RE: Abuse procedures... Reality Checks
From: "Frank Bulk" <frnkblk@iname.com> Subject: RE: Abuse procedures... Reality Checks Date: Sat, 7 Apr 2007 16:20:59 -0500
If they can't hold the outbound abuse down to a minimum, then I guess I'll have to make up for their negligence on my end.
Sure, block that /29, but why block the /24, /20, or even /8? Perhaps your (understandable) frustration is preventing you from agreeing with me on this specific case. Because what you usually see is an IP from a /20 or larger and the network operators aren't dealing with it. In the example I gave it's really the smaller /29 that's the culprit, it sounds like you want to punish a larger group, perhaps as large as an AS, for the fault of smaller network.
BLUNT QUESTIONS: *WHO* pays me to figure out 'which parts' of a provider's network are riddled with problems and 'which parts' are _not_? *WHO* pays me to do the research to find out where the end-user boundaries are? *WHY* should _I_ have to do that work -- If the 'upstream provider' is incapable of keeping _their_own_house_ clean, why should I spend the time trying to figure out which of their customers are 'bad guys' and which are not? A provider *IS* responsible for the 'customers it _keeps_'. And, unfortunately, a customer is 'tarred by the brush' of the reputation of it's provider.
Smaller operators, like those that require just a /29, often don't have that infrastructure. Those costs, as I'm sure you aware, are passed on to companies like yourself that have to maintain their own network's security. Again, block them, I say, just don't swallow others up in the process.
If the _UPSTREAM_ of that 'small operator' cannot 'police' its own customers, Why should _I_ absorb the costs that _they_ are unwilling to internalize? If they want to sell 'cheap' service, but not 'doing what is necessary', I see no reason to 'facilitate' their cut-rate operations. Those who buy service from such a provider, 'based on cost', *deserve* what they get, when their service "doesn't work as well" as that provided by the full-price competition. _YOUR_ connectivity is only as good as the 'reputation' of whomever it is that you buy connectivity from. You might want to consider _why_ the provider *keeps* that 'offensive' customer. There would seem to be only a few possible explanations: (1) they are 'asleep at the switch', (2) that customer pays enough that they can 'afford' to have multiple other customers who are 'dis-satisfied', or who may even leave that provider, (3) they aren't willing to 'spend the money' to run a clean operation. (_None_ of those seems like a good reason for _me_ to spend extra money 'on behalf of' _their_ clients.)
BLUNT QUESTIONS: *WHO* pays me to figure out 'which parts' of a provider's network are riddled with problems and 'which parts' are _not_?
I don't know the answer in your case, but in my case the answer is my employer. More specifically, my employer pays me to block junk and let good traffic* through; that mandate does not include "block networks that we have no reason to believe are junk in hopes of inflicting enough collateral damage to force the spammers' upstream to clean up its act." If your customers/employer/whomever understand they may miss data they wanted to receive in order to help you put pressure on lazy/abusive/incompetent ISPs, and they're okay with that, more power to 'em. I think probably more people are in my boat-- I can't afford to launch a crusade, I just have to keep the bits flowing. *On the other hand, in a corporate network "good traffic" can be more strictly defined; for example I block most of APNIC, half of RIPE, most of LACNIC and all of AFRINIC not because I think they're all spammy but because we get no legitimate business traffic from those regions which makes their signal-to-noise ratio effectively 0:infinite. So if you know a provider will never** send you legit messages, go ahead and block. Otherwise, **My sweeping xenoemailphobia has blocked 4 legit messages (3 of which were personal non-work-related messages) in the past 6 years, and since my reject message gives a workaround to reach me all 4 reached their intended recipient. Compared to the 5-15k messages blocked per day over that span, close enough to never for me-- and more importantly, for my boss. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
From: "Frank Bulk" <frnkblk@iname.com> Subject: RE: Abuse procedures... Reality Checks Date: Sat, 7 Apr 2007 16:20:59 -0500
If they can't hold the outbound abuse down to a minimum, then I guess I'll have to make up for their negligence on my end.
