Below a brief explanation about things you should know
about ip address space on the internet. There's too much
to go into detailled into every point I mention below
but if something is not clear ask and I'll try to explain.
A few things you all should know about ip addres spaces.
IP addresses are being issued by registries kinda similar as
domains are. Each continent has it's own ip registry so it's
a few registries that control all the ip space NOT a single
one.
The more famous registries are ARIN (US falls under this one.),
SARIN (Asia), RIPE (Europe).
Poviders have to be a member of the registry and meet a bunch
or requirements in order to become a member and to get ips
directly assigned to them.
Providers have to provide info on the usage of the ip-space that's
assigned to them. This info is publicly available in the registry's
their whois database.
Officially providers are obligated to keep the whois db accurate which
means that every change to their ip space that was assigned to them should
be kept up2date with changes. In reality often this is not the case. Especially
not with providers who have lots of small clients which rotate quite frequintly.
They keep their own administration to keep track of the ips they've assigned
and if asked by the registry they'll use that to provide accounting info on
their ip space.
Lot's of providers are too small to be themselfes a registry member so this
means they don't have their OWN ip space but instead use the ip space of
the company/provider/carrier they have their servers with. Obviously these
companies cannot update the registry database as they don't have direct
access to it.
Each registry has their own requirements for their members. I don't know
too much about arin, sarin or others as I'm in europe so I mostly deal
with RIPE (
http://www.ripe.net/). If I'm correct the minimum ip address
space that the RIPE assigns is a /19 which is 32 c-classes of ip addresses.
1 C-class contains 255 usable ip addresses 1.1.1.x is a class C netblock.
so a /19 would be 1.1.1.x till 1.1.32.x ip addresses. To get a /19 assigned
you have to meet requirements on usuage and have a certain growth rate to
fill the assigned ip space. If you do not qualify you have to request the
ip space from the party you do business with which in most cases is another
provider, carrier or non carrier neutral datacenter.
Ok Since ip addresses are being rotated all the time changes are that the
ip addresses you get assigned have been used before. If a previous user has
abused those ips for example by using them to spam they may have been reported
to organisations like spamhaus, spamcop, etc, etc. This may result in all kinds
of problems for the new user as his ip range might be blocked for many users.
This could vary from not being able to email certain people, or users totally
not being able to access your sites.
These blacklists aren't checked regularly and being cleaned. Usually once you're
added you won't get removed or considered for removal till you contact them and
request it together with providing them some info to proof that the blocked ips
aren't being used for what they were blacklisted for.
It's practically impossible for providers to keep up with this as usually they
won't get notified if ip-space from their netblock is being added. The fact
that a provider has ip-space that is on these blacklists doesn't mean a provider
is bad or malicious itself. The older a provider is the more likely his ip space
will show up on blacklists. So to judge a provider because some of his ip-space
is on some blacklist is useless so there's no point doing so.
If a provider is willingly out to do bad and condones malicious activity take
my word for it, he will get his ip-space taken from him by the registry. You
can get away with a lame excuse 1 or 2 times but you won't if it happens too often.
This is why know spam providers have servers/ip-space in asia where there's less
strict regulations towards abuse. Registries hold the power to revoke ip addresses
and to stop them being routed over the internet.
If you want to make sure you are clean there's a few things you can and should
do yourself.
1: Don't expect others as your provider to check/unlist the ip space that was
assigned to you.
2: Google for the organisations that keep blacklists. Visit those sites and query
their db with your ip-space. If you find your ip-space is blacklisted. contact
the abuse department of the organisation inform them you recently got those ips
assigned to you and request removal of the blacklist.
They'll probably ask you for some additional info to proof you are indeed someone
else and are not the same person who used the ip-space that caused the netblock
to be blacklisted. Y
You can ask your provider to assist you in case necesary. Providers have no reason
why they shouldn't help you, it's also in their interest to get their ip-space
cleared from blacklists.
3: Make sure that your dns is setup CORRECTLY WITHOUT ERRORS for your sites. ip-space
also gets blacklisted for inproper configuration of DNS zones or mailserver config.
They're NOT only added because of abuse.
So before you start your crusade to get your ips cleared make sure everything is
setup properly and accurate before you contact them. This will make things a lot
easier if they see you that the ips you request to be removed have been properly
setup. You can check your dns config on various sites online that will report
any errors it finds by just submitting a domainname or ip address. A very common
mistake is that ips are not reversed mapped back to the domain. Your domain/ip
has to be lookupable in both directions not just one.
4: Be polite and stay polite when contacting organisations that keep blacklists.
Remember they're sceptical by default and get requested 10000's of times to get
ips removed by people who want to do bad....and can't provide the info they request
in order to get the ips removed. They make you jump through many hoops and often it
feels like you're running in a circle but if you don't give up and stay polite you
WILL get them eventually off and your efforts will certainly be worth it.
5: Read up on the rules of the registry that issued your ip-space. It's good to know
the rules and why those rules are there for in the first place.
6: IP addresses are free or charge...meaning a provider doesn't pay a fee per ip.
They pay for being a registry member. So any provider that will SELL you ips you
should be wary off. You might get charged an administration fee but you shouldn't
pay per ip address. Also know that you can't just buy unlimited ips without being
able to account for them and provide information on how they're being used. Check
the rules for this as you can't just say I have 255 sites and each has their own
ip as that's not allowed to do with almost none of the existing registries.
Anyone who makes you believe different isn't aware of the facts and you should not
be suprised if at some point your ips will be revoked.
I hope this helps to clear some of the myths around ip addresses.
Oh yeah one last thing.....though ips are being issued by registries
that doesn't mean that if a netblock is issued to a US company in the US
that ip space physically is being used in the US. IP addresses are portable
and can be deployed in another region where they were issued. To determine
where the IP space is being deployed you best do a traceroute and look at
the output to see where it goes.
If you believe any of the above is incorrect let me know. I've written
all this based on my experience I haven't verified everything I said before
I wrote it down in this thread.
