for you to
> lookup all listings under a providers responsibility (by AS or
> otherwise).
That's really either not true or an oversimplification. Spamhaus blocks
shorter than /32 pretty frequently. You could maybe argue that Spamhaus
works harder to avoid innocent collateral damage. Having not used SORBS
for many years, I couldn't say if that's true or not. The vast majority
of my recent years interactions with SORBS have been trying to get
inappropriately listed IPs removed from their DUHL.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the NANOG
mailing list