> On Sep 21, 2021, at 2:25 PM, Michael Peddemors via mailop <mailop@mailop.org> > wrote: > > On 2021-09-21 12:09 p.m., Mark Milhollan via mailop wrote: >>> Block AUTH from Amazon/Gcloud/Azure by default >> Would you include other clouds, like Alibaba, Oracle, OVH, Rackspace, etc., >> perhaps especially those that are "too easy" for spammers and miscreants to >> get a machine going on? I can understand this sentiment but be aware it >> might block your more advanced users, e.g., those hosting a VPN or mail >> archive there or a service that does. > > Funny you should mention it, the SpamRats team is working on a RATS-CLOUD > RBLDNSD lookup which contain lists of cloud providers with common problems ;) > > While meant to be more of an informative nature, there are certain activity > that you should not really expect from a cloud IP, except MAYBE desktop in > the cloud.. > > But a person can make special exemptions for the few IP(s) on those clouds > that you expect to do AUTH behavior.. I mean really, not many of the 21 > million Azure IP(s) need to connect via AUTH to your email server ;)
How you handle clients using Starlink, which mostly looks like their connection is coming from google cloud, with some Azure on the side? Does this encounter any issues with CGN where dozens to hundreds of users may appear to be coming from the same IP? If you follow NANOG and some other groups, you’re probably aware of the spate of VPN blocking recently from various Video providers like Netflix and Amazon Prime. This seems to be (as an email provider and (separately, day job) a ISP) to be related to simple heuristic, if several people log in from one ip, it might be a VPN. Looking for ideas on beefing up my own email security while avoiding the false positives Amazon seems more willing to deal with… -Darrell _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
