[Asrg] Re: Asrg Digest, DNSBL BCP v.2.0

[Martin Hannigan]

On 3/2/07, gep2 at terabites.com <gep2 at terabites.com> wrote:
> As you know, in a recent thread I commented on what a
> LOUSY solution IP-address-based blacklists are, in
> general.

Yes, they are.

> Part of the problem is that it is a VERY blunt instrument,
> especially for companies which operate a large network
> from behind a NAT router.

This is a normal and accepted method of operating a network for an
enterprise. I do not
believe this has any relevance in the argument of "good" vs. "bad", personally.

[ SNIP ]

> All works well until about a week and a half ago, one of
> their computers managed to get infected by some kind of
> exploit (despite every machine in the company having and
> running Symantec Antivirus software which is updated
> daily).  We found the problem within 24 hours and managed
> to clean it all up, (hopefully!) but meanwhile at least
> one or two E-mail blacklists (including XBL) flagged the
> IP address of the company's router, and starting on the
> 21st some of their E-mails stopped getting delivered due
> to the blacklisting.  By Saturday, as more ISPs picked up
> on the new list, E-fax (who processes and delivers their
> fax-by-e-mail transmissions) suddenly started bouncing
> even their outgoing fax attempts (even though their
> systems had been clean, as best we can tell) for at least
> two or three days already.
>
> Businesses which count on reliable AND TIMELY e-mail
> transmissions simply cannot have their E-mail
> transmissions blocked "en masse" like this.


Email has never been reliable, and can't be counted on to be
timely. There are too many variables. You may have been having
"good luck", but that appears to have run out as far as business
process goes.

Your best bet  is to create some better process around your
mission critical applications. I suspect you will be waiting a long time
for something else to happen.

-M<