[ppml] Last Call for Comment: Policy Proposal 2002-6

McBurnett, Jim jmcburnett at msmgmt.com
Wed Nov 13 19:30:49 EST 2002 

But what is the solution?
The spammer is usually blocked by each and every end user, the ISP  of the end-user being spammed or the ISP of the spammer.
If any of these are done then should the block change hands we are still left with the problem.

If the records are kept so that XYZ corp was blocked due to Spam and you as DEF corp discover that you can't send mail to ABC corp.
I think ABC corp.'s ISP should be able to see fairly easily that XYZ no longer owns the block and can fix it..

This depends on the ISP knowing why they blocked it and if necessary creating a global "black-list".
I know we don't want to do this, but I don't see any other idea....

Jim

-----Original Message-----
From: Taylor, Stacy [mailto:Stacy_Taylor at icgcomm.com]
Sent: Wednesday, November 13, 2002 7:27 PM
To: 'Joe Baptista'; McBurnett, Jim
Cc: David Conrad; Einar Bohlin; ARIN PPML
Subject: RE: [ppml] Last Call for Comment: Policy Proposal 2002-6


This issue also affects the larger CIDR on occasion.  If an abuser was on
one /24, some ISPs will block the CIDR to which it belongs, even if the ISP
has taken care of the spam.  Geoff of Exodus and I spoke of this at length
at the conference.

Presumably, if the block has been returned, the former user is out of
business or on another block and cannot be contacted.  How does it help us
to know who that was?  
Are we forced to use this space in tiny blocks to interrupt the routing?  I
think we can ill afford to blacklist blocks.

Stacy

-----Original Message-----
From: Joe Baptista [mailto:baptista at dot-god.com]
Sent: Wednesday, November 13, 2002 3:54 PM
To: McBurnett, Jim
Cc: David Conrad; Einar Bohlin; ARIN PPML
Subject: RE: [ppml] Last Call for Comment: Policy Proposal 2002-6



On Wed, 13 Nov 2002, McBurnett, Jim wrote:

> Exactly!
> I got a Class C from my provider and I get at least 500-1000 hits a day to
two of my IP's for DNS services, Which are there anymore and other less
frequent hits to web services ports.

sometimes legacy traffic is automated (no human in charge).  the equipment
or software thinks there's something there and keeps trying.

We have the same issues on some of our IP - old customers who still get
queried.

regards
joe baptista

More information about the ARIN-PPML mailing list