Re: Spamhaus flags any IP announced by our ASN as a criminal network

Hello Barry, Thanks for your blog. I plan to block some ports on our router, which are shown in your blog. > Step 1 on the list …. Deploy Exploitable Port Filtering on the edge of > your network …. > Some of our routers use Linux as the operating system, so I plan to use nftables to make some

Re: Spamhaus flags any IP announced by our ASN as a criminal network

21, 2023 at 8:00 AM wrote: > >> Message: 19 >> Date: Mon, 20 Mar 2023 16:24:09 -0400 >> From: ay...@august.tw >> To: Collider >> Cc: nanog@nanog.org >> Subject: Re: Spamhaus flags any IP announced by our ASN as a >> crim

Re: Spamhaus flags any IP announced by our ASN as a criminal network

; > > > > Regards > > George > > > > On Tue, Mar 21, 2023 at 8:00 AM wrote: > > > >> Message: 19 > >> Date: Mon, 20 Mar 2023 16:24:09 -0400 > >> From: ay...@august.tw > >> To: Collider > >> Cc: nanog@nan

Re: Spamhaus flags any IP announced by our ASN as a criminal network

by one or more network operators... single routing policy" Regards George On Tue, Mar 21, 2023 at 8:00 AM wrote: Message: 19 Date: Mon, 20 Mar 2023 16:24:09 -0400 From: ay...@august.tw To: Collider Cc: nanog@nanog.org Subject: Re: Spamhaus flags any IP announced by our ASN as a crimina

Re: Spamhaus flags any IP announced by our ASN as a criminal network

00 > From: ay...@august.tw > To: Collider > Cc: nanog@nanog.org > Subject: Re: Spamhaus flags any IP announced by our ASN as a criminal > network > Message-ID: <5b7ed1b1fbff65dfc63d188c2e1f9...@august.tw> > Content-Type: text/plain; charset=UTF-8; format=flowed > >

Re: Spamhaus flags any IP announced by our ASN as a criminal

:15:08 -0700 > > From: Randy Bush > > Subject: Re: Spamhaus flags any IP announced by our ASN as a criminal > network > > > (...) > > > > we reject automagically on spamhaus, mail-abuse.org, and sorbs. really > > appreciate their services. > > > &g

Re: Spamhaus flags any IP announced by our ASN as a criminal network

Hi Brandon,Your next actions are to level up the security of your network, your organization, and your team. I’ll craft up a post with a checklist you can use. If you don’t do this, then people on your team, your company, and your customers will continue to be “danger do not go there” listed.

Re: Spamhaus flags any IP announced by our ASN as a criminal

> Date: Mon, 20 Mar 2023 14:15:08 -0700 > From: Randy Bush > Subject: Re: Spamhaus flags any IP announced by our ASN as a criminal network > (...) > > we reject automagically on spamhaus, mail-abuse.org, and sorbs. really > appreciate their services. > > randy > Sorbs? Really? *doh* #m

Re: Spamhaus flags any IP announced by our ASN as a criminal network

this company(s) is in the business of spam. they're just trying to game nanog. discussing further a waste of pixels. ranady

Re: Spamhaus flags any IP announced by our ASN as a criminal network

On Mon, Mar 20, 2023 at 7:08 PM Brandon Zhi wrote: > > Our person in charge has consulted with their previous person in charge, and > their response is this. you are talking up the discussion with the wrong folks, really. Please go see the spamhaus folk directly.

Re: Spamhaus flags any IP announced by our ASN as a criminal network

Our person in charge has consulted with their previous person in charge, and their response is this. "problem began long before February 18th. The problem was that in 2022 they added our prefix 87.251.79.0/24 to the black list, and said that if there were no complaints for 30-60 days, the record

Re: Spamhaus flags any IP announced by our ASN as a criminal network

>> I don't think any ISP would reject an IP that is on the Spamhaus >> list. > you, clearly, have been living under several rocks for a very long > time. we reject automagically on spamhaus, mail-abuse.org, and sorbs. really appreciate their services. randy

Re: Spamhaus flags any IP announced by our ASN as a criminal network

well that explains a lot. For their own sake I hope they shape up - but I doubt they will. On 20 March 2023 20:24:09 UTC, ay...@august.tw wrote: >Several Huize ASNs, e.g. AS47158 and AS141011, were revoked due to RIR policy >violations, which include prohibited sharing of ASNs with third

Re: Spamhaus flags any IP announced by our ASN as a criminal network

Several Huize ASNs, e.g. AS47158 and AS141011, were revoked due to RIR policy violations, which include prohibited sharing of ASNs with third parties, IP hijacking, and malicious path prepending. Given this history, it is not surprising that Spamhaus would blacklist IP addresses associated

Re: Spamhaus flags any IP announced by our ASN as a criminal network

Why do two different companies with what should be independent networks share an AS number? On 20 March 2023 18:20:08 UTC, Aaron Wendel wrote: >The solution to your problem is to terminate the customer causing the abuse, >in this case 62yun.com.  Once you do that I'm sure Spamhaus will stop

Re: Spamhaus flags any IP announced by our ASN as a criminal network

The solution to your problem is to terminate the customer causing the abuse, in this case 62yun.com.  Once you do that I'm sure Spamhaus will stop listing all your IPs. Aaron On 3/20/2023 6:54 AM, Brandon Zhi wrote: It seems you've reached the point that they ignore specific

Re: Spamhaus flags any IP announced by our ASN as a criminal network

Brandon Zhi writes: > Well, those prefixes are not for their VPS hosting service (which cause a > lot of complaint). Just like there are many IP addresses under the > telecommunication company, the entire ASN cannot be "blocked" just because > there is a complaint on one IP address April came

Re: Spamhaus flags any IP announced by our ASN as a criminal network

On Mon, Mar 20, 2023 at 7:56 AM Brandon Zhi wrote: > Well, those prefixes are not for their VPS hosting service > (which cause a lot of complaint). Just like there are many IP > addresses under the telecommunication company, the entire > ASN cannot be "blocked" just because there is a complaint >

Re: Spamhaus flags any IP announced by our ASN as a criminal network

gt; >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> <https://www.youtube.com/channel/UCXSd

Re: Spamhaus flags any IP announced by our ASN as a criminal network

rothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> -- >> *From: *"Brandon Zhi" >> *To: *"Christopher Morrow&

Re: Spamhaus flags any IP announced by our ASN as a criminal network

LwntZg> > ------ > *From: *"Brandon Zhi" > *To: *"Christopher Morrow" > *Cc: *nanog@nanog.org > *Sent: *Monday, March 20, 2023 9:43:19 AM > *Subject: *Re: Spamhaus flags any IP announced by our ASN as a criminal > network > &

Re: Spamhaus flags any IP announced by our ASN as a criminal network

n Zhi" To: "Christopher Morrow" Cc: nanog@nanog.org Sent: Monday, March 20, 2023 9:43:19 AM Subject: Re: Spamhaus flags any IP announced by our ASN as a criminal network Yes, for those prefixes are used to hosting service have been listed for a long time. However, for those new prefixes tha

Re: Spamhaus flags any IP announced by our ASN as a criminal network

Yes, for those prefixes are used to hosting service have been listed for a long time. However, for those new prefixes that we rented.. We just announced it.. even though it's unreachable... They just listed to this list. On 2023年3月20日周一 下午10:34 Christopher Morrow wrote: > On Mon, Mar 20,

Re: Spamhaus flags any IP announced by our ASN as a criminal network

On Mon, Mar 20, 2023 at 9:51 AM Brandon Zhi wrote: > I don't think any ISP would reject an IP that is on the Spamhaus list. you, clearly, have been living under several rocks for a very long time.

