Dear colleagues, Thinking about a course of action - it looks there is an agreement to have more RBLs on RIPEstat. It would be good to have a list of candidates that the community feels would be useful. Once we have this list, we can perform a feasibility analysis and present this to the community. We can then take it from there.
Let me know if this approach works for you. Best regards, Christian On 04/03/2021 17:16, Christian Teuschel wrote: > Hi Elvis and Suresh, dear colleagues, > > Putting exact numbers on how many operators are using UCEProtect is > difficult, but through feedback from users, network operators and > members we understand that it is in use and that the provisioning of > this RBL on RIPEstat has value. > > If I am reading the feedback in this discussion correctly, the sentiment > is leaning towards adding more RBLs instead of less and if that is the > case we are going to look into how and when we can achieve this. Please > let me know if that is aligned with your requirements/expectations. > > Best regards, > Christian > > On 04/03/2021 09:54, Elvis Daniel Velea wrote: >> Hi Christian, >> >> while it may be useful to have their data source, it only shows the RIPE >> NCC favors one or two operators and I think that is damaging to the >> whole idea of being impartial. >> >> You either include a good list of blacklist operators and their data or >> none. Including only a couple will lead to the impression that only >> those are important enough to be considered by the RIPE NCC. >> >> my 2 cents, >> Elvis >> >> On 3/3/21 8:27 AM, Christian Teuschel wrote: >>> Dear colleagues, >>> >>> RIPEstat is a neutral source of information and we aim to provide users >>> with access to as many data sources as possible to provide insights. >>> >>> UCEProtect was added as a data source prior to 2010 and is still used by >>> several network operators to filter traffic into their networks. >>> Including it as a data source in RIPEstat allows users to see whether >>> resources are included in their lists. >>> >>> RIPE NCC does not pay for, support or endorse their practices, although >>> we understand that continuing to include UCEProtect as a data source >>> could be misunderstood as such. We also do not use their lists to filter >>> traffic on our services. >>> >>> Our goal remains to provide the best visibility and tools for network >>> operators to diagnose their networks. We have also heard your feedback >>> regarding including more RBLs. It is something that we have considered >>> in the past, and we are open to revisiting this. >>> >>> RIPEstat is driven by the community. We would like to hear from you >>> about whether including UCEProtect as a data source is useful. >>> >>> Regards, >>> Christian >>> >>> On 02/03/2021 00:08, Kristijonas Lukas Bukauskas via anti-abuse-wg wrote: >>>> Hello, >>>> >>>> I noticed that RIPE NCC uses uceprotect-level1, uceprotect-level2 and >>>> uceprotect-level3 in RIPEStat Anti Abuse Blacklist Entries widget. >>>> >>>> There have been controversial positions about this blacklist recently: >>>> >>>> 1) >>>> https://success.trendmicro.com/solution/000236583-Emails-being-rejected-by-RBL-UCEPROTECL-in-Hosted-Email-Security-and-Email-Security >>>> >>>> <https://success.trendmicro.com/solution/000236583-Emails-being-rejected-by-RBL-UCEPROTECL-in-Hosted-Email-Security-and-Email-Security> >>>> >>>> 2) https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html >>>> <https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html> >>>> >>>> UCEPROTECT blacklists the whole range of IP addresses, including the >>>> full IP range of some autonomous systems: >>>> UCEPROTECT states, '/Who is responsible for this listing? YOU ARE NOT! >>>> Your IP was NOT directly involved in abuse but has a bad neighborhood. >>>> Other customers within this range did not care about their security and >>>> got hacked, started spamming, or were even attacking others, while your >>>> provider has possibly not even noticed that there is a serious problem. >>>> We are sorry for you, but you have chosen a provider not acting fast >>>> enough on abusers'/) [http://www.uceprotect.net/en/rblcheck.php >>>> <http://www.uceprotect.net/en/rblcheck.php>]. >>>> It asks for a fee if some individual IP address wants to be >>>> whitelisted >>>> (http://www.whitelisted.org/ <http://www.whitelisted.org/>), >>>> It abuses people who decide to challenge their blacklist by publishing >>>> conversations in their so-called /Cart00ney/ >>>> (http://www.uceprotect.net/en/index.php?m=8&s=0 >>>> <http://www.uceprotect.net/en/index.php?m=8&s=0>; >>>> http://www.uceprotect.org/cart00neys/index.html >>>> <http://www.uceprotect.org/cart00neys/index.html>). >>>> And the other type of threatening: http://www.uceprotect.org/ >>>> <http://www.uceprotect.org/> >>>> Does RIPE NCC have any position on this specific blacklist? >>>> >>>> Thank you! >>> >> >> > -- Christian Teuschel RIPE NCC | @christian_toysh