[tor-relays] Collaborative Bad-Abuse-Sender Blocklist

Matt Corallo tor-lists at mattcorallo.com
Mon Sep 28 18:54:08 UTC 2020 

Different folks have different views on abuse reports, and that's perfectly OK. But "taking it up with list XYZ" isn't 
going to change that (see discussion on NANOG a few months ago on this very topic =D) - people are always going to have 
their own views on who's responsibility it is to solve "abuse" (under their current definition). My personal abuse 
policy is "I reach try to help you, but if you keep sending the same automated stuff over and over and don't reply when 
I reach out, I drop your mails". I figure there are several Tor exit node operators with similar policies and 
collaborating on such blocklists would save all of us with similar policies time.

Matt

On 9/28/20 2:18 PM, Tortilla wrote:
> 
> 
> On Mon, September 28, 2020 5:04 pm, Matt Corallo wrote:
>> Hi all,
>>
>> I run a few relatively-small exit nodes, and still get a decent flow of
>> the usual Fail2Ban, blocklist.de, and such
>> garbage to abuse PoCs. I tend to proactively find appropriate abuse/noc
>> contacts to provide a response informing them of
>> how they can appropriately block all Tor exits from their SSH ports if
>> they wish, but often get either no or indignant
>> responses about how sending a stream of garbage abuse reports is a useful
>> service to the internet (nevermind that most
>> large providers don't bother handling abuse reports anymore because of
>> exactly this behavior). After a reply or two I
>> usually add senders to a blocklist and bounce them at the mailserver with
>> a notice about spam not being useful.
>>
>> Is there any interest in building up a shared blocklist of senders who
>> feel its their right to send Fail2Ban emails in
>> non-machine-parsable formats and not bother handling replies to their
>> emails they expect others to handle, or does
>> anyone already have such a list?
> 
> I believe you should bring this question to the mailops and/or SDLU
> mailing lists. It's contentious to start blocking people who are trying to
> do the right thing or who have even built collective services (sourced
> from more than just one operator) around doing so, but your experience is
> an important one to take into consideration. Certainly the abuse of abuse
> desks is something that larger organizations know all too well and overall
> it actually decreases the effectiveness of fighting spam and other abuse.
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

More information about the tor-relays mailing list