On Mon, Aug 11, 2014 at 9:06 AM, Tony Hain <alh-ietf@tndh.net> wrote:
I have found the scaling is better if you make it the abusing providers problem to contact you.
It scales BEAUTIFULLY .. until your peer in support starts to yell at you about the off the scale ticket volume you've managed to dump on him with your nullroute. In other words, your abusing provider isn't as likely to contact you as your own customers, after they suddenly have a lot of users unable to access their service.
Whenever a range gets blocked, the bounce message tells the mail originator to take their money and find a new hosting provider that does not support/tolerate spam.
I thought we were actually talking about filtering random ssh attempts? Oh, ok - so this discussion drifted into SMTP. Good - what I said earlier applies earlier, in spades - end users will start to contact your peers on the postmaster desk. So - block by all means, but be well prepared to handle the ticket volume (and always bear in mind your role is ALSO to deliver legit mail to your users). And for god's sake provide proper error messages with a URL that gives sufficient information as to why there's a block in the first place.
The down side is that it requires the legitimate originator to pay attention to the bounce and decide they want to take action.
I would suggest a trip to a future MAAWG meeting. --srs -- Suresh Ramasubramanian (ops.lists@gmail.com)