I am for naming the companies that extort for via RBLs. Spamming is so
wide spread even the domain name company Godaddy leveraged it as a profit
center.
Godaddy, in it's early beginnings. Years ago.
I know from experience that this happensGodaddy demanded money from me
for spamming. I had to
On 3/20/2017 10:25 AM, Mike Hammett wrote:
He did mention Hotmail.
I have no idea which blacklist is allegedly charging $2500 for
investigating a listing. (I wonder if he meant to type $25.00?) Either
way, I don't know who that is.
But I will say that, in general, many requesting a delistin
> On Mar 19, 2017, at 8:32 PM, Justin Wilson wrote:
>
>
> Then you have the lists which want money to be removed. I have an IP that
> was blacklisted by hotmail. Just a single IP. I have gone through the
> procedures that are referenced in the return e-mails. No response. My next
> step s
Mike Hammett
> Intelligent Computing Solutions
>
> Midwest Internet Exchange
>
> The Brothers WISP
>
> - Original Message -
>
> From: "Josh Reynolds"
> To: "Justin Wilson"
> Cc: "NANOG"
> Sent: Monday, March 20, 2017 9:06:00 AM
He did mention Hotmail.
-
Mike Hammett
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
- Original Message -
From: "Josh Reynolds"
To: "Justin Wilson"
Cc: "NANOG"
Sent: Monday, March 20, 2017 9:06:00 AM
Su
Would you mind naming the company so that they can be publicly shamed? That
is nothing sort of extortion.
On Mar 19, 2017 10:36 PM, "Justin Wilson" wrote:
>
> Then you have the lists which want money to be removed. I have an IP that
> was blacklisted by hotmail. Just a single IP. I have gone th
Which one was it that demanded 2500?
There's only one reasonably well known pay for whitelisting type of blocklist
but I'd have thought they're a lot cheaper.
--srs
> On 20-Mar-2017, at 9:02 AM, Justin Wilson wrote:
>
> Then you have the lists which want money to be removed. I have an IP tha
Then you have the lists which want money to be removed. I have an IP that was
blacklisted by hotmail. Just a single IP. I have gone through the procedures
that are referenced in the return e-mails. No response. My next step says
something about a $2500 fee to have it investigated. I know se
Pete's right about how IPs get put on the lists. In fact, let us not
forget that these lists were mostly created with volunteers - some still
today. Many are very old lists. Enterprise networks select lists by some
sort of popularity / fame - etc.. Like how they decide to install 8.8.8.8
as first -
On Sun, 12 Mar 2017, Pete Baldwin wrote:
So this is is really the question I had, and this is why I was wanting to
start a dialog here, hoping that it wasn't out of line for the list. I don't
know of a way to let a bunch of operators know that they should remove
something without using som
Hi,
This is why I moved away from static black lists years ago. When the
68/8 and 24/8 blocks were released and tons of networks had it blocked
since it was "reserved" I observed and felt the pain.
My networks are small, and I rely on things such as fail2ban which auto
remove the blocks.
So this is is really the question I had, and this is why I was
wanting to start a dialog here, hoping that it wasn't out of line for
the list. I don't know of a way to let a bunch of operators know that
they should remove something without using something like this mailing
list. Blackl
So just to be clear here, the reason I made this post isn't to have
some help with removing our block from 'official' blacklists around the
world. We checked the lists and we weren't on them. The last (known)
list this block was on was in September 2016, so just over 6 months ago
now, a
Den 12/03/2017 kl. 19.40 skrev Rob McEwen:
On 3/12/2017 2:00 PM, Baldur Norddahl wrote:
Sorry but this is not true. The address space does not lose that much in
value and in fact most address space that has been used for end users is
already tainted in the same way (due to botnets etc).
Also
Den 12/03/2017 kl. 19.24 skrev Rob McEwen:
On 3/12/2017 2:00 PM, Baldur Norddahl wrote:
Den 12/03/2017 kl. 18.49 skrev Rob McEwen:
This motivation goes a LONG way towards countering the profit motives
that hosters/ISPs/Datacenters/ESPs have in selling services to
spammers - there is MUCH mone
We used giglinx.There was a third party that was validating the
blocks, and they/we caught a lot of issues with the first block for offer.
This was the second block offered, and it looked decent, but I never
personally checked the /16 parent. I was only looking at the /18. The
reason I
Looks like it was taken off the list in Sept 2016. I suppose this could
be the reason why our block is still listed in various networks, even
though it's not on a known 'official' list.
