Having spent about 14 years doing postmaster / abuse / spam architecture for a hk based ISP before my current job, I can relate to that "wider subnet blockages" thing.
Beyond that - I wonder just how many people 1. Have as many metrics as they think to accurately determine fp rates 2. Listen to external people who want to mail their customers (not just marketers, ordinary people I mean) - or listen to their own customers for that matter 3. Implement a clear and transparent block with an accurate reason for the rejection and a contact mechanism (email / URL) to appeal the block, so that the sender and recipient know just what is happening, not just "oh, this blasted email is down again, let me resend using gmail" or "oh, it never reached you? I wonder what happened" when your provider throws away the email rather than deliver to junk or bounce it --srs > On 01-Jun-2016, at 8:57 AM, Mark Foster <blak...@blakjak.net> wrote: > > That's ok Suresh. We down-under are frequently victim of wider subnet > blockades due to American (in particular, as a party we communicate with a > lot) prejudices about larger subnets with smaller chunks routed to other > APNIC member countries such as China and Korea. So I suppose it's all fair > :-) > > On my (private, personal) MTA I have several /24's (and bigger) permanently > blocked due to the SNR being almost entirely, well, N. I can only assume > that Shane has performed a similar analysis in order to take that particular > response - or that the response is temporary. > > When I saw Benoit's post I did look at some of the particularly nasty > spam-run my company had this morning, unfortunately a different /24 (in an > adjacent /16) and only a small proportion of the total spam-run originated > from that particular IP range. Still it helps emphasise that there's an awful > lot of compromised end-user-IP-addresses in the US, and even more "Legit" > enterprises that are tacitly (or not) allowing spammy behavior to go on under > some sort of 'guise' of legitimacy. > > One recent example I saw came out of 'en25.com' but when searching my inbox > for an example, I discovered that Twitter appear to be a legitimate customer > of their services. :( > > Resorting to IP range blocks is always a mixed-bag, but as long as providers > who do so remain aware of the impact and responsive to any genuine > false-positives that result, it is a far more 'useful' response than pretty > much anything available to 'foreign' network operators. > > Mark Foster > Wellington, New Zealand > > >> On 1/06/2016 3:14 p.m., Suresh Ramasubramanian wrote: >> With multiple million legitimate users of one of the largest broadband >> providers in the USA also mailing through the /24. >> >> Brilliant, I must say. You must enjoy hearing false positive reports from >> your users. >> >> --srs >> >>> On 01-Jun-2016, at 8:02 AM, Shane Clay <sh...@caznet.com.au> wrote: >>> >>> We're seeing the same and have also blocked that /24. >>> >>> Regards, >>> >>> >>> Shane Clay | Director, Senior Engineer >>> www.caznet.com.au >>> Phone 08 8464 0052 >>> 211 / 147 Pirie Street, Adelaide SA 5000 >>> >>> >>> >>> -----Original Message----- >>> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Benoit Panizzon >>> Sent: Tuesday, 31 May 2016 11:41 PM >>> To: mailop@mailop.org >>> Subject: [mailop] Massive Spamrun from Cox Net: 68.230.241.0/24 >>> >>> Hello >>> >>> At the moment we see a very large amount of emails containing Microsoft >>> Office Documents containing malware, all originating from IP Addresses in >>> the Range: 68.230.241.0/24 >>> >>> We therefore blocked that range. >>> >>> Anyone else? Maybe a Cox.Net Email Admin reading this list? >>> >>> -BenoƮt Panizzon- >>> -- >>> I m p r o W a r e A G - Leiter Commerce Kunden >>> ______________________________________________________ >>> >>> Zurlindenstrasse 29 Tel +41 61 826 93 00 >>> CH-4133 Pratteln Fax +41 61 826 93 01 >>> Schweiz Web http://www.imp.ch >>> ______________________________________________________ >>> >>> _______________________________________________ >>> mailop mailing list >>> mailop@mailop.org >>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >>> _______________________________________________ >>> mailop mailing list >>> mailop@mailop.org >>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >> _______________________________________________ >> mailop mailing list >> mailop@mailop.org >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
