Why is NANOG not being blacklisted like any other provider that sent 500 spam messages in 3 days?

Mailman List Mirror (Read Only)
1

All,

Myth: NANOG supposed to be the gold standard for best practices.
Fact: 500 spam messages over the weekend.

Myth: there were no complaints and this issue was raised over the weekend
Fact: I raised it this weekend via twitter twice @NANOG, and requested
contact from SCNET (NANOG's upstream) trying to find a live person to shut
it off.

Myth: blah blah blah social media is a bad way to get ahold of netops/abuse.
Fact: Social media is an acceptable way to report abuse. My marketing
department certainly knows how to get ahold of me when such an issue
occurs. It's 2015, and if you and everyone you know isn't watching twitter
I can't help you, because you've gone braindead.

Myth: but you could have reached out to someone else and maybe done
something to stop this quickly.
Fact: I reached out to several people at ARIN and elsewhere trying to get a
live person at NANOG to no avail.

Myth: this is acceptable because NANOG has political clout in the US and
elsewhere.
Fact: If I was still running the AHBL, NANOG would be it's own private
intranet right now.

Andrew

2

Myth: Andrew’s post has utility to the 10K+ people reading it. (Not watching Twitter makes me braindead? really? Yeah, it’s 2015. Get up-to-date, should have sent a snapchat. Duh.)

Fact: Andrew should probably just un-sub since he finds NANOG useless. That would actually provide utility to the rest of us.

I repeat: The UN-PAID VOLUNTEERS on the Communications Committee do a great job. If you think you can do better, please please please volunteer. Otherwise, simply thank them for doing what you refuse to do and get on with your life.

3

Thank you, communications committee, for the work you do.

Also, if you think what happened was a spam flood, you are very lucky. While a mail admin and very active on NANAE, I ticked someone off to the point that I had more than 80,000 spam mails attacking my usenet account in a day. Not to mention six or seven irate phone calls from people who received spam with my personal contact information on it.

I suspect the flood would have been larger, but the traffic maxed out my SMTP process so lots of connections were refused.

4

Amen!

Comms team let us know if there is anything we can do to support you
otherwise thanks in advance for fixing this issue.

Mehmet

5

> Why is NANOG not being blacklisted like any other provider that sent 500 spam messages in 3 days?

Because NANOG is an opt-in list, and they're not the origin of abuse.
Their software might have inadvertently forwarded junk to the membership,
but members essentially take that chance by joining in an open list.

Adding NANOG itself to spam blacklists would neither be the solution
to the problem, nor be beneficial;
it would definitely do more harm than good, Neither would it be a
proper or correct resolution.

Myth: NANOG supposed to be the gold standard for best practices.
Fact: 500 spam messages over the weekend.

Wrong industry. NANOG is a network operators list, not a general IT or
e-mail operators list. Also, there is no gold standard for e-mail
list best practices,
other than the IETF Standards documents and Standards-track RFCs, since
different professionals have well-reasoned, legitimate differences in opinion
regarding most subjects.

Also, adhering to practices deemed good does not ensure there will be
no incidents
or attacks, Because there is no such thing as a perfect
non-attackable implementation.

Myth: blah blah blah social media is a bad way to get ahold of netops/abuse.
Fact: Social media is an acceptable way to report abuse. My marketing ...[snip]

Abuse is not reported, until submitted through proper channels.
Those are set out by the organization providing abuse contact points.

In case of emergency though, all points should be contacted, until a
definitive answer
is received; A social media post certainly doesn't seem adequate.

The reporter's communication preferences don't dictate what exactly those are.
Whether social media is a proper channel or not, depends on the organization.

In many cases, it's unreliable at best, and E-mail to all points And
such are a better idea.

occurs. It's 2015, and if you and everyone you know isn't watching twitter

I wouldn't be watching Tritter.
Not everyone is.

I think it is a bit snobby to say as if *everyone* would be watching
Twitter, which is clearly not the case.

Fact: I reached out to several people at ARIN and elsewhere trying to get a
live person at NANOG to no avail.

ARIN is a completely different org, however.
YMMV.

Fact: If I was still running the AHBL, NANOG would be it's own private
intranet right now.

This is not necessary, when you can just reverse your subscription by
cancelling it.

Just follow the link from the List-Unsubscribe header.

If you would be running an AHBL, then you know how to look at an
e-mail message and
see its full headers, right?

6

Myth: blah blah blah social media is a bad way to get ahold of
netops/abuse.
Fact: Social media is an acceptable way to report abuse. My marketing
department certainly knows how to get ahold of me when such an issue
occurs. It's 2015, and if you and everyone you know isn't watching twitter
I can't help you, because you've gone braindead.

Whats a Twitter? Is it IRC on a web-page for the addle, sort of like a "web-forum" is Usenet for the addle?

Never used a "Twitter". Web Forums rately. The 1 D 10 T quotient is too high ..

7

I was looking out for the sub-Reddit thread :wink:

alan

8

The Pony Express has been dead for years, what DO you use if email doesn't work?

9

Gopher or Archie anyone? These newfangled things confuse me. http://youtu.be/V8YBuwmtzYE

Jared Mauch

10

There is this funny piece of plastic (used to be rubber) that is ubiquitous. And works a hell of a lot more often than the Internet, frankly, especially if you don't use the Internet version (SIP).

I concur with "What's a 'Twitter'" -- I watched a colleague get fired because of that, along with something called "The Facebook".

11

Usenet & email via UUCP.

12

Ironically - but alas also predictably - I have received far more list
traffic griping and moaning about this than I actually got from the spam
run.