Pete's right about how IPs get put on the lists. In fact, let us not forget that these lists were mostly created with volunteers - some still today. Many are very old lists. Enterprise networks select lists by some sort of popularity / fame - etc.. Like how they decide to install 8.8.8.8 as first - its easy and they think its better than their local ISP they pay.... yet they always call the ISP about slowness when 8.8.8.8 is for consumers and doesn't always resolve quickly. It's a tough sale.
Once had a customer's employee abuse their mail server - it made some lists. Customer complained our network is hosting spammers and sticking them in the middle of a problem that is our networks. Hard win. Took us months to get that IP off lists. That was one single IP. We did not allow them to renew their contract once the term was over. Now, they suffer with comcast for business. ;-) Thank You Bob Evans CTO > On Sun, 12 Mar 2017, Pete Baldwin wrote: > >> So this is is really the question I had, and this is why I was >> wanting to >> start a dialog here, hoping that it wasn't out of line for the list. I >> don't >> know of a way to let a bunch of operators know that they should remove >> something without using something like this mailing list. Blacklists >> are >> supposed to fill this role so that one operator doesn't have to try and >> contact thousands of other operators individually, he/she just has to >> appeal >> to the blacklist and once delisted all should be well in short order. >> >> In cases where companies have their own internal lists, or only >> update >> them a couple of times a year from the major lists, I don't know of >> another >> way to notify everyone. > > I suspect you'll find many of the private "blacklistings" are hand > maintained (added to as needed, never removed from unless requested) and > you'll need to play whack-a-mole, reaching out to each network as you find > they have the space blocked on their mail servers or null routed on their > networks. I doubt your message here will be seen by many of the "right > people." How many company mail server admins read NANOG? How many > companies even do email in-house and have mail server admins anymore? :) > > Back when my [at that time] employer was issued some of 69/8, I found it > useful to setup a host with IPs in 69/8 and in one of our older IP blocks, > and then do both automated reachability testing and allow anyone to do a > traceroute from both source IPs simultaneously, keeping the results in a > DB. If you find there are many networks actually null routing your > purchased space, you might setup something similar. > > ---------------------------------------------------------------------- > Jon Lewis, MCP :) | I route > | therefore you are > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ >
