ARIN-PPML Message

[ppml] Last Call for Comment: Policy Proposal 2002-6

due to addressing issues (mine)...this did not go out last night when I orginally wrote it, so now it is somewhat out of date, but I will send it again anyways for whatever it is worth...


This whole issue regarding blacklists seems to be growing each day and more rapidly in the past few months.  I would love to know what to tell Customers who are assigned space that was once used by some other Customer who got it blacklisted on one of the thousands of lists out there.  I can not control who creates a blacklist, nor who uses it to set up filters, so is there really any means of providing a Customer address space that will never be blacklisted?  No.  But they want temporary fixes in the meantime which is an impractical solution.  I would love to hear other people's thoughts on this but I realize I may be getting off of the topic a bit.

Thanks very much,
Jill Kulpinski

-----Original Message-----
From: McBurnett, Jim [mailto:jmcburnett at msmgmt.com]
Sent: Wednesday, November 13, 2002 4:31 PM
To: Taylor, Stacy; Joe Baptista
Cc: David Conrad; Einar Bohlin; ARIN PPML
Subject: RE: [ppml] Last Call for Comment: Policy Proposal 2002-6


But what is the solution?
The spammer is usually blocked by each and every end user, the ISP  of the end-user being spammed or the ISP of the spammer.
If any of these are done then should the block change hands we are still left with the problem.

If the records are kept so that XYZ corp was blocked due to Spam and you as DEF corp discover that you can't send mail to ABC corp.
I think ABC corp.'s ISP should be able to see fairly easily that XYZ no longer owns the block and can fix it..

This depends on the ISP knowing why they blocked it and if necessary creating a global "black-list".
I know we don't want to do this, but I don't see any other idea....

Jim

-----Original Message-----
From: Taylor, Stacy [mailto:Stacy_Taylor at icgcomm.com]
Sent: Wednesday, November 13, 2002 7:27 PM
To: 'Joe Baptista'; McBurnett, Jim
Cc: David Conrad; Einar Bohlin; ARIN PPML
Subject: RE: [ppml] Last Call for Comment: Policy Proposal 2002-6


This issue also affects the larger CIDR on occasion.  If an abuser was on
one /24, some ISPs will block the CIDR to which it belongs, even if the ISP
has taken care of the spam.  Geoff of Exodus and I spoke of this at length
at the conference.

Presumably, if the block has been returned, the former user is out of
business or on another block and cannot be contacted.  How does it help us
to know who that was?  
Are we forced to use this space in tiny blocks to interrupt the routing?  I
think we can ill afford to blacklist blocks.

Stacy

-----Original Message-----
From: Joe Baptista [mailto:baptista at dot-god.com]
Sent: Wednesday, November 13, 2002 3:54 PM
To: McBurnett, Jim
Cc: David Conrad; Einar Bohlin; ARIN PPML
Subject: RE: [ppml] Last Call for Comment: Policy Proposal 2002-6



On Wed, 13 Nov 2002, McBurnett, Jim wrote:

> Exactly!
> I got a Class C from my provider and I get at least 500-1000 hits a day to
two of my IP's for DNS services, Which are there anymore and other less
frequent hits to web services ports.

sometimes legacy traffic is automated (no human in charge).  the equipment
or software thinks there's something there and keeps trying.

We have the same issues on some of our IP - old customers who still get
queried.

regards
joe baptista