Am 31.12.20 um 22:07 schrieb Hal Murray via mailop:
> Scott Mutter said:
>> If spam is sent from one of our servers - the IP address of one of our
>> servers - it's me you ultimately want to contact, not the owner of the IP
>> address. If you contact the owner of the IP address - they don't have root
>> access to the server - they will have to filter that report down to me, for
>> me to take action. And whether or not if that happens or if that happens in a
>> timely manner is anybody's guess.
> That's correct if you are white-hat. If you are black-hat, I want to contact
> the owner in hopes that you will become an ex-customer.
>
>
This pretty much nails it - if you're the bad guy I don't want to talk to you,
if not, I want to talk to a competent entity.
Simplified, these are the possible cases:
* Blackhat provider (owner), any customer: reject, possibly with an SMTP
error message indicating that you will have
to move to a different provider if you want to reach us.
* Greyhat provider, whitehat customer: I might whitelist you.
* Greyhat provider, blackhat customer: I will blacklist you or the IP range,
depending on the perceived unwillingness
of the provider to handle spam problems at all.
* Greyhat provider, compromised customer: I will send a spamcop report and
block the IP range. If the info gets to
you, and you fix the problem, and you or the provider gets back with that
info to me, then I will unblock. Fat
chance, sorry.
* Whitehat provider, whitehat customer: no problem except a possible data
entry error which I'll fix as soon as I get
notified.
* Whitehat provider, blackhat customer: Of course I contact the provider
hoping to get you booted. If that does not
happen, provider has apparently turned greyhat.
* Whitehat provider, compromised customer: That's the only case where it
would make any sense to talk to the customer.
However, if your services are compromised, you're probably not very
competent or you have an organizational problem,
and getting this resolved might take some time and energy. You're not my
customer, why should I spend my time and
energy helping you fix that problem? I'll notify the owner of the IP so
they work with you (their paying customer)
to fix your problem.
Given the additional hurdles of identifying the responsible entity beyond the
IP space owner (domain whois? mostly
unusable), why should I jump through the hoops of identifying the customer
whose service was used to send spam? The
owner of the IP space is much better equipped to do that.
In very isolated situations, I may decide to do something different. But in
general, the IP space owner is the right
person for me to talk to.
Cheers,
Hans-Martin
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
