[151959] in North American Network Operators' Group
RE: SORBS?!
daemon@ATHENA.MIT.EDU (Drew Weaver)
Fri Apr 6 13:02:50 2012
From: Drew Weaver <drew.weaver@thenap.com>
To: 'William Herrin' <bill@herrin.us>
Date: Fri, 6 Apr 2012 13:01:55 -0400
In-Reply-To: <CAP-guGV44nnQQ-zvzRVfywRo=oSp1KP=59R4sDC16bGQn41u_A@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
So you're suggesting that hosting companies do what?
How many emails or port 25/587 connections a (day, week, hour) makes someon=
e a spammer if there are no objections being lodged at the abuse department=
?
Are we supposed to do DPI on every email that a dedicated server sends out =
and then decide whether it's spam?
My point is if a list has a problem with a /32 they could have the courtesy=
to contact the ISP/host prior to causing huge problems for a /24
I'm not sure what more can be done than having an abuse department staffed =
up and checking all published data before accepting a customer.
And I'm mostly just complaining about senderbase, because they seem to be t=
he one that really large companies reference.
Thanks,
-Drew
-----Original Message-----
From: wherrin@gmail.com [mailto:wherrin@gmail.com] On Behalf Of William Her=
rin
Sent: Friday, April 06, 2012 12:56 PM
To: Drew Weaver
Cc: nanog@nanog.org
Subject: Re: SORBS?!
On Fri, Apr 6, 2012 at 7:31 AM, Drew Weaver <drew.weaver@thenap.com> wrote:
> That's just not true, we would much rather be notified of something=20
>that a reputation list finds objectionable and take it down ourselves=20
>than have Senderbase set a poor reputation on dozens of IaaS customers.
I think the idea is that you're supposed to proactively monitor your system=
s for abuse and generally make your network inhospitable to spammers, not j=
ust reactively move the customer to a new IP address when the unpaid anti-s=
pammers kindly let you know you've been detected.
Personally I see SORBS as the canary in the coal mine. Except for the DUHL =
(which identifies dynamic IPs, not spamming activity) nobody serious relies=
on SORBS' data. So, it doesn't much hurt when they list you. But, like the=
canary that dies first if the air turns bad, if you're careful to watch SO=
RBS you know when you're headed for problems which will get you listed by a=
real RBL.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com=A0 bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls C=
hurch, VA 22042-3004
