IP reputation lookup (prefix not single IP)

John R. Levine johnl at iecc.com
Sat Mar 27 14:55:01 UTC 2021


Same here.  I have not publicised or updated my korea.services.net DNSBL 
for over a decade and it's still getting over 100 qps.

On Fri, 26 Mar 2021, Sabri Berisha wrote:

> ----- On Mar 26, 2021, at 8:20 PM, John Levine johnl at iecc.com wrote:
>
> Hi,
>
>> Also keep in mind that "most blocklists" is meaningless. Any moron can
>> run a blocklist, and many morons do. The vast majority of blockists
>> are used by close to nobody, and only a handful are widely enough used
>> to matter.
>
> This moron ran a per-country/per-as blocklist in the early 2000s which
> was based on a DFZ BGP feed. I closed it off more than 10 years ago.
>
> I just checked and I'm still receiving ~5 queries per second.
>
> As per my anecdotal evidence, there are some really clueless operators
> out there as well. There is, of course, the temptation to just add
> a wildcard A record... But nah, I don't like hot places.
>
> The other side-effect is that spammers are still very eager to use my
> domain in their from: headers, judging by the amount of undeliverables
> I receive (in waves).

That's generally because they pick the To and From addresses in the spam 
from the same dusty spam lists.

Regards,
John Levine, johnl at taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly


More information about the NANOG mailing list