In message <CAKcP59JPJT2LsUTrtgAsLeUTDsCrVBWq0_Cuas8LAvNAApQ7UQ@mail.gma il.com>, Anushah Hossain <anushah@icsi.berkeley.edu> writes
surprisingly, I haven't seen the request on any other lists that are (a) relevant and (b) open -- perhaps they and their project team are not especially well connected in this space :(
This is true. We were advised to share to RIPE and regional NOG mailing lists. Are there others you would have recommended?
ask the APWG to circulate the request to their members, and you might do the same with M3AAWG
as John Levine already noted, the questionnaire seems somewhat confused as to whether it cares about routing issues (bogon lists, the Spamhaus DROP list etc) or spam filtering (bad domains, phishing feeds, botnet IPs etc etc)
Hm, I think we are interested in quite the range of blacklists.
The issues will vary considerably between different types of list
Here is a table of what my colleagues are monitoring:
image.png
it also asked if internally generated lists were used, but seemed curiously uninterested in anything other than if the answer to that was yes or no -- a missed opportunity I thought.
What would you have recommended probing here?
you could have asked an open ended question which asked what they did, how they were built, why they were built in house and how significant they were.
I have been conducting interviews with those working in abuse prevention (even at some of the companies that have been mentioned upthread) to collect more specific anecdotes about how dynamic addressing has lowered the accuracy of certain feeds,
we've had DHCP for decades (and everyone knows the issues) ... are you sure they weren't discussing Carrier Grade NAT ?
for example, or how errors in geo-IP feeds affected them.
my own impression of these is that you get what you pay for ... but unless you are buying proxies I'm sceptical that large scale abuse filtering systems use this type of info as more than a one indicator amongst many. if you buying a proxy you may care a lot more ! Zachary Weinberg, Shinyoung Cho, Nicolas Christin, Vyas Sekar, and Phillipa Gill. How to Catch when Proxies Lie: Verifying the Physical Locations of Network Proxies with Active Geolocation. In Proceedings of the 2018 ACM Internet Measurement Conference (IMC'18). Boston, MA. October 2018. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755