Re: SORBS got my buddy in Spam, Scam and Phishbusters

Re: SORBS got my buddy

Tue, 24 Jan 2006 16:02:26 EDT

NormanS : I haven't seen a lot of evidence of that happening. That could be mitigated by requiring message submissions to be authenticated. It would force the virus to use the user's mail client instead of its own SMTP relaying client.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Tue, 24 Jan 2006 14:25:15 EDT

sweintz :
ER... No.

What I am talking about is not exactly viral backscatter.

What you mention is bad, and is a problem, but not as bad I what I am talking about.

What I am whining about is this:

ISP customer has a virus infected machine that tries to send a virus out via the ISP's mail server. The virus mail gets 550'ed on the receiving end (for whatever reason the receiving MTA refuses it -- perhaps it has a virus scanner that runs after the data command is issued but before the mail is queued, or perhaps a blocklist is used, or perhaps some other filtering - doesn't matter why, point is it gets a 550 error). ISP mail server sees the 550, and since it now knows it cannot deliver the email, it sends a NDR to the sender. Problem is the virus forges the sender envelope and header, so the NDR goes to some innocent 3rd party.

Re: SORBS got my buddy

Mon, 23 Jan 2006 15:15:44 EDT

NormanS : Viral backscatter is a completely different issue from NDRs. Because no contemporary virus identifies the sending computer accurately, no server AV scanner should be sending notifies of viral infections. It is entirely possible to configure the MTA so that it sends NDRs to an authorized Return-Path address, but bins viral messages without sending notifies.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Mon, 23 Jan 2006 13:47:37 EDT

sweintz : Norman-

Your points are correct, but do not address the issue I mentioned, which seems to be responsible for most of the backscatter I see the servers at $dayjob getting hit with - virus infected machines sending via their ISP's mail server with forged from and return path. The ISP's own user is the one sending the mail (although inadvertently). The forged address is one of the users in oir domain. The ISP's server get's a 550 when it tries to deliver the mail, and then sends the bounce to our server.

Very bad, IMO. When I get these, I complain to the ISP. MOST ISP's do not want to acknowledge this is a problem at all.

When I get a "it's not our problem" response, I gladly post the offending backscatter on news.admin.net-abuse.sightings, and also report it to SpamCop. If they get blacklisted because of this, well... that's not MY problem...

Re: SORBS got my buddy

Sun, 22 Jan 2006 23:23:11 EDT

NormanS :

said by sweintz :

Yes. Let change what I said a bit... - the *receiving* MTA should never send an NDR. The originating NDR could, assuming it does not allow it's users to send mail claiming to be from outside domains. I think many ISP's still have their mail servers configured to allow relaying if the mail client is connecting from within that ISP's IP space.

Yes. The originating MTA often allows a user to set a "Return-Path" different from the user account. OTOH, you can't use that MTA if you don't have authorization to use it. Most spammers don't use such MTAs to send their spam, they use spamming proxies; which don't generate NDRs.

If you send email through such an MTA, and forge my email address, yes, I will get the NDR. But, I will report it. The MTA administrator will get a complaint. Guess to whom they will go when they get the complaint? Guess whose account is at risk of termination? Yours.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Sun, 22 Jan 2006 17:56:19 EDT

sweintz :

said by NormanS :

said by sweintz :
OTOH, NDRs are not all bad. When my MX refuses to accept an email, returning a 5xx error to the relay SMTP client, it is entirely likely that the relay SMTP client knows exactly the right account to return the error notice to; after all, they are trying to deliver for that account.

Yes. Let change what I said a bit... - the *receiving* MTA should never send an NDR. The originating NDR could, assuming it does not allow it's users to send mail claiming to be from outside domains. I think many ISP's still have their mail servers configured to allow relaying if the mail client is connecting from within that ISP's IP space.

For instance, say I was a customer of badisp.com, had an IP address assigned by badisp.com, and my copy of outlook express set up to send mail through mail.badisp.com. I get a trojan/virus/malware that sends spoofed email out, using whatever server I have configured in Outlook Express. The virus connects to mail.badisp.com and attempts to send a spoofed email, issuing a

MAIL FROM:

mail.badisp.com is set up to allow users connecting from within badisp.com IP space to send mail cliaming whatever "from" address they want. Cheap and easy way to allow business customers of the ISP to send mail from their own domain name via the ISP's mail server without the ISP needing to change any security on the mail server.

Now say the virus is detected at the receiving end and the mail gets 550'ed. If mail.badisp.com tries to send an NDR, it would go to joe.jobbed.user@some-other-isp.com.

That is a Bad Thing (TM) in my opinion.

Re: SORBS got my buddy

Sun, 22 Jan 2006 15:48:03 EDT

NormanS :

said by sweintz :

If a server is generating backscatter, it is not being run by competent admins and SHOULD be blacklisted.

There is no need for "backscatter" - NDR (non delivery report) emails should NEVER be sent in this day and age. Period. Non deliverable mail should get a 550 error during the SMTP transaction. That completely eliminates the need to send a non-delivery report email back to the original sender.

Yes to the first. I went round with an SBC mail admin over a return to a forged email address. It turned out that the circumstance is rare; due to the fact that a "@pacbell.net" account which I closed was not cleaned up properly. SBC servers should be rejecting it, but aren't. I tried to explain to him that will keep the SBC output servers at risk of being blocked. The only reason that I saw it is because the spammer forged a "@netscape.net" account of mine as the sender, then tried to send it to my closed "@pacbell.net" account. He didn't seem to understand the fact that bouncing to the "Return-Path" was a bad thing, even in a rare circumstance. SBC servers normally reject email to a bad email address, using a 5xx error during the SMTP process. However, it appears that they don't completely erase a closed account under some odd circumstances.

OTOH, NDRs are not all bad. When my MX refuses to accept an email, returning a 5xx error to the relay SMTP client, it is entirely likely that the relay SMTP client knows exactly the right account to return the error notice to; after all, they are trying to deliver for that account.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Sun, 22 Jan 2006 11:57:39 EDT

sweintz :

said by NormanS Many legitimate servers get blocked, by other lists than SORBS, for generating "backscatter".
[/BQUOTE :

If a server is generating backscatter, it is not being run by competent admins and SHOULD be blacklisted.

There is no need for "backscatter" - NDR (non delivery report) emails should NEVER be sent in this day and age. Period. Non deliverable mail should get a 550 error during the SMTP transaction. That completely eliminates the need to send a non-delivery report email back to the original sender.

Re: SORBS got my buddy

Sat, 21 Jan 2006 14:57:50 EDT

NormanS :

said by ananymous :

The people at Sorbs are a bunch of emotional idiots. They block people just because they complain to them. Perfectly legit servers get blocked by them, and if you raise hell with them when they want to extort cash from you to get unblocked, they'll you again.

No one should use that organization and they should be sewed.

They are no more emotional than many who complain about them.

Many legitimate servers get blocked, by other lists than SORBS, for generating "backscatter".

Are you that good with needle and thread? And shouldn't the past tense form of "sew" be, "sewn"?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Sat, 21 Jan 2006 14:01:49 EDT

anon : The people at Sorbs are a bunch of emotional idiots. They block people just because they complain to them. Perfectly legit servers get blocked by them, and if you raise hell with them when they want to extort cash from you to get unblocked, they'll you again.

No one should use that organization and they should be sewed.

Re: SORBS got my buddy

Fri, 20 Jan 2006 13:51:05 EDT

vaisg : Good response. People running blacklist are the most misunderstood people. For running it to help mail admins control their spam level, they get all the blame.

We use the blacklist voluntarily, no one force us to use it. Many are willing to risk the blocking a small amount of legit mails than to have the floodgate open for spam.

We prefer not to have tens and hundreds of infected machines hitting on our mail server trying to get spam across. We prefer not to have our users having to delete so much junk just to view their emails. These same bunch of criminals also send out ebay and paypal phishing, the sell pirated sw.

Blacklist seems most effective or we'll have to block half the world.

Re: SORBS got my buddy

Fri, 20 Jan 2006 12:25:54 EDT

Krispy : I work with SORBS on a regular basis and have for over 3 years. We have a good relationship with SORBS however we have also had our SMTP server listed on SORBS a few times and each time it was a warranted listing due to errors, miscommunication or unforeseen consequences on our end. I am regularly and often called on to justify, investigate and defend SORBS listings, to date I have only seen one error and SORBS immediately responded, resolved and apologized. Here's my feedback on SORBS, SORBS policy and the propaganda floating around (and likely initiated by the spam community) about SORBS,

1.)We voluntarily list our dynamic netblocks with SORBS as no dynamic IP should be sending mail. To be clear, we provide SORBS the netblocks for blacklisting and in the event we need this list modifying or a block removed we simply contact SORBS and ask for it to be removed and it is done within 24 hours and there is no donation necessary.

2.)There is NO payment to SORBS. SORBS asks that a $50 donation be made to a charity, they list a few charities on their site but you can donate to any charity you like and simply provide proof of donation to SORBS. For example last time we were listed we donated to the Earthquake Relief Fund. Again, SORBS makes no money from the $50 delist donation. The donation is a way to raise awareness to the issue and I can tell you firsthand that the policy works. Once a payment is necessary some level of management must be involved to approve and clueful management will inquire why it is necessary and I have firsthand seen this awareness change the spam policies in organizations...most recently I have seen this happen with Hotmail (yes, really!). Because of the $50 donation senior Hotmail management is now involved and are working proactively with SORBS and other aspects of the anti-spam community.

3.)Yes, SORBS is a particularly militant RBL and probably the most militant of the widely used and popular RBLS but this is simply because all other such RBL providers have been run off the internet by the spam community. By and large RBL providers are non-profit organizations run by volunteers so continuous DDoS attacks and legal threats from the spam community have unfortunately forced most of these providers off the net.

4.)It really sucks that it is necessary to blacklist entire netblocks in order to get providers attention but that is the case in these days were approx 80% of email sent is spam. Don't blame SORBS, blame those negligent providers that either willing ignore reports and/or don't support their security depts (or don't have a security dept) enough for them to handle these reports.

5.)I'm absolutely in awe of the logic of some providers *cough*Yahoo Groups*cough* *cough*Wannadoo*cough* that prefer to spend oodles of money on processing bounces and customer support staff to answer support questions instead of simply working with SORBS, possibly having to pay a measly $50 donation and making their customers happy...I just don't get it. And as for the claims of SORBS demanding $100s and/or $1000s of dollars for delists....if you have firsthand proof of this (aka: not something you heard from a friend of a friend of an online friend that was told this by a 1st tier rep at ISP X) IM me with the details and I'll follow up with SORBS as this is simply not the case.

6.)SORBS runs the list but they neither control nor force anyone to query their list. We query SORBS list to reduce spam but if ISP X's IP is listed on SORBS I have no ability to remove them from SORBS, only ISP X can work with SORBS to get removed. I'm always willing to help other admins (although it shouldn't be necessary) and we've even temporarily whitelisted providers once they prove they're working to resolve the matter with SORBS and they provide us 24/7 contact information - for example with Hotmail it's understandable that such a large organization will need time to figure it all out with SORBS and once we got contact with real live Hotmail people and they committed to working with SORBS we reacted and worked with them for the sake of our combined customers...providers that simply regurgitate the propaganda and bounce their customers around should be pressured by their customers to resolve the situation instead of shifting the blame.

I'm responsible for a network with over 250,000 high-speed hosts and somehow I'm able to keep SORBS from listing our network often, how do I do it you ask? Here's my quick and simple guide....

-have a working security dept that actions abuse reports

-management that understand the importance and value of an effective security dept and supports them

-react to RBL listings and work with the provider to get delisted

-(this one is a tricky one) READ THE SORBS WEBPAGE FOR DELIST INSTRUCTIONS AND FOLLOW THEM - crazy concept I know but it does work! Everytime we've been listed I've gotten us delisted in under 24 hours following this one simple rule

That last point is the most important, SORBS has alot of information on their site and if people would simply sit down and read it and try to understand it instead of buying into the propaganda being spread by the spam community we'd all reap the benefits plus poor customers wouldn't be bounced around by support departments.

Place the blame where it should lay, with the admins of netblocks that are spewing spam.
--
you can lead a horse to the water but you cannot make him drink...you can put a man through school but you cannot make him think --ben harper

Re: SORBS got my buddy

Fri, 20 Jan 2006 11:37:33 EDT

sweintz :

said by Suffering :

said by sweintz :

Hmmm... care to cite some examples?

sure. This is how it works with Qwest DSL:

First off they proactively scan the network for people that are infected with viruses/spam zombies. If you are flagged then whenever your machine requests http traffic your browser is redirected to a walled garden environment that tells you that you have _____ on your system... clean it up. The end user can acknowledge that they have an issue on their PC and then continue browsing (meanwhile the ports that the infection uses are blocked).
if the abuse department receives one complaint that includes header information leading back to a qwest subscriber that is spamming on the network (or if the person ignores the walled garden for a extended period of time, I think a month...) their account is disabled and they are kicked offline. After learning that Qwest has disabled the account because of some vulnerability on their system they are allowed to get it fixed (all the while they are offline) and if they assure Qwest it's fixed (kind of an honor system thing) then the account is re enabled.
They use a 3 strikes you're out system. They'll disable you 3 times. if you say you've fixed it and haven't 3 times... then sorry, you can't have Qwest as an ISP any longer.

Nice, but ...

For instance why do they continue to host the webfinity spammers, for two years running now, after numerous complaints?

Why do they continue to host Brian Kramer? Jeff Peter's? Why do they keep such notorious spammers as these on their network?

actively seek out spammers my @ss. They have had these pointed out to them. They do nothing about it.

Re: SORBS got my buddy

Thu, 19 Jan 2006 19:09:56 EDT

Suffering :

said by sweintz :

Hmmm... care to cite some examples?

Re: SORBS got my buddy

Thu, 19 Jan 2006 11:32:44 EDT

sweintz :

said by Suffering :

again, maybe I should rephrase. They blacklist entire ranges of IP's from ISP's who actively seek out spammers on their network.

In principle I don't disagree with much of how sorbs operates, it's their execution and the lack of action of 'admins' who use their DNSBL.

Hmmm... care to cite some examples? MCI and SBC, for instance, certainly do not actively seek out spammers. In fact they even ignore complaints when the spammers are pointed out to them. True of many large ISP's.

I think there is a big problem with public perception erroneously believing that the large major ISP's are the good guys in the spam war. Most of them are definitely "black hat", and the telco's are probably the worst.

Re: SORBS got my buddy

Thu, 19 Jan 2006 03:50:34 EDT

Suffering :

said by NormanS :

What is so inaccurate about blocking dynamic IP addresses?

while I don't think people should run mail servers on dynamic IP addresses (isn't the point of PTR records to show some sort of accountability) there is no way that sorbs or any other DNSBL that can make a distinction between a dynamic address and static.

said by NormanS :

Some well-known ISPs include MCI/UUNet and SBC. Guess who are No.1 and No.2 in the Spamhaus list of Rokso hosting ISPs?

again, maybe I should rephrase. They blacklist entire ranges of IP's from ISP's who actively seek out spammers on their network.

In principle I don't disagree with much of how sorbs operates, it's their execution and the lack of action of 'admins' who use their DNSBL.
--
kicking screaming gucci little piggy

Re: SORBS got my buddy

Thu, 19 Jan 2006 03:22:29 EDT

NormanS : They are not greedy; they get nothing out of the levy they try to impose. Unless they are getting a kickback from the favorite charity of the admin paying their levy.

As for improper blocking, you have said this:

quote:
So, sorbs has blocked several completely legitimate dynamic IP addresses and then wants the ISP to contact THEM in order to verify that it's a dynamic IP address.

Sorbs has no authority to make such requests to have the ISP's contact them..

What is so inaccurate about blocking dynamic IP addresses? 95% of all spam delivery attempts to my MX server, and 95% of all spam delivered to my ISP accounts comes from dynamic IP addresses. 0% of the email I want to receive is delivered through dynamic IP addresses. While I don't use SORBS, I do use NJABL and DSBL. I have drawn IP addresses listed by NJABL, or by DSBL; and I can't send end-to-end from my MTA to AOL MX servers. Period. Blocking dynamic IP addresses is just plain sensible pro-active protection of the MX server.

You also said:

quote:
SORBS has a nasty habit of blacklisting entire ranges of IP's from well-known ISP's.

Some well-known ISPs include MCI/UUNet and SBC. Guess who are No.1 and No.2 in the Spamhaus list of Rokso hosting ISPs?

Both of these facts, the volume of spam sourced from dynamic IP address space, and the number of hard-core spammers hosted by well-known ISPs, are indisputable; and sufficient to support SORBS' decisions on blocking.

The worst of their actions are trying to levy financial costs for delisting. Everything else is, well; SPEWS and SCBL are at least as aggressive as SORBS.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Thu, 19 Jan 2006 02:45:55 EDT

Suffering : NormanS I understand sorbs has no obligation to contact the ISP, but they shouldn't make it appear as though the ISP just needs to give them a jingle and the IP address will be removed.

I agree, sorbs has the authority to control their connections to their own mail servers.

I also agree, they can say whatever they want about an IP, however often their claims are unfounded (see my first post on page two).

I also agree that it's the mail server's admin that should understand and actually manage their DNSBL, however too many don't and (coming from personal experience here) will refer you to your ISP to have them contact sorbs.

my whole stance on sorbs is that they are too quick to blacklist, and greedy when it comes to taking you off the list.
--
kicking screaming gucci little piggy

Re: SORBS got my buddy

Wed, 18 Jan 2006 15:29:21 EDT
sweintz : well said, Norman.

Yeah, SORBS' charity donation thing is a bit much. but that's their own perogative.

Sorbs is just a list. period. they psuedocontrol nothing.

Re: SORBS got my buddy

Wed, 18 Jan 2006 14:41:36 EDT
NormanS :
said by Suffering :

If anything sorbs needs to contact the ISP's before blacklisting them in order to verify that spam is being sent out on that IP and the ISP isn't going to do anything about it. (btw, sorbs won't take the 'we fixed it' answer... they will make you give a 'donation')

I've said it before in this thread; sorbs has absolutely no authority to try to exert this pseudo control over ISP's IP addresses. They lead people to believe that their ISP can just drop them a line and all is well in the internet world when this is far from the truth.

•SORBS is under no obligation to contact an ISP before they add an IP address to their list.
•SORBS has the authority to control connections to their own MX servers.
•SORBS can say what they will about an IP address, as long as they can back up their claims.

Any email administrator who would use any DNSBL has the obligation to understand the nature of the DNSBL before they use it; and, to stop using it if enough of their customers complain about it.

SORBS is out of line to request financial consideration, even if it is only a charitable donation; but SORBS can't force anybody to use their list.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Wed, 18 Jan 2006 11:39:25 EDT
sweintz :
said by Suffering :

said by sweintz :

Why? Given the complaints of fake rolex spam spewing from 209.165.130.11, i'd say it's accurate to list it as a spam source.

GCI needs to fix the problem by convincing SORBS it won't happen again. (the rolex spam, that is)

So you are telling me that:
1.) you know for a fact that this IP address has always belonged to this guy.
irrelevant. It isn't his address now. It is GCI's mail server. The address and ISP has a documented history of abuse.

said by Suffering :

2.) mail headers can't be forged?
Parts of headers can be forged, but not the final (top) received header, since that is created by the receiving mail server, not the sender. Therefore we know with 100% certainty that the spam was indeed coming from the address in question.

Re: SORBS got my buddy

Wed, 18 Jan 2