-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, 2021-01-21 at 16:20 +0000, Gregory Heytings via mailop wrote:
> > First off, I'm subscribed to this list, there is no need to email me AND 
> > the list.
> > 
> 
> Sorry, I was just honoring the "Reply-To:" header set by the list.
> 
> > > It's what they themselves say: they changed their formula two days ago, 
> > > and because of this thousands IP addresses that were not listed are now 
> > > listed.  See http://www.uceprotect.net/en/index.php?m=12&s=0 .
> > 
> > I know they did that change, I support it just like I thing the PBL is a 
> > good thing.  Are you saying they should be prohibited from making that 
> > change?
> > 
> 
> The point is not whether they should be prohibited from doing this, the 
> point is whether it's a right thing to do.  And yes, I do think it is 
> wrong to blacklist tens of thousands of IPs because a few of them (less 
> than 1%) misbehaved, and to ask the other 99% to pay to be whitelisted.

The PBL does just that. But I think you are wrong to use the term
"blacklist", it's just a list.  You could use that list as a whitelist
if you wanted to. I highly encourage you to do so. :)

> One concrete example: AS16276 has 3583744 IPs.  Out of these, 2327 sent a 
> spam in the last 7 days according to uceprotect.  That might seem like a 
> high number, but it's only 0.05% of the address space of that AS. 
> Because of this all IPs of AS16276 are blacklisted.

2327 IPs from that ASN sent spam in 7 days, and you are hear arguing
that is OK?!?

> (By the way, the numbers I gave in a previous email were a too low 
> estimation: they actually blocked millions of IPs (see above).  If only 
> 0.1% of these blocked IPs paid their whitelist fee, that would mean an 
> income of at least 250,000 USD/year...)

Why does 0.1% of those IPs need to send email?  Do you know that even 10
of those 0.1% need to send email?

> > > That's orthogonal to the point at hand.  The point is that honest 
> > > customers can have their WordPress website hacked.  This might indeed 
> > > happen because of apathy on the part of that customer, but a server 
> > > provider cannot do anything to detect customers that do not upgrade 
> > > their website regularly enough.  The product they sell is a bare 
> > > machine in a datacenter.
> > 
> > That is the problem, and it should not be a business model without 
> > consequences.  It's not a stretch to say those bare metal machines are 
> > munitions, should they be allowed open access?  Be careful what you ask 
> > for.
> > 
> 
> AFAICS that business model, which is the one pretty much everyone uses 
> (Amazon, OVH, Hetzner, ...) is the only way for smaller and medium-sized 
> businesses to run a server.
> 
> What other business model would you suggest?  Are there existing providers 
> that use the better business model you have in mind?

Yes, I can think of 4 right now, and I'm sure there are many more.  One
of those 4 is in your short list above.  The a few things that make
those 4 providers good are 1) They act on abuse reports, 2) they block
outbound port 25 by default, and 3) they require real ID.

- -Jim P.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJr24ACgkQPcxbabkK
GJ+LZA/+L8wS/Kr0wlN7Ul8d8LkttbOAgGQrl3mfAh4yeBIa5PBhdTzIBwOAzH0y
1XXg4mfHQwzVMuxsAinmqF39/IOQKsU/1kC6z/UqzE834kBwVhMxEvN3O1uw9cI1
VSnTZpynBZd/Zq9H5bnViBULCiFgHUy6EcRz0iD7JK9joM44+TDyKy3oVaTC8M6t
A9LHlV/9plzWlH1wvpiOGxIDc5aSYMb1FQXeyUPyS2JYCJRN7QkDJI6rFDyxbYgM
tbb25pB/njfqfBGXM7XUOSsgarAYz3zgPaiIvrOGQOyavA6nLOg8BE27iskYnpwv
eWinQnrnWHo2zF4Ejk+lyleFSgnDG0nC83u5IL983wV4H1nXxKabfrE/syTowCPr
bIErTuLtfHYa7mQSksq0vfLb3L9zEteXdryPBQNewiUJwB1KFNgGQsiysE7Zjcre
rwl5ENhGmGTjquuJkLRATI3oLJF3PJML5ezJQLUhgLgS0Jb70Wa9Tk3oQsWR7e1i
PcvQf27SVpYOyL+ytGyAvhSiD/Nv0aeQQml8c09jhwdVgu9EAp7g7Ux3iLmWcMb+
v9tBHOjUFK9S1JRljc8Wr5xr7jwI0lQoueVEi8r8Lk3MsvryfkV8ZXkRMAOr5B6h
36+iZpj6rtk3l5LnX2jT2s75YgK8atAAWFuncTgNccg5jt4A4yM=
=wYZq
-----END PGP SIGNATURE-----

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to