[anti-abuse-wg] update on netsecdb project

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
When starting with www.netsecdb.de in 2008 i'd never expected the
decrease of spams to round about 1% of former amount to remain a
stable value. Stats from last weeks, monthes and year now give proof
that the setup of a central communitation matrix based on worldwide
IPv4-whois databases was a great help in fighting abusive mails and a
lot more.

Inspite of common hosting environments the number of spams is
generally lower that the amount of mails containing wanted messaging.
The hourly auto-generated configuration files for MTAs like postfix,
exim, qmail and MS Excchange 2007 and later used on external partner
servers show same progresses.

In addition, files that contain the blocking lists for leading TOP25
spammer-country are distributed for free.

Starting from scratch with a localized german based environment, we
opened netranges from additional countries based on the incoming
spamlevel. Nowadays, networks from DE, CH, AT, BE, NL, FR, GB, LU, LI,
IE, IT, CZ, SE, GR, PT, NO, PL, IS, FI, ES, DK, SK, HU, RO, BG, LT,
LV, EE, US, CA, IL and defined customer nets don't get blocked but get
tickets instead. If a non-customers's netrange abuse-email is
invalid/non-functional, range gets blocked.

Many providers integrated ticket-systems for abuse-handling and
improved their quality management a lot. Only a few remained passive
and surprisingly a handful of ISPs still seem to work with quota
limited mailboxes to avoid a kind of work-overload.

Logfiles show an increasing number of HEADER connects to our
smtp-ports just to check the current status of single IP or netrange
returned by our servers.

Within the last monthes, netsol worked on rwhois integration into ARIN
whois outputs which finetuned the process of generating abuse-tickets
a lot.

Many RIPE members started updating their whois records and abuse-mail
contacts. Sometimes this results in an very effective workflow with
only a few seconds response time over far distance whereas local
providers still cannot be reached cause of invalid or missing contact
records.

Unfortunately the RIPE team stated by mail, that they have no
job-order to take care of the integrity of it's database records i.e.
finding ancient content with missing or invalid information gives
random results.

There seems to be no need for a RIPE member to keep it's records
up-2-date ?

Any additional information regardings spams, exploit attacks, hacking
can be taken from www.netsecdb.de site's sections.

I wonder how long hosters are willing to pay the traffic, energy and
CPU-time for something nobody needs to have.
I wonder how long i takes for the DialUp- and Business Customers to
learn, that security is a crucial part of internet activities and that
their ISP's deliver very diffent qualities behind their mostly
coloured flash-animated websites.

Looking forward to see the current unsolved problems beeing
transported to public clouds in datacenter and poisoned high bandwith
customer connections if everything remains 'same procedure as every
year' ...

Kind regards,

Claus





- -- 

Claus Marxmeier


- ---
Claus Marxmeier EDV-Service
Johann-Kierspel-Straße 5
51491 Overath  
Germany

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
iEYEARECAAYFAku6h3oACgkQUIsBFYVeBxC82gCfReNpv+rLKbb2n9vRxwoizCv+
0UAAn18QA/Y6irneBZyvcty9NGiKDHgq
=MuBy
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20100406/fd2dd2ed/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: claus.vcf
Type: text/x-vcard
Size: 278 bytes
Desc: not available
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20100406/fd2dd2ed/attachment.vcf>