On Fri, 27 May 2022 15:22:29 -0600, Grant Taylor via mailop <[email protected]> wrote:
>Is there a reason that you (dynamically) re-configure your MTA(s) via a >script verses configuring an upstream router to not route traffic from >the IPs in their ASN? > >I'm just trying to understand and learn vicariously through you. Never one to turn that kind of opportunity down. There is no "upstream" to null-route. They have well over sixty network providers they have infested in the past years. I might just go through and identify each AS, some day, but it's a non-useful exercise as far as I can tell right now -- they roost wherever they aren't shot on sight. These guys have the traditional snowshoe model: o Register between seven and fifty new domains per day o Introduce a new netblock (usually just a /26 or smaller) o Send bunches of mail until things get all blocky. It appears that it takes them, on average, roughly eleven minutes of sending from a new IP range to get the first IP on Spamhaus CSS. Over the following ten hours, eventually SORBS, Barracuda and a few others will pick up on this. Interestingly, Spamcop gets really early warning on these, but seldom actually lists the IPs. mdr _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
