Moved to a new floating IPv4 address for mail.grapheneos.org so Microsoft blacklisting the previous one is no longer an issue.
It's only $2.88 CAD + 13% sales tax for each address so we're just going to park ones with bad routing or blacklisting issues for the time being.
Conversation
The 3 particularly problematic IPv4 addresses we've gotten are from the same 51.222.17.0/24 block. I'm just going to retire them and get OVH to replace them with new ones because they're something seriously wrong with that IP block. Every other IP address has way saner routing.
3
6
Replying to
OVH is (used to be?) pretty relaxed about abuse reports, there is a pretty long history of abuse that lead to many of their blocks getting blacklisted in e.g. DNSBLs.
Usually only individual /24s were blacklisted if repeat offenders used them.
1
Replying to
That's completely fine though because every reasonable blacklist allows you to get an individual /32 whitelisted despite them blacklisting the /24. It doesn't take much time to get all the legacy stuff cleaned up.
UCEPROTECT extortionists are an exception but it doesn't matter.
1
1
Nearly every reasonable blacklist also has expiry dates for them so it eventually gets back to normal.
Issue we ran into is that Microsoft has a special blacklist for hotmail.com, outlook.com, etc. with PERMANENT blacklisting and a broken appeal system.
2
2
Replying to
Good point, I distinctly remember having issues with getting Hotmail (Outlook.com) to reasonably assess sender reputation. It did not go well. Colocation hosts not giving a crap about their blocks didn't help the situation either.
1
Replying to
I could probably get OVH to give me a whole /24 but it'd be a huge waste of money and it's not worth it. Have a bunch of floating IPs for our services and only 3 of them in this bad IP range are on their blacklist. It's a bad IP range for other reasons. It's just broken somehow.
1
The 3 bad floating IPs are supposed to be Canadian ARIN IPs. Every other floating IP we've purchased from OVH has proper WHOIS data and routing. These 3 are really weird. I'm just going to park them and then ask them to replace these with 3 new ones.
Quote Tweet
github.com/GrapheneOS/ns1
Nice having traffic go directly from Toronto to Montreal instead of somehow being routed through Chicago...
OVH has better routing in NA for their ARIN addresses than the recycled RIPE ones. Wonder if that's something they could just get fixed...
Show this thread
1
It doesn't really matter if they take 2 weeks to do it. It's only 10 CAD wasted if they don't do anything about it.
They sell you floating IPs for a one-time fee so I have no incentive to remove rather than just parking them indefinitely so they might as well give me new ones.