Re: Spamhaus flags any IP announced by our ASN as a criminal network

- Original Message - From: "Brandon Zhi" To: "Tim Burke" Cc: nanog@nanog.org Sent: Monday, March 20, 2023 6:54:41 AM Subject: Re: Spamhaus flags any IP announced by our ASN as a criminal network It seems you've reached the point that they ignore specific pre

Re: Spamhaus flags any IP announced by our ASN as a criminal network

> > > It seems you've reached the point that they ignore specific prefixes and > set every prefix you are advertising as criminal. Our sponsor (LIR) 62yun.com, they have 2 prefixes for VPS/Dedicated Server using our ASN. 62yun did receive a lot of complaints, but as far as I know they have been

Re: Spamhaus flags any IP announced by our ASN as a criminal network

Have you received complaints from Spamhaus in the past? If so, have you acted on them in a timely manner? Based on my past experiences, Spamhaus is rather gracious at first, but if you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and

Re: Spamhaus flags any IP announced by our ASN as a criminal network

On Sat, Mar 18, 2023 at 10:35 PM Brandon Zhi wrote: > We even haven't started to use, we just announced that... They marked it's a > criminal network They do that once they decide you've been broadly inattentive to abuse reports. It stops folks from shuffling IP addresses to evade filtering.

Re: Spamhaus flags any IP announced by our ASN as a criminal network

afaik, spamhaus starts to mark a whole AS as criminal, if there is to much abuse. It seems you've reached the point that they ignore specific prefixes and set every prefix you are advertising as criminal. Am 19.03.2023 um 06:35 schrieb Brandon Zhi: However, for those prefixes

Re: Spamhaus flags any IP announced by our ASN as a criminal network

However, for those prefixes https://www.spamhaus.org/sbl/listings/azeronline.net We even haven't started to use, we just announced that... They marked it's a criminal network On 2023年3月19日周日 上午4:26 Tom Beecher wrote: > Given the list of things on these two prefixes alone, I would venture to

Re: Spamhaus flags any IP announced by our ASN as a criminal network

Given the list of things on these two prefixes alone, I would venture to guess it's not a misjudgement. https://check.spamhaus.org/listed/?searchterm=5.178.2.1 https://check.spamhaus.org/listed/?searchterm=80.66.64.1 On Sat, Mar 18, 2023 at 3:47 PM Brandon Zhi wrote: > Hello guy, > > We

Re: Spamhaus ASN-DROP list

Hi, Contact the SBL team via the Lookup form at https://check.spamhaus.org/ The form says 'IP or Domain' but it will also look up ASNs so just put your ASN in. That will allow you to create a ticket with the right team and the issue should then get dealt with fairly quickly. Regards, Steve

Re: Spamhaus ASN-DROP list

It's not. The ASN was assigned by RIPE in Sep 2019. On Fri, Jul 23, 2021 at 3:20 PM Suresh Ramasubramanian wrote: > This is probably an ex afrinic stolen block? > > In which case it’s for afrinic to sort out and reclaim > > --srs > -- > *From:* NANOG on behalf of >

RE: Spamhaus ASN-DROP list

It's ASN, not IPv4 prefix. From: NANOG On Behalf Of Suresh Ramasubramanian Sent: Friday, July 23, 2021 3:21 PM To: Siyuan Miao ; North American Network Operators' Group Subject: Re: Spamhaus ASN-DROP list This is probably an ex afrinic stolen block? In which case it's for afrinic to sort

Re: Spamhaus ASN-DROP list

This is probably an ex afrinic stolen block? In which case it’s for afrinic to sort out and reclaim --srs From: NANOG on behalf of Siyuan Miao Sent: Friday, July 23, 2021 12:38:16 PM To: North American Network Operators' Group Subject: Spamhaus ASN-DROP list

Re: Spamhaus contact needed

On 16/10/2015 22:07, Jason Baugher wrote: I felt I should mention, Spamhaus was quick to respond to my email and gave me excellent information on what was triggering the blacklisting. Can you please share about it? Eliezer

Re: Spamhaus contact needed

>WAIT A MINUTE! "CBL" is not "Spamhaus", is it?! > >http://www.abuseat.org/ Yes, it is. Informally it was for a very long time via the Spamhaus XBL. Now it's explicit. There's not much practical difference, and the same people are running it. R's, John

Re: Spamhaus contact needed

I felt I should mention, Spamhaus was quick to respond to my email and gave me excellent information on what was triggering the blacklisting. On Thu, Oct 15, 2015 at 1:29 PM, Larry Sheldon wrote: > On 10/15/2015 13:27, Larry Sheldon wrote: > >> On 10/15/2015 12:32, Larry

