Abuse Services et al
Abuse Tolerant Services like these: http://autopmta.com/ Has forced me to change the blacklist policy on dnsbl superblock.ascams.com (which now has anything between 2, 3 and 4+ million entries and growing nicely :) ) Before, permanent block was not possible, but now I have added a permanent block category, and if listed in this category de listing is not possible - so some of the ipv4 resource(s) has effectively become unusable, permanently. Some resource ranges change company, even change Country - but still the abuse/spam/phish/scams are ongoing... - So, simple: never de list and the problem goes away, permanently. As ipv6 works on a white list (dnswl) it does not present the same challenges as ipv4 Problems that I am still trying to resolve/solve: Facebook.com, Twitter, LinkedIN and some other "services" do not respond or bother with abuse complaints much, so they tend to end up being blocked, blocks lifted and just blocked again and again, over and over... These services rely heavily on email marketing "user notices" to market themselves and to keep them "relevant" - even by creating many fake profiles and accounts and then sending these fake email accounts copious amounts of "event notifications" or in the case of LinkedIN constantly "inviting" spamtraps to join :) the public ESP's (Google,Hotmail,Yahoo, etc) - Google and Hotmail respond well to abuse and actually cleans up, but they still end up on block lists, even after adjusting for volume, fortunately usually only for a day or two - but this still causes some problems - My personal opinion are that these services are too eager to allow anyone to create email accounts and that this largely contributes to abuse. The constant technological advances made in technology used by criminals and crime syndicates is also resulting in normal companies (not isp/esp) requiring in house abuse administrators - to manage both ingress and egress. As Commercial banks already know (and have security teams for) normal companies are figuring out that crime is becoming more targeted and sophisticated. The types of attacks cannot be handled at esp/isp level or addressed by general user training (as it is done for social engineering etc etc) Probably society in general needs more abuse education, to protect themselves, I guess - more/better media coverage? Andre
participants (1)