While kind of off the record, for those tracking this..

We did get some back channel feedback indicating that they now know what the sources of these are, but as of this morning it is still occurring.

Of course, the AWS claims that these IP(s) are (call it dynamic) and that blocking the IP should not be done, as they suggest it can affect other customers who also use the same IP in rotation etc..

Take it as you see fit, but IMHO if the IP(s) are that dynamic, then maybe they need to be treated as 'dynamic', eg think of a home users' dynamic IP Address, we block those now as a course of action from sending email..

Typically the industry as a whole denies email from dynamic IP space, if they don't have a static IP, they should relay out a real email server. They should have a static IP address, and a valid PTR that reflects the operators domain.

Due to the sheer amount (and as you mentioned, they already are appearing on many RBL's) we can see why this (blocking on detection) is an attractive option.

Unfortunately, it will affect legitimate mail operations on AWS (think billing systems, and transaction systems) but they do have the option to get a dedicated IP/PTR.

I know of some operators that already are being more aggressive, eg denying SMTP traffic..

If it walks like duck, and talks like a duck..



On 2020-02-10 8:57 a.m., Michael Rathbun via mailop wrote:
On Sat, 8 Feb 2020 09:15:49 -0800, Michael Peddemors via mailop
<mailop@mailop.org> wrote:

It's only one of several pandemic issues raised with Amazon.. hopefully
we have some feedback soon ;)

As of the timestamp of this message, looking at the six unarchived daily logs,
I see that since Wed 2020-02-05, this AWS client has used 62 IPs to deliver
obvious spam.  Of those IPs, 45 were added to IP REFUSE locally; all of them I
have bothered to check are now on Spamhaus CSS, Barracuda, and any number of
other lists.

It would appear that this entity has more than enough cash to keep AWS
interested in their trade, with AWS valuing the revenue more than the possible
negative impact on the business of their legitimate customers.

I am almost to the point of saying "Aw, that's really too bad" to new clients
who intend to warm up their new arrays of AWS IPs.

I've already explained to (uninterested) people at Liberty Mutual that our
25-year business relationship will be coming to an end soon, owing to their
refusal to stop sending money to criminal net abusers.

mdr




--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to