As long as the blocking is targeted and responsibly implemented I don't have any particular issues
More than one large corporation has hotel California style blocks though --srs > On 01-Jun-2016, at 10:43 AM, Shane Clay <sh...@caznet.com.au> wrote: > > Our block of this /24 will only be temporary. We'll remove it when we've > assessed the amount of spam (in fact, the only concern we really have is > these Cryptolocker downloaders) has reduced to a level our clients will be > happy with. > > We are rejecting email with a 500 error. The sender will be aware of it and > the response will be clear - your IP is blacklisted. > > Before implementing this IP block we did review logs for the past few weeks > to determine impact. As I said, it's essentially zero. All we are really > blocking is this most recent spam blast. > > We're a specialist provider, not a mass MTA. Our clients pay us specifically > for managing risk for them. In our view, we've made the appropriate call at > this time. We are in regular contact with the sys admins of many of our > clients and have acted in a way consistent with what they expect of us. > > Perhaps.... if more people responded in this way to poor IP > reputation/behaviour, the offending carriers would put in more effort to > actually reducing this risk of their clients using their IPs/services to be a > problem for others. > > Regards, > > > Shane Clay | Director, Senior Engineer > www.caznet.com.au > Phone 08 8464 0052 > 211 / 147 Pirie Street, Adelaide SA 5000 > > > > -----Original Message----- > From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Suresh > Ramasubramanian > Sent: Wednesday, 1 June 2016 1:34 PM > To: Mark Foster <blak...@blakjak.net> > Cc: mailop@mailop.org > Subject: Re: [mailop] Massive Spamrun from Cox Net: 68.230.241.0/24 > > Having spent about 14 years doing postmaster / abuse / spam architecture for > a hk based ISP before my current job, I can relate to that "wider subnet > blockages" thing. > > Beyond that - I wonder just how many people > > 1. Have as many metrics as they think to accurately determine fp rates > > 2. Listen to external people who want to mail their customers (not just > marketers, ordinary people I mean) - or listen to their own customers for > that matter > > 3. Implement a clear and transparent block with an accurate reason for the > rejection and a contact mechanism (email / URL) to appeal the block, so that > the sender and recipient know just what is happening, not just "oh, this > blasted email is down again, let me resend using gmail" or "oh, it never > reached you? I wonder what happened" when your provider throws away the email > rather than deliver to junk or bounce it > > --srs > >> On 01-Jun-2016, at 8:57 AM, Mark Foster <blak...@blakjak.net> wrote: >> >> That's ok Suresh. We down-under are frequently victim of wider subnet >> blockades due to American (in particular, as a party we communicate with a >> lot) prejudices about larger subnets with smaller chunks routed to other >> APNIC member countries such as China and Korea. So I suppose it's all fair >> :-) >> >> On my (private, personal) MTA I have several /24's (and bigger) permanently >> blocked due to the SNR being almost entirely, well, N. I can only assume >> that Shane has performed a similar analysis in order to take that particular >> response - or that the response is temporary. >> >> When I saw Benoit's post I did look at some of the particularly nasty >> spam-run my company had this morning, unfortunately a different /24 (in an >> adjacent /16) and only a small proportion of the total spam-run originated >> from that particular IP range. Still it helps emphasise that there's an >> awful lot of compromised end-user-IP-addresses in the US, and even more >> "Legit" enterprises that are tacitly (or not) allowing spammy behavior to go >> on under some sort of 'guise' of legitimacy. >> >> One recent example I saw came out of 'en25.com' but when searching my inbox >> for an example, I discovered that Twitter appear to be a legitimate customer >> of their services. :( >> >> Resorting to IP range blocks is always a mixed-bag, but as long as providers >> who do so remain aware of the impact and responsive to any genuine >> false-positives that result, it is a far more 'useful' response than pretty >> much anything available to 'foreign' network operators. >> >> Mark Foster >> Wellington, New Zealand >> >> >>> On 1/06/2016 3:14 p.m., Suresh Ramasubramanian wrote: >>> With multiple million legitimate users of one of the largest broadband >>> providers in the USA also mailing through the /24. >>> >>> Brilliant, I must say. You must enjoy hearing false positive reports from >>> your users. >>> >>> --srs >>> >>>> On 01-Jun-2016, at 8:02 AM, Shane Clay <sh...@caznet.com.au> wrote: >>>> >>>> We're seeing the same and have also blocked that /24. >>>> >>>> Regards, >>>> >>>> >>>> Shane Clay | Director, Senior Engineer >>>> www.caznet.com.au >>>> Phone 08 8464 0052 >>>> 211 / 147 Pirie Street, Adelaide SA 5000 >>>> >>>> >>>> >>>> -----Original Message----- >>>> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Benoit >>>> Panizzon >>>> Sent: Tuesday, 31 May 2016 11:41 PM >>>> To: mailop@mailop.org >>>> Subject: [mailop] Massive Spamrun from Cox Net: 68.230.241.0/24 >>>> >>>> Hello >>>> >>>> At the moment we see a very large amount of emails containing Microsoft >>>> Office Documents containing malware, all originating from IP Addresses in >>>> the Range: 68.230.241.0/24 >>>> >>>> We therefore blocked that range. >>>> >>>> Anyone else? Maybe a Cox.Net Email Admin reading this list? >>>> >>>> -BenoƮt Panizzon- >>>> -- >>>> I m p r o W a r e A G - Leiter Commerce Kunden >>>> ______________________________________________________ >>>> >>>> Zurlindenstrasse 29 Tel +41 61 826 93 00 >>>> CH-4133 Pratteln Fax +41 61 826 93 01 >>>> Schweiz Web http://www.imp.ch >>>> ______________________________________________________ >>>> >>>> _______________________________________________ >>>> mailop mailing list >>>> mailop@mailop.org >>>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >>>> _______________________________________________ >>>> mailop mailing list >>>> mailop@mailop.org >>>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >>> _______________________________________________ >>> mailop mailing list >>> mailop@mailop.org >>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >> >> >> _______________________________________________ >> mailop mailing list >> mailop@mailop.org >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
