On Thu, 27 Feb 2003, Kai Schlichting wrote:
Secrecy over a public resource = no oversight = facilitator of abuse.
Why do I get the distinct feeling that this "move" by Level3 is aimed not at creating greater customer privacy (it never served POC email addresses), or protecting themselves from getting their customer base poached by other providers, but at preventing people from identifying spamming Level3 customers (of which they seem to have 100's) by organization name and being able to correlate activity from different netblocks of theirs.
Though I agree, Level3 seems to host a good number of spammers, they're by no means the only guilty party. Pulled at random from recent spams I've submitted to NJABL are 69.6.4.104, 69.6.4.114, and 69.6.4.156. whois @arin.net yields the following: ... NetRange: 69.6.0.0 - 69.6.63.255 CIDR: 69.6.0.0/18 NetName: WHOLE-2 NetHandle: NET-69-6-0-0-1 Parent: NET-69-0-0-0-0 NetType: Direct Allocation NameServer: NS1.WHOLESALEBANDWIDTH.COM NameServer: NS2.WHOLESALEBANDWIDTH.COM ... Where are the swips? The rest of that record makes no mention of an rwhois server. Doing a bunch of whois requests for IPs in that block, I found only one swip (for a /21). I realize the ARIN regs don't seem to require that reassignment info be made available to the public (just to ARIN), but using your innocent customers (if there are any) as a shield to hide your spammer customers is just wrong. Should I block 69.6.4.0/24 from sending email into my systems? 69.6.0.0/18? http://www.njabl.org/cgi-bin/lookup.cgi?query=69.6.4.104 http://www.njabl.org/cgi-bin/lookup.cgi?query=69.6.4.114 http://www.njabl.org/cgi-bin/lookup.cgi?query=69.6.4.156 ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________