On March 26, 2014 at 22:17 owen@delong.com (Owen DeLong) wrote:
Then the spammers will grab /48s instead of /64s. Lather, rinse, repeat.
Hang on, do spammers "grab" address blocks? Ok, I'm sure it happens, this is not an existence proof. But is that really a significant characterization of their behavior? That they go to an RIR or ISP and get an address block allocation? I mean post-Ralsky (almost obscure historical spam reference.) It seems like ALL the spam I see is purloined resources: botnets, unauthorized use of (usually misconfigured) mail servers, web software holes, free sites in general (such as google groups but also those "community" free sites), etc. I suppose this is the place where someone just says: "Yes, Barry, it is" and considers the matter settled but it sure doesn't match my experience. We block a lot of /24s (like about 150,000 right now) and even a few larger chunks but not because they're owned by spammers but because they're repeatedly ABUSED by spammers. But unfortunately they're just about always owned by people/companies who believe they're legitimate but just can't seem to keep the spammers from abusing them over and over. And the chance of ham from them is so slight that one just blocks them wholesale. Well, maybe for the purpose of this discussion it's the same thing, how do you block blocks which are being abused or you want to block for whatever reason. -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada Software Tool & Die | Public Access Internet | SINCE 1989 *oo*