On Aug 1, 2007, at 6:47 AM, Drew Weaver wrote:
Up until recently, we were only providing the RIR database
with information about our larger allocations /24 or larger. We
have noticed however that many anti-spam organizations such as
Spamhaus, and Fiveten will use the lack of information regarding an
IP allocation as a blank check to blacklist entire /24s when they
are really targeting a single /30 or a /29. As such we are
examining publishing information for all allocations in the RIR
database (/30s, /29s, etc).
Do you run an rwhois server with the allocation information already?
If so, you'd have good reason to be aggrieved at blacklists not doing
some amount of due diligence (though I think that's the first time
I've heard spamhaus and fiveten - the two extremes of professionalism
- bundled together).
If not, then yes, if there's abusive traffic coming from hosts on
your systems you're likely to find the smallest published allocation
blocked (for reasons that are generally pretty good decisions
operationally on the part of the people who don't want the bad traffic).
My question, mostly is related to the privacy of the customer whom
the space is being allocated to. Has anyone ever had an issue where
they have published a user's information and the user had an issue
with it? Is there some way that we can 'proxy' the information so
that it simply states that the /29 has been allocated to a customer
but it doesn't provide their contact information?
If you get a reputation for "providing spammers with anonymous SWIPs"
you're likely to have more problems with wider blocking, rather than
less.
Most of our customers are co-location and dedicated hosting
customers and we are simply unsure whether or not there are
implications (legal or otherwise) in publishing our customer data
in a public RIR database.
Does anyone have any thoughts on this? Sorry if this is the wrong
place to ask.
You'd need to ask your contract lawyers about most of that.
Cheers,
Steve
