RBL_DNS_LIST SUGGESTION

What a stupid detective you are!
A good detective will detect the spam. Did you? No! Ofc not! You're not that good! So you call yourself a good detective just because you saw a few names on PTR records. And also, just because you saw a few "possible" PTR records is not a reason to block an entire ASN with more than 3000 IPs.
Tell us all why you don't block hurricane electric or cogent, or NTT, or Telia, or Verizon or AT&T? They send a lot of spam (verified spam) but you won't block them.
I tell you why, because if you do, you'll get flooded by complains, right?
And you call yourself "professional" and "detective"? Looool!
Has for the others that say if he blocks you, you won't use his list, it's not like that. You're not thinking right. If he blocks you, you won't be able to send emails to any server that is using his list. Simple has that.

Like I said before, I may host anybody on my network, but will they be able to do anything they want? No! Ofc not! Do you see spammers on OVH network? No. Because they filter their outbound SMTP ports like I do.
 
Do you see spammers on OVH network? No. Because they filter their outbound SMTP ports like I do.

A simple "I don't know what I'm talking about" would have sufficed, but this is an acceptable alternative which serves to communicate an identical sentiment. For that, I am appreciative.

Code:
root@gw:~# darun grep 15.235.137.21 /var/log/exim/mainlog \| wc -l
longhorn.mxrouting.net: 6
tuesday.mxrouting.net: 0
monday.mxrouting.net: 12
wednesday.mxrouting.net: 0
moose.mxrouting.net: 10
eagle.mxlogin.com: 44
pixel.mxrouting.net: 14
blizzard.mxrouting.net: 6
arrow.mxrouting.net: 48
taylor.mxrouting.net: 6
lucy.mxrouting.net: 10
shadow.mxrouting.net: 22
safari.mxrouting.net: 7
echo.mxrouting.net: 48
sunfire.mxrouting.net: 95
london.mxroute.com: 56

100% of those equal 1 spam email from 1 OVH IP in 1 day. But hey, let's see if anyone reputable agrees: https://bgp.he.net/ip/15.235.137.21#_rbl (Screenshot: https://files.freesocial.co/f.php?h=1Q1Yv5kb&p=1)

Strike 3 buddy. 🤘
 
Last edited:
Yeah... But still you didn't explain why you don't block hurricane electric or cogent, or NTT, or Telia, or Verizon or AT&T and even OVH (they also have auto-generated PTR records on their network)
 
Yeah... But still you didn't explain why you don't block hurricane electric or cogent, or NTT, or Telia, or Verizon or AT&T and even OVH (they also have auto-generated PTR records on their network)

If you're genuinely curious, happy to answer. OVH is blacklisted at MXRBL, and customers are whitelisted on request, because the spam to ham ratio is too high in favor of spam from their network right now. Most of the companies you mentioned are upstream providers and while they do delegate some IP ranges to customer use, there is no high percentage of questionable customers on their ranges. However, they are not immune to having individual IPs or ranges added to the RBL when they are caught sending spam or identified as likely about to be doing so.

A whole ASN only gets blocked for two reasons:
1. The spam from their network rotates IPs far too often, among far too many ranges, to make reactively blocking IPs completely useless.
2. No history of good email coming from the range recently, and their hostnames are largely questionable with only small percentages looking fine. If over half of available PTR/A records are questionable, and there's nothing coming in from the network that anyone needs, good stuff, added.

I'd estimate that I've successfully blocked at least a couple million spam emails from #2, because spammers have to be chased around. If you blacklist their ASNs they'll move. Just like a couple days ago, they moved to RamNode. Now RamNode is blacklisted because they couldn't react to it reasonably, and Ramnode was started by someone I call a friend. Business is business, work is work.
 
A simple "I don't know what I'm talking about" would have sufficed, but this is an acceptable alternative which serves to communicate an identical sentiment. For that, I am appreciative.

Code:
root@gw:~# darun grep 15.235.137.21 /var/log/exim/mainlog \| wc -l
longhorn.mxrouting.net: 6
tuesday.mxrouting.net: 0
monday.mxrouting.net: 12
wednesday.mxrouting.net: 0
moose.mxrouting.net: 10
eagle.mxlogin.com: 44
pixel.mxrouting.net: 14
blizzard.mxrouting.net: 6
arrow.mxrouting.net: 48
taylor.mxrouting.net: 6
lucy.mxrouting.net: 10
shadow.mxrouting.net: 22
safari.mxrouting.net: 7
echo.mxrouting.net: 48
sunfire.mxrouting.net: 95
london.mxroute.com: 56

100% of those equal 1 spam email from 1 OVH IP in 1 day. But hey, let's see if anyone reputable agrees: https://bgp.he.net/ip/15.235.137.21#_rbl (Screenshot: https://files.freesocial.co/f.php?h=1Q1Yv5kb&p=1)

Strike 3 buddy. 🤘
You still stick to PTR records. LOOOOL!!!
And you don't block ovh? lool Who's winning?
Pick anyone of my 3000+ IPs and run it on your script. I dare you! If you find any emails being sent other than our antispam IP it's because you're a fake.
 
2. No history of good email coming from the range recently, and their hostnames are largely questionable with only small percentages looking fine. If over half of available PTR/A records are questionable, and there's nothing coming in from the network that anyone needs, good stuff, added.
Well... you blocked my ASN without any history at all. How does that make you? A fake!
 
Back
Top