This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] What todo when a registrar doe snot respond to babuse form an IP
- Previous message (by thread): [anti-abuse-wg] What todo when a registrar doe snot respond to babuse form an IP
- Next message (by thread): [anti-abuse-wg] Proposal 2022-01
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hank Nussbacher
hank at interall.co.il
Thu Jun 23 11:30:56 CEST 2022
On 23/06/2022 10:24, Jeroen Massar via anti-abuse-wg wrote: > > Use block lists like https://www.spamhaus.org/xbl/ to make your life a bit easier; but, do not outright block, use them ala Spamassassin as one of many inputs to rank if an IP is likely to be good or bad. > > For Tor, there is https://check.torproject.org/api/bulk ; though in the end Tor is just noise; compromised hosts are a bigger issue. > For Internet, there is a very harsh: https://www.spamhaus.org/drop/ (you might also accidentally possibly block good people using those ISPs) > > Whatever list you use, be it those from Spamhaus or other providers, do verify what you block and maybe whitelist what you never want to block. > Making a baseline of "normal clients" can also be useful: eg, no sense in processing packets from a IP in Antartica when you normally do not get traffic from there. Your Network, Your Policy... but also your pain when a user gets accidentally blocked... If you raised the issue, what do others think of https://www.crowdsec.net/ Thanks, Hank
- Previous message (by thread): [anti-abuse-wg] What todo when a registrar doe snot respond to babuse form an IP
- Next message (by thread): [anti-abuse-wg] Proposal 2022-01
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]