Do DNS blacklists generally block entire IP C-nets?

My college just floated me a horror story regarding mail servers and DNS blacklists. (We maintain the mail servers for our company and its customers.)

He said that DNS blacklists (like e.g. SORBS and Protected Sky) may block an entire C-net of IP addresses after repeated spam offences from one or more IPs in that C-net.

Looking for a reason to be even more wary of blacklists I googled this, but found no mention of it.

Is blacklisting entire IP C-nets an accepted methodology in the world of DNS blacklists?

Hubro

Posted 2016-05-03T09:06:58.283

Reputation: 4 846

They can only blacklist the SPAM IP's but not the entire subnet. – manjesh23 – 2016-05-03T09:12:56.040

Answers

This all depends on the listing policy of a blacklist. Some do it for sure. There's no "accepted methodology", it's all up to the owner of the blacklist to define the listing policy.

Some start off with listing individual IP's in a /24 (let's not call it a class C, we stopped using classful routing 20 years ago) and if there are too many problematic hosts within a specific /24 the entire /24 gets listed. Some (possibly other) blacklists choose to widen the range of listed IP's if the owner doesn't take action quick enough, starting with individual IP's (/32's) and gradually increasing it to a /24 or bigger, eventually listing all IP's registered to a network.

Teun Vink

Posted 2016-05-03T09:06:58.283

Reputation: 2 107