|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical /24 blocking by ISPs - Re: Problems sending mail to yahoo?
On Fri, Apr 11, 2008 at 1:22 AM, Raymond L. Corbin <[email protected]> wrote: > > Yeah, but without them saying which IP's are causing the problems you can't really tell > which servers in a datacenter are forwarding their spam/abusing Yahoo. Once the /24 > block is in place then they claim to have no way of knowing who actually caused the block > on the /24. The feedback loop would help depending on your network size. Almost every large ISP does that kind of "complimentary upgrade" There are enough networks around, like he.net, Yipes, PCCW Global / Cais etc, that host huge amounts of "snowshoe" spammers - http://www.spamhaus.org/faq/answers.lasso?section=Glossary#233 (you know, randomly named / named after a pattern domains, with anonymous whois or probably a PO box / UPS store in the whois contact, DNS served by the usual suspects like Moniker..) a /27 or /26 in a /24 might generate enough spam to drown the volume of legitimate email from the rest of the /24, and that would cause this kind of /24 block In some cases, such as 63.217/16 on CAIS / PCCW, there is NOTHING except spam coming from several /24s (and there's a /20 and a /21 out of it in spamhaus), and practically zero traffic from the rest of the /16. Or there's Cogent with a similar infestation spread around 38.106/16 ISPs with virtual hosting farms full of hacked cgi/php scripts, forwarders etc just dont trigger /24 blocks at the rate that ISPs hosting snowshoe spammers do. /24 blocks are simply a kind of motivation for large colo farms to try choosing between hosting spammers and hosting legitimate customers. srs ..
|