That's ok Suresh. We down-under are frequently victim of wider subnet
blockades due to American (in particular, as a party we communicate with
a lot) prejudices about larger subnets with smaller chunks routed to
other APNIC member countries such as China and Korea. So I suppose it's
all fair :-)
On my (private, personal) MTA I have several /24's (and bigger)
permanently blocked due to the SNR being almost entirely, well, N. I
can only assume that Shane has performed a similar analysis in order to
take that particular response - or that the response is temporary.
When I saw Benoit's post I did look at some of the particularly nasty
spam-run my company had this morning, unfortunately a different /24 (in
an adjacent /16) and only a small proportion of the total spam-run
originated from that particular IP range. Still it helps emphasise that
there's an awful lot of compromised end-user-IP-addresses in the US, and
even more "Legit" enterprises that are tacitly (or not) allowing spammy
behavior to go on under some sort of 'guise' of legitimacy.
One recent example I saw came out of 'en25.com' but when searching my
inbox for an example, I discovered that Twitter appear to be a
legitimate customer of their services. :(
Resorting to IP range blocks is always a mixed-bag, but as long as
providers who do so remain aware of the impact and responsive to any
genuine false-positives that result, it is a far more 'useful' response
than pretty much anything available to 'foreign' network operators.
Mark Foster
Wellington, New Zealand
On 1/06/2016 3:14 p.m., Suresh Ramasubramanian wrote:
With multiple million legitimate users of one of the largest broadband
providers in the USA also mailing through the /24.
Brilliant, I must say. You must enjoy hearing false positive reports from your
users.
--srs
On 01-Jun-2016, at 8:02 AM, Shane Clay <sh...@caznet.com.au> wrote:
We're seeing the same and have also blocked that /24.
Regards,
Shane Clay | Director, Senior Engineer
www.caznet.com.au
Phone 08 8464 0052
211 / 147 Pirie Street, Adelaide SA 5000
-----Original Message-----
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Benoit Panizzon
Sent: Tuesday, 31 May 2016 11:41 PM
To: mailop@mailop.org
Subject: [mailop] Massive Spamrun from Cox Net: 68.230.241.0/24
Hello
At the moment we see a very large amount of emails containing Microsoft Office
Documents containing malware, all originating from IP Addresses in the Range:
68.230.241.0/24
We therefore blocked that range.
Anyone else? Maybe a Cox.Net Email Admin reading this list?
-BenoƮt Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
