[anti-abuse-wg] Use of RIPE region space by out-of-region users, was RIPE policy
Ronald F. Guilmette rfg at tristatelogic.com
Wed Mar 9 15:46:40 CET 2011
In message <6ECF18BD-3F5B-4E9C-917A-087ED01AF626 at blacknight.ie>, "Michele Neylon :: Blacknight" <michele at blacknight.ie> wrote: >On 9 Mar 2011, at 13:26, Ronald F. Guilmette wrote: >> Was there some particular reasons why Nigerian fraudsters would have been >> allowed to send e-mail through your servers in Jan of '010? Did you have >> a security melt down? > >ROFL > >We are a hosting company. Are you under the impression that this fact gives you some sort of special dispensation to send me spam? If so, allow me to suggest, politely, that you reevaluate your assumptions. >Our clients can and do do silly things from time to time The way you say that, so nochalantly, it sounds to me like you have been aware of this fact of human nature for quite some time now. Assuming so, what, if anything, has your company done to compensate for it? (Some other hosting companies who care about their reputations and about not polluting the Internet have arranged for all outbound port 25 connects from end-luser frequently-compromosed machines to be either blocked or else transparently redirected to a machine, or set of machines, where outbound filtering takes place... you know... in order to fully suppress the inevitable and easily forseeable Nigerian 419 spam outflow from the inevitable and easily forseeable compromised end-luser machine.) >If / when we get reports to our abuse desk about such behaviour we take act >ion Right. I think that's pretty much what the guys in charge of Chernobyl said too... "Just let us know if there's a problem with these tests and we'll clean up the mess afterwards." Call me old-fashioned, but I've always believed that, all things considered, it's better not to screw up in the first place than it is to apologize after- wards. In other words, the time to stop spam is quite certainly NOT after it has already entered my inbox. (It never ceases to amaze me how many providers seem to think that they have earned some sort of accolades or appreciation for their selfless act of shutting the barn door after the horses have already bolted.) >And blocking our domain name isn't exactly the sanest way of blocking junk >from our network .. Actually, it has worked with 100% effectivness. What's insane is for people to accept the ludicrous notion that they should spend their own time wading through reams of spam e-mail every day, just because thousands of companies like your's don't much feel like investing in proper spam outflow control. (In my case I recognized a long time ago that life is just too short.) >>Do you have ``customers'' to whom you simply sell IP addresses, and nothing >> else? > > >We don't sell IP addresses > >We sell services which include IP allocations and LIR services > >*cough* > >We generally would hope that the clients would take bandwidth and other ser >vices from us, but we also have clients who pay us just for blocks of IPs a >nd the management of same Facinating. Really. I really did construe from that other gentleman's remarks that this sort of thing was entirely verboten, based on existing RIPE rules. >>> but I don't see why where a company is based is relevant >> >> Hey! I don't make the rules. I'm just trying to understand what they are > >Well I think you need to take that up with RIPE's policy people. Not necessary, as what you said (below) answers my question and also con- forms to my existing understanding. >> Maybe location _isn't_ actually relevant to anything, ever. But it has >> been my understanding that if a company from your side of the pond came >> over and asked ARIN for a hunk of IPv4 space without so much as putting >> a single server or router anywhere in North America, then you'd be politely >> told to go fish. > >Well we would only be doing that if we had kit in the US .. I can't think o >f any reason why we'd do it otherwise OK, so you agree that with respect to IP address allocations, location _does_ nmatter in at least some contextx, e.g. when one is requesting an allocation directly from an RiR, yes? >Location of the company isn't relevant. Location of network equipment proba= >bly is .. OK. Now we are getting somewhere. Can you tell me what is the ``location of the network equipment'' with re- spect to the RIPE-issued block 126.96.36.199/20? Where does it seem to be?