On 3/14/24 15:18, Michael Grimm via mailop wrote:
OVH is sharing a /64 subnet among multiple customers since they started their public cloud project. You are only provided with a single IPv6 address for your instance. In the years before that, I had had access to an exclusive /64 subnet.
This is very bad practice on OVH's part. Why are they doing this? Are they afraid of running out of IPv6 addresses?
But that isn't the point of my initial post: Spamhaus is blocking the /64 subnet my address is part of. Fair enough. *But* on the other hand they are offering an web-based de-listing service without human interference. Good. After successful delisting, that particular IPv6 address becomes immediately de-listed. Fine.
Likely not. Much more likely: After successful delisting, the entire /64 became immediately de-listed. Then spam from someone within that subnet caused it to be listed again. Lather, rinse, repeat.
That tells me, that they must have a setup where individual IPv6 of a blocked /64 subnet become whitelisted.
How do you arrive at that conclusion?
*That* worked in the past for a very long time. Only recently the whitelisting is of a very short time frame.
To the best of my knowledge most if not all DNSBLs are not going to be more granular than a /64 on IPv6, nor should they be. The rest of the world besides OVH assigns a /64 per customer subnet.
if DNSBLs blocked at the /128 level, every spammer with a normal /64 subnet would have an immense (ridiculously, insanely, extremely immense) number of addresses from which to snowshoe spam. DNSBL database size would also rapidly become a problem.
You're in a very bad neighborhood with OVH when it comes to spammers. Either move to a better neighborhood or at least demand your own /64 subnet.
76 or 63 reportings in a /64 subnet aren't necessarily a hint for excessive spamming as mentioned in this thread.
76 reports or spamtrap hits within a month for a /64 is a pretty big red flag that the subnet is infested with spammers. Industry practice is one /64 per customer subnet.
See here: https://www.spamhaus.org/faqs/exploits-blocklist-xbl/#how-does-xbl-handle-ipv6-addresses
-- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop