Re:APEWS/SPEWS (Score 1)

I'm assuming you are part of APEWS since you pretty much recited verbatim what's in their rather useless FAQ? While they may run spamtraps, it has already been proven by SANS that they DO COLLECT DATA from other sources and use that to construct their blocklists. I would go read the SANS diary post. You can not defend them by claiming they use only spam traps when it has been proven they do not. If (and that's a big if) someone on an MCI data circuit (or any hot for that matter) was the problem, there is nothing stopping APEWS from listing only the IP block registered to the offender, as that info is readily available from ARIN. To list the entire MCI block, comprised of thousands of companies, is beyond stupid. As SANS pointed out, they are also listing the entire AT&T network. They took a /32 listings SANS had at http://isc.incidents.org/ipsascii.html and rolled it up to /17s. You think blocking 32,000 hosts in responce to a single IP address being listed somewhere else is helping anything? MCI is not the problem, as you say. APEWS and people who rely on it are the problem. The list is not the least bit accurate and whoever runs it doesn't seem to want to take responsibility for their bad practices. It's garbage, period.