[tor-relays] Collaborative Bad-Abuse-Sender Blocklist

[Tortilla]

On Mon, September 28, 2020 5:04 pm, Matt Corallo wrote:
> Hi all,
>
> I run a few relatively-small exit nodes, and still get a decent flow of
> the usual Fail2Ban, blocklist.de, and such
> garbage to abuse PoCs. I tend to proactively find appropriate abuse/noc
> contacts to provide a response informing them of
> how they can appropriately block all Tor exits from their SSH ports if
> they wish, but often get either no or indignant
> responses about how sending a stream of garbage abuse reports is a useful
> service to the internet (nevermind that most
> large providers don't bother handling abuse reports anymore because of
> exactly this behavior). After a reply or two I
> usually add senders to a blocklist and bounce them at the mailserver with
> a notice about spam not being useful.
>
> Is there any interest in building up a shared blocklist of senders who
> feel its their right to send Fail2Ban emails in
> non-machine-parsable formats and not bother handling replies to their
> emails they expect others to handle, or does
> anyone already have such a list?

I believe you should bring this question to the mailops and/or SDLU
mailing lists. It's contentious to start blocking people who are trying to
do the right thing or who have even built collective services (sourced
from more than just one operator) around doing so, but your experience is
an important one to take into consideration. Certainly the abuse of abuse
desks is something that larger organizations know all too well and overall
it actually decreases the effectiveness of fighting spam and other abuse.