Am 13.03.25 um 18:50 schrieb Michael Peddemors via mailop:
...
So, assuming we see one of the above types of operators, leaking dangerous content, where the authenticating IP is on
a known threat database (eg, a bullet proof hoster, or IP associated with a well known APT actor), the questions are:
* Should we notify the operator?
* How BEST to notify the operator?
I tend to report in many cases even if I'm under the impression that the operator is spammer-friendly. But at some point
their IP space is going to be blocked (and I'm not going to play whack-a-mole with individual IPs). If they have legit
users that need to communicate with our users then their users will have to switch to other means of communications.
It's a tough call - blocking shady small data center operators doesn't hurt, but fully blocking e.g. OVH or Google with
their googleusercontent.com crap would definitely make our users unhappy.
Cheers,
Hans-Martin
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
