Dear List We operate Spamtraps which feed the SWINOG Anti-Spam Blacklist.
A feedback loop is sent to the abuse-c of the IP Address from which email or attackts to spamtraps was detected. Occasionally, spam or more often, log-in attempts and dictionary attacks on the submission ports of the spamtraps are detected from TOR exit nodes. So a feedback is sent to the abuse-c. Now I got into discussion with the operator of several TOR exit nodes. He claims that his ISP threatened to disconnect his TOR servers because they were subject to a couple of abuse complaints from our spamtraps. As he has no way to block the abusers on the TOR network, without completely blocking any ports involved in email abuse which would render using email sending over TOR unusable if all TOR exit node operators would block those ports. I told him to sort this out with his ISP and that his ISP would for sure understand, that he is not himself be the origin of this abuse. He told me that his ISP did not care what service he operates and for them, only the count of complaints is the criteria to get disconnected. So he suggests I use public available TOR exist node lists, to block them from accessing the spamtraps. I understand his claim. But I also see a benefit from our blacklists to list abused TOR exit nodes. So what are your opinions about this? How do other spamtrap / honeypot operators deal with TOR exit nodes? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop