I would like to call on organizations that provide IP reputation information to have methods available for network operators to determine if they are on their lists, what their reputation is, what it means, optionally evidence, and a means of removal of negative information. Near real-time notice of changes in your status would be recommended as well. If those wants sound ridiculous, nearly that same list of wants is provided by e-mail SPAM DNSRBL maintainers so it isn't exactly unprecedented.
I recently interacted with an organization that provides IP reputation information as a component in a larger security offering. A particular eyeball network couldn't get to a number of large web destinations. After some prodding of the company providing the security offering, it was determined that the prefix in question was because on a scale of 0 to 10 with 0 being the best and 10 being the worst, that prefix had a score of 1. They claimed they could do nothing about it as their client (the web site being visited) had that in their control. That's a half-truth. The company providing that IP reputation put them on the list (for whatever reason), while the web site chose whatever metrics to block. Their proposed solution was to contact every web site there were issues with and request that they fix it. Okay, so an eyeball is supposed to reach out to dozens of major brands and get someone that understands the situation and can resolve it in a reasonable time frame? Most of these brands take days to address core things dealing with their core product or service, much less getting someone in IT to whitelist a prefix. I'm sorry, that's not a realistic solution. If not a proactive alert (like a SPAM feedback loop), they need an easy form to fill out and after some automated means of verification (ASN or IP whois contact lookup), spill the beans on who, what, where, why, and how to get it fixed. I'm not saying there was no valid reason to put them on the list. There's no easy way to determine that they're on the list, why, and any means of getting removed from the list when the problem is fixed. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP
