Er - a couple of ways 1. If you run a farm of mail servers, something like splunk for your logs is kind of necessary. How difficult is it going to be to trigger a splunk alert on whatever looks like an administrative block? Either by a large provider, or by a DNS block list.
2. You can rsync spamhaus and grep for mentions of your ASN, get ISP feedback loops etc. On a larger topic - NANOG and M3AAWG (also RIPE and M3AAWG’s summer meeting in Europe) really ought to collocate or at least be back to back in the same city somewhere down the line - maybe with a day’s worth of joint sessions on topics of mutual interest (malware detection and mitigation, DDoS filtering .. there’s a lot going on in M3AAWG that’s not plain old mail or even messaging) It still won’t solve the larger problem that a lot of routing and DNS folks won’t find it of interest, but well, over the decade ++ I’ve been around M3AAWG I see an ever increasing number of (security focused, mainly) *nog regulars turn up there. —srs > On 29-Jul-2015, at 10:37 AM, Bob Evans <b...@fiberinternetcenter.com> wrote: > > I see that point - however, spamhaus has become a haus-hold word these > days and everyone runs into these issues....its not malware or bots we > block from a network level blackhole. Yet it is basic network operations > these days to have to deal with someone complaining about their hacked > mail server is now fixed yet they cant get mail. We usually tell them the > quickest way is to address spamhaus to get it removed and in parallel also > move the mail server to a new IP and change the dns and rDNS to the new > one. It gets us out of having to help with these RBL issues. > > When an RBL sends a notice we jump on it and get it to the > customer...however, they usually dont send us or the customer anything.
