on Sun, Jun 22, 2008 at 01:24:43PM -0500, Al Iverson wrote:
I'm not going to pretend I manage inbound mail service for thousands-to-millions of users (as most of the participants of other lists like SPAM-L are fond of imagining themselves), but I know enough about how IP reputation systems work at ISPs to know that if I did manage inbound mail for such a userbase, the EC2 IPs would be blocked repeatedly and often, and there would come a point where the blocks escalate to /24s and larger, and there would come a point where the blocks are removed slower and less often.
I don't pretend to manage inbound mail service for more than dozens, but I do provide a service via enemieslist that is indirectly used by millions, and out of the over 32K rDNS naming conventions I've catalogued and classified, in terms of their dynamicity/staticity/etc., only four are related to Amazon/EC2. Now, if the entire 'Net moved to a cloud computing model, I could agree with Paul that this would be the end of IP reputation. But I'm only aware of two such services (Amazon EC2 and Media Temple's gridserver.com) in widespread use, so I haven't bothered to come up with a new classification for them, and treat them as essentially dynamic (with gridserver.com also classified as 'webhost'). I moved away from the strictly IP-based reputation model several years ago (though I still use DNSBLs as a practical tool), and instead treat classes of IPs as a set about which certain reputation-ish qualities can be asserted, which works very well in a scoring-style context. Steve -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/ antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/