[Dshield] Spamhouse now listing exploited IPs in new blocklist

Stephane Grobety security at admin.fulgan.com
Wed Jan 14 13:16:41 GMT 2004


[To the moderator: if it is off-topic, please do not hesitate to
drop this message, just drop me a notice you did so]

I just noticed that SpamHaus has released a new RBL containing a list
of IPs that are know to be "exploited" in some way: Open proxy,
mass-mailer virus, etc.
(http://www.spamhaus.org/news.lasso?article=151)

Now, how about some contention: I personally applaud the effort of the
Spamhaus to provide a list of "dangerous" clients but I have to worry
about the fine prints on their web page: In the FAQ, they state that,
unless someone actively asks to be de-listed, entries in the database
are only deleted after 6 month without new submission.

Now, this period of time might be reasonable for open SMTP relay
servers, I find this period excessively long for common folks that
just happened to have been infected with a virus.

Chances are that even after taking the proper steps to stop being a
menace to the general network by cleaning up their system, patching it
and installing an anti-virus product, they will NOT know how to get
de-listed for 6 month.

Additionally, there is the problem of IP sharing: what if my neighbor,
who share the same ADSL provider as me, get listed ? Since our ISP
forces an IP change every day, I routinely get the IP he had the day
before. Now, if he is blacklisted, I will statistically get
blacklisted as well at least as much as he (and this won't even
prevent the spam from coming from his machine).

Anyone got feelings about this ?

Good luck,
Stephane




More information about the list mailing list