Why is NANOG not being blacklisted like any other provider that sent 500 spam messages in 3 days?

Jimmy Hess mysidia at gmail.com
Mon Oct 26 23:08:07 UTC 2015

On Mon, Oct 26, 2015 at 3:56 PM, Andrew Kirch <trelane at trelane.net> wrote:

> > Why is NANOG not being blacklisted like any other provider that sent 500 spam messages in 3 days?

Because NANOG is an opt-in list, and they're not the origin of abuse.
Their software might have inadvertently forwarded junk to the membership,
but members essentially take that chance by joining in an open list.

Adding NANOG itself to spam blacklists would neither be the solution
to the problem, nor be beneficial;
it would definitely do more harm than good,   Neither would it be a
proper or correct resolution.

> Myth: NANOG supposed to be the gold standard for best practices.
> Fact: 500 spam messages over the weekend.

Wrong industry.  NANOG is a network operators list, not a general IT or
e-mail operators list.  Also, there is no gold standard for e-mail
list best practices,
other than the IETF Standards documents and Standards-track RFCs, since
different professionals have well-reasoned, legitimate differences in opinion
regarding most subjects.

Also, adhering to practices deemed good  does not ensure there will be
no incidents
or attacks,   Because there is no such thing as a perfect
non-attackable implementation.

> Myth: blah blah blah social media is a bad way to get ahold of netops/abuse.
> Fact: Social media is an acceptable way to report abuse.  My marketing  ...[snip]

Abuse is not reported, until submitted through proper channels.
Those are set out by the organization providing abuse contact points.

In case of emergency though, all points should be contacted,  until a
definitive answer
is received;   A social media post certainly doesn't seem adequate.

The reporter's communication preferences don't dictate what exactly those are.
Whether social media is a proper channel or not,  depends on the organization.

In many cases, it's unreliable at best, and E-mail to all points  And
such are a better idea.

> occurs. It's 2015, and if you and everyone you know isn't watching twitter

I wouldn't be watching Tritter.
Not everyone is.

I think it is a bit snobby to say as if *everyone* would be watching
Twitter,  which is clearly not the case.

> Fact: I reached out to several people at ARIN and elsewhere trying to get a
> live person at NANOG to no avail.

ARIN is a completely different org, however.

> Fact: If I was still running the AHBL, NANOG would be it's own private
> intranet right now.

This is not necessary, when you can just reverse your subscription by
cancelling it.

Just follow the link from the List-Unsubscribe  header.

If you would be running an AHBL, then you know how to look at an
e-mail message and
see its full headers, right?


More information about the NANOG mailing list