Re: Spamhaus contact needed

On 10/15/2015 00:27, Jason Baugher wrote: Sorry to clutter up this list with an email issue, but hopefully someone is here from Spamhaus that can contact me off-list. I have a customer whose IP keeps getting listed in the CBL, and even after doing packet captures of everything in and out of

Re: Spamhaus contact needed

On 10/15/2015 12:32, Larry Sheldon wrote: On 10/15/2015 00:27, Jason Baugher wrote: Sorry to clutter up this list with an email issue, but hopefully someone is here from Spamhaus that can contact me off-list. I have a customer whose IP keeps getting listed in the CBL, and even after doing

Re: Spamhaus contact needed

On 10/15/2015 13:27, Larry Sheldon wrote: On 10/15/2015 12:32, Larry Sheldon wrote: On 10/15/2015 00:27, Jason Baugher wrote: Sorry to clutter up this list with an email issue, but hopefully someone is here from Spamhaus that can contact me off-list. I have a customer whose IP keeps getting

Re: Spamhaus contact needed

When all it says is, "spam-sending trojan, malicious link, or some type of botnet", it's not a lot to go on. I've seen examples where their lookup tool provides more details, but in this case, the response is generic. In fact, usually when this happens to a customer, they're able to figure out

Re: Spamhaus BGP feed experiences?

At dnswl.org http://dnswl.org/ we check our data against the DROP list every once in a while. The overlap of DROP with legitimate sources of SMTP traffic is very, very small: a low single-digit number, and most of them are crappy to start with (so we don’t publish them, but only keep them in

Re: Spamhaus BGP feed experiences?

On Sun, May 17, 2015 at 7:50 AM, Mike Lyon mike.l...@gmail.com wrote: Any ISPs out there (big or small) ever used the Spamhaus BGP feed to prevent against botnet, spam, etc? If so, how has your experience been? Is it worthwhile? Has it helped? On / off list responses are appreciated in

Re: Spamhaus BGP feed experiences?

How much false positives (i.e. blackholing traffic users want to reach)? On 18.05.15 21:04, Marco d'Itri wrote: On May 17, Mike Lyon mike.l...@gmail.com wrote: Any ISPs out there (big or small) ever used the Spamhaus BGP feed to prevent against botnet, spam, etc? If so, how has your

Re: Spamhaus BGP feed experiences?

In article 555b8313.5080...@netassist.ua you write: How much false positives (i.e. blackholing traffic users want to reach)? Very little. The DROP list, which is what's in the BGP feed, is a small subset of the SBL, and only includes blocks that send no legitimate traffic at all. On 18.05.15

Re: Spamhaus BGP feed experiences?

On May 17, Mike Lyon mike.l...@gmail.com wrote: Any ISPs out there (big or small) ever used the Spamhaus BGP feed to prevent against botnet, spam, etc? If so, how has your experience been? Is it worthwhile? Has it helped? On / off list responses are appreciated in advance. We use Spamhaus

Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)

On 12/18/2010 5:15 PM, Marshall Eubanks wrote: I get nothing from wikileaks.org, although the DNS is active : $ host wikileaks.org wikileaks.org has address 64.64.12.170 Doesn't it seem vaguely suspicious that whois was just updated? Domain ID:D130035267-LROR Domain Name:WIKILEAKS.ORG

RE: Spamhaus under DDOS from AnonOps (Wikileaks.info)

claims can be publicly refuted? Kind regards, Frank -Original Message- From: Jack Bates [mailto:jba...@brightok.net] Sent: Saturday, December 18, 2010 3:00 PM To: nanog@nanog.org Subject: Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) On 12/18/2010 6:58 AM, Steve Linford wrote

Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)

wikileaks.info's claims can be publicly refuted? Kind regards, Frank -Original Message- From: Jack Bates [mailto:jba...@brightok.net] Sent: Saturday, December 18, 2010 3:00 PM To: nanog@nanog.org Subject: Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) On 12/18/2010 6:58 AM

Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)

On Dec 19, 2010, at 8:06 AM, Joe Greco wrote: On 12/18/2010 5:15 PM, Marshall Eubanks wrote: I get nothing from wikileaks.org, although the DNS is active : $ host wikileaks.org wikileaks.org has address 64.64.12.170 Doesn't it seem vaguely suspicious that whois was just updated?

Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)

On Sun, Dec 19, 2010 at 12:46:33PM -0600, Frank Bulk - iName.com wrote: While I tend to trust Steve and Spamhaus because of their built up reputation, it would be helpful if some concrete facts were published about the more than 40 criminal-run sites operating on the same IP address as

Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)

additional evidence http://www.malwaredomainlist.com/mdl.php?search=41947colsearch=Allquantity=50inactive=on On Sun, Dec 19, 2010 at 2:25 PM, Rich Kulawiec r...@gsp.org wrote: On Sun, Dec 19, 2010 at 12:46:33PM -0600, Frank Bulk - iName.com wrote: While I tend to trust Steve and Spamhaus

Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)

On 19/12/10 18:51, Paul Ferguson wrote: Not for nothing, but Spamhaus wasn't the only organization to warn about Heihachi: http://blog.trendmicro.com/wikileaks-in-a-dangerous-internet-neighborhood/ All the domains listed by Trend Micro as neighbours appear to be down. Have to say as someone

Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Dec 19, 2010 at 12:29 PM, Simon Waters sim...@zynet.net wrote: On 19/12/10 18:51, Paul Ferguson wrote: Not for nothing, but Spamhaus wasn't the only organization to warn about Heihachi:

Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)

On 12/19/2010 08:33 PM, Ned Moran wrote: additional evidence http://www.malwaredomainlist.com/mdl.php?search=41947colsearch=Allquantity=50inactive=on On Sun, Dec 19, 2010 at 2:25 PM, Rich Kulawiec r...@gsp.org wrote: On Sun, Dec 19, 2010 at 12:46:33PM -0600, Frank Bulk - iName.com wrote:

RE: Spamhaus under DDOS from AnonOps (Wikileaks.info)

announcement was not so clear. Frank -Original Message- From: Paul Ferguson [mailto:fergdawgs...@gmail.com] Sent: Sunday, December 19, 2010 12:52 PM To: frnk...@iname.com Cc: Jack Bates; nanog@nanog.org Subject: Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) -BEGIN PGP SIGNED

Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)

On 12/18/2010 6:58 AM, Steve Linford wrote: For trying to warn about the crime gangs located at the wikileaks.info mirror IP, Spamhaus is now under ddos by AnonOps. The criminals there do not like our free speech at all. It appears that wikileaks.org is operational again and redirecting to

Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)

On Dec 18, 2010, at 4:00 PM, Jack Bates wrote: On 12/18/2010 6:58 AM, Steve Linford wrote: For trying to warn about the crime gangs located at the wikileaks.info mirror IP, Spamhaus is now under ddos by AnonOps. The criminals there do not like our free speech at all. It appears that

Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)

On 12/18/2010 5:15 PM, Marshall Eubanks wrote: I get nothing from wikileaks.org, although the DNS is active : $ host wikileaks.org wikileaks.org has address 64.64.12.170 $ telnet 64.64.12.170 80 Trying 64.64.12.170... Connected to 64.64.12.170. Escape character is '^]'. GET / HTTP/1.1 Host:

Re: Spamhaus...

On Sun, Feb 21, 2010 at 10:59:08PM -0600, James Hess wrote: But if the origin domain has not provided SPF records, there are some unusual cases left open, where a bounce to a potentially fake address may still be required. Third time: SPF plays no role in mitigating this. Nothing stops an

Re: Spamhaus...

On Wed, Feb 24, 2010 at 8:21 AM, Rich Kulawiec r...@gsp.org wrote: On Sun, Feb 21, 2010 at 10:59:08PM -0600, James Hess wrote: But if the origin domain has not provided SPF records,  there are some unusual cases left open,  where a bounce to a potentially fake address may still be required.  

Re: Spamhaus and Barracuda Networks BRBL

On 2/22/2010 12:40 AM, Suresh Ramasubramanian wrote: Is it your position that, as a vendor of antispam services, nobody else should offer their services for a fee? That would be strange indeed Actually I can sympathize with Barracuda on this one: Bob's Widgets is running thier own mail

Re: Spamhaus...

