Home / Blogs

To our readers: Does your company offer DNS or DNS Security services? CircleID has an opening for an exclusive sponsor for our DNS topic. Gain unparalleled results with our deep market integration. Get in touch: [email protected]

Minding Your IP Address Reputation

Co-authored by Leo Vegoda and Lee Howard, Senior Vice President at IPv4.Global.

Network operators rely on guidance from IP address experts because not all IP addresses used on the Internet are the same. The “reputation” of email senders is especially important because some are malicious users of the system. But identifying “senders” based on their email addresses or the individual IP address of a user presents issues that are unnecessarily complex.

So, for many years, the people who run the Internet’s email systems have rejected messages coming directly from the IP addresses used by home Internet connections. (There were about 1,300,000,000 wired home broadband connections at the end of 2021.) It would be difficult to maintain a database of addresses belonging to responsible users versus people (intentionally or because of virus or botnet infection) sending unsolicited bulk emails, phishing, or engaging in other malicious activities.

As a result, we need to send email through dedicated systems, and the system administrators use a variety of tools to measure the reputation of that smaller number of systems.

The same approach is used to monitor IP addresses for their reputation on several dimensions. Not only “should this address be sending email?” but also geographical location, whether an IP address is infected with malware, is involved in stealing other Internet users’ identities, or an open proxy that miscreants can use to do any of those things.

Why is IP Reputation Important?

Deploying a new range of IP address space is more complex than just configuring those addresses on equipment and using them on the Internet.

Any significant-sized range of addresses will have been used on some other network before. While a transfer to your organization will show up in the Regional Internet Registry or National Internet Registry database, propagating that change through the various types of reputation tracking systems in place is not instant or automatic.

Updating those systems about changes in management, purpose, and geography are important elements in the IP addresses your organization needs.

How IP Reputation is Scored

A sudden transition from one user and purpose to another is less likely to be successful than a careful deployment. Address space in active use immediately before being transferred may be tainted. If it sat fallow for some time before, it is more likely not to be on a block list. If you’ll be using the range for the same purpose as the previous registrant, you’ll want to understand what the relevant reputation databases report about it.

Reputation tracking started for addresses that send email, and that continues to be important. Good advice on how to start and stay current is available from Mailop, whose community publishes the best practices and hosts a mailing list for advice and discussion.

If your new range of address space was transferred from a different geography and will be used for consumer Internet access, you will probably need to contact the companies that manage databases tracking the geographic location of IP address ranges (GeoIP). Most consumer content is licensed for specific markets and these databases help the content distribution networks implement geographic restrictions where they are required by the content owners.

If the address range was previously used in a place where they use different languages than in your region, popular platforms would need to know about the transfer, so they present interfaces using the languages your users prefer.

If you will be using your new address space for a different purpose than in the past, you will need to make sure that reputation systems know about the change so they don’t characterize your use as unexpected and add your network to lists of blocked addresses. For instance, when an address range previously used for subscriber Internet access is repurposed for cloud servers that are likely to send email, it will need to be removed from various lists. One example is Spamhaus’s Policy Block List, which lists address ranges that should not send email.

Tools to Monitor Reputation

The Brothers WISP publishes a regularly maintained list of GeoIP databases. This is a great resource for consumer ISPs whose address space is rejected by local content distribution services, like video streaming or gaming platforms.

The Spamhaus Project maintains lists networks can use to help them decide whether to block traffic from other networks. Its lists are advisory and can be used in conjunction with other services, sometimes proprietary, to make decisions about whether to accept traffic.

The Cleanup Process

Discover the existing reputation of your new address range at the places that matter for you and update where necessary. Actively search for lists and their importance to your intended purpose. Contact the administrators and let them know about how the address range has changed registrant and whether its geography or purpose has changed.

This will take time, and you will either need to include that time in your deployment plan or manage problems with block lists and other reputation databases as they arise.

A Message from Our Sponsor

How to Take Advantage of Rising IPv4 Address Value: IPv4.Global specializes in helping clients sell, lease and buy IPv4. We help make the process less complicated and time-consuming by:

• Helping you find a buyer
• Leading you through the registry process
• Providing advice and expertise to reorganize your network

Contact us by calling (212) 610-5601 to speak with an expert for help turning your invisible asset into revenue.

By Lee Howard, Senior Vice President at IPv4.Global

Filed Under

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

Todd Knarr  –  Apr 27, 2022 5:17 PM

Advice: check up on the reputation of the IP range _before_ you purchase it. It’ll save you a lot of trouble if you avoid buying ranges that have a bad recent reputation. Most of the blocking and reputation and geo-IP services have ways to query an address or address range and get the current results in a readable form, and it’s always easier to side-step the problem entirely than to clean up someone else’s mess.

Also: check on the addresses being assigned to your servers by service providers. You can get caught up in them passing off contaminated IP ranges just as easily as anywhere else.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

Related

Topics

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign