Should You Trust MAPS?

patrick42 asks: "Recently, my co-location facility was hit by a massive blacklist by an over-zealous 'investigator' at MAPS. 180,210 IP addresses in total are included in the blacklist -- and all because of a few spam complaints that weren't dealt with quickly enough. To make matters worse, they put this in effect either late Friday night, or early Saturday morning -- hours during which MAPS is not available for contact! (Mon-Fri, 9-5 only) How do people deal with MAPS and other RBL services who will not cooperate or be reasonable? And on a broader front, are you really prepared to trust a company like Kelkea, Inc. (owners of MAPS) to decide what emails gets to you without really knowing how they operate and deal with resolution processes?"

"I spent all weekend long trying to get a hold of the people at MAPS, as they don't bother telling you when they are open. When I finally got a hold of someone on Monday morning (not an easy task, mind you!), they told me that they are not open on the weekend, so it would have been *impossible* to resolve this issue quickly. And because I was only a customer of the company who owns these IPs, they would not unblock my subset of IPs. Despite the problem originating from a handful of IP addresses, MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend! I had already made several phone calls and emails to my co-location facility, and they told me they were doing their best to get a hold of someone there. Several emails had been sent, and just as I first experienced, they could not reach anyone at MAPS by phone. When I finally talked to someone at MAPS, he told me that he would not be proactive in the matter by actually phoning my co-locator to work this out.

These people at MAPS thinks themselves quite high and holy, and in some ways they are: many ISPs and the like will bounce emails just because MAPS tells them to. (I've since removed MAPS from my list of RBL servers to check.) As a small-business owner, MAPS can be very hurtful to a business and very uncooperative in helping resolve the issue. I gave them a couple subnets of mine to unblock, but they would not, even though my IPs were not involved in the original complaint.

This experience has certainly made me think twice about who I trust to decide the fate of my incoming email."

No.

[slashalive]

Nobody should trust maps, as they might be out of date, or insecure and flawed.

Re:No.

[justin12345]

RBL's are a terrible idea. I wouldn't say they are outdated though, mostly because they were always a terrible idea.

There is nothing easier for a spammer to defeat then a RBL; they just set up a server in their closet and run their own SMTP server. Most DSL and cable connections use temporary IP addresses and you can't RBL Verizon. No spammer is going to co-lo a server to send spam from.

Spam complaints are often ridiculous due to user ignorance. I used to work for a company that send a plain text newsletter to a 100% opt-in mailing list once a month. To receive a mailing a user either had to sign up on the website or via a piece of paper on the front desk. They still would get spam complaints both to themselves and to their ISP.

Half the time they were from people that specifically signed up to get mailings. It wasn't as if we were mailing previous customers or anything, you had to say "please send me your newsletter". Evidently these people either forgot or changed their mind and couldn't be bothered to click the opt-out link at the bottom of the email. Somehow, 9 out of 10 of these people were AOL users, Funny.

The other half they were even more crazy. One time the guy was not even in the mailing list database; we weren't sending him mailings. We even checked with him to see if he had a second address that could be forwarding mail to the one in question but he claimed he had no such mailbox. There was simply no way for us to remove him from the list because he wasn't on it in the first place. Another time, we deduced that someone else had signed up the person in question (the person's last name was recorded in the database as "Assface"). Evidently someone didn't like them very much and had signed them up for every mailing list they could find. Kinda a good method of getting back at someone I suppose. (everyone that has ever flamed anyone on /. and posted an email address cringes)

Laws, RBLs, regulations... all these things are both ineffective and erode our freedom. If you don't want spam there are three things to do: 1) Don't post your email address on the web, use a PHP mailer instead. 2) Don't give out your personal address, use a a "spam" address. My Dad once gave his real address to one of those "win a Segway" things at the mall (he must have been drunk or something), he now gets about 200 spams a day, up from zero. 3) Use an email filter. The good ones don't even use blacklists and work great.

And well... 4) Don't piss someone off that knows your email address.

Re:No.

[rekoil]

Another time, we deduced that someone else had signed up the person in question (the person's last name was recorded in the database as "Assface").

You obviously didn't have a confirmed opt-in system in place then...if you had, the address in question wouldn't have gotten on the list, he would have gotten one email asking him to confirm his subscription, and nothing else if he didn't reply to it.

Re:No.

