Re: [mailop] Is it something to worry about?

Thu, 21 Jan 2021 08:25:08 -0800 





First off, I'm subscribed to this list, there is no need to email me AND 
the list.




Sorry, I was just honoring the "Reply-To:" header set by the list.


It's what they themselves say: they changed their formula two days ago, 
and because of this thousands IP addresses that were not listed are now 
listed.  See http://www.uceprotect.net/en/index.php?m=12&s=0 .



I know they did that change, I support it just like I thing the PBL is a 
good thing.  Are you saying they should be prohibited from making that 
change?





The point is not whether they should be prohibited from doing this, the 
point is whether it's a right thing to do.  And yes, I do think it is 
wrong to blacklist tens of thousands of IPs because a few of them (less 
than 1%) misbehaved, and to ask the other 99% to pay to be whitelisted.



One concrete example: AS16276 has 3583744 IPs.  Out of these, 2327 sent a 
spam in the last 7 days according to uceprotect.  That might seem like a 
high number, but it's only 0.05% of the address space of that AS. 
Because of this all IPs of AS16276 are blacklisted.



(By the way, the numbers I gave in a previous email were a too low 
estimation: they actually blocked millions of IPs (see above).  If only 
0.1% of these blocked IPs paid their whitelist fee, that would mean an 
income of at least 250,000 USD/year...)



That's orthogonal to the point at hand.  The point is that honest 
customers can have their WordPress website hacked.  This might indeed 
happen because of apathy on the part of that customer, but a server 
provider cannot do anything to detect customers that do not upgrade 
their website regularly enough.  The product they sell is a bare 
machine in a datacenter.



That is the problem, and it should not be a business model without 
consequences.  It's not a stretch to say those bare metal machines are 
munitions, should they be allowed open access?  Be careful what you ask 
for.





AFAICS that business model, which is the one pretty much everyone uses 
(Amazon, OVH, Hetzner, ...) is the only way for smaller and medium-sized 
businesses to run a server.



What other business model would you suggest?  Are there existing providers 
that use the better business model you have in mind?

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

























					Reply via email to