On Mon, September 28, 2020 5:04 pm, Matt Corallo wrote:
Hi all,
I run a few relatively-small exit nodes, and still get a decent flow of the usual Fail2Ban, blocklist.de, and such garbage to abuse PoCs. I tend to proactively find appropriate abuse/noc contacts to provide a response informing them of how they can appropriately block all Tor exits from their SSH ports if they wish, but often get either no or indignant responses about how sending a stream of garbage abuse reports is a useful service to the internet (nevermind that most large providers don't bother handling abuse reports anymore because of exactly this behavior). After a reply or two I usually add senders to a blocklist and bounce them at the mailserver with a notice about spam not being useful.
Is there any interest in building up a shared blocklist of senders who feel its their right to send Fail2Ban emails in non-machine-parsable formats and not bother handling replies to their emails they expect others to handle, or does anyone already have such a list?
I believe you should bring this question to the mailops and/or SDLU mailing lists. It's contentious to start blocking people who are trying to do the right thing or who have even built collective services (sourced from more than just one operator) around doing so, but your experience is an important one to take into consideration. Certainly the abuse of abuse desks is something that larger organizations know all too well and overall it actually decreases the effectiveness of fighting spam and other abuse.