Sure, block that /29, but why block the /24, /20, or even /8? Perhaps your (understandable) frustration is preventing you from agreeing with me on
Robert: You still haven't answered the question: how wide do you block? You got an IP address that you know is offensive. Is your default policy to blacklist just that one, do the /24, go to ARIN and find out the size of that block and do the whole thing, or identify the AS and block traffic from the dozen if not hundreds of allocations they have? In only the first two cases is no research required, but I would hope that the network who wants to blacklist (i.e. GoDaddy) would do a little bit of (automated) legwork to focus their abuse control. You also have too dim and narrow a view of customer relationships. In my case the upstream ISP is a member-owned cooperative of which the sub-allocated space is either a member or a customer of a member. 1, 2, and 3 don't apply, rather, the coop works with their members to identify the source of the abuse and shut it down. It's not adversarial as you paint it to be. BTW, do you think the member-owned coop should be monitoring the outflow of dozens of member companies and hundreds of sub-allocations they have? And it's not *riddled* with abuse, it's just one abuser, probably a dial-up customer who is unwittingly infected, who while connected for an hour or two sends out junk. GoDaddy takes that and blacklists the whole /24, affecting both large and small businesses alike who are in other sub-allocated blocks in that /24. Ideally, of course, each sub-allocated customer would have their own /24 so that when abuse protection policies kick in and that automatically blacks out a /24 only they are affected, but for address conservation reasons that did not occur. Frank -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Robert Bonomi Sent: Saturday, April 07, 2007 8:41 PM To: nanog@merit.edu Subject: RE: Abuse procedures... Reality Checks this
specific case. Because what you usually see is an IP from a /20 or larger and the network operators aren't dealing with it. In the example I gave it's really the smaller /29 that's the culprit, it sounds like you want to punish a larger group, perhaps as large as an AS, for the fault of smaller network.
Smaller operators, like those that require just a /29, often don't have
BLUNT QUESTIONS: *WHO* pays me to figure out 'which parts' of a provider's network are riddled with problems and 'which parts' are _not_? *WHO* pays me to do the research to find out where the end-user boundaries are? *WHY* should _I_ have to do that work -- If the 'upstream provider' is incapable of keeping _their_own_house_ clean, why should I spend the time trying to figure out which of their customers are 'bad guys' and which are not? A provider *IS* responsible for the 'customers it _keeps_'. And, unfortunately, a customer is 'tarred by the brush' of the reputation of it's provider. that
infrastructure. Those costs, as I'm sure you aware, are passed on to companies like yourself that have to maintain their own network's security. Again, block them, I say, just don't swallow others up in the process.
If the _UPSTREAM_ of that 'small operator' cannot 'police' its own customers, Why should _I_ absorb the costs that _they_ are unwilling to internalize? If they want to sell 'cheap' service, but not 'doing what is necessary', I see no reason to 'facilitate' their cut-rate operations. Those who buy service from such a provider, 'based on cost', *deserve* what they get, when their service "doesn't work as well" as that provided by the full-price competition. _YOUR_ connectivity is only as good as the 'reputation' of whomever it is that you buy connectivity from. You might want to consider _why_ the provider *keeps* that 'offensive' customer. There would seem to be only a few possible explanations: (1) they are 'asleep at the switch', (2) that customer pays enough that they can 'afford' to have multiple other customers who are 'dis-satisfied', or who may even leave that provider, (3) they aren't willing to 'spend the money' to run a clean operation. (_None_ of those seems like a good reason for _me_ to spend extra money 'on behalf of' _their_ clients.)
Sure, block that /29, but why block the /24, /20, or even /8?
Since nobody will route less than a /24, you can be pretty sure that regardless of the SWIPs, everyone in a /24 is served by the same ISP. I run a tiny network with about 400 mail users, but even so, my semiautomated systems are sending off complaints about a thousand spams a day that land in traps and filters. (That doesn't count about 50,000/day that come from blacklisted sources that I package up and sell to people who use them to tune filters and look for phishes.) I log the sources, when a particular IP has more than 50 complaints in a month I usually block it, if I see a bunch of blocked IP's in a range I usually block the /24. Now and then I get complaints from users about blocked mail, but it's invariably from an individual IP at an ISP or hosting company that has both a legit correspondent and a spam-spewing worm or PHP script. It is quite rare for an expansion to a /24 to block any real mail. My goal is to keep the real users' mail flowing, to block as much spam as cheaply as I can, and to get some sleep. I can assure you from experience that any sort of automated RIR WHOIS lookups will quickly trip volume checks and get you blocked, so I do a certain number manually, typically to figure out how likely there is to be someone reading the spam reports. But on today's Internet, if you want to get your mail delivered, it would be a good idea not to live in a bad neighborhood, and if your ISP puts you in one, you need a better ISP. That's life. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly.
On Apr 7, 2007, at 11:27 PM, John Levine wrote: [...]
I can assure you from experience that any sort of automated RIR WHOIS lookups will quickly trip volume checks and get you blocked,
Does this happen when you only query for the network information and not the full contact information? Regards, -- Leo Vegoda IANA Numbers Liaison
On Sun, 2007-04-08 at 03:27 +0000, John Levine wrote:
But on today's Internet, if you want to get your mail delivered, it would be a good idea not to live in a bad neighborhood, and if your ISP puts you in one, you need a better ISP. That's life.
Good advise. For various reasons, a majority of IP addresses within a CIDR of any size being abusive is likely to cause the CIDR to be blocked. While a majority could be considered as being half right, the existence of the "bad neighborhood" demonstrates a lack of oversight for the entire CIDR, which is also fairly predictive of future abuse. -Doug
dotis@mail-abuse.org (Douglas Otis) writes:
Good advise. For various reasons, a majority of IP addresses within a CIDR of any size being abusive is likely to cause the CIDR to be blocked. While a majority could be considered as being half right, the existence of the "bad neighborhood" demonstrates a lack of oversight for the entire CIDR, which is also fairly predictive of future abuse.
that sounds like a continuum, but my experience requires more dimensions than you're describing. for example, this weekend two /24's were hijacked and used for spam spew. as my receivebot started blackholing /32's, the sender started cycling to other addresses in the block. each address was used continuously until it stopped working, then the next address came in. while there were two /24's and two self-similar spam flows, there was not a strict mapping of spam flow to packet flow -- both /24's emitted both kinds of spam. "uniq -c" results are below. i've nominated both blocks to the MAPS RBL, and i can't tell from whois whether it's worthwhile to complain to the ISP's. would you say that i've learned anything of predictive value concerning future spam from the containing /17 (CARI) or /15 (THEPLANET)? or is this just another run of the mill BGP hijack due to some other ISP's router having enable passwords still set to the factory default? (we all owe randy bush a debt of gratitude for pushing on RPKI, by the way. anybody can complain about the weather but very few people do something about it.) 7 67.18.239.66 2 67.18.239.67 1 67.18.239.68 1 67.18.239.69 2 67.18.239.70 5 67.18.239.71 1 67.18.239.82 1 67.18.239.83 2 67.18.239.85 2 67.18.239.87 1 67.18.239.88 3 67.18.239.89 2 67.18.239.91 2 67.18.239.92 3 67.18.239.93 4 67.18.239.94 1 71.6.213.103 1 71.6.213.105 1 71.6.213.108 4 71.6.213.159 1 71.6.213.16 5 71.6.213.160 1 71.6.213.161 7 71.6.213.162 8 71.6.213.163 6 71.6.213.166 1 71.6.213.168 6 71.6.213.170 6 71.6.213.171 2 71.6.213.172 6 71.6.213.176 5 71.6.213.179 6 71.6.213.180 2 71.6.213.181 3 71.6.213.182 3 71.6.213.19 3 71.6.213.190 1 71.6.213.191 1 71.6.213.193 1 71.6.213.202 2 71.6.213.23 5 71.6.213.26 3 71.6.213.32 5 71.6.213.65 4 71.6.213.75 6 71.6.213.8 1 71.6.213.80 1 71.6.213.87 1 71.6.213.94 1 71.6.213.96 -- Paul Vixie
On Apr 8, 2007, at 9:03 PM, Paul Vixie wrote:
dotis@mail-abuse.org (Douglas Otis) writes:
Good advise. For various reasons, a majority of IP addresses within a CIDR of any size being abusive is likely to cause the CIDR to be blocked. While a majority could be considered as being half right, the existence of the "bad neighborhood" demonstrates a lack of oversight for the entire CIDR, which is also fairly predictive of future abuse.
that sounds like a continuum, but my experience requires more dimensions than you're describing. for example, this weekend two / 24's were hijacked and used for spam spew.
Agreed. This was expressed recently as well. http://www.merit.edu/mail.archives/nanog/msg05351.html CIDRs should also conform with ASN boundaries and reputation tracks with announcements. Unfortunately an effort to create a black-hole operator's BCP failed to consider these issues. Many building their own reputation histories will also likely ignore this concern. This means John's advice remains valid, whether fair or not. Adopting transient tracking methods cope with this problem. -Doug
On Mon, 9 Apr 2007, Paul Vixie wrote:
than you're describing. for example, this weekend two /24's were hijacked and used for spam spew. as my receivebot started blackholing /32's, the
Why do you think they were hijacked ? At least for your second block:
1 71.6.213.103 ....
I've had that /24 blocked since 4/4/07. I have spam attempts for that domain going back to Feb 13 2007, but it didn't have reverse DNS set up until 4/4 so nothing got through. ========================================================== Chris Candreva -- chris@westnet.com -- (914) 948-3162 WestNet Internet Services of Westchester http://www.westnet.com/
* Douglas Otis:
On Sun, 2007-04-08 at 03:27 +0000, John Levine wrote:
But on today's Internet, if you want to get your mail delivered, it would be a good idea not to live in a bad neighborhood, and if your ISP puts you in one, you need a better ISP. That's life.
Good advise.
Yeah, it's a damn good reason to get PI space. Unfortunately, that isn't without cost for everyone else.
Florian Weimer wrote:
* Douglas Otis:
On Sun, 2007-04-08 at 03:27 +0000, John Levine wrote:
But on today's Internet, if you want to get your mail delivered, it would be a good idea not to live in a bad neighborhood, and if your ISP puts you in one, you need a better ISP. That's life. Good advise.
Yeah, it's a damn good reason to get PI space. Unfortunately, that isn't without cost for everyone else.
IF you have a business critical need for PI v4 space, now is probably a better time to decide that than in 5 years. It's better of course if you choose not to deagregate to /24s.
Yeah, it's a damn good reason to get PI space. Unfortunately, that isn't without cost for everyone else.
I don't have PI space, but I do have a competent ISP so I've never had any mail problems due to adjacent addresses. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "A book is a sneeze." - E.B. White, on the writing of Charlotte's Web
John R Levine wrote:
I don't have PI space, but I do have a competent ISP so I've never had any mail problems due to adjacent addresses.
Having a competent ISP isn't a guarantee of exemption...only a contributor. As evidenced by the discussion, some people choose the scope of their wrath arbitrarily. pt
I don't have PI space, but I do have a competent ISP so I've never had any mail problems due to adjacent addresses.
Having a competent ISP isn't a guarantee of exemption...only a contributor. As evidenced by the discussion, some people choose the scope of their wrath arbitrarily.
Nothing is a guarantee of exemption from a sufficiently perverse or hostile email administrator, but being in the middle of a well managed /20 works pretty well for me. R's, John
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Apr 9, 2007, at 1:49 PM, John L wrote:
I don't have PI space, but I do have a competent ISP so I've never had any mail problems due to adjacent addresses.
Having a competent ISP isn't a guarantee of exemption...only a contributor. As evidenced by the discussion, some people choose the scope of their wrath arbitrarily.
Nothing is a guarantee of exemption from a sufficiently perverse or hostile email administrator, but being in the middle of a well managed /20 works pretty well for me.
Well, "well managed" to me would mean that allocations from that /20 were SWIPed or a rwhois server was running so that if any of those 4,000 IP addresses does something bad you don't get caught in the middle. Chris ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~ A stupidity tax Hubris Communications Inc www.hubris.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGGo9KElUlCLUT2d0RArewAKCRHTeEN9tMOvvfH6/cql6ua81qAwCg2eqd jVGT9wUPV2hRItrA3+tp5n0= =M3YG -----END PGP SIGNATURE-----
Chris Owen wrote:
Well, "well managed" to me would mean that allocations from that /20 were SWIPed or a rwhois server was running so that if any of those 4,000 IP addresses does something bad you don't get caught in the middle.
Due diligence with SWIP/rwhois only means that one customer is well documented apart from another. As this thread has highlighted, some people filter/block based on random variables: the covering /24, the covering aggregate announcement, and/or arbitrary bit lengths. If a particular server is within the scope of what someone decides to filter/block, it gets filtered or blocked. Good SWIPs/rwhois entries don't mean jack to those admins. pt
That's been my entire point. Network operators who properly SWIP don't get credit for going through the legwork by other networks that apply quasi-arbitrary bit masks to their blocks. As I said before, if you're going to block a /24, why not do it right and block *all* the IPs in their ASN? My DSL and cable modem subscribers are spread across a dozen non-contiguous /24s. If the bothered network is upset with one of my cable modem subs and blocks just one /24 they will open themselves up when that CPE obtains a new IP in a different /24. Frank -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Pete Templin Sent: Monday, April 09, 2007 3:42 PM To: Chris Owen Cc: nanog@merit.edu Subject: Re: Abuse procedures... Reality Checks Chris Owen wrote:
Well, "well managed" to me would mean that allocations from that /20 were SWIPed or a rwhois server was running so that if any of those 4,000 IP addresses does something bad you don't get caught in the middle.
Due diligence with SWIP/rwhois only means that one customer is well documented apart from another. As this thread has highlighted, some people filter/block based on random variables: the covering /24, the covering aggregate announcement, and/or arbitrary bit lengths. If a particular server is within the scope of what someone decides to filter/block, it gets filtered or blocked. Good SWIPs/rwhois entries don't mean jack to those admins. pt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Apr 9, 2007, at 3:41 PM, Pete Templin wrote:
Chris Owen wrote:
Well, "well managed" to me would mean that allocations from that / 20 were SWIPed or a rwhois server was running so that if any of those 4,000 IP addresses does something bad you don't get caught in the middle.
Due diligence with SWIP/rwhois only means that one customer is well documented apart from another. As this thread has highlighted, some people filter/block based on random variables: the covering / 24, the covering aggregate announcement, and/or arbitrary bit lengths. If a particular server is within the scope of what someone decides to filter/block, it gets filtered or blocked. Good SWIPs/rwhois entries don't mean jack to those admins.
Well it means something to me. I'm not one for widely cast blacklists but for something like a series of IP addresses all spewing spam from I will often put temporary /24 filters in place if I'm unable to determine exactly where the actual block boundaries are. If the addresses are SWIPed/rwhois then that is much easier and there is no need for such a wide net. Chris ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun): President ~ Wichita (316) 858-3000 ~ A stupidity tax Hubris Communications Inc www.hubris.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGGrCbElUlCLUT2d0RAtbYAJ9T4nFgTeFyUJ2q2uMGPjQYizk4CwCg1Vx4 b+HHAd8UgvH9sNvFHGHo+fY= =WhjM - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGGrIOElUlCLUT2d0RAjEPAKDCcQyFlkC/6DC8jdIbsKFIC1bO5ACgyUk6 GOHudBwokEt56tglHnrpYV8= =00rY -----END PGP SIGNATURE-----
On Sat, 7 Apr 2007 20:41:19 -0500 (CDT) Robert Bonomi <bonomi@mail.r-bonomi.com> wrote:
BLUNT QUESTIONS: *WHO* pays me to figure out 'which parts' of a provider's network are riddled with problems and 'which parts' are _not_? *WHO* pays me to do the research to find out where the end-user boundaries are? *WHY* should _I_ have to do that work -- If the 'upstream provider' is incapable of keeping _their_own_house_ clean, why should I spend the time trying to figure out which of their customers are 'bad guys' and which are not?
A provider *IS* responsible for the 'customers it _keeps_'.
And, unfortunately, a customer is 'tarred by the brush' of the reputation of it's provider.
Um, with that reasoning, why not just block the whole /0 and be done with it? Seriously, I used to share your frustration and would block large swaths of the Internet for rather minor offenses. I finally realized this practice didn't help. Why not get yourself some sort of intrusion detection/prevention system or fully firewall your hosts. If you have a spam problem, get an e-mail security appliance which uses reputation filtering to reject connections? matthew black california state university, long beach
Bingo. Read the note below again, it is the path to enlightenment, Shein's law of resources: Needs, no matter how dire or just, do not alone create the resources necessary to fulfill. On April 7, 2007 at 20:41 bonomi@mail.r-bonomi.com (Robert Bonomi) wrote:
From: "Frank Bulk" <frnkblk@iname.com> Subject: RE: Abuse procedures... Reality Checks Date: Sat, 7 Apr 2007 16:20:59 -0500
If they can't hold the outbound abuse down to a minimum, then I guess I'll have to make up for their negligence on my end.
Sure, block that /29, but why block the /24, /20, or even /8? Perhaps your (understandable) frustration is preventing you from agreeing with me on this specific case. Because what you usually see is an IP from a /20 or larger and the network operators aren't dealing with it. In the example I gave it's really the smaller /29 that's the culprit, it sounds like you want to punish a larger group, perhaps as large as an AS, for the fault of smaller network.
BLUNT QUESTIONS: *WHO* pays me to figure out 'which parts' of a provider's network are riddled with problems and 'which parts' are _not_? *WHO* pays me to do the research to find out where the end-user boundaries are? *WHY* should _I_ have to do that work -- If the 'upstream provider' is incapable of keeping _their_own_house_ clean, why should I spend the time trying to figure out which of their customers are 'bad guys' and which are not?
A provider *IS* responsible for the 'customers it _keeps_'.
And, unfortunately, a customer is 'tarred by the brush' of the reputation of it's provider.
Smaller operators, like those that require just a /29, often don't have that infrastructure. Those costs, as I'm sure you aware, are passed on to companies like yourself that have to maintain their own network's security. Again, block them, I say, just don't swallow others up in the process.
If the _UPSTREAM_ of that 'small operator' cannot 'police' its own customers, Why should _I_ absorb the costs that _they_ are unwilling to internalize?
If they want to sell 'cheap' service, but not 'doing what is necessary', I see no reason to 'facilitate' their cut-rate operations.
Those who buy service from such a provider, 'based on cost', *deserve* what they get, when their service "doesn't work as well" as that provided by the full-price competition.
_YOUR_ connectivity is only as good as the 'reputation' of whomever it is that you buy connectivity from.
You might want to consider _why_ the provider *keeps* that 'offensive' customer. There would seem to be only a few possible explanations: (1) they are 'asleep at the switch', (2) that customer pays enough that they can 'afford' to have multiple other customers who are 'dis-satisfied', or who may even leave that provider, (3) they aren't willing to 'spend the money' to run a clean operation. (_None_ of those seems like a good reason for _me_ to spend extra money 'on behalf of' _their_ clients.)
participants (16)
-
Barry Shein
-
Chris Owen
-
Christopher X. Candreva
-
Dave Pooser
-
Douglas Otis
-
Florian Weimer
-
Frank Bulk
-
Joel Jaeggli
-
John L
-
John Levine
-
John R Levine
-
Leo Vegoda
-
Matthew Black
-
Paul Vixie
-
Pete Templin
-
Robert Bonomi