Discussion:
APEWS: E-180006
(too old to reply)
Rapidswitch Administrator
2010-04-26 17:41:48 UTC
Permalink
Hi,

Hi,

With regards to this listing below:

========================================
Entry matching your Query: E-180006
109.0.0.0/8
CASE: C-131
Unallocated CIDR, no traffic until allocated,
or allocated but dynamic / generically named IPs,
or bogons, see www.cidr-report.org,
or orphaned IP / CIDR in routing table
Special Reason:
Dynamic IP, generic DNS, missing rDNS/PTR not permitted for direct
email connection. You must use correctly configured [with registered
working abuse contact] static IP / ISP mail servers / smarthost
service
History:
Entry created 2007-05-28 2010-03-14: Reason changed from No traffic
until allocated to Dynamic IP, generic DNS, missing rDNS/PTR not
permitted for direct email connection. You must use correctly
configured [with registered working abuse contact] static IP / ISP
mail servers / smarthost service
========================================

Subnet space 109.169.0.0/18 is listed in the APEWS block list, and
although the block is for the entire /8, which is it spans across many
ISP's, is it possible to remove only a chunk of the large /8 listed in
APEWS?

Please note that the space 109.0.0.0/8 includes over 16.5 millions IP
addresses, and it is not used by only one ISP.

Say I am the only one that is bothered to actually get something done,
and the other ISP's don't want to get involved, in order to get the IP
address removed, do I stand a chance to succeed? Or all the ISP's in
the /8 range have to contribute?

Kind regards,

Rapidswitch
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
Shmuel (Seymour J.) Metz
2010-04-26 23:26:39 UTC
Permalink
In <56d48501-13dc-45c4-bb66-***@12g2000yqi.googlegroups.com>, on
04/26/2010
Post by Rapidswitch Administrator
Subnet space 109.169.0.0/18 is listed in the APEWS block list, and
although the block is for the entire /8, which is it spans across many
ISP's,
Is it all in one big ASN?
Post by Rapidswitch Administrator
is it possible to remove only a chunk of the large /8 listed in APEWS?
Yes, but AFAIK it is not their policy to cut holes in listings.
Post by Rapidswitch Administrator
Please note that the space 109.0.0.0/8 includes over 16.5 millions IP
addresses, and it is not used by only one ISP.
AFAIK they don't believe in "too big to block".
Post by Rapidswitch Administrator
Say I am the only one that is bothered to actually get something done,
and the other ISP's don't want to get involved, in order to get the IP
address removed, do I stand a chance to succeed?
Not if you're in the same ASN. If the size of the listing is the result of
obsolete data or is an error, then you can expect that they'll change the
listing if they see your article. My guess is that it's not an error.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to ***@library.lspace.org
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
1urk3r
2010-05-03 11:27:47 UTC
Permalink
On Apr 26, 12:41 pm, Rapidswitch Administrator
Post by Rapidswitch Administrator
Hi,
Hi,
========================================
Entry matching your Query: E-180006
109.0.0.0/8
CASE: C-131
Unallocated CIDR, no traffic until allocated,
or allocated but dynamic / generically named IPs,
or bogons, seewww.cidr-report.org,
or orphaned IP / CIDR in routing table
Dynamic IP, generic DNS, missing rDNS/PTR not permitted for direct
email connection. You must use correctly configured [with registered
working abuse contact] static IP / ISP mail servers / smarthost
service
Entry created 2007-05-28 2010-03-14: Reason changed from No traffic
until allocated to Dynamic IP, generic DNS, missing rDNS/PTR not
permitted for direct email connection. You must use correctly
configured [with registered working abuse contact] static IP / ISP
mail servers / smarthost service
========================================
Subnet space 109.169.0.0/18 is listed in the APEWS block list,  and
although the block is for the entire /8, which is it spans across many
ISP's, is it possible to remove only a chunk of the large /8 listed in
APEWS?
Please note that the space 109.0.0.0/8 includes over 16.5 millions IP
addresses, and it is not used by only one ISP.
Say I am the only one that is bothered to actually get something done,
and the other ISP's don't want to get involved, in order to get the IP
address removed, do I stand a chance to succeed? Or all the ISP's in
the /8 range have to contribute?
like all readers of this newsgroup, or at least like five of the seven
readers of this newsgroup, i am intensely curious to know what
motivates you to make this request. in particular, if you have an
example of an email being rejected based upon a listing in APEWS, i am
interested in seeing it. if you are in possession of this rara avis,
please elide whatever is necessary to preserve the privacy of the
parties concerned, and post it here.


adam

--
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
Rapidswitch Administrator
2010-05-04 10:39:17 UTC
Permalink
What I don't understand is how to avoid getting listed in there, even
if we are trying to fight spam and malicious content.

The following lists are checked regularly (once a week):

- malwareURL.com
- malwarebytes.org
- malwaredomainlist.com
- http://support.clean-mx.de/clean-mx/viruses.php
- http://support.clean-mx.de/clean-mx/phishing.php

A lot of effort is put into this, to make sure that the issues are
dealt with, not because we might end up on a list like APEWS, but
because we take this seriously. It does seem like all the efforts are
in vain, seeing as the APEWS admins add the listings anyway, never
mind the wok that is done to prevent it.

Not sure really how to take it from here, when after all this, I get
this:

Entry matching your Query: E-395920
109.169.28.0/22
CASE: C-1403
Dynamic IP space, generic DNS/rDNS, no PTR
Direct connections to MX not permitted, you
need to use your ISP servers or smarthost
Special Reason:
Dynamic IP, generic DNS, missing rDNS/PTR not permitted for direct
email connection. You must use correctly configured [with registered
working abuse contact] static IP / ISP mail servers / smarthost
service
History:
Entry created 2010-05-02

Just a few notes on this:

1. The IP space is statically assigned. We do not use dynamic IP
assignment.
2. We have an abuse system in place, that deals with the abuses raised
for the space that is assigned to us.
3. The IP space that we assign to our clients have their own
registered abuse email addresses, and if there are too many abuses for
a client, the abuses are escalated to us as well.
4. We do take this very seriously and take action against SPAM and
malicious content.

Due to lack of communication from APEWS, or at least some form of
automated proof listing, we are unable to check in details what is
happening.

So either APEWS becomes a bit more professional, and implement some
automated database listings, with public access, or they do something
about the communication (lack of).

I would really like to hear any opinions on this.

Regards,

RapidSwitch
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
NFN Smith
2010-05-04 16:50:59 UTC
Permalink
Post by Rapidswitch Administrator
What I don't understand is how to avoid getting listed in there, even
if we are trying to fight spam and malicious content.
- malwareURL.com
- malwarebytes.org
- malwaredomainlist.com
- http://support.clean-mx.de/clean-mx/viruses.php
- http://support.clean-mx.de/clean-mx/phishing.php
A lot of effort is put into this, to make sure that the issues are
dealt with, not because we might end up on a list like APEWS, but
because we take this seriously. It does seem like all the efforts are
in vain, seeing as the APEWS admins add the listings anyway, never
mind the wok that is done to prevent it.
By your description, it looks like you're pretty much doing the right thing.

However, not all blacklists are created equal. Each has its own
criteria for listing and delisting (and and some lists aren't especially
observant about following their own criteria). The the case of APEWS,
the criteria is presumed to be similar to the old SPEWS list, but isn't
entirely clear.

Thus, some lists are fairly conservative, some are very aggressive, and
what lists any specific mail admin may use will depend on a specific
site's needs. As a general thing, the more aggressive a list is, the
lower number of mailboxes that it is protecting.

Thus, for a blacklist such as APEWS, it's sufficiently aggressive that
it's widely believed that it's not commonly used, at least not for the
purposes of rejecting mail. Therefore, unless you have concrete
evidence from your logs that mail from your server is being blocked
because of an APEWS listing, I wouldn't worry about it.
Post by Rapidswitch Administrator
Not sure really how to take it from here, when after all this, I get
Entry matching your Query: E-395920
109.169.28.0/22
CASE: C-1403
Dynamic IP space, generic DNS/rDNS, no PTR
Direct connections to MX not permitted, you
need to use your ISP servers or smarthost
Dynamic IP, generic DNS, missing rDNS/PTR not permitted for direct
email connection. You must use correctly configured [with registered
working abuse contact] static IP / ISP mail servers / smarthost service
The general methodology of a *PEWS blacklist is to list blocks of IP
addresses known to be emitting spam, and then expanding as necessary as
the spammers move around. In the original implementation of SPEWS, the
idea was to make it difficult for spam-friendly ISPs to continually move
spammers to new IP allocations, causing admins to have to play
"Whack-a-mole" to keep listing the new allocations. Thus, SPEWS' focus
was more on trying to list allocations belonging to spam-friendly
providers than individual customers, and the purpose of listing large
blocks (even where there was no demonstrated spammer presence) was to
note IP blocks belonging to providers that were likely to allocate those
blocks to spammers.

The problem with the *PEWS methodology was with non-spamming customers
that chose to do business with spam-friendly providers. Ultimately,
those customers had to make the choice of changing providers, sending
mail through smart-hosts on clean providers, or trying to convince
recipients to either stop using SPEWS or making whitelist exceptions.

With APEWS, the methodology is presumably similar as SPEWS, but a lot
more aggressive, sufficient that any mail admin who uses APEWS for
filtering more than a trickle of mail delivery attempts (e.g., himself,
or a small number of people) is likely to have serious problems with
significant quantities of legitimate mail being rejected (and assuming
that he's not a BOFH-type that simply doesn't care).

Thus, if your IP space is clean on the large, widely-used blacklists,
then you should be OK.

In the case of APEWS, I wouldn't bother, because the listing is directed
at your upline provider for sloppy administration, and it's probably not
causing you any problems with mail acceptance.

Smith
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
Loading...