Er - a couple of ways 1. If you run a farm of mail servers, something like splunk for your logs is kind of necessary. How difficult is it going to be to trigger a splunk alert on whatever looks like an administrative block? Either by a large provider, or by a DNS block list. 2. You can rsync spamhaus and grep for mentions of your ASN, get ISP feedback loops etc. On a larger topic - NANOG and M3AAWG (also RIPE and M3AAWG’s summer meeting in Europe) really ought to collocate or at least be back to back in the same city somewhere down the line - maybe with a day’s worth of joint sessions on topics of mutual interest (malware detection and mitigation, DDoS filtering .. there’s a lot going on in M3AAWG that’s not plain old mail or even messaging) It still won’t solve the larger problem that a lot of routing and DNS folks won’t find it of interest, but well, over the decade ++ I’ve been around M3AAWG I see an ever increasing number of (security focused, mainly) *nog regulars turn up there. —srs
On 29-Jul-2015, at 10:37 AM, Bob Evans <bob@FiberInternetCenter.com> wrote:
I see that point - however, spamhaus has become a haus-hold word these days and everyone runs into these issues....its not malware or bots we block from a network level blackhole. Yet it is basic network operations these days to have to deal with someone complaining about their hacked mail server is now fixed yet they cant get mail. We usually tell them the quickest way is to address spamhaus to get it removed and in parallel also move the mail server to a new IP and change the dns and rDNS to the new one. It gets us out of having to help with these RBL issues.
When an RBL sends a notice we jump on it and get it to the customer...however, they usually dont send us or the customer anything.