On Sun, 21 Feb 2010 14:57:31 GMT, Paul Vixie said: Rich Kulawiec r...@gsp.org writes: We're well past that. Every minimally-competent postmaster on this planet knows that clause became operationally obsolete years ago [1], and has configured their mail systems to always reject, never

Re: Spamhaus and Barracuda Networks BRBL

On 2/22/2010 1:40 PM, Dave Sparro wrote: On 2/22/2010 12:40 AM, Suresh Ramasubramanian wrote: Is it your position that, as a vendor of antispam services, nobody else should offer their services for a fee? That would be strange indeed Actually I can sympathize with Barracuda on this one:

Re: Spamhaus and Barracuda Networks BRBL

On Mon, 2010-02-22 at 14:40 -0500, Dave Sparro wrote: Their list, their rules; but it is indeed strange to me. Not too strange: Little Bobby probably does one or two jobs and goes away, leaving the system to run by itself. the SpamAssassin people receive nothing from his choice of software. If

Re: Spamhaus and Barracuda Networks BRBL

On 2/22/10 11:40 AM, Dave Sparro wrote: Actually I can sympathize with Barracuda on this one: Bob's Widgets is running thier own mail server for their 25 employees. They decide the need better spam filters. They can hire Bob's nephew to drop in a Linux server running Postfix and

Re: Spamhaus...

On Sun, 2010-02-21 at 06:27 +, John Levine wrote: In my experience, they're pretty reasonable. I would talk to them (or one of their datafeed sales agents) before assuming that they won't sell you the service you need. They are indeed. In my day job, a large group of related members of

Re: Spamhaus...

Jon Lewis wrote: The original question, what do you do (or have you done) when DNSBL-X approaches you saying that your network is hitting their public NS's too hard and wants you to pay for continued access? is something I'd like to see some answers to. Despite the Subject:, Spamhaus is

Re: Spamhaus...

[ This discussion really needs to move to spam-l. ] On Sat, Feb 20, 2010 at 03:53:55PM -0500, William Herrin wrote: I don't know what your spam intake looks like but in mine, 5% to 10% can't be ranked high confidence until checked by an eyeball mark 1. In my system, that fraction is a

Re: Spamhaus...

Rich Kulawiec r...@gsp.org writes: On Fri, Feb 19, 2010 at 08:20:36PM -0500, William Herrin wrote: Whine all you want about backscatter but until you propose a comprehensive solution that's still reasonably compatible with RFC 2821's section 3.7 you're just talking trash. We're well past

Re: Spamhaus...

Paul Vixie wrote: so, a uucp-only site should have upgraded to real smtp by now, and by not doing it they and their internet gateway are a joint menace to society? that seems overly harsh. there was a time (1986 or so?) when most of the MX RR's in DNS were smtp gateways for uucp-connected

Re: Spamhaus...

On Sun, 21 Feb 2010, Jon Lewis wrote: On Sun, 21 Feb 2010, Michelle Sullivan wrote: As a matter of interest, who are the other current DNSBL's to do it? To the best of my knowledge, MAPS was the first to do it. Uribl.com currently does it And SURBL.org. Tony. -- f.anthony.n.finch

Re: Spamhaus...

On Sun, Feb 21, 2010 at 9:10 AM, Rich Kulawiec r...@gsp.org wrote: Hint: nothing stops the spammers from pointing the MX records for their throwaway domains at somebody else's mail servers.  Among other things. MANY other things, unfortunately. Rich, Clearly I shouldn't respond to any packets

Re: Spamhaus...

On Sat, Feb 20, 2010 at 7:10 PM, Joel Jaeggli joe...@bogus.com wrote: s/mime detached signatures rooted in some ca that you trust are actually a rather good way of identifying the sender. Joel, Unfortunately signatures are more effective at confirming authenticity than they are at refuting it.

Re: Spamhaus...

Jon Lewis wrote: On Sun, 21 Feb 2010, Michelle Sullivan wrote: As a matter of interest, who are the other current DNSBL's to do it? To the best of my knowledge, MAPS was the first to do it. Uribl.com currently does it (and does the sort of query aggregation across your entire? network)

Re: Spamhaus...