Thanks for the tip Mike.
-
Pete Baldwin
Tuckersmith Communications
(P) 519-565-2400
(C) 519-441-738
The previous owner was XELAS Software in Marina Del Ray, California. I
still see it listed on some geoIP databases, but those have been cleaned
for the most part.
I'm not sure if someone had it before them and they just got rid of it
because of these issues, so I don't want to point fingers a
Their first problem is that
> they are trying to tow a boat with their bicycle.
>
Fair statement for anyone who has not deployed ipv6 and thinks emailing
nanog to get them off a blacklist will help.
> --
> Rob McEwen
>
>
>
On 3/12/2017 2:00 PM, Baldur Norddahl wrote:
Sorry but this is not true. The address space does not lose that much in
value and in fact most address space that has been used for end users is
already tainted in the same way (due to botnets etc).
Also, you're comparing apples-to-oranges. Dynamica
On 3/12/2017 2:00 PM, Baldur Norddahl wrote:
Den 12/03/2017 kl. 18.49 skrev Rob McEwen:
This motivation goes a LONG way towards countering the profit motives
that hosters/ISPs/Datacenters/ESPs have in selling services to
spammers - there is MUCH money to be made doing so. But the longer
term rep
On Sun, Mar 12, 2017 at 7:53 PM, Baldur Norddahl
wrote:
>
>
> Den 12/03/2017 kl. 18.14 skrev Brielle Bruns:
>
>> http == TCP
>> DNS == (usually) UDP
>>
>> Big difference here. One requires a three way handshake tearup/teardown,
>> the other does not.
>>
>> It is not an apples to apples compariso
Den 12/03/2017 kl. 18.49 skrev Rob McEwen:
This motivation goes a LONG way towards countering the profit motives
that hosters/ISPs/Datacenters/ESPs have in selling services to
spammers - there is MUCH money to be made doing so. But the longer
term repercussions of damaged IP reputation makes
Den 12/03/2017 kl. 18.14 skrev Brielle Bruns:
http == TCP
DNS == (usually) UDP
Big difference here. One requires a three way handshake
tearup/teardown, the other does not.
It is not an apples to apples comparison.
You can replicate (download) the whole WHOIS if you need to. There is
al
On 3/12/2017 11:40 AM, valdis.kletni...@vt.edu wrote:
How does Spamhaus find out the block has been resold?
How do other DNS-based blacklist operators find out?
Spamhaus and other reasonable and well-run DNSBLs:
(1) have reasonable auto-expiration mechanisms (which cover the vast
majority of
On Sun, Mar 12, 2017 at 11:11 AM, Chuck Church wrote:
> Maybe a silly idea, but shouldn't the sale of a block of addresses
> (RIR ownership change) trigger a removal of that block from all reputation
> list databases?
Hi Chuck,
You're talking about 50+ database operators half of which don't
iden
On Sun, Mar 12, 2017 at 05:59:59PM +0200, Chris Knipe wrote:
> It's a loosing battle, and a failed system. Don't blame the purchaser,
> it's a lack of oversight on the part of who ever does the blacklisting.
You bought damaged goods which aren't fit for the purpose you have in mind.
If you had p
On 3/12/17 10:38 AM, Chris Knipe wrote:
On Sun, Mar 12, 2017 at 6:17 PM, wrote:
On Sun, 12 Mar 2017 17:59:59 +0200, Chris Knipe said:
Sure, that will work. (And no, the problem isn't the number of http hits
on the registries. 35,840,000,000 hits per day is the easy part...)
And yet, ther
On 3/12/17 9:11 AM, Chuck Church wrote:
Maybe a silly idea, but shouldn't the sale of a block of addresses
(RIR ownership change) trigger a removal of that block from all
reputation list databases? If I buy a car from a police auction, I'm
fairly sure the FBI doesn't start tailing me, because th
On Sun, 12 Mar 2017 18:38:21 +0200, Chris Knipe said:
> On Sun, Mar 12, 2017 at 6:17 PM, wrote:
> > on the registries. 35,840,000,000 hits per day is the easy part...)
> And yet, there's no problems of BILLIONS of queries against RBL DNS servers?
As I said, that's not the problem.
pgp2uqJvhXP
On Sun, Mar 12, 2017 at 6:17 PM, wrote:
> On Sun, 12 Mar 2017 17:59:59 +0200, Chris Knipe said:
>
>
> Sure, that will work. (And no, the problem isn't the number of http hits
> on the registries. 35,840,000,000 hits per day is the easy part...)
