Websites, spam and blacklists: how do they correlate? Everyone could argue that a broken website can (hacked or not) send junk mail, therefore be marked as spam-sending and as a consequence listed in one or more blacklists. Fair enough.
When speaking about Public Administration I would expect an accurate and precise control over every resource involved in providing e-services to citizens. You can read my previous articles on other aspects of italian Public Administrations on-line presence.
This time I want to verify how ICT teams responsible for delivering public services in a reliable manner deal with a pretty simple task: keeping their websites off the blacklists.
What we tried to do is a research on the websites of italian Public Administrations. So, between November 22 and December 4 2015, we examined 8.195 hosts and generated almost 600,000 queries to 73 blacklists servers.
Our findings show that out of 8,195 different hosts, 881 are listed in one or more blacklists (it’s 10.75%).
The high scored blacklists are BarracudaCentral (273 hits), RATS (218 hits), spamcannibal and SORBS-SPAM (166 hits each), dnsbl.sorbs.net (145 hits).
Where are those websites placed? Well, here is the top of the list according to our study:
the first provider hosting at least 165 blacklisted PA IPv4 is Fastweb:
aut-num: AS12874 as-name: FASTWEB descr: Fastweb SpA remarks: Fastweb Autonomous System remarks: Milano - Italy
The second, with at least 152 blacklisted PA IPv4 is Aruba:
aut-num: AS31034 as-name: ARUBA-ASN descr: Aruba S.p.A. org: ORG-Ts9-RIPE
On the third step of the podium, Regione Veneto with at least 107 blacklisted PA IPv4:
aut-num: AS41651 as-name: ASN-RVE descr: Regione del Veneto descr: National AS org: ORG-RV3-RIPE
Wooden medal for Telecom Italia who hosts at least 87 blacklisted PA IPv4:
aut-num: AS3269 as-name: ASN-IBSNAZ descr: Telecom Italia S.p.a. org: ORG-IA34-RIPE
aut-num: AS20959 as-name: Telecom-Italia-Data-Com descr: Telecom Italia S.p.A. remarks: This AS Number will be used by the Datacom Network. At the moment Data.Com is a Business Unit of the TELECOM ITALIA Group and operates on all the Italian territory in the field of wireline access services (frame Relay, IP, xDsl, ecc...).
aut-num: AS20746 org: ORG-TIS3-RIPE as-name: ASN-IDC descr: Telecom Italia S.p.A. descr: T.NO.OM.I.NC descr: Network Operations Center
It’s worth noting that inside Telecom Italia IPv4 address space there are huge slices delegated to different organizations, for example a whole /24 to AMMINISTRAZIONE PROVINCIALE MACERATA (184.108.40.206/24).
That’s a quite interesting case because we found 56 blacklisted IPv4 all belonging to that /24. So Telecom Italia is not fully responsible for that.
Honestly, I suspected that some of those websites could gain a poor reputation on the net, mainly because of weak software, lack of security habits, incompetence of operators or managers. But they outperform any reasonable forecast with that 10.75%.
[Raw data: https://www.prado.it/wp-content/uploads/PA-hosts-blacklists.tar.bz2]