Am 21.02.10 10:25, schrieb Michelle Sullivan: As a matter of interest, who are the other current DNSBL's to do it? dnswl.org currently does not do it, but bandwidth suckers are a pain. The work is considerable: log aggregation, log review, trying to find a responsible for the IPs and

Re: Spamhaus...

On Sun, 21 Feb 2010, Michelle Sullivan wrote: To the best of my knowledge, MAPS was the first to do it. Uribl.com currently does it (and does the sort of query aggregation across your entire? network) that I mentioned. Can you access MAPS without a subscription at all? At this point, I

RE: Spamhaus

On Sat, Feb 20, 2010 at 7:25 PM, Jon Lewis jle...@lewis.org wrote: IMO, the original question in this thread was on-topic, but unfortunately it got very little discussion I like spamhaus, they run a quality list, but they want between $1900 and $19000 per year for their rsync service and

Re: Spamhaus...

On 2/21/2010 12:32 PM, Jon Lewis wrote: On Sun, 21 Feb 2010, Michelle Sullivan wrote: To the best of my knowledge, MAPS was the first to do it. Uribl.com currently does it (and does the sort of query aggregation across your entire? network) that I mentioned. Can you access MAPS without a

Re: Spamhaus...

On Feb 21, 2010, at 1:01 PM, William Herrin wrote: On Sun, Feb 21, 2010 at 9:10 AM, Rich Kulawiec r...@gsp.org wrote: Hint: nothing stops the spammers from pointing the MX records for their throwaway domains at somebody else's mail servers. Among other things. MANY other things,

Re: Spamhaus

On Mon, Feb 22, 2010 at 12:08 AM, Joel M Snyder joel.sny...@opus1.com wrote: but the false positive count jumped by 112 messages per 10,000 (because APEWS was somehow having a lousy month). In general, the more reputation services you include, the more likely it is you're going to have false

Re: Spamhaus...

On Sun, Feb 21, 2010 at 1:16 PM, Patrick W. Gilmore patr...@ianai.net wrote: You should not randomly respond to packets at arbitrary rates.  If you do, you are being a bad Netizen for exactly this reason.  See things like amplification attacks for why. ... -- Whether it's SMTP, TCP, or

RE: Spamhaus...

-Original Message- From: William Herrin [mailto:b...@herrin.us] Sent: Sunday, February 21, 2010 10:02 AM To: Rich Kulawiec Cc: nanog@nanog.org Subject: Re: Spamhaus... On Sun, Feb 21, 2010 at 9:10 AM, Rich Kulawiec r...@gsp.org wrote: Hint: nothing stops the spammers from

RE: Spamhaus...

-Original Message- From: Patrick W. Gilmore [mailto:patr...@ianai.net] Sent: Sunday, February 21, 2010 11:17 AM To: NANOG list Subject: Re: Spamhaus... On Feb 21, 2010, at 1:01 PM, William Herrin wrote: On Sun, Feb 21, 2010 at 9:10 AM, Rich Kulawiec r...@gsp.org wrote: Hint

Re: Spamhaus and Barracuda Networks BRBL

Is it your position that, as a vendor of antispam services, nobody else should offer their services for a fee? That would be strange indeed. On Fri, Feb 19, 2010 at 5:41 AM, Dean Drako dr...@barracuda.com wrote: With respect to Barracuda Networks and Spamhaus. I expect, but I do not know,

Re: Spamhaus...

On Fri, Feb 19, 2010 at 08:20:36PM -0500, William Herrin wrote: Whine all you want about backscatter but until you propose a comprehensive solution that's still reasonably compatible with RFC 2821's section 3.7 you're just talking trash. We're well past that. Every minimally-competent

Re: Spamhaus...

On Fri, 19 Feb 2010 21:28:41 -0800 Scott Howard sc...@doc.net.au wrote: On Fri, Feb 19, 2010 at 5:20 PM, William Herrin b...@herrin.us wrote: On Fri, Feb 19, 2010 at 3:30 PM, Rich Kulawiec r...@gsp.org wrote: Barracuda's engineers apparently think that using SPF stops backscatter -- and it

Re: Spamhaus...