[jp10558]

In this day and age, anyone with any sense who has a legitimate need to run a mail server on a dynamic address also relays through their ISP's mail servers and bypasses blocks like that anyway.

Except that doing that takes away one of the big advantages of running your own mail server, a lack of limits on outgoing attachments. Now, depending on ISP, this may or may not be a big deal, but in 2005, a 2MB attachment limit is rather small.

I personally like running my own e-mail server for several reasons, one IMAP + webmail if I want.

Two, I don't have to change my e-mail address every time I move from college back home for the winter, or when I transferred colleges or go on to Grad School, or change my parents e-mail when we changed ISP's last year or just today to DSL.

Three, buy using my own PC, I can use the free dydns service to have a practically unlimited mailbox size (well 50GB, but...) unlimited e-mail addresses, aliases etc for free as opposed to paying for hosting monthly.

Also, in terms of flat out buying e-mail service, I've found running my own server to be either the equal or better in terms of reliability. For free to me, as I have the PC and net connection regardless of the third party e-mail service.

I personally hate the blocks that spammers and others are forcing on us ligitimate users who want to actually use their PC for stuff. VNC blocks piss me off, because the resnet staff tell me it's a security vulnerability. Well, VNC is free for me to use, I can't afford, nor do I have any desire to pollute my system with the shit of PC Anywhere. I also don't believe PC Anywhere has a Java client you can use from any PC like TightVNC does.

They started blocking things like TOR. FTPS, SSH. I tried to explain to them that SSH is far from unsecure/unauthenticated. I said if they allowed SSH I could then tunnel VNC over that and it wouldn't bother anyone.

They even block IRC Chat! Not just DCC, but you can't even chat. Now DCC has legitmate reasons to be blocked, but chatting? Let me tell you that you can get more info from IRC than you ever could from yahoo (which they allow).

And if you are an astalavista.net member, you can't even use the Java IRC Client.

Anyways, I really get pissed off over the thought that we NEED to have companies being the server to us clients. I think P2P has shown that people are capabile of being PEERS in the internet, like it was designed to be.

And moreso, they(the resnet, or ISPs) consider that users should be second class citizens for whatever reason. Heck, most of the listed "servers" wouldn't touch the bandwidth usage of Kazaa or Bittorrent.

A sword that cuts both ways

[Space+cowboy]

Whereas I have sympathy for the innocent bystander (as the poster appears to be), and whereas I agree that uncompromising behaviour can be frustrating, the SPAM black hole servers are somewhere between a rock and a hard place...

They can't just block small sections of netblocks (because a spam-happy ISP will just allocate new IP's to their paying spammer customer) - the only way they can police the offence is to ban the block.

They can't just add people back in when they've been blocked either - there has to have been some resolution of the problem, and that has to come from the ISP, at least IMHO. A customer running a website will say anything (especially if they're a scum-of-the-earth-spammer-type customer) to get back online. AN ISP who lies knows their next block will be more permanent...

OTOH, Being unavailable out of hours is ... frustrating. In the end, that will reduce the value of the service, and perhaps MAPS will be overtaken by someone who perhaps charges a fee, but is in some what accredited and responsible for their actions.

The real problem though isn't MAPS and their attitude, it's the spammers. Get rid of the spammers and you get rid of the need for MAPS. These lowlife internet-scum are where any ire ought to be directed, again IMHO.

A Sony NDA I once signed said that in the event of disclosure of anything under NDA, Sony would seek damages, and that financial reparation may not be sufficient penalty. The point being that the penalty *ought* to have teeth, and atm, the spam penalties do not. If you want less spam on the 'net, you're going to have to accept more regulation of the 'net. Another double-edged sword...

Simon

Re:A sword that cuts both ways

[AKAImBatman]

They can't just block small sections of netblocks (because a spam-happy ISP will just allocate new IP's to their paying spammer customer) - the only way they can police the offence is to ban the block.

Doesn't this suggest that the MAPS approach might be the wrong one to take? i.e. Have you ever tried swatting a fly with a shotgun? You could chase it around all day, and all you're likely to do is destroy your own house.

Re:A sword that cuts both ways

[Malc]

It's not the spammers who are really getting hurt here. The collateral damage caused by MAPS' brain-dead sledgehammer approach is not justified.

