I know everyone is tired of IP address issues, and even more tired of spam, but I think this has some operational content. I'm sure that a good number of network operators have set up null0 routes for some of the more annoying spam sites, and I'm pretty sure that many people are sending whole /24s and maybe even larger blocks to null0 because of lack of response by the spam sites. What is going to happen when the spammers find that they are unable to reach 30% of their mailing list because of null0 routes? The spam sites just renumber into another network. Eventually the spam sites, or their upstream provider, will have to request more addresses from Arin, and this is where we might be able to gain another tool to fight spam. All address allocation requests have to be justified, I think that we can use this to prevent additional allocations to spam sites. The reasoning is that spam sites are not using their previously allocated space efficiently, and have poisoned their existing blocks enough so that even if they were to give them back to Arin, Arin would be in a very perilous legal position if they were to re-allocate these block. Basically, once an address is associated with spam, it is not going to be globally reachable until all null0 routes for it are removed. I'm open to any and all comments, suggestions, corrections, or flames on this. Jeremiah
On Thu, 11 Sep 1997, Jeremiah Kristal wrote:
because of lack of response by the spam sites. What is going to happen when the spammers find that they are unable to reach 30% of their mailing list because of null0 routes? The spam sites just renumber into another
Are there still spammers that don't use "innocent" relays to spread their junk? As long as there are reachable relaying servers somewhere on the net, the spammers have nothing to worry about.
network. Eventually the spam sites, or their upstream provider, will have to request more addresses from Arin, and this is where we might be able to gain another tool to fight spam.
How many spam houses have their own CIDR blocks? Not having looked, I'd guess few if any. ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
Jon Lewis boldly claimed:
On Thu, 11 Sep 1997, Jeremiah Kristal wrote:
because of lack of response by the spam sites. What is going to happen when the spammers find that they are unable to reach 30% of their mailing list because of null0 routes? The spam sites just renumber into another
Are there still spammers that don't use "innocent" relays to spread their junk? As long as there are reachable relaying servers somewhere on the net, the spammers have nothing to worry about.
Yes. freerelay.cyberpromo.com freerelay2.cyberpromo.com freerelay3.cyberpromo.com
network. Eventually the spam sites, or their upstream provider, will have to request more addresses from Arin, and this is where we might be able to gain another tool to fight spam. How many spam houses have their own CIDR blocks? Not having looked, I'd guess few if any.
Not many.. only the big ones. If you're going to get into denying address space to anyone that can justify it, because of their line of work, you're getting into a very large sticky issue, which is seperate from spamming, which is ip assingment policy. The problem is that any sort of blacklist maintained by more than one person in their spare time gets into very sticky legal issues, and should not be touched here on nanog. -- ----------------- jared@puck.nether.net - Nether Network ------------------ Don't answer the phone. Don't open the door. finger jared@puck.nether.net for pgp key
On Thu, 11 Sep 1997, Jared Mauch wrote:
Are there still spammers that don't use "innocent" relays to spread their junk? As long as there are reachable relaying servers somewhere on the net, the spammers have nothing to worry about.
freerelay.cyberpromo.com
Cyberpromo must work both ways then. I've gotten spams recently that originated at cyberpromo but were relayed through any number of unrelated sites across the world.
How many spam houses have their own CIDR blocks? Not having looked, I'd guess few if any.
Not many.. only the big ones. If you're going to get into denying
Do any really? I'd be amazed if cyberpromo could justify enough IP's to get a globally routable CIDR block. As was already mentioned, having large blocks of IP's that are nearly unusable because they are in so many blacklists should obviously not be a valid "use" of IP space, and should not be justification for getting more space.
The problem is that any sort of blacklist maintained by more than one person in their spare time gets into very sticky legal issues, and should
Depends on how you maintain, distribute, and talk about it. ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
participants (3)
-
Jared Mauch -
Jeremiah Kristal -
Jon Lewis