Le 31/08/2025 à 18:02, Viktor Dukhovni via mailop a écrit :
On Sun, Aug 31, 2025 at 03:43:56PM +0000, Slavko wrote:
Dňa 31. augusta 2025 15:06:53 UTC používateľ Viktor Dukhovni via mailop
<mailop@mailop.org> napísal:
IP space are PBL listed, they are rarely XBL or SBL listed.
Wrong, XBL lists any exploited IP (or so), including the end
users, and end user's IP are changing. AFAIK Spamhaus
warns about this and i can confirm, that Spamhaus is right ;-)
Try to guess what will happen when users get new IP which
was infected before...
XBL listings don't last very long, my impression is that they expire
shortly after the trigger behaviour ceases. But, sure, perhaps MSA
providers can be expected to be more tolerant, and/or the source ISP can
be expected to be more vigilant to keep their own IP space clean.
From what I've seen, I would think listings last at least 48h. The IP
in question is still listed in the XBL and the Spamhaus removal page
show offending behavior from this IP dated 29/08 14:50 UTC, from their
page it is however unclear if that is the first offending behavior or
latest as they just word it as "recent".
Over here, it is not uncommon for DSL ISP to give you a 24-hour DHCP
leases, and then assign a different IP on lease renewal. Which means you
can pollute IP faster than Spamhaus listings expire.
And that's not even taking into consideration the collateral damage that
can be done if the IP for a CGNAT gateway gets listed: one cell phone
gets compromised and starts sending crap to Spamhaus' sensors and then
the hundreds or thousands of customers that share the same IP thanks to
GCNAT are unable to send mail through MSA providers that uses Spamhaus.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