You mentioned an operation similar to MAPS that could charge a fee. Who would pay this? The spammer, or the victim, or the person signing up for the service? That sounds so open to abuse and extortion if it's the victim who has to pay to be unblocked.

I've had to deal with other RBLs and they're a holy pain in the arse. They're not worth the service they provide. They might save a couple of people from recieving some spam, but they're costing others time, money and stress in the process. To make it worse they invariabley have a terrible attitude. They're no better than vigilantes in most cases, and are normally a good demonstration of why vigilantes aren't tolerated in the real world.

Re:A sword that cuts both ways

[tricops]

Uhmm, wouldn't blocking an entire block of 180,000 IPs be more akin to swatting a fly with a square mile sheet than a firing at it with a shotgun?

Re:A sword that cuts both ways

[Just+Some+Guy]

Have you ever tried swatting a fly with a shotgun?

Yes, but I'm that kind of person.

Re:A sword that cuts both ways

[dillon_rinker]

Godwin's law and all that...but your analogy is flawed. We're not trying to kill a fly. If we were, someone would have built a flyswatter by now.

Rather, what we're engaged in is the unconditional surrender of Nazi Germany. Sure, all we REALLY needed to do in WW II was fire a single bullet into the brain of Der Fuhrer, but getting to that point required the invasion and destruction of much of Europe. Once the menace was gone, the Continent was rebuilt.

The rather scary part of this analogy, of course, is that the subsequent peace on the continent was secured by the decades-long occupation of the continent by a foreign army (ie the Americans). THAT is my concern in the anti-spam wars. The cure may be worse than the disease. (See other comments in this thread about increased government regulation.)

It is unfortunate that geeks aren't better at forcing other people to play nice.

Re:A sword that cuts both ways

[ajs]

This is a myth.

I'm sorry, but the idea that only blocking known offenders is unworkable has been proven wrong over and over.

I use a combination of greylisting, SPF and a small number of blacklists which have strict non-collateral damage policies.

Today, as an example, on a small personal system I've actively rejected 2576 connections, and allowed 228 messages. Of those 228, 75 were then identified as spam by SpamAssassin. A 97% success rate on a VERY low-bandwidth / CPU first-pass is more than acceptable for almost any application, given that you have a second pass (e.g. SA) which further improves your results to about the 99.9+% level.

The trap that people end up in is thinking that they need their first-pass to be as effective as a stand-along spam filter. Not true. You only need it to be effective enough to reduce the burden on your network and hardware by skimming off most of the incoming spam before it has a chance to consume those resources. If you're a VERY large ISP, then you might need to adopt additional measures (and while I despise the way AOL has done it, for example, I understand their reasons). If you're not one of the 10 largest ISPs in the world, then you are kidding yourself.

I have one user who asked me if mail was broken when I first deployed this. He was concerned because he'd come to think of the steady trickle of spam as a sort of heartbeat.

Re:A sword that cuts both ways

[n.wegner]

>"Projectile" is a Crosman 760B Pumpmaster Air Rifle

You throw your gun at them?

Re:A sword that cuts both ways

[op00to]

Indeed. Anyone who uses MAPS to blackhole mail is an idiot, and should have their root privs taken away. Seriously. These sorts of lists are GREAT for greylisting -- increase your spamassasin score by a few points, or something like that.

But anyone who uses MAPS to blackhole servers is lazy and incompetant.

Re:A sword that cuts both ways

[killjoe]

I run a mail server at home to service a few domains I have. I subscribe to multiple RBLs and they help an immensely to cut down on the spam.

Honestly I don't care it you are an "innocent victim" of an RBL. My use of RBLs is completely voluntary. If you send me mail and I don't get it I don't see how it harms you at all. I am presuming of course that your email was so great and useful that it caused me tons of money not to have read it.

BTW my mail server has a bounce message that says you were in a blackhole. If you know me then you also know my gmail account and email me there so I can put you on my while list. Hell you could just call me too.

If I sent an email to a business and it bounced I would probably call them and ask them if there were alternative methods.

So sorry, no tears from me. My RBL list blocks hundreds of emails every day for that I am grateful.

Re:A sword that cuts both ways

[prizog]

Well, let's say it's a very large fly, with a profile of 1 cm^2. And let's assume it represents 1 IP. Then the fly swatter would only have to be 18 m^2. This is roughly 140,000 times smaller than a square mile sheet.

MAPS are assholes

[dspisak]

They are a big pain in the ass for us providers to deal with. But they are also a necessary evil too sometimes. Personally I like the Spamhaus lists much better. And Spamhaus isn't a bunch of assholes so that gets them the cookie in my book.

RBLs are a failure

[MoxCamel]

There was a time that I supported RBLs wholeheartedly. In theory, they're a great way to approach the spam issue as a community. And for awhile, they even worked that way. RBLs were very effective in the fight against spam.

But in practice, the RBL community has been a bust. The maintainers are often militant and, IMHO, too emotionally attached to the problem. They don't provide a service anymore--they provide a surgeon with a chainsaw. While it's extremely easy to get a site on an RBL, it's often difficult or impossible to get off one. There are exceptions of course, but in general you are a designated spammer until some random magic happens and you manage to get yourself off. (yes, there are procedures, usually on a website, but often removal requests will go unreplied to, and in some cases will error. Sometimes removal works and often it doesn't) And Goddess help you if the previous owner of your IP address was a spammer. (And no, I've never run an open relay.)

I hate spam, but I don't use RBLs anymore. It's too bad, really. They were a great idea, but have been poorly managed. I'm sure someone will post links to the "good" ones, but using them is like reaching for the few good apples in a barrel of rotten ones.

Mox

Re:RBLs are a failure

[Phil+Karn]

I absolutely agree. My past run-ins with the MAPS people have been extremely unpleasant. "Militant" is exactly the right word. "Self righteous jerks" would also apply.

A while ago, when the MAPS DUL virus first began to spread, my dad began to have problems delivering his mail from his Linux system on a cable modem. So I contacted MAPS and told them about what I naively assumed they would agree was unintentional collateral damage. Not only did they refuse to take his IP address off the list, they were spiteful enough to contact my dad's ISP and register a complaint about his "unauthorized" server!

It goes without saying that my dad is not a spammer. And we both see to it that his system is properly maintained and configured. All we ever wanted was to exchange email email without depending on his ISP's slow and unreliable mail servers.

MAPS and other spam vigilantes are actually far worse than the spammers they claim to be fighting. No spammer has never prevented me from sending or receiving wanted email. MAPS often does so, and they have to go away. Since they're unlikely to do so on their own accord, our only alternative is to educate the ISPs to not use their services. Openly boycot any ISP who subscribes to the MAPS, and tell them we simply don't want their "help" in blocking email. Patronize the more enlightened ISPs that give you a choice as to how or whether your mail will be spam-filtered.

Re:RBLs are a failure

[Obfuscant]

The maintainers are often militant and, IMHO, too emotionally attached to the problem.

Once upon a time, I monitored the SMTP traffic on one of my systems very carefully. I wrote a special-purpose demon that pretended to be an SMTP server, which logged attempts at sending email, but still passed email to postmaster and from specific people (just like the RFCs say it must).

One day, I found a series of attempts at routing email through my server. A whole series of email with RCPT TO's that were off-site. I reported this to the abuse addresses that were responsible for the IP address that was the source.

Now, I expected one of two things to happen: they'd ignore the problem report, or I'd get a "thanks" for pointing out the problem. What I GOT was a cranky response from an anti-spammer telling me it was his GOD GIVEN RIGHT to hammer on my server in any way he saw fit, and a listing for the entire ORGANIZATION in one of the RBL-like listings as "uncooperative". All because I caught him testing my system and reported it.

Needless to say, I no longer bother reporting the routing attempts to anyone. If reporting spam relay tests gets me labelled a spammer and included in blocking lists, fuck it.

You're wrong

MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend.

MAPS didn't block you.

MAPS added you to a blacklist.

Some admins have decided to block you based on you being in the MAPS list.

That may or may not be a good decision on the part of the admins.

Its easy to get angry with MAPS, but they're just publishing a list.

MAPS very flawed...

[raydobbs]

First, they want you to pay for the service. They will consider free usage occasionally, but take it from someone who has submitted five (5) applications for that kind of consideration - and have been flat out ignored - they are not a valid solution anymore, and are just looking to make money with the least amount of effort.

Re:Customer service vs customer service.

[ShaniaTwain]

Yeah, except it sounds like the submitters IP was not involved in the spam complaint. Its difficult to respond to something you never recieve.

If hunting spammers was legal this wouldnt be a problem at all.. Uh. unless someone thinks you sent them spam due to faked headers etc..

At the very least it should be reasonable to punch someone who buys something from spam. The main problem is the vast and bountiful supply of idiots that make it worthwhile for the spammer bastards to carry on as they do.

Re:Customer service vs customer service.

[tricops]

Uh, that helps absolutely none in this particular case. If you'd bother to read the text, and it wasn't even a full article, some OTHER company/person was responsible for 180,000 IPs getting blocked, including his subnets which had ABSOLUTELY NOTHING to do with it.... His company's customer service had squat to do with it. Neither did his ISP's really...

DNSBLs are a mixed bag

[Neophytus]

Some are well maintained, and even automatically maintained. spamhaus and spamcop come to mind. One of the less desirable ones that comes to mind is SORBS, where if they list you in one category you've got to donate $50 to charity, per message, to be delisted. You're an ISP providing smtp to your customers, and you're listed again? Tough.

Re:MAPS is better than SPAM

[patrick42]

Actually, no, that's not what I'm admitting. My co-location provider had some customers that were the problem. And when I talked to them, they said those problem customers were terminated before the blacklist even happened. They didn't respond to MAPS in time, and MAPS took it upon themselves to blacklist 180,000 IPs, affecting innocent people like myself all over the world.

Similar thing...

[AusG4]

happened to my girlfriend's work, a charity, operating a clear, double-opt-in newsletter service about their ongoing work... some moron who clearly subscribed to their newsletter decided it was easier to use an automated "report as spam to ORBS" tool then it was to simply reply to the e-mail, click the "unsubscribe now" link, or re-visit the web site and opt-out via the very prominent, very obvious opt-out tool.

ORBS, in turns, blacklisted their mail server as an open relay, and then had the unbelievable nerve to tell my girlfriend that they would lift the ban in exchange for a "donation" so that they could continue to run their service.

While this isn't criminal, it's morally repugnant.

Bottom line, "blacklist" services like ORBS/MAPS are a horrible, misguided and idiotic idea. Case study after research project after real-life experience can attest to this.

Re:MAPS is better than SPAM

[jeff4747]

So you admit, that you were relaying SPAM No, read the guy's story again. A) He was not sending spam. B) Someone else at his ISP did send spam through the IPs they get from the ISP. C) His ISP did not respond 'fast enough' for MAPS. What is not clear is what is 'fast enough'. D) MAPS blacklisted him.

Story has valid complaint.

[AtariDatacenter]

1. MAPS finds problem, discovers hosting by co-loc, bans entire co-loc.
2. Very shortly after ban, MAPS is unavailable for contact for 48+ hours.
3. MAPS refuses to unban innocent bystander.
4. MAPS refuses bystander's plea to contact co-loc.

Seems to me that MAPS has several problem. Aside from procedural issues, perceived arrogance, negligence, incompetence. Submitter is right. Overzealous, for sure.

I sure wish they were better. It hurts the users.

Re:Not anymore

[MightyMartian]

Well, I think it's pretty damn irresponsible for RBLs to be blocking entire subnet, as tempting as that might be. We had RoadRunner do that to our /23 address space, and we couldn't even find anyone who could do anything about it. I eventually said "Screw you" and refused delivery of anything with "rr.com" on the end of it. A few months ago, the block simply disappeared.

Is this rhetorical?

[UnknowingFool]

Should You Trust MAPS?

On behalf of many members of the male gender I would say no. We don't trust those lying overpriced pieces of paper. And we don't ask for directions. We rely on our innate sense of direction.

One time, I even made it to Mexico without consulting a map. It took me days but I got there. I learned a lot that I didn't expect from that road trip. Like it's so cold in Mexico that there's moose everywhere. Also the Mexicans tend to pronounce things a bit differently. Like "about" is pronounced more like "aboot". And they tend to say "eh?" a lot. It's far different than the Mexico I read about as a kid.

Re:Not anymore

[allgood2]

I agree, my first real negative experience with them, was when I was attempting to be proactive. I was setting up an email server and wanted to find out what holes came in the base configuration. I feed it an IP plugged the in-progress server to get back a report, and found my IP address automatically blocked. This address belonged to an active server that was already properly configured but the client didn't have any extra IPs for me to use. There server was down the entire weekend, plus three workdays, before I could get them to remove the ban. Yet, they encourage techs to test a machine and receive a report of security holes. After that, I pretty much put out the word to never use their service to test a machine that's being built.

I hate spam, but their methods pretty much demand a new approach to fighting spam, creating blacklist, and even just testing servers. Their support is horrible and while it guarantees it will hurt a spammer here or there, that's pretty much like shooting in a crowd then stating well at least I killed a bad guy.

No, YOU get real (Was: Re:Get real)

[B747SP]

When Al Qaeda flew 737s into the world trade towers

No-one ever flew 737s into the world trade towers. ITYM 767s. The ones that landed in the pentagon and the paddock were 757s.

And anyway, WTF does any of this have to do with terrorism? It's a ridiculous link - a way to invoke Godwin without actually mentioning the 'n' word perhaps?

RBLs are advisory. RBLs do not block email. Which parts of this are y'all having so much damn trouble with. The operators of about 8 different RBL lists advise me (in response to a request for information that I initiate) that the MTA that has just contacted me is coming from an IP address that is known to have been used recently by a spammer. I choose to refuse to accept the proposed email delivery from that source on the strength of advice from one or more RBLs. (eight different ones, as it happens, on my home postfix server. It takes a full fifteen seconds for my smtp daemon to answer when you connect 'cos of all the lookups!!!).

Why is it so damn hard to grasp? Realtime Blackhole Lists do not block spam . Administrators and their policies block spam, and they've every right to choose what arrives on their boxes and what doesn't!

The original poster (article) has no right to get upset at anyone for my decision not to accept email from him. All he gets to do is F.O.A.D. Getting his royal whinge frontpage on slashdot is nice for him, but it's not a right or a guarantee.

Welcome to ISP email administration - Level 2

[ziegast]

It doesn't matter if it's MAPS, ORBS, SPEWS, Spamhaus, or even AOL; if you administer outbound email, you are likely to be affected by someone protecting their email systems from spam. It is usually not your fault, but if others don't normally get listed frequently, there has to be some reason (unresponsive upstream ISP, something one of your customers or users is doing, a preventable misunderstanding about mailing lists) that got you listed.

If one RBL service has too many false positives, ISPs usually stop using them. MAPS is still in business, so their false positive rate probably isn't absurdly high.

Here are some tips to help email administrators keep their email flowing:

1. Negotiate ahead of time to get your servers whitelisted or registered as a "good" server. This means setting up proper forward/reverse DNS, configuring SPF, possibly registering with one or more "bonded sender" programs, looking at the AOL postmaster FAQ and getting into their whitelist system, etc.

2. Lease yourself a shared or dedicated server (think $25/mo -$60/mo) at another colocation facility that you can use to configure to be a mail relay for your primary mail servers. If delivery fails enough from your primary server, it should requeue the message to go out via your relay, perhaps after you've diagnosed the cause of the blocking complaint.

3. Setup test scripts to periodically poll major DNS RBLs for the status of your IP address and alert you when you're listed. (Perhaps tie this in to automatically activate your relay server in #2).

4. Ask your ISP what their spam policies are and assess your risk to getting mixed up in their other customers' problems. If they aren't vehemently anti-SPAM themselves, consider another provider for your outbound mail. By "vehemently", I mean: They have their own enformcement policies and 24-hour contact escallation policies with each customer, and will shut down customers that are not responsive to handling complaints.

5. If you manage mailing lists, make sure each and every message at the bottom has a link to the proof about how the recipient opted in for the message. (PS: Stop using email to distribute content! It's so, like, 20th-century. If your content is any good, they'll access it regularly via the web or RSS it into their portal.)

-ez

(Disclaimer: I'm the the inventor of DNS RBL. Your misery is partly my fault. Mua ha ha ha.)

Karma: Whore (you look at your score after posting)

TCP/IP Elitism [was Re:Not anymore]

[ArghBlarg]

Why is an IP address not just an IP address? Stop being so elitist. IP didn't have a NOBLEMAN/SERF bit in every header last time I checked.

It's lazy ISPs' faults that spammers aren't shut down quickly, thus these blacklists have to take out whole blocks, causing collatoral damage like the original article describes.

The internet was designed to allow PEERS to talk to ther PEERS. It's an equal-opportunity protocol stack, by design. Too bad some people no longer believe in this principle.