On 6 Apr 2010, at 01:59, Claus Marxmeier wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
When starting with www.netsecdb.de in 2008 i'd never expected the decrease of spams to round about 1% of former amount to remain a stable value. Stats from last weeks, monthes and year now give proof that the setup of a central communitation matrix based on worldwide IPv4-whois databases was a great help in fighting abusive mails and a lot more.
Inspite of common hosting environments the number of spams is generally lower that the amount of mails containing wanted messaging. The hourly auto-generated configuration files for MTAs like postfix, exim, qmail and MS Excchange 2007 and later used on external partner servers show same progresses.
In addition, files that contain the blocking lists for leading TOP25 spammer-country are distributed for free.
Starting from scratch with a localized german based environment, we opened netranges from additional countries based on the incoming spamlevel. Nowadays, networks from DE, CH, AT, BE, NL, FR, GB, LU, LI, IE, IT, CZ, SE, GR, PT, NO, PL, IS, FI, ES, DK, SK, HU, RO, BG, LT, LV, EE, US, CA, IL and defined customer nets don't get blocked but get tickets instead. If a non-customers's netrange abuse-email is invalid/non-functional, range gets blocked.
Many providers integrated ticket-systems for abuse-handling and improved their quality management a lot. Only a few remained passive and surprisingly a handful of ISPs still seem to work with quota limited mailboxes to avoid a kind of work-overload.
Logfiles show an increasing number of HEADER connects to our smtp-ports just to check the current status of single IP or netrange returned by our servers.
Within the last monthes, netsol worked on rwhois integration into ARIN whois outputs which finetuned the process of generating abuse-tickets a lot.
Many RIPE members started updating their whois records and abuse-mail contacts. Sometimes this results in an very effective workflow with only a few seconds response time over far distance whereas local providers still cannot be reached cause of invalid or missing contact records.
Unfortunately the RIPE team stated by mail, that they have no job-order to take care of the integrity of it's database records i.e. finding ancient content with missing or invalid information gives random results.
There seems to be no need for a RIPE member to keep it's records up-2-date ?
Any additional information regardings spams, exploit attacks, hacking can be taken from www.netsecdb.de site's sections.
I wonder how long hosters are willing to pay the traffic, energy and CPU-time for something nobody needs to have. I wonder how long i takes for the DialUp- and Business Customers to learn, that security is a crucial part of internet activities and that their ISP's deliver very diffent qualities behind their mostly coloured flash-animated websites.
Looking forward to see the current unsolved problems beeing transported to public clouds in datacenter and poisoned high bandwith customer connections if everything remains 'same procedure as every year' ...
Kind regards,
Claus
Claus You need to learn the meaning of the word "diplomacy" Otherwise none of us will want to help you Regards Michele Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845