New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Spamhaus is at it again.
http://www.spamhaus.org/sbl/query/SBL214350
Bam, the whole /16 is blacklisted. Maybe people will start reconsider using Spamhaus?
I mean, this will keep happening, more and more people will rent PI space and some will end up in ASNs of spammers, or some people which will resell, for example servers or VPNs, or VPSes. What happened with blocking by ASN? Is that so hard now? Or Resilans are late with the "cut" for Spamhaus ?
Get IPs from others... Because renumbering is easy and this wont happen again.
Comments
"ALLOCATED PI" is an interesting status for the netblock in the RIPE database. How is that even possible?
At this rate I expect there to be 3,706,452,992 ipv4 addresses blacklisted by SpamHaus by the end of 2015..
Anyone want to take this bet?
It is apparently not blocked anymore as per that link.
Spamhaus hasnt been a reliable service for a decade. The lost their very last credibility when they included an entire domain registry(!) in their list because it didnt delete a domain as requested by Spamhaus. Simple blackmail.
Im mutual on this, spamhaus is draconian in nature, however spam is a very real problem.
Web hosts particular of the low cost VPS variety arent doing enough to stop spam, is it too much to say okay during a probation period you must relay mail through our special mail relays (some rules on hypervisor that only port 25 traffic to a local smart host with quotas and monitoring etc..) or whitelisted servers (postmark/sendgrid/mandrill/ses/mailjet etc..), after 90 days we'll release the restriction or alternative send us a copy of passport and credit card to expedit the lift.
This similar policy to redstation http://www.redstation.com/dedicated-server/dedicated-server-faqs - very smart.
So once the range gets listed, what exactly is the procedure to remove it?
You have to email Spamhaus letting them know that appropriate action has been taken.
And how do they verify that?
It is a matter of trust I guess.
After they remove it, and the exact same notification appears again, then I think you would have more trouble the next time getting it removed.
It's not uncommon to get hammered with every IP in a /16. that seems to be why some of these companies exist. I'm all for spamhaus. They are doing a great job.
I agree with you, I have had no bad experiences with them. We get all entries removed very quickly and do not tolerate spammers whatsoever. As we currently don't have our own AS, the notifications go to our DC and they forward them to us to act on.
If a company continually fails to act on the notifications and sufficient proof has been given for spamming from multiple subnets on their network, it is their own fault that the whole range gets listed.
Simple solution is to act swiftly if you get a notification and have some decent checks in place to make sure spammers don't slip through the order verification process.
That is okay as long as you control the range. When you do not, then you have a problem. None of those incidents listed were from our ASN, yet, they blacklisted ours too. They threatened to blacklist the ASN for two incidents in the past, apparently, that is no longer possible and they blacklist the whole range if it is PI, no matter where is split to, if you have bad luck, no problem, you buy from others and then they will get blacklisted too. Renumbering is perfectly fine, once every month or so, we dont want to get bored with the same IPs all the time, isn't it ?
Nope, even if you act swiftly they still may list your entire range. SpamHaus doesn't care about your business, they only care about the people who sponsor them with money, and that means if they feel bored they may blacklist a /16 that includes you.
Did you even read the topic?
I guess this is a problem i dont know if gmail just really god at it but i almost never get any spam in the inboxes i look at its always emails or mailing lists that i have signed up for.
I guess something like this could work out in the end i use mandrill since it gives me some stats i know there are many like it i dont have to worry about configuring email ever that way and my code likes it. Its a shame the internet was not setup in away that a provider can get a nice large subnet then slice it into smaller ones but register the slices to there customers so at least its not the whole DC getting black listed but its then one provider and then that provider can slice it up and flag it to one person or domain.
Actually, that can be done up to a point but then, who stops DCs to assign "fresh" block to spammers each time they need it (daily) and put the "dirty" ones to "cool off"?
The blacklisting of providers is legitimate if they do that, however, this is not the case with resilans, you cannot just block a whole /16 because there were a few cases involving a couple of people having a couple of /24s... Spamhaus HAS the ability to block by ASN therefore, they could have blocked the ASN of the perpetrators, case closed. Since they didnt take the easy way this means there is some other motivation involved, probably their need to get a cut from the RIPE IP trading.
The idea of Spamhaus is not bad at all.
