--On February 10, 2006 11:29:36 AM -0500 Todd Vierling <tv@duh.org> wrote:
On Fri, 10 Feb 2006, Suresh Ramasubramanian wrote:
And then a few other well chosen blocklists (not the "block all traffic from a country" variety at all)
These days, a lot of smallish ISP's are blocking CNNIC and/or KRNIC space wholesale.
As for CN, the truth of the matter is, the Golden Shield is a very internally oriented (not just xenophobic) filter. CN cares a whole bunch what the rest of the world does to its people. CN doesn't care nearly at all what its people do to the rest of the world. Quite the double standard.
The social problem will not be fixed in the foreseeable future, so we have to settle for an imperfect technical solution -- for now. For some operations, the spew level is so high that blanket blocking CNNIC is the only reasonably maintainable option.
I'm not (yet) blanket blocking the entire IP space in those countries, but I am blocking huge swaths at the mailserver. Not network wide though. It won't be long before they collectively earn such large blocking at the mailservers I control. On the larger of them we reject anywhere from 6-20k attempts/day per inbound server. Almost all of them do exact numbers of attempts (15, 20, and 50 are very common per ip number attempts). I haven't looked into it any further but we haven't heard any customer complaints.