On Feb 20, 2010, at 12:28 AM, Scott Howard wrote: On Fri, Feb 19, 2010 at 5:20 PM, William Herrin b...@herrin.us wrote: On Fri, Feb 19, 2010 at 3:30 PM, Rich Kulawiec r...@gsp.org wrote: Barracuda's engineers apparently think that using SPF stops backscatter -- and it most emphatically does

Re: Spamhaus...

On Feb 20, 2010, at 8:08 AM, Rich Kulawiec wrote: On Fri, Feb 19, 2010 at 08:20:36PM -0500, William Herrin wrote: Whine all you want about backscatter but until you propose a comprehensive solution that's still reasonably compatible with RFC 2821's section 3.7 you're just talking trash.

Re: Spamhaus...

I don't know WTH is up with your large Cc: list but I've removed it to keep the conversation here, where it started. More below -- On Feb 19, 2010, at 12:53 PM, Dean Anderson wrote: So you should think that its ok for blacklists to charge money for things they got for free? In the case of

Re: Spamhaus...

On Sat, 20 Feb 2010 09:51:33 EST, Daniel Senie said: Instead of saying well, it's obvious to everyone, do something about it. *brrring... bring...brrriiing...* Cluephone. It's for you. 5321 Simple Mail Transfer Protocol. J. Klensin. October 2008. (Format: TXT=225929 bytes) (Obsoletes

Re: Spamhaus...

On Sat, 20 Feb 2010 09:46:21 EST, Daniel Senie said: I don't know when this was that they didn't do validation. So they validate... The Barracuda boxes will accept mail for domains they know about but without validating the email address in the event the target mail server is down. And yes,

Re: Spamhaus...

On Feb 20, 2010, at 10:01 AM, Marc Powell wrote: On Feb 19, 2010, at 12:53 PM, Dean Anderson wrote: So you should think that its ok for blacklists to charge money for things they got for free? In the case of Spamhaus, yes, I find it acceptable to pay them for the service they are

RE: Spamhaus...

'' page, in the Spam Bounce (NDR) Configuration section. Frank -Original Message- From: Scott Howard [mailto:sc...@doc.net.au] Sent: Friday, February 19, 2010 11:54 PM To: William Herrin Cc: nanog@nanog.org Subject: Re: Spamhaus... On Fri, Feb 19, 2010 at 9:28 PM, Scott Howard sc

Re: Spamhaus...

On Sat, Feb 20, 2010 at 8:08 AM, Rich Kulawiec r...@gsp.org wrote: On Fri, Feb 19, 2010 at 08:20:36PM -0500, William Herrin wrote: Whine all you want about backscatter but until you propose a comprehensive solution that's still reasonably compatible with RFC 2821's section 3.7 you're just

Mail Best Practices and Documentation (was Re: Spamhaus...)

On 2/20/2010 9:06 AM, valdis.kletni...@vt.edu wrote: On Sat, 20 Feb 2010 09:51:33 EST, Daniel Senie said: Instead of saying well, it's obvious to everyone, do something about it. *brrring... bring...brrriiing...* Cluephone. It's for you. 5321 Simple Mail Transfer Protocol. J.

Re: Spamhaus...

On 2/20/2010 10:36 AM, William Herrin wrote: They didn't exactly fix it. What they did is reinforce the importance of generating a bounce message by keeping the existing must language from 2821 but adding: A server MAY attempt to verify the return path before using its address for delivery

Re: Spamhaus...

Scott Howard wrote: On Fri, Feb 19, 2010 at 5:20 PM, William Herrin b...@herrin.us wrote: On Fri, Feb 19, 2010 at 3:30 PM, Rich Kulawiec r...@gsp.org wrote: Barracuda's engineers apparently think that using SPF stops backscatter -- and it most emphatically does not. Reject

Re: Spamhaus...

We don't expose our selves with finger and .plan and a number of other things that work in a world of friends and neighbors--the world has changed It's changed all right. Finger is now called IM presence, and .plan is called Facebook. Given that the world now has dozens of alternate channels

  1   2   >