|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Another DNS blacklist is taken down
In a message written on Wed, Sep 24, 2003 at 01:28:19PM -0500, Justin Shore wrote:
> True. However I also subsribe those beliefs. When an ISP knowingly
> allows a spammer to sign up for network service, knowing full well what
> they are planning to do with it (read: pink contracts), and ignores abuse
> complaints then what other form of action is there than to use collateral
> damage at that ISP? Providers more often than not intentionally put
The answer is to take the high road and just list the spammer.
If, as you suggest, the ISP knowingly signs up the spammer then
they already expect the collateral damage, are probably, in general
ok with it, and you're not going to have any effect in getting them
to change.
However, by listing larger and larger blocks of unrelated customers
you piss off random end users, and more importantly the mail admins
that use -- and could support your RBL. I know more than a few
mail admins who gave up on various RBL's after they "went off the
deep end", blocking more legitimate mail under the guise of trying
to force ISP's to do something than spam.
I suspect a well run RBL that was able to take the high road, and
offered good responce time would find mail admins would pay a small
subscription fee, they could buy bandwidth from a provider, and
more importantly since they were a paying customer and not a kook
they would get excellent support from ISP's in tracking DDOS attacks.
That said, I don't think the RBL users often understand the complexity
of the issue, which further annoys ISP's. I know I've been involved
in several issues where a reputable e-commerce site buys service
quite above board. They then have an affiliate program, where
people can sign up online and get goods. A number of spammers then
sign up, joe-job the e-commerce company and make off with a few
hundred dollars in goods. In the cases I've been involved with the
e-commerce company immediately terminates them for violating the
terms of the affiliates agreement, but it only takes two or three
of these instances for the RBL's to start blocking the company,
screaming "pink contracts" and blocking the ISP's other users. So,
while the RBL's hurt the ISP's, and the ISP's tie up the RBL's time
with an issue they aren't going to be able to solve the real spammer
gets away scott free, and the ISP has to deal with other customers
who have been caught in the collateral damage of the RBL.
Just once I'd like to see an RBL come to my employer saying "we've
found this spam we think transited your servers and would like to
work with you to find the real source and block it". Insted they
all seem to send an e-mail to the effect of "You pathetic worthless
$*&@&@#&$#$. Stop sending this crap and terminate your customer
in the next 10 minutes, or else" and then proceed 10 minutes later
to list every IP ever affiliate with the ISP. No wonder the same
abuse people aren't eager to help when the RBL comes back and asks
for help.
--
Leo Bicknell - [email protected] - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - [email protected], www.tmbg.org
Attachment:
pgp00051.pgp
|