Re: [mailop] contact at google

[Luis E. Muñoz via mailop]

Wow,
tried twice to email you directly w no luck

   ----- The following addresses had permanent fatal errors -----
<mailop-20160...@billmail.scconsult.com>
    (reason: 550 5.7.1 <ns1.libertad.link[192.241.161.190]>: Client 
host rejected: Get a real domain, spammy)

Oh well, thank you anyway.

-lem


On 17 Apr 2020, at 12:31, Bill Cole via mailop wrote:

On 17 Apr 2020, at 10:42, Steven Champeon via mailop wrote:

I sent this to John offlist but here is a list of the IPs that are 
doing
stupid and useless queries against one of our mirrors (couple of days 
stale
but still potentially useful to someone):

       count IP
         122 172.253.12.1
         119 172.253.14.3
         117 172.253.12.2
         117 172.253.11.3
         116 172.253.14.2
         115 172.253.14.1
         114 172.253.11.1
         112 172.253.12.4
         110 172.253.14.5
         110 172.253.12.3
         109 172.253.12.5
         105 172.253.11.5
         104 172.253.11.4
         101 172.253.14.4
          98 172.253.11.2

There are more, but those are the high-count Google IPs. Apparently, 
there
are idiots at Linode, too. But the vast majority of these things are 
coming
from Google netspace.

Bogus DNSBL queries come from all over Google, Level3, Linode, Amazon, 
Cloudflare and other large DNS provider space. I have automation that 
blackholes DNS traffic from /24s around any such miscreants until 
they've stopped for 30 days, and the current consolidated ranges just 
from that /16 are:

172.253.0.0/23
172.253.2.0/24
172.253.4.0/22
172.253.8.0/22
172.253.12.0/24
172.253.14.0/24
172.253.192.0/24
172.253.194.0/23
172.253.196.0/22
172.253.201.0/24
172.253.210.0/23
172.253.212.0/24
172.253.214.0/23
172.253.217.0/24
172.253.220.0/24
172.253.230.0/24
172.253.233.0/24
172.253.234.0/24
172.253.246.0/24

My total list has 312 automatically added /24s and along with a few 
manual larger and smaller ranges those consolidate into 257 blocks 
with ranges as large as /20s where every /24 has made a query in the 
last 30 days against a never-public DNSBL that has never given useful 
answers to the world at large.

Please, make it stop already. You do not understand what you're 
doing.

They don't just not understand. They don't know, don't want to know, 
don't care, and won't make it stop.

For 15+ years I've tried every form of complaint and DNS trickery I 
can think up to make bogus DNSBL queries stop. The only success I've 
ever had has been with a couple of dumb cargo-culting "check all the 
blacklists" sites that had working contacts I could berate. When I've 
managed to get any response from people operating DNS resolver 
services, that has basically boiled down to "I guess it sucks to be 
you."

--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop