Ebay/Paypal blocking HTTP access based on SORBS DUHL / Spamhaus PBL
hey, For a while now, we have been getting complains from our broadband customers about not being able to reach ebay.com/paypal.com We have nailed it down to some small prefixes and they are all listed in SORBS DUHL / Spamhaus PBL and have been listed for ages. These are indeed dynamic IP pools and should not send any email (not that SMTP has anything to do with HTTP). For some reason, it looks like ebay/paypal is now blocking HTTP access based on these blacklists. Does anyone have working contact in their NOC or with security people? All emails to public contacts have not been answered to. -- tarko
On Aug 21, 2014, at 6:23 AM, Tarko Tikan <tarko@lanparty.ee> wrote:
hey,
For a while now, we have been getting complains from our broadband customers about not being able to reach ebay.com/paypal.com
We have nailed it down to some small prefixes and they are all listed in SORBS DUHL / Spamhaus PBL and have been listed for ages. These are indeed dynamic IP pools and should not send any email (not that SMTP has anything to do with HTTP).
For some reason, it looks like ebay/paypal is now blocking HTTP access based on these blacklists.
That seems really unlikely. If they were blocking access purely due to it being from dynamically assigned ranges, someone else would have noticed. High fraud rate or other misbehaviour from those ranges seems more likely. Can you share the data that makes you think it's the former?
Does anyone have working contact in their NOC or with security people? All emails to public contacts have not been answered to.
Cheers, Steve
That seems really unlikely. If they were blocking access purely due to it being from dynamically assigned ranges, someone else would have noticed.
My home IP is in both the PBL and the SORBS DUL and I have no trouble using ebay or paypal. Given that the problem range is in Estonia, I expect that it's some combination of abuse from the specific range and general issues with traffic from Estonia. R's, John
hey,
My home IP is in both the PBL and the SORBS DUL and I have no trouble using ebay or paypal.
Thanks for confirmation.
Given that the problem range is in Estonia, I expect that it's some combination of abuse from the specific range and general issues with traffic from Estonia.
What makes you say that? Any specific examples of trouble you are getting from Estonian networks? -- tarko
On Aug 21, 2014, at 12:51 PM, Tarko Tikan <tarko@lanparty.ee> wrote:
hey,
My home IP is in both the PBL and the SORBS DUL and I have no trouble using ebay or paypal.
Thanks for confirmation.
Given that the problem range is in Estonia, I expect that it's some combination of abuse from the specific range and general issues with traffic from Estonia.
What makes you say that? Any specific examples of trouble you are getting from Estonian networks?
Yeah - funny…it's been years since I heard of specific Estonian issues (and caveat - I am estonian and know Tarko). Back in 2007 there were plenty of problems but many have been cleaned up. Some took a few years. Tarko - have you got this resolved yet? If not, send me private email and I'll get you connected with additional people who may be able to help. - merike
hey,
Yeah - funny…it's been years since I heard of specific Estonian issues (and caveat - I am estonian and know Tarko). Back in 2007 there were plenty of problems but many have been cleaned up. Some took a few years.
Still waiting for examples. I can say for sure that none of the major operators in Estonia are spam friendly (and or ignore abuse related issues. There might be one or two hosting/content operators, mostly with Russian origins, but even they have grown up. I'm well connected in local community - if you do have specific complaints, let me know.
Tarko - have you got this resolved yet?
Nope :( -- tarko
hey,
Can you share the data that makes you think it's the former?
I can't say I'm absolutely sure, hence the question to wider audience. But I can say that it's only subset of prefixes that are blocked What I can do, is provide some blocked IPs as example: 90.190.226.239 90.191.156.199 84.50.65.135 -- tarko
participants (4)
-
John Levine -
Merike Kaeo -
Steve Atkins -
Tarko Tikan