[117313] in North American Network Operators' Group
Re: Repeated Blacklisting / IP reputation
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Sep 9 17:03:37 2009
To: Martin Hannigan <martin@theicelandguy.com>
In-Reply-To: Your message of "Wed, 09 Sep 2009 15:13:44 EDT."
<d99aaed40909091213i4e75e306t37ae5e5de771d75c@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 09 Sep 2009 17:02:29 -0400
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1252530149_3993P
Content-Type: text/plain; charset=us-ascii
On Wed, 09 Sep 2009 15:13:44 EDT, Martin Hannigan said:
> Not sure that this is an ARIN problem more than an operational problem since
> RBL's are opt-in. An effort to identify RBL's that are behaving poorly is
> probably more interesting at this point, no?
I suspect the problem isn't poor RBLs, it's all the little one-off block lists
out there. The NANOG lurker in the next cubicle informs me that we currently
carry an astounding 52,274 block entries (to be fair, a large portion is due to
our vendor's somewhat-lacking block list - if we decide a /24 is bad, but then
want to whitelist 1 IP, we have to de-aggregate to 254 black entries instead).
We get maybe 5-6 blocked e-mail complaints a day - which *still* represents
better performance for our end users than if we didn't carry around that many
blocks (for comparison, we get at least 3-4 times that many tickets a day for
people who forgot their e-mail password and need a reset).
And yes, it's *very* intentional that we have a business process in place
that makes it trivially easy for one of our users to open a "I can't get
e-mail from <here>" and get it taken care of *very* quickly, but opening a
"We can't send e-mail to your users" is a lot more challenging and time
consuming (at least for the complaintant).
Now, if we didn't have a dedicated, hard-working, and skeptical lurker in the
next cubicle, our block list *would* be a mess.. ;)
--==_Exmh_1252530149_3993P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFKqBflcC3lWbTT17ARAjDWAKDBWotTHTkSnx7reDZgjpmpWqpVwQCgv2IQ
8VDMlC0n878hCYSxBmD9neY=
=op5M
-----END PGP SIGNATURE-----
--==_Exmh_1252530149_3993P--