>
And yet, there's no problems of BILLIONS of quer
On Sun, 12 Mar 2017 17:59:59 +0200, Chris Knipe said:
> > How do all the AS's that have their own internal blacklists find out that
> > they should fix their old listings? (Note that this is the exact same
> > problem
> > as "We got blacklisted because of a bad customer, we axed the customer, but
On Sun, Mar 12, 2017 at 5:59 PM, Baldur Norddahl
wrote:
> They could watch the routing table and notice which ASN is actually using
> the address space. In fact ASN reputation might work better than IP space
> reputation.
>
+1
And not only the originating ASN, but to a lesser extend, adjacent
On Sun, Mar 12, 2017 at 5:40 PM, wrote:
>
> How does Spamhaus find out the block has been resold?
>
> How do other DNS-based blacklist operators find out?
>
>
>From the REGISTRY as the ultimate custodian of the IP block.
> How do all the AS's that have their own internal blacklists find out th
They could watch the routing table and notice which ASN is actually using
the address space. In fact ASN reputation might work better than IP space
reputation.
Fact is that the current approach does nothing to stop spammers from
swapping space when they are done abusing one space. The argument tha
On Sun, Mar 12, 2017 at 11:11:41AM -0400, Chuck Church wrote:
> Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR
> ownership change) trigger a removal of that block from all reputation
> list databases?
If we'd not seen many, MANY instances where this was done as a ruse
to p
On Sun, 12 Mar 2017 11:11:41 -0400, "Chuck Church" said:
> Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR
> ownership change) trigger a removal of that block from all reputation list
> databases? If I buy a car from a police auction, I'm fairly sure the FBI
> doesn't start
Chuck,
* Chuck Church (chuckchu...@gmail.com) wrote:
> Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR
> ownership change) trigger a removal of that block from all reputation list
> databases? If I buy a car from a police auction, I'm fairly sure the FBI
> doesn't start
og.org] On Behalf Of Justin Wilson
Sent: Sunday, March 12, 2017 10:51 AM
To: NANOG
Subject: Re: Purchased IPv4 Woes
I am interested in what broker you used as
well. We have used a few that do a little due
diligence on their end, but we still do our
own. We have seen an auction pulled due to
d for less than legal
purposes. New owner, clean slate.
Chuck
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Justin Wilson
Sent: Sunday, March 12, 2017 10:51 AM
To: NANOG
Subject: Re: Purchased IPv4 Woes
I am interested in what broker you used as well. We
I am interested in what broker you used as well. We have used a few that do a
little due diligence on their end, but we still do our own. We have seen an
auction pulled due to the space having a bad reputation, but we were the ones
who had to step up and say something.
Justin Wilson
j...@
Validating is a lot of work, but you have to do it. I know there are lots
of blocks with RBL problems. Some spammers make so much money, they easily
afford to buy small blocks , abuse them to make money, buy more blocks and
put the olds up for sale. Careful price is rarely a tell about a bad
block.
Indeed.
Let this be a lesson: when purchasing blocks, one MUST do their due
diligence. Check the RBLs, senderbase, previous owner reputation, etc.
before buying.
Caveat emptor.
On 3/11/17 3:13 PM, Martin Hannigan wrote:
Which broker did you use fot the transaction?
Did you get a discount
Which broker did you use fot the transaction?
Did you get a discount for knowingly accepting a dirty block or is this a
surprise?
Are folks asking for warranties on acquired addresses these days?
Cheers,
-M<
Best,
-M<
On Fri, Mar 10, 2017 at 12:11 Pete Baldwin wrote:
> Hi All,
>
>
It looks like Spamhaus has your entire /16.
https://stat.ripe.net/163.182.192.0%2F18#tabId=anti-abuse
On Fri, Mar 10, 2017 at 10:01 PM, Laurent Dumont
wrote:
> Out of curiosity, who were the previous owner(s), it seems that ARIN only
> shows the current owner with any history? If it was a Chin
Out of curiosity, who were the previous owner(s), it seems that ARIN
only shows the current owner with any history? If it was a
Chinese/Russian block, you might be out of luck.
On 03/10/2017 12:00 PM, Pete Baldwin wrote:
Hi All,
Hopefully this is not taken in bad taste. Our organizatio
46 matches
Mail list logo
