On Sun, Mar 12, 2017 at 5:40 PM, <valdis.kletnieks@vt.edu> wrote:
How does Spamhaus find out the block has been resold?
How do other DNS-based blacklist operators find out?
From the REGISTRY as the ultimate custodian of the IP block.
How do all the AS's that have their own internal blacklists find out that they should fix their old listings? (Note that this is the exact same problem as "We got blacklisted because of a bad customer, we axed the customer, but we're still blacklisted", which has been a an unsolved problem for decades now).
From the REGISTRY as the ultimate custodian of the IP block.
"We got blacklisted because of a bad customer, we axed the customer, but we're still blacklisted" is a FAR call from what this discussion is about. "I got blacklisted because someone else that has NO relevance to me what so ever was stupid" is more accurate. You can't punish the purchaser of an IP block, because of what previous owners of the IP block did. If I receive a dynamic IP from my ISP on dialup, and the previous user using that IP hacked the FBI... Am I now to blame because the FBI got hacked? NO! The previous user of the IP is responsible!
And it's awfully easy to game the system by just reselling the block between a group of shell companies run by bad actors.
Yes - just like we're playing ping pong with NetFlix (and others) and VPN providers because of geo restricted content too :-) It's a loosing battle, and a failed system. Don't blame the purchaser, it's a lack of oversight on the part of who ever does the blacklisting. And that, should form part of being RESPONSIBLE when you DO decide to blacklist / unblacklist IP blocks. There are FAR to many companies on the Internet that simply does what they want, when they want. I (or anyone else - I haven't purchased IP space from any other source other than registries, yet), can't be held liable for what others have done. Whether it's IP space, whether it's breaking an entering, whether it's fraud, it doesn't matter. I did not commit the act, and I can't be held liable. Your punishing the wrong person, for the wrong reason. The fact that there's companies out there, CAMPING on /8s which they do not use and yet refuse to return, is exactly why the internet is sitting in this predicament.