[Dshield] Spamhouse now listing exploited IPs in new blocklist
security at admin.fulgan.com
Wed Jan 14 13:16:41 GMT 2004
[To the moderator: if it is off-topic, please do not hesitate to
drop this message, just drop me a notice you did so]
I just noticed that SpamHaus has released a new RBL containing a list
of IPs that are know to be "exploited" in some way: Open proxy,
mass-mailer virus, etc.
Now, how about some contention: I personally applaud the effort of the
Spamhaus to provide a list of "dangerous" clients but I have to worry
about the fine prints on their web page: In the FAQ, they state that,
unless someone actively asks to be de-listed, entries in the database
are only deleted after 6 month without new submission.
Now, this period of time might be reasonable for open SMTP relay
servers, I find this period excessively long for common folks that
just happened to have been infected with a virus.
Chances are that even after taking the proper steps to stop being a
menace to the general network by cleaning up their system, patching it
and installing an anti-virus product, they will NOT know how to get
de-listed for 6 month.
Additionally, there is the problem of IP sharing: what if my neighbor,
who share the same ADSL provider as me, get listed ? Since our ISP
forces an IP change every day, I routinely get the IP he had the day
before. Now, if he is blacklisted, I will statistically get
blacklisted as well at least as much as he (and this won't even
prevent the spam from coming from his machine).
Anyone got feelings about this ?
More information about the list