All of {AWS,Rackspace,Linode}?

[grimmfarmer]

What methodology are you using to develop this list? The comments say the list consists of "IPs based on honeypot site visits by various bots." Are you finding that a preponderance of the included CIDRs from Rackspace, Linode, and AWS are engaging with your honeypots? If so, that may be supportable, depending upon sample size and methodology. But if this is simply a list of someone's hunches, it might be more appropriate as a greylist (i.e., "alert for human inspection") than a blacklist except, perhaps, for hobbyists and researchers. While I understand the temptation presented by the profile of colo/VPS providers in developing threat intel, it strikes me as inappropriate to include vast swaths of Rackspace's, AWS's, and Linode's IPv4 allocations. There is some legitimate business that goes on there (including mine).

[troubleshooter]

Seems Digital Ocean is also included as well.

[bengan]

With all respect. As much as I like spam fighting I also dislike old rotten data that is no use to anyone. @pushinginertia you should take some time to go over your published blacklist. Also, since you started GDPR have taken effect and you're probably personally responsible for defaming a lot of sights in EU. I think the best you could do is to erase the list and start over.

[josenobile]

Bad Idea. I found a backup system stopped because this list blocks 52.192.0.0/11 that include AWS S3 endpoints, for example the IPs used by s3-1.amazonaws.com