<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: Commecial vs fairness (was: spam support)


At 9:28 am +0000 (GMT) 15/2/02, Mally Mclane wrote:
 On Fri, 15 Feb 2002, Steve Linford wrote:

 were previously used by a Cyberpromo and are consequently completely
 blocked by every DNSBL and local MTA blacklist on the net. If they
 did, and you gave those IPs out to customers there'd be a mess as
 your customers would want to burn an effigy of you ;) So it may make
 sense for RIPE to guard themselves against a future Cyberpromo
 destroying the usability and hence value of those IPs, by stipulating
 something in the TOS that forbids the use of the IPs for spam service
 purposes.
 so you advocate RIPE not reallocatiing IPs that have been used by a
 spammer?
That's a difficult one, I would say 'yes' but then RIPE would need a process to know that a particular IP range is effectively destroyed for re-allocation for a period of time. With major US-based spam gangs we use the term 'radioactive half-life', here in Europe we haven't seen any major spam gangs yet so this issue hasn't yet arrived on RIPE's doorstep.

The big new trend is for spam gangs to set up fake ISPs (e.g: Katelecom, Globalipx, etc.) doing their own funky BGP routing to make the backbone think they have lots of customers (so traceroute to the spam site goes a long way down 'inside' Katelecom, via many 'routers' with state names and fake customer gateways until it 'reaches' the spammer). These guys get huge ARIN allocations (/20s, /16s) and of course by the time the backbone has realized ISP is actually the spam outfit they've managed to flood the net with spam for many months. Every mail admin with an MTA capable of blocking will have already blocked their range, and hardly any mail admin makes note of what they throw into their local SMTP blacklist. At a guess, these blocks remain in local blacklists for a couple of years or so.

So, what happens when a range like that is re-allocated to a new customer. I don't have any bright ideas on how RIPE could handle it, but something in their TOS may allow them to protect IPs from this type of damage to a certain extent.

--
Steve Linford
The Spamhaus Project
http://www.spamhaus.org




<<< Chronological >>> Author    Subject <<< Threads >>>