<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: Commecial vs fairness (was: spam support)


> We are an ISP using publicly available blacklists (a bunch of them)
> and subscription-based ones; but we also have our own, at present
> containing about 4000 IP numbers or blocks (and also 6000 domains and 
> 4000 single email addresses; but we are discussing IPs now).
> 
> The local blacklist is extremely important to us, because it gives
> us an easy and fast way to block established spam sources without
> going through the effort of submitting nominations to public
> blacklists and wait for them to be accepted.  We often do that 
> (Steve knows..), but there are just too many spammers and too
> few people reporting, and a day is only 24h.

  Do you report all IP numbers put into the local blacklist to one
or more public blacklists?

> Moreover, there are spam sources (so called "mainsleaze" spammers)
> that no blacklist dares to block, yet they send unsolicited mail
> in large quantities.  Outfits like pm0.net, Responsys etc.  Many
> of them change domain every week, so they have to be blocked by IP
> if you want to stop their mail.
> 
> We bounce all mail with a contact URL in the error message.
> Everybody receiving a bounced mail from us knows how to contact us 
> and negotiate the removal.  Having said that, we do not "maintain"
> the local blacklist other than adding spam sources, and removing
> IPs _on demand_ (after having determined that those IPs are no
> longer a spam source).

  Do you check the local blacklist, and remove any overlap with
public blacklists?

> I believe that several ISPs work in this way, and I expect anybody
> taking on a block previously used by a spammer to do quite a bit
> of work to have his block removed from local blacklists, even
> if the spammer was there years before.
> 
> In my opinion the "radioactivity" issue should be somehow addressed 
> by RIPE (and of course also ARIN and APNIC): after all, by
> reassigning a block previously used by a spammer they are
> delivering deteriorated goods :-)

  RIPE makes no claims of usability for any of the IP ranges they
give out. The only claim that is made, is that the IP range is
globally unique.

  Keeping track of ownership of IP ranges, the number of hits they
produce, and the contents of the hits can also help in determining
if a IP range is still used by a spammer.

  A 6 or 12 month one time timeout per entry, and subsequent permenant
listing may also help.

- marcel




<<< Chronological >>> Author    Subject <<< Threads >>>