<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: Commecial vs fairness (was: spam support)


At 1:04 pm +0000 (GMT) 16/2/02, Mally Mclane wrote:
 On Sat, 16 Feb 2002, furio ercolessi wrote:

 On Fri, Feb 15, 2002 at 12:18:41PM +0100, Anne Marcel Roorda wrote:
 >
 >   Educating admins on how to maintain a blacklist if they so choose
 > would be a better sollution. Getting them to drop the local blacklist
 > and move to one of the several publicly available blacklists would be
 > even better.

 We are an ISP using publicly available blacklists (a bunch of them)
 and subscription-based ones; but we also have our own, at present
 containing about 4000 IP numbers or blocks (and also 6000 domains and
 4000 single email addresses; but we are discussing IPs now).

 The local blacklist is extremely important to us, because it gives
 us an easy and fast way to block established spam sources without
 going through the effort of submitting nominations to public
 blacklists and wait for them to be accepted.  We often do that
 (Steve knows..), but there are just too many spammers and too
 few people reporting, and a day is only 24h.
 you block quickly...

 how often do you check/recheck/unblock an ip?
That's in fact what he went on to say:

 Having said that, we do not "maintain"
 the local blacklist other than adding spam sources, and removing
 IPs _on demand_ (after having determined that those IPs are no
 longer a spam source).

 I believe that several ISPs work in this way, and I expect anybody
 taking on a block previously used by a spammer to do quite a bit
 of work to have his block removed from local blacklists, even
 if the spammer was there years before.
Bascially ISP are expected by their customers to stop incoming spam "now" (as Clive knows well when I was a Demon customer myself in 95, I used to yell at Demon to do something about the spam, then later when I became an ISP myself I thought "poor Clive!" :) But ISPs can't spend their time rechecking every blocked IP to see if the reason they blocked it has been removed. So local blocklists tend to accumulate IPs which sit there until somebody contacts them about it.

However a previous response said RIPE doesn't reuse IPs for many years, so we're probably talking cross-purposes. The bit that interested me was the possibility of RIPE taking back IPs from known verified spam operations, to prevent the possibility of future European versions of Katelecom, Globalipx, etc.

--
Steve Linford
The Spamhaus Project
http://www.spamhaus.org




<<< Chronological >>> Author    Subject <<< Threads >>>