Abuse procedures... Reality Checks

Hash: SHA1

I would have to respectfully disagree with you. When network
operators do due diligence and SWIP their sub-allocations, they
(the sub-allocations) should be authoritative in regards to things
like RBLs.

Yes. But the answer is that it also depends how many other cases like
this exist from same operator. If they have 16 suballocations in /24
but say 5 of them are spewing, I'd block /24 (or larger) ISP block.

Why? When you can block on more specific prefixes? This just
doesn't make sense to me.

The exact % of bad blocks (i.e. when to start blocking ISP) depends
on your point of view and history with that ISP but most in fact do
held ISPs partially responsible.

Indeed -- your point of view. Which I would argue is unfair
and not "due diligence".

- - ferg