North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
- From: Andy Johnson
- Date: Thu Jun 20 14:19:34 2002
> > I fail to see how blacklisting neighboring subnets (not associated with
> > the organization in question) instead of just the offending one is "in
> > order".
> Let me clarify, then.
> If the offending ISP does not respond, and you have exhausted all avenues
> available to you to get the ISP to get its customer to stop spamming -
> whether by TOS'ing the customer, education or whatever - then escalation
> may work if the collateral damage caused by escalation is enough to get
> the spammers' neighbors to complain to the ISP.
> And I don't think this is a potential solution only for spam; it is
> appropriate (IMESHO) in other abusive situations too.
Doesn't anyone see the irony here? Fighting abuse with abuse is somewhat
counter-productive. SPAM prevents people from reading their email by a)
filling up mail server queues b) filling up user mailboxes (and/or quotas)
c) increased message count causes more time to be spent hitting delete, than
searching for operational or important communications.
This all boils down to more or less the user missing/not receiving an
important email. So by blacklisting a netblock which originated SPAM, and
more importantly, its neighbors (or in SPEWS case, the entire AS and
netblocks announced from it), you are preventing valid emails from being
delivered. So SPEWS is just as guilty of depriving people of their mail as
spammers are IMO.
Regarding your last comment, when tracking down and filtering a DoS, do
you filter just the offending IP space, or ALL netblocks announced by that