It is a way to handle things and blocking more than one IP is the only way to pile on the pressure to a provider to stop/change things.
So if everyone would own his/her ips and all swift information would be correct they should be allowed to block wider rangers.
But we are not living in an ideal world. So they should cope with that and try to do the best to balance their sword.
Lots and lots of LowEnd providers do not SWIP IPs or ranges whatsoever, and if someone goes and does it ; children open a thread screaming about their privacy when their friend finds their address on the kid's RSGP IP with IP WHOIS.
Been down this road, it's much easier to not SWIP anything; and have an internal rWHOIS database that answers up to queries that are done through the right sites (ie: sites that actually query referral, not just RIPE/whatever directly.)
Luckily, sites that query referral as well are not the first results on Google, so a lot less stupid threads get started here as a result.
P.S: SpamHaus also doesn't care who the IPs are SWIP'd to, they blacklist the block after a single address had a single email reported as spam, then proceed to blacklist your entire pool of ranges (everything on your Org ID / POC IDs.) It's happened to us three times already.
Not even that, it seems the guys at the "well known "flooring" scheme" are really behind with their cut, they blacklist for hosting dns too, something you cannot do anything to defend against. 99% of spammers we catch ourselves and with the help of spamcop. Spamhaus is not after spammers, in general, only after some.
We (as Resilans) actually had several /16's and some /19's in their blocklists, we wrote an incidentreport of the event if you wish to read, in short, a lot of the swedish municipalities and authorities were unable to send or receive email due to Spamhaus erratic behaviour, here's a small list of who were affected: http://webb.resilans.se/documents/spamhaus-incident-20140227-en.pdf
Sad to see, Spamhaus is crazy when it comes to "blocking spam". I've seen similar issues where some websites/activists got blamed for DDoS'ing Spamhaus simply due to them being on the same range/AS as the attack originated from.
As for Spamhaus - Skit skall skit ha.
Boo to the spammers !!!
Riksrevisionen (The Swedish National Audit)
Swedish Armed Forces
Resilans AB Box 45 094, 104 30 Stockholm Telefon: 08 - 688 11 80 Fax: 08 - 55 00 21 63 [email protected]
Swedish Nuclear Fuel and Waste Management Co, SKB
Karlstads Kommun (Karlstad municipality)
Boverket (The National Housing Board)
Swedish State Power Board (Vattenfall)
Telefonaktiebolaget LM Ericsson
Oskarshamns Kommun (Oskarshamns municipality)
Linkoping University
Luftfartsverket (The Civil Aviation Administration)
Lantmateriverket (National Land Survey)
County Administration of Gothenburg
Östhammars kommun (Östhammars municipality)
Länsstyrelsen i Norrbottens lan (County Board of County Norbotten)
Myndigheten for Samhällsskydd och Beredskap MSB (Authority for Civil Contingencies MSB)
Täby kommun (Täby municipality)
Akademiska sjukhuset Uppsala (Uppsala University Hospital)
Chalmers University of Technology
Umeå Universitet (Umeå University)
SUNET (Swedish University NETwork)
Stockholms Universitet, DSV (Stockholm University)
D-GIX Service network (NETNOD)
Royal Institute of Technology
DNS root name server i.root-servers.net
Karolinska Institutet
Saab AB
Försäkringskassan (Social Insurance Agency)
Statskontoret (State Treasury)
Posten (The Swedish postal service)
Stockholms läns landsting (Stockholm County Council)
Vårdguiden (Health Care Guide)
Strålsäkerhetsmyndigheten (the Radiation Safety Authority)
Örnsköldsviks Kommun (Örnsköldsvik municipality)
Naturvårdsverket (Environmental Protection Agency)
AUTONOMICA DNS-services
IKEA IT AB
Statens Livsmedelsverk (National Food Administration)
Dagens Nyheter (Newspaper)
Vägverket (Swedish Road Administration)
European Space Agency (ESA)
Volvo Information Technology
SAS
NasdaqOMX
Aftonbladet (Newspaper)
NORDUnet
Spotify Ltd
Resilans AB
ftp-archive on SUNET
Sveriges Riksbank (The Central Bank of Sweden)
Stadsledningskontoret (The Executive Office)
Statens Jordbruksverk (Board of Agriculture)
Did you know gullable's not in the dictionary?