On Mon, Jan 17, 2022 at 5:32 AM Alessandro Vesely via mailop < mailop@mailop.org> wrote:
> I'm not clear what you mean by "secure your own IP block". > > Besides, for the mxroute address you wrote from, 149.28.56.236, I find an > abuse address of ab...@vultr.com, which looks like your ISP's. > This again points to some of the assumptions that people on Mailops seem to have. Often times, the owner of the IP (i.e. vultr.com) isn't necessarily the administrator of the mail server sending out mail from the IP (i.e. who has root to the server). For us, we rent servers from various companies. Those companies own the IP addresses (or sometimes they're renting rack space and IP addressing in a datacenter and the ownership of the IP address goes up another level), but they don't have root access to the server (technically since they have actual hands in the datacenter, they could get root to the server if they booted into single user mode). At the same time, I understand why Mailops preaches that they send abuse reports to the owner of the IP address - which, again, may be several company levels up from the individual that actually has root to the server and can take more immediate action against the abuse. I'm not really going to cry foul that Microsoft, Gmail, Yahoo, all the other big name mail services aren't actually sending the abuse reports to the administrators of the servers that matter. Ideally, sure, the reports would go to the IP owner and that would filter down to the root administrator of the server. That doesn't happen very often - if ever. Perhaps this is something these IP owners (i.e. vultr.com, Linode, etc) need to address. Perhaps these IP owners need to require it so that when a customer signs up for their services, they have to provide an email address to forward feedback loop messages to for their assigned IP? Whether or not if these big name mail services realize how razor thin the connection is between IP owner and root server administrator is not something I know, although I suspect that it's more likely they are oblivious to this. I might question whether those reports are actually being sent to the IP owner in the first place, it provides plausible deniability in the event that they unilaterally decide to block or blacklist an IP address. Because as I said, those notices from the IP owner rarely get filtered down to the root server administrator. It then becomes a closing ticket matter when it's revealed that the person inquiring about the block (the root server administrator) isn't the IP owner. I still go back to the way the AOL Feedback Loop system worked in the 2000s. I was able to stop A LOT of spam abuse on our servers when these were reporting and being sent to AOL addresses - which often times included many, many other email services (gmail, hotmail, yahoo, etc). The signup process made a ton of sense, you registered an IP address, AOL did a reverse lookup on the IP, you had to acknowledge that you could receive email at postmas...@reverselookupt.ld or ab...@reverselookupt.ld, and then you were able to receive redacted messages that AOL users flagged as spam (or maybe the system flagged as spam?) that came from that IP address. There was no involvement in the "owner" of the IP address. I just wish people could be a bit more open-minded when it comes to reporting spam and abuse from mail servers. It's like nobody wants to hear or consider viewpoints on how email and email servers are being administered and learn from those. The second they see that someone isn't managing their mail server the way THEY manage a mail server then immediately that someone is wrong. Why is it so hard to take feedback, ponder on it, and maybe admit "hey! that's not a bad idea!"
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop