IP Reputation

I would like to call on organizations that provide IP reputation information to have methods available for network operators to determine if they are on their lists, what their reputation is, what it means, optionally evidence, and a means of removal of negative information. Near real-time notice of changes in your status would be recommended as well. If those wants sound ridiculous, nearly that same list of wants is provided by e-mail SPAM DNSRBL maintainers so it isn't exactly unprecedented.

I recently interacted with an organization that provides IP reputation information as a component in a larger security offering. A particular eyeball network couldn't get to a number of large web destinations. After some prodding of the company providing the security offering, it was determined that the prefix in question was because on a scale of 0 to 10 with 0 being the best and 10 being the worst, that prefix had a score of 1. They claimed they could do nothing about it as their client (the web site being visited) had that in their control. That's a half-truth. The company providing that IP reputation put them on the list (for whatever reason), while the web site chose whatever metrics to block.

Their proposed solution was to contact every web site there were issues with and request that they fix it. Okay, so an eyeball is supposed to reach out to dozens of major brands and get someone that understands the situation and can resolve it in a reasonable time frame? Most of these brands take days to address core things dealing with their core product or service, much less getting someone in IT to whitelist a prefix. I'm sorry, that's not a realistic solution.

If not a proactive alert (like a SPAM feedback loop), they need an easy form to fill out and after some automated means of verification (ASN or IP whois contact lookup), spill the beans on who, what, where, why, and how to get it fixed.

I'm not saying there was no valid reason to put them on the list. There's no easy way to determine that they're on the list, why, and any means of getting removed from the list when the problem is fixed.

With the horse trading of post-ipv4 depletion, we almost need a reg for this.


Not just horse trading, but underhanded businesses practices where a well
known "grey services" or vpn provider will rent out their IPv4s at low low
cost to force new/small ISPs into taking these IPv4s, cleaning them
up(deblacklisting and deVPN block), and releasing them back to the services
to effectively drag back through the mud.