nanog mailing list archives
Re: Repeated Blacklisting / IP reputation
From: "Wayne E. Bouchard" <web () typo org>
Date: Tue, 8 Sep 2009 11:44:44 -0700
On Tue, Sep 08, 2009 at 10:16:33AM -0500, Ronald Cotoni wrote:
Tom Pipes wrote:Greetings, We obtained a direct assigned IP block 69.197.64.0/18 from ARIN in 2008. This block has been cursed (for lack of a better word) since we obtained it. It seems like every customer we have added has had repeated issues with being blacklisted by DUL and the cable carriers. (AOL, AT&T, Charter, etc). I understand there is a process to getting removed, but it seems as if these IPs had been used and abused by the previous owner. We have done our best to ensure these blocks conform to RFC standards, including the proper use of reverse DNS pointers. I can resolve the issue very easily by moving these customers over to our other direct assigned 66.254.192.0/19 block. In the last year I have done this numerous times and have had no further issues with them. My question: Is there some way to clear the reputation of these blocks up, or start over to prevent the amount of time we are spending with each customer troubleshooting unnecessary RBL and reputation blacklisting? I have used every opportunity to use the automated removal links from the SMTP rejections, and worked with the RBL operators directly. Most of what I get are cynical responses and promises that it will be fixed. If there is any question, we perform inbound and outbound scanning of all e-mail, even though we know that this appears to be something more relating to the block itself. Does anyone have any suggestions as to how we can clear this issue up? Comments on or off list welcome. Thanks, --- Tom Pipes T6 Broadband/ Essex Telcom Inc tom.pipes () t6mail comUnfortunately, there is no real good way to get yourself completely delisted. We are experiencing that with a /18 we got from ARIN recently and it is basically the RBL's not updating or perhaps they are not checking the ownership of the ip's as compared to before. On some RBL's, we have IP addresses that have been listed since before the company I work for even existed. Amazing right?
This is not actually a new problem. ISPs have been fighting this for some time. When a dud customer spams from a given IP range and gets it placed in various RBLs, when that customer is booted or otherwise removed, that block will probably get reissued. The new customer then calls up and says, "my email isn't getting through." All it takes is a little investigation and the cause becomes clear. In my experience, there is absolutely no way to deal with this other than contacting the companies your customer is trying to email one by one. Not all of them will respond to you but when they are slow or do not act at all, quite often if the recipient on the other end calls them up and says, "WTF?" it generates more action. Sadly, I do not foresee this problem getting any easier. Best practices for the public or subscription RBLs should be to place a TTL on the entry of no more than, say, 90 days or thereabouts. Best practices for manual entry should be to either keep a list of what and when or periodically to simply blow the whole list away and start anew to get rid of stale entries. Of course, that is probably an unreal expectation. -Wayne --- Wayne Bouchard web () typo org Network Dude http://www.typo.org/~web/
Current thread:
- Re: Repeated Blacklisting / IP reputation, (continued)
- Re: Repeated Blacklisting / IP reputation Benjamin Billon (Sep 10)
- Re: Repeated Blacklisting / IP reputation Peter Beckman (Sep 10)
- Re: Repeated Blacklisting / IP reputation Joel Jaeggli (Sep 11)
- Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 10)
- Re: Repeated Blacklisting / IP reputation Joel Jaeggli (Sep 11)
- Re: Repeated Blacklisting / IP reputation Leo Vegoda (Sep 10)
- Re: Repeated Blacklisting / IP reputation Christopher Morrow (Sep 13)
- Message not available
- Re: Repeated Blacklisting / IP reputation Tim Chown (Sep 14)
- Re: Repeated Blacklisting / IP reputation Valdis . Kletnieks (Sep 10)
- Re: Repeated Blacklisting / IP reputation Christopher Morrow (Sep 13)
- Re: Repeated Blacklisting / IP reputation Wayne E. Bouchard (Sep 08)
- Re: Repeated Blacklisting / IP reputation Jon Lewis (Sep 08)
- Re: Repeated Blacklisting / IP reputation Justin Shore (Sep 08)
- Re: Repeated Blacklisting / IP reputation Rich Kulawiec (Sep 14)
- Re: Hijacked Blocks (was: Repeated Blacklisting / IP reputation) John Curran (Sep 14)
- Re: Hijacked Blocks (was: Repeated Blacklisting / IP reputation) Christopher Morrow (Sep 14)
- Re: Hijacked Blocks Chris Marlatt (Sep 14)
- Re: Hijacked Blocks Christopher Morrow (Sep 14)
- RE: Hijacked Blocks Azinger, Marla (Sep 14)
- RE: Hijacked Blocks Azinger, Marla (Sep 14)
- RE: Repeated Blacklisting / IP reputation, replaced by registered use Michiel Klaver (Sep 15)