Re: Amazon AWS cloudfront WAF block

["Forrest Christian (List Account) via NANOG" <nanog () lists nanog org>]

You do realize that some organizations have such a broken support and
contact system that often a legal threat or a formal complaint with a
regulator is necessary to get said organizations to even discuss an issue?

I read the original message as "I'm frustrated that we're trying to do the
correct things here but I can't get anyone to tell us what we're doing
wrong so we can either stop the behavior or get a record corrected".  This
is a lot different than "we're a spammer and we're going to sue a dnsbl for
interfering with our business".

If amazon had a well defined process for legitimate ISPs to be able to open
a ticket to resolve issues with their netblocks, I doubt anyone in this
thread would be discussing having lawyers write letters. And if I'm
mistaken and there is a well defined way for a non-AWS-customer ISP to
address these types of issues with Amazon, I'd love to hear what it is.

On Wed, May 28, 2025, 8:08 PM Andrew Kirch via NANOG <nanog () lists nanog org>
wrote:

> Are we really going to repeat the blatant stupidity of spammers 15-20 years
> ago who tried to file SLAPP (
>
> https://en.wikipedia.org/wiki/Strategic_lawsuit_against_public_participation
> )
> suits against DNSBL (
> https://en.wikipedia.org/wiki/Domain_Name_System_blocklist) operators?
> Did
> we learn nothing from history?
>
> Please have your lawyers review the Spamhaus lawsuit, and other state and
> federal lawsuits filed by spammers against DNSBL operators (like me!)
> before you file a SLAPP suit.  We always win.  We win so much it's getting
> boring.
>
> Our state and federal courts have ruled in every case I am aware of that
> publishing lists of hosts who violate or have violated the behavioral norms
> of the Internet and society at large is protected under 47 USC 230’s good
> samaritan clause (c)(2)(A) and (B).  In fact my right to publish a list
> that says your IPs, IP blocks, DNS, or any other technical means of
> identifying your content or traffic as not reputable EXCEEDS your
> constitutional rights to protected speech.  During the 2004 and 2008 US
> presidential elections we reputation listed both major parties'
> presidential campaigns for sending unsolicited bulk email.  Their legal
> recourse was to go away and deal with it.  When a major email provider was
> in a very long beta, and it was exploited to send CSAM randomly around the
> internet, we reputation listed it.
>
> Reputation lists are protected speech.  Anyone who wishes to use these
> lists may do so for any reason they wish, or none at all.  Legal threats
> with no merit in law are "otherwise objectionable"
> https://en.wiktionary.org/wiki/cartooney.  You are actually quite lucky
> that my list isn't still operating.  We routinely reputation listed sources
> of idiotic legal threats (cartooneys
> https://en.wiktionary.org/wiki/cartooney).  Getting out of that reputation
> list required a public apology made in the same forum where the original
> cartooney was published.
>
> It baffles my mind that anyone would stand up and publicly announce that
> they wish to be counted with spammers.  Obviously none of this is legal
> advice, but since this is going to be archived in Google in a day or so, it
> should save the attorneys who are going to respond to your cartooney time
> in composing their reply.
>
> In summation don't threaten reputation list providers.  You will lose every
> time.
>
> Andrew Kirch
> Former owner of the Abusive Hosts Blocking List
>
> On Wed, May 28, 2025 at 9:25 PM Eric C. Miller via NANOG <
> nanog () lists nanog org> wrote:
>
> > We're still playing whack a mole with our IP space. I've asked our
> > corporate counsel about sending demand letters with an accusation of
> > tortious interference.
> >
> > IP Quality Score seems to be a big nuisance. Check a few of your IPs on
> > their website.
> >
> > No silver bullets though.
> >
> > Eric
> >
> >
> > ________________________________
> > From: paul--- via NANOG <nanog () lists nanog org>
> > Sent: Wednesday, May 28, 2025 10:18:55 AM
> > To: nanog () lists nanog org <nanog () lists nanog org>
> > Cc: paul@vanilla.capetown <paul@vanilla.capetown>
> > Subject: Amazon AWS cloudfront WAF block
> >
> > Hi all
> >
> > Most if not all of our prefixes are on some sort of AWS WAF deny list,
> > that or our ASN is listed.
> >
> > We are an eyeball network, geo-location websites e.g maxmind are
> correctly
> > displaying the correct location and services for our prefixes.
> >
> > We do not have a support contract with amazon aws to create a support
> > ticket. Various websites are now blocked, e.g Reddit and many more. It is
> > not feasible for us to reach out to each one to adjust their aws waf
> > filters.
> >
> > Upon emailing AWS this is their reply:
> >
> > "The best course of action would be to contact Neustar and or MaxMind who
> > are 3rd party WAF aggregators on this to address any issues with WAF
> > blocking."
> >
> > This is also not fair and frankly a rabbit hole we do not want to go
> down.
> > These are also paid for services. AWS is almost holding our ASN/Prefixes
> as
> > hostage to these paid for services with no easy way to check why we are
> > being blocked, and getting off "some" list.
> >
> > Anyone have an idea / contact or what to do?
> > _______________________________________________
> > NANOG mailing list
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/NC6Q4WG7MORBQWH5BAPOHR7XK5H56OTU/
> > _______________________________________________
> > NANOG mailing list
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/K7TEXONRYLQWZPUDTOPQ5SI5WFZJ6TAM/
> >
> _______________________________________________
> NANOG mailing list
>
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/TVB6GRMPRTUHNEDL6VGMEUIMOKDTEUQ7/

- Forrest
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/K7XV2ZZMD55XI6RBXUVYHKPL7UA7AVWL/