Re: [mailop] Microsoft blacklisting a /16

Wed, 05 Jun 2019 10:29:08 -0700

Point taken.. however, in his case, this is more about network operators, than email operators, which is probably why he suggested to keep it off list.
However, the point has been raised in the past, whether this list should expand on it's allowable range of discussions. 


That hasn't been determined as of yet. Comments and thoughts on that 
subject welcome.



But to keep it short and sweet, there are obvious things that network 
operators can do to keep clean networks.  We even considered in the past 
offering consulting/monitoring as a service, to help operators implement 
those simple to do things.



But traditionally, the operators that are serious about doing things to 
improve, usually end up doing it in-house, while those that aren't, have 
no interest in paying for such a service ;)



Network operators range widely, from those that offer 'bullet proof' 
hosting, to those that simply turn a blind eye, to those that are new to 
the industry, that truly simply need to learn, to those that are really 
professional.  Unfortunately, history shows that the growth rates of 
businesses that are shall we say 'less' motivated to be good net 
citizens, have been stronger .. 'to a point'.



But business forces change, and with IPv4 run out, increased scrutiny by 
law makers, and more aggressive techniques like blacklisting, the 
businesses that aren't interested in a 'quick exit' are now looking at 
this more seriously.



Heard an interesting key note at Lacnic recently, done by one of the 
Azure leads, about how the things they worried about (eg inbound 
attacks) when they designed their systems, weren't the things that 
happened.  The things that happened were what they didn't expect, eg 
abuses inside the network going out, or abuses from one node to another.



And in general, that is a common problem.  Businesses, processes, and 
networks are built for growth, and it is the unexpected things that the 
systems were never designed for.  ONLY later on do those things pile up 
enough to become a business consideration.



Eg, unfortunately, ONLY when networks become blacklisted, or have other 
revenue affecting problems, are systems implemented to rectify these 
problems in many cases.



But as long as network operators do "work towards" solving those 
problems, in general there will be lots' of people who will work with 
them to help.



But we are no longer in a world, where 'too big to block' is a realistic 
expectation for any network operator.








On 2019-06-05 9:06 a.m., Stefan Bauer via mailop wrote:

Please keep this on-list. This is of great help for all other mailops to 
improve own setup.


Thank you.


    -----Ursprüngliche Nachricht-----
    *Von:* Hetzner Blacklist via mailop <mailop@mailop.org>
    *Gesendet:* Mittwoch 5 Juni 2019 17:43
    *An:* mailop@mailop.org; Michael Peddemors <mich...@linuxmagic.com>
    *Betreff:* Re: [mailop] Microsoft blacklisting a /16

    Hi Michael,

    thanks for your post. Even if it doesn't really help with the issue
    we're having, you make some great points (as usual). I thought I'd
    respond to a few, in the hope this doesn't derail the reason for my
    initial post.

    > Hehehe.. how does that saying going about the "pot calling the kettle
    > black"?

    I was well aware of the schadenfreude this would cause on here, so you
    can imagine how annoying this situation is for me to post anyway.

    > (And please, no comments about GDPR, GDPR allows you to publish
    > information if their is a legitimate reason, and the customer permits it.)

    You've hit the nail on the head... "if the customer permits it". We've
    had this discussion before, so I thought you knew that we have rwhois,
    it's simply an opt-in system that many customers don't opt-in to.

    > Will comment that your IP Space 'appears' to be improving recently,

    I'm very glad to hear that :)

    > but still, steps can be performed easily to improve this..

    I would love to hear about these easy steps. I have a long list of
    improvements I'm trying to push through here, and if there are some easy
    things I'm forgetting or overlooking, I'd like to know. I'd be happy to
    take this off-list.

    Kind regards

    Bastiaan van den Berg
    ---------------------
    Hetzner Online GmbH


    Am 05.06.2019 um 16:37 schrieb Michael Peddemors via mailop:
    > Hehehe.. how does that saying going about the "pot calling the kettle
    > black"?  But aside from comments about what people are saying about
    > Azure....

    > 
    > It really is when those /28's start firing up on your network.. I would

    > 'like' to say it is a problem with vetting new customers, however I
    > can't...  There is no SWIP information on those ranges..

    > 
    > Do remember, SWIP/rwhois does help let others know when a customer got

    > their IP space, helps both your good customers, and helps others
    > determine what is the issue when sudden traffic trips the switches..

    > 
    > (And please, no comments about GDPR, GDPR allows you to publish

    > information if their is a legitimate reason, and the customer permits it.)

    > 
    > Will comment that your IP Space 'appears' to be improving recently, but

    > still, steps can be performed easily to improve this..

    > 
    > Technically, it should be easier for you to notice the bad apples than

    > it is for the rest of the world, with simple small things.. But this is
    > still a real problem at some of the largest *cough* providers as well.

    > 
    > The internet is a scary place, and whether it is rhetoric from

    > politicians around the globe, or those involved in the infosec
    > community, I expect to see a lot more cases where the idea's of openness
    > on the internet, becomes more about putting up 'walls' first..

    > 
    >     -- Michael --
    > 
    > PS.. hehehe.. had a chuckle.. love this email header..
    > 
    > X-TnetOut-SpamCheck: no es spam, Unknown
    > 
    > "No es spam Senor!"  reminds of old cartoon lines..
    > 
    > 
    > 
    > 
    > On 2019-06-05 4:25 a.m., Hetzner Blacklist via mailop wrote:

    >> Hello Mailop,
    >>
    >> For the past two years things have been going really well for us in
    >> regards to the Microsoft blacklist. We've had very few issues, probably
    >> because we aggressively check the SNDS and block/terminate IPs/clients
    >> that send spam to Microsoft. Now, all of a sudden and without warning,
    >> Microsoft has blacklisted the entire range 5.9.0.0/16.
    >>
    >> Just to show how extreme that is, of our almost 1.4 million IPs,
    >> Microsoft has currently blacklisted 70,390, of which 65,496 are from the
    >> range above. So without that range, Microsoft would have around 5,000
    >> blacklisted IPs (a number I'm very proud of considering three years ago
    >> that was at 380,000).
    >>
    >> I, along with many customers, have sent delist requests to Microsoft,
    >> but only a handful of them have been accepted. Even the escalations team
    >> (the actual humans) can't help. I don't understand why, and am looking
    >> for answers, as are the confused/angry customers contacting us about
    >> this.
    >>
    >> I'm hoping I can reach Michael Wise through this post, since I don't see
    >> any other way of clarifying this situation. If anybody else has any tips
    >> or advice though, I would obviously appreciate that as well.
    >>
    >> Please note that I fully understand (and support) blacklisting single
    >> IPs, and can understand why blacklists like Microsoft do escalation
    >> listings of /24s. The question here is about an entire /16.
    >>
    >> Kind regards
    >>
    >> Bastiaan van den Berg
    >> ---------------------
    >> Hetzner Online GmbH
    >>
    >> _______________________________________________
    >> mailop mailing list
    >> mailop@mailop.org
    >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
    >>

    > 
    > 
    > 


    _______________________________________________
    mailop mailing list
    mailop@mailop.org
    https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop






















					Reply via email to