On Thu, 5 Apr 2012, Drew Weaver wrote:
Now, if we could only teach Senderbase that if their customers receive
'questionable' smtp traffic from 1 IP address in a /24 it doesn't mean that all IP addresses in that /24 are malicious we'd really be living it up in 2012.
On 5 April 2012 09:48, <goemon@anime.net> wrote:
This is often the only way to get peoples attention and get action.
Providers dont care about individual /32's and will let them sit around and spew nigerian scams and pill spams without any consequences.
But they will care about a /24.
-Dan
If the purpose of blacklist is to block spam for recipients using that blacklist then a /32 works. If the purpose of a blacklist is to annoy providers then a /24 works. The most reputable and useful blacklists IMHO are Spamhaus and Spamcop - they don't block /24s. Spamhaus sometimes does if your rwhois shows that a large amount of the /24 is owned by the offending party but generally they don't. In my opinion a blacklist is useful when it notifies a provider of a listing, provides the reason for the listing and gives you a way to remove the listing. Spamhaus encourages companies to resolve all the issues while only blocking /32s by showing all the listings under your responsibility and making nice to see that list empty. Pretty simple. Incidentally SORBS usually blocks /24s and, as far as I know, provides no way for you to lookup all listings under a providers responsibility (by AS or otherwise). Incidentally, I have yet to see anything from Proofpoint, SORBS or their support system regarding the access issues we are having to their system. If anyone has another contact at Proofpoint other than Girish I'd appreciate knowing what it is. --- Landon Stewart <lstewart@superb.net <mailto"LStewart@Superb.Net>> Sr. Administrator Systems Engineering Superb Internet Corp - 888-354-6128 x 4199 Web hosting and more "Ahead of the Rest": www.superb.net