> On 2024-01-19 12:42, Randolf Richardson, Postmaster via mailop wrote:
> >> On 2024-01-19 06:47, Atro Tossavainen via mailop wrote:
> >>> On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:
> >>>> Ok sorry not "most" but "some may"...
> >>>>
> >>>> My checkpoint rep said that they get their reputation lists from other
> >>>> companies... is it wrong ?
> >>>
> >>> It's possible that Check Point are just an aggregator and don't actually
> >>> have first-hand data. But I don't think of Check Point when somebody
> >>> says DNSBL, which may be my own failure :-D
> >>>
> >>> As far as I've been able to tell, Spamhaus, SURBL, Abusix, SpamCop,
> >>> SORBS, UCEProtect, PSBL at least all have their own data, I would
> >>> even go so far as to guess "exclusively".
> >>
> >> You didn't accidentally ignore "SpamRats" did you? ;) But we do have
> >> 'some' reports of aggregators querying our data.. And of course there
> >> are licensed users of our data. And there are some that 'white label'
> >> the rejection, as if it is their own data..
> >>
> >> But in general, there isn't much 'sharing' of data, some consolidation
> >> of data from various sources.
> >>
> >> For the REALLY bad guys though, it would be nice if there was more
> >> sharing of data.. Or maybe an industry 'do not route' that all RBL
> >> providers can include.
> >
> > Spamhaus makes the DROP data available (which I believe is also
> > included in their SBL), which is useful for using firewalls to just
> > block or ignore connections from the worst offenders:
> >
> > DROP Advisory Null List :: The Spamhaus Don't Route Or Peer
> > Lists
> > https://www.spamhaus.org/drop/
> >
> > UCE Protect also has level 3 listings for the worst offenders,
> > although I don't recall the list being downloadable for firewall use:
> >
> > UCEPROTECT Blacklist Policy LEVEL 3
> > https://www.uceprotect.net/en/index.php?m=3&s=5
> >
> > The problem with all DNSBL providers including the same data from
> > one source is that errors can unfairly penalize with major impact
> > that DNSBL operators generally try to prevent.
> >
> >> A great believer in sharing, but we do all have to pay the bills.
> >
> > The entire open source software movement is probably one of the very
> > best examples of altruistic sharing. Supporting people who create
> > useful open source solutions and/or contribute to open source deserve
> > financial support so they can more easily pay their bills too. :)
> >
>
> Well, technically UCEPROTECT-3 is not really a DROP list. And of
> course, every RBL provider uses different logic to determine what is a
> DROP list.
>
> What would be nice, is to be able to have a single system, that takes in
> data from say SpamHuas DROP lists, as well as others like our own
> RATS-NULL list, and create a publicly accessible DROP list compiled by
> the evidence of multiple providers.
I would be willing to facilitate this from the LumberCartel.ca web
site. Do you know some DNSBL operators who would be interested in
sending automated updates or providing me with a way to download the
updates periodically each day?
> With no single entity setting the reputation, and with public evidence,
> it would make it a lot easier for the internet as a whole to trust this
> data, and separate the bad operators from the internet as a whole.
Yes!
> Most of us in the industry know the real bad actors, bulletproof
> hosters, hacker havens etc.. but it is a shame that everyone as a whole
> is not protected from them.
...and spam sewers (nobody likes to mention this because it stinks
so badly, and it never did get cleaned up despite the best efforts of
so many NANAE regulars in the early days).
> A common source of reputation, something that say every Linux, Apple,
> and Windows system could trust and enable by default at the network
> layer.. Just not sure how to realistically make that happen, or how
> those dedicated to the data intelligence and gathering could maintain
> viability (eg, who pays for that work to continue).
I'd be happy to write the scripts to generate different formats for
the various firewalls, DNS zones, SpamAssassin rules, and mail server
lists, and add support for new ones as they come up.
> Without eating your own lunch.
I envision making this available for free, and crediting all
contributors (who are okay with being credited).
--
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
