[In the message entitled "Re: BGP list of phishing sites?" on Jun 28, 18:43, Simon Lockhart writes:]
> if it's easier for you to BGP-blackhole these bad sources and the only
> reason you don't is because you think it would be unfair, then you're
> part of the problem and you're helping to make the problem worse.
It's wholy unfair to the innocent parties affected by the blacklisting.
i.e. the collateral damage.
Say a phising site is "hosted" by geocities. Should geocities IP addresses
be added to the blacklist?
None of this would be an issue, if abuse desks were:
Today, they are none of the above. If any of you out there think that isn't
the case with your network, please let me know. I'll be happy to provide you
with the spam from your network over the last 24 hours (or 24 days, or 24
months, or whatever other period you like).
Blackholing is simply a way to draw immediate, and unmistakable attention to a
problem, instead of sweeping it under the carpet.
The problem is going to get worse before it gets better, much as it pains me
to say that.
Let's look at ways that it can be made better. A BGP feed, or other real time
distribution method, can be used to let your abuse desk know that there is a
problem, and to address it faster. It can be abused for this purpose as well,
so it's important for *whatever* method is used to be run by responsible,
Think about it. Please.