<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 02.03.21 10:49, Vittorio Bertola via
anti-abuse-wg wrote:<br>
</div>
<blockquote type="cite"
cite="mid:814943452.111838.1614678597752@appsuite-gw1.open-xchange.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
Il 02/03/2021 00:08 Kristijonas Lukas Bukauskas via anti-abuse-wg
<a class="moz-txt-link-rfc2396E" href="mailto:anti-abuse-wg@ripe.net"><anti-abuse-wg@ripe.net></a> ha scritto: </blockquote>
<blockquote type="cite"
cite="mid:814943452.111838.1614678597752@appsuite-gw1.open-xchange.com">
<blockquote type="cite">
<div id="editbody1">
<div style="font-size: 10pt; font-family:
Verdana,Geneva,sans-serif;">
<div style="font-family: Calibri,Arial,Helvetica,sans-serif;
font-size: 12pt; color: #000000;"> </div>
<div style="font-family: Calibri,Arial,Helvetica,sans-serif;
font-size: 12pt; color: #000000;">
<div style="font-family:
Calibri,Arial,Helvetica,sans-serif; font-size: 12pt;
color: #000000;"> <br>
UCEPROTECT blacklists the whole range of IP addresses,
including the full IP range of some autonomous systems:
</div>
</div>
</div>
</div>
</blockquote>
<div> I stress that the problem is not in blacklisting entire
providers, something that may be justified if those providers
are lenient in fighting abuse on their networks, but in
blacklisting entire providers with very weak criteria (so weak
that most big European hosters end up at least in the level 3
blacklist) and then asking for money to remove them. This is
actually prohibited by RFC 6471 (section 2.2.5) because indeed,
especially when done at scale, it looks a lot like extortion. <br>
</div>
</blockquote>
<p>They don't ask for money to be removed from the the list. The
listing gets automatically removed after 7 days of taking care of
the issue, without money changing hands. Please stop spreading
lies.</p>
<p>And yes, if they stick to they listing policy, this is ok. It is
up to users of the DNSBL to judge if they DO provide a useful
service or not. If course if your IP is listed, and you're part of
collateral damage, it is uncomfortable.</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:814943452.111838.1614678597752@appsuite-gw1.open-xchange.com">
<div> </div>
<div class="default-style"> <br>
</div>
<blockquote type="cite">
<div id="editbody1">
<div style="font-size: 10pt; font-family:
Verdana,Geneva,sans-serif;">
<div style="font-family: Calibri,Arial,Helvetica,sans-serif;
font-size: 12pt; color: #000000;">
<div style="font-family:
Calibri,Arial,Helvetica,sans-serif; font-size: 12pt;
color: #000000;"> <br>
</div>
<div style="font-family:
Calibri,Arial,Helvetica,sans-serif; font-size: 12pt;
color: #000000;"> UCEPROTECT states, '<em>Who is
responsible for this listing? YOU ARE NOT! Your IP was
NOT directly involved in abuse but has a bad
neighborhood. Other customers within this range did
not care about their security and got hacked, started
spamming, or were even attacking others, while your
provider has possibly not even noticed that there is a
serious problem. We are sorry for you, but you have
chosen a provider not acting fast enough on abusers'</em>)
[<a target="_blank"
href="http://www.uceprotect.net/en/rblcheck.php"
id="v1m_6216008562741174618LPlnk" rel="noopener"
moz-do-not-send="true">http://www.uceprotect.net/en/<wbr>rblcheck.php</a>].
</div>
<div style="font-family:
Calibri,Arial,Helvetica,sans-serif; font-size: 12pt;
color: #000000;"> <br>
</div>
<div style="font-family:
Calibri,Arial,Helvetica,sans-serif; font-size: 12pt;
color: #000000;"> It asks for a fee if some individual
IP address wants to be whitelisted (<a target="_blank"
href="http://www.whitelisted.org/"
id="v1m_6216008562741174618LPlnk" rel="noopener"
moz-do-not-send="true">http://www.whitelisted.org/</a>),
</div>
</div>
</div>
</div>
</blockquote>
</blockquote>
Well, yes. The complaint from those who end up being collateral
damage is that "we didn't spam". The last time I checked (quite a
while ago), the DNSBLs that escalate listings (causing collateral
damage) generally don't let individual IPs out of the hook. I'm not
sure which one is better. <br>
<blockquote type="cite"
cite="mid:814943452.111838.1614678597752@appsuite-gw1.open-xchange.com">
<blockquote type="cite">
<div id="editbody1">
<div style="font-size: 10pt; font-family:
Verdana,Geneva,sans-serif;">
<div style="font-family: Calibri,Arial,Helvetica,sans-serif;
font-size: 12pt; color: #000000;">
<div style="font-family:
Calibri,Arial,Helvetica,sans-serif; font-size: 12pt;
color: #000000;"> <br>
</div>
<div style="font-family:
Calibri,Arial,Helvetica,sans-serif; font-size: 12pt;
color: #000000;"> It abuses people who decide to
challenge their blacklist by publishing conversations in
their so-called <em>Cart00ney</em> (<a target="_blank"
href="http://www.uceprotect.net/en/index.php?m=8&s=0"
id="v1m_6216008562741174618LPlnk" rel="noopener"
moz-do-not-send="true">http://www.uceprotect.net/en/<wbr>index.php?m=8&s=0</a>;
<a target="_blank"
href="http://www.uceprotect.org/cart00neys/index.html"
id="v1m_6216008562741174618LPlnk" rel="noopener"
moz-do-not-send="true">http://www.uceprotect.org/<wbr>cart00neys/index.html</a>).
</div>
</div>
</div>
</div>
</blockquote>
</blockquote>
<p>Thanks for reminding me of this, it was very entertaining. The
point is NOT retaliating those challenging them, point is making
fun of those who threatening with legal consequences without going
thru with it (thus cartooney). Threatening with lawyers is just
pathetic. If you do that, you should follow up with it, as well. <br>
</p>
<blockquote type="cite"
cite="mid:814943452.111838.1614678597752@appsuite-gw1.open-xchange.com">
<blockquote type="cite">
<div id="editbody1">
<div style="font-size: 10pt; font-family:
Verdana,Geneva,sans-serif;">
<div style="font-family: Calibri,Arial,Helvetica,sans-serif;
font-size: 12pt; color: #000000;"> </div>
</div>
</div>
</blockquote>
<div> They recently published a disgustingly sexist "ad feminam"
to blame a person that dared to complain about their methods: <br>
</div>
<div class="default-style"> <br>
</div>
<div class="default-style"> <a
href="http://www.uceprotect.org/cart00neys/2021-001.html"
moz-do-not-send="true">http://www.uceprotect.org/cart00neys/2021-001.html</a>
<br>
</div>
<div class="default-style"> <br>
</div>
<div class="default-style"> They start with the argument that
since she is a woman she is stupid and "emotional rather than
objective", because she is a woman, and so they quote her
message in pink colour. </div>
<div class="default-style"> <br>
</div>
<div class="default-style"> This is completely unacceptable and I
strongly recommend that RIPE distances itself as far as it can
from these people - as a minimum, please stop using or referring
to this blacklist in any way. </div>
</blockquote>
<p>Yes, this was definitely bad form. I have no problem making fun
of cartooneys, but putting sexist spin on it is definitely not ok</p>
<p>Now, if RIPE should boycott UCEPROTECT because of this faux pass
is something we could discuss. I'd rather have someone contacting
UCEPROTECT team and get an attitude adjustment in place, but
that's me.</p>
<br>
<font face="monospace">-- <br>
</font>
<div><font face="monospace">Mr Esa Laitinen</font></div>
<div><font face="monospace">IM: <a
href="https://threema.id/2JP4Y33R" target="_blank">https://threema.id/2JP4Y33R</a>
or <a href="https://signal.org/install" target="_blank">https://signal.org/install</a></font></div>
<div><font face="monospace">Skype: reunaesa<br>
</font></div>
<font face="monospace">Mobile: +41<span style="color: rgb(0, 0, 0);
font-size: 12px; line-height: 14.4px;">78 838 57 77 </span><br>
</font>
<p><br>
</p>
<p><br>
</p>
</body>
</html>