At 07:42 PM 24-09-03 -0400, Richard Welty wrote:
the blacklisting of ISP ranges is very rare, it only occurs perhaps once a year, in extreme cases. several years ago, the sbl listed sprint's coporate mail servers during a period when sprint was providing connectivity for many spamhausen. sprint responded by appointing a new head of abuse, and giving him the power to terminate spammers. sprint's corporate mail servers were delisted, and their network is now fairly clean. we don't jokingly call their service "sprintpink" any more.
AS3339 has a zero tolerance for spamming. With just one spam complaint we block the IP in question. We have a downstream customer that has many cybercafes in Africa that generate http and smtp spam and we block each complaint within 48 hours. None the less, here is a recent email extract I received from someone: "Hank, I am not a Spamhaus.org representative in any shape or form. I do not claim to speak for Spamhaus.org in any capacity. The University of xxxxxx is, however, a customer (i.e. as of this morning, we block e-mails from IP addresses listed on Spamhaus SBL). I am just guessing what might happen if the problem is not sorted out. I am sure you already know that the standard escalation procedure for many blocklists is first to block the single offending IP address, then the immediate smallest block that it is contained in according to WHOIS, then the entire block of the ISP, and if that fails to stop the spam, then the corporate MXes of the upstream ISP may be blocklisted." Basically, we are being told if we don't drop the customer, our corporate MXes will be blocked. I would not call this an "extreme case", but it would appear that overzealous anti-spammers are perhaps going a bit overboard. Regards, Hank