*nods* So many of those organizations are broken. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Forrest Christian (List Account) via NANOG" <nanog@lists.nanog.org> To: "North American Network Operators Group" <nanog@lists.nanog.org> Cc: "Forrest Christian (List Account)" <lists@packetflux.com> Sent: Thursday, May 29, 2025 6:04:30 AM Subject: Re: Amazon AWS cloudfront WAF block You do realize that some organizations have such a broken support and contact system that often a legal threat or a formal complaint with a regulator is necessary to get said organizations to even discuss an issue? I read the original message as "I'm frustrated that we're trying to do the correct things here but I can't get anyone to tell us what we're doing wrong so we can either stop the behavior or get a record corrected". This is a lot different than "we're a spammer and we're going to sue a dnsbl for interfering with our business". If amazon had a well defined process for legitimate ISPs to be able to open a ticket to resolve issues with their netblocks, I doubt anyone in this thread would be discussing having lawyers write letters. And if I'm mistaken and there is a well defined way for a non-AWS-customer ISP to address these types of issues with Amazon, I'd love to hear what it is. On Wed, May 28, 2025, 8:08 PM Andrew Kirch via NANOG <nanog@lists.nanog.org> wrote:
Are we really going to repeat the blatant stupidity of spammers 15-20 years ago who tried to file SLAPP (
https://en.wikipedia.org/wiki/Strategic_lawsuit_against_public_participation ) suits against DNSBL ( https://en.wikipedia.org/wiki/Domain_Name_System_blocklist) operators? Did we learn nothing from history?
Please have your lawyers review the Spamhaus lawsuit, and other state and federal lawsuits filed by spammers against DNSBL operators (like me!) before you file a SLAPP suit. We always win. We win so much it's getting boring.
Our state and federal courts have ruled in every case I am aware of that publishing lists of hosts who violate or have violated the behavioral norms of the Internet and society at large is protected under 47 USC 230’s good samaritan clause (c)(2)(A) and (B). In fact my right to publish a list that says your IPs, IP blocks, DNS, or any other technical means of identifying your content or traffic as not reputable EXCEEDS your constitutional rights to protected speech. During the 2004 and 2008 US presidential elections we reputation listed both major parties' presidential campaigns for sending unsolicited bulk email. Their legal recourse was to go away and deal with it. When a major email provider was in a very long beta, and it was exploited to send CSAM randomly around the internet, we reputation listed it.
Reputation lists are protected speech. Anyone who wishes to use these lists may do so for any reason they wish, or none at all. Legal threats with no merit in law are "otherwise objectionable" https://en.wiktionary.org/wiki/cartooney. You are actually quite lucky that my list isn't still operating. We routinely reputation listed sources of idiotic legal threats (cartooneys https://en.wiktionary.org/wiki/cartooney). Getting out of that reputation list required a public apology made in the same forum where the original cartooney was published.
It baffles my mind that anyone would stand up and publicly announce that they wish to be counted with spammers. Obviously none of this is legal advice, but since this is going to be archived in Google in a day or so, it should save the attorneys who are going to respond to your cartooney time in composing their reply.
In summation don't threaten reputation list providers. You will lose every time.
Andrew Kirch Former owner of the Abusive Hosts Blocking List
On Wed, May 28, 2025 at 9:25 PM Eric C. Miller via NANOG < nanog@lists.nanog.org> wrote:
We're still playing whack a mole with our IP space. I've asked our corporate counsel about sending demand letters with an accusation of tortious interference.
IP Quality Score seems to be a big nuisance. Check a few of your IPs on their website.
No silver bullets though.
Eric
________________________________ From: paul--- via NANOG <nanog@lists.nanog.org> Sent: Wednesday, May 28, 2025 10:18:55 AM To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: paul@vanilla.capetown <paul@vanilla.capetown> Subject: Amazon AWS cloudfront WAF block
Hi all
Most if not all of our prefixes are on some sort of AWS WAF deny list, that or our ASN is listed.
We are an eyeball network, geo-location websites e.g maxmind are correctly displaying the correct location and services for our prefixes.
We do not have a support contract with amazon aws to create a support ticket. Various websites are now blocked, e.g Reddit and many more. It is not feasible for us to reach out to each one to adjust their aws waf filters.
Upon emailing AWS this is their reply:
"The best course of action would be to contact Neustar and or MaxMind who are 3rd party WAF aggregators on this to address any issues with WAF blocking."
This is also not fair and frankly a rabbit hole we do not want to go down. These are also paid for services. AWS is almost holding our ASN/Prefixes as hostage to these paid for services with no easy way to check why we are being blocked, and getting off "some" list.
Anyone have an idea / contact or what to do? _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/NC6Q4WG7...
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/K7TEXONR...
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/TVB6GRMP...
- Forrest _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/K7XV2ZZM...