At 1:35 PM -0700 5/4/04, Hallam-Baker, Phillip wrote: [...]
Unfortunately, there is some evidence to the contrary. Lurk in news.admin.net-abuse.blocklisting for a bit and note the Verio and ev1.net behavior (among others). It seems that some providers have decided that the collateral damage (a bad term actually, as the original refers to *unintentional* destruction) is more than they will tolerate, and so they react as soon as there is any.The point about 'collateral damage' is not that it serves any strategic purpose, it does not, all it does is to feed the egos of the people who engage in it. It fails in the spam context for the same reason that it failled in the military context. Collateral damage forces parties who are natural allies to treat you as the enemy.
Speaking from the point of view of actually working with some heavily-spammed mail systems, I think that is wrong unless you include a very loose definition of 'is a source of spam' that encompasses 'is a member of a logical set of addresses far more likely to sources of spam than to ever offer a single piece of legitimate mail to unacquainted networks.' Generally speaking, I'm thinking of the lists that have evolved from the original concept of a dialup list, still generally referred to as 'dynamic address' lists but that's a misleading name. The real unifying element is not whether addresses move from user to user in those ranges, but that the providers (RoadRunner, SBC, Cox, Telefonica, Wanadoo, UPC, Comcast etc) are selling service at such a low price that they attract customers incapable of securing their own machines while the providers cannot afford to enforce security of any meaningful sort on their own networks. In short: networks where there is no competent authority. In some cases (e.g. the many ranges of SBC DSL space that they they SWIP with 'PPPoX Pool' in the CustName field) it is rather easy to identify likely sources of spam and other sorts of bad behavior, and blacklisting such blocks before each individual address has been abused is a very useful tactic with negative side effects that most sites will never encounter.There is a utility in certain very narrowly tailored blacklists. But they should never attempt to list any address for any other reason than it is a source of spam.