All these technologies work in a similar way: they are reliant on centralized gatekeepers
That's so true.
I used to work at a company which provided software to help abuse desks handle the huge volume of abuse reports: ssh bruteforce, spam, malware, botnet, copyright, CSAM ... all the good stuff on the internet which also included if an IP address from your subnet was listed on a blacklist.
I was working on mail parsers since most abuse reports contain a lot of legalese but to actually act on the report, you just need some specific data like IP address, timestamps, event type etc. Fortunately, the big reporters like shadowserver had a consistent format that we could easily parse. However, one case stood out to me:
While working on a report, I asked some more experienced people how I should deal with this report since they didn't really provide much information. The report was just "you were listed - now pay us to get unlisted".
That's when I realized that blacklist providers are gatekeepers of SMTP. If their lists are used by major mail providers, you do not want to get listed on their lists. And they know that and thus block whole IP address ranges for minor issues. Then they can tell you that if you pay them a monthly fee, you won't get listed ever again. That's basically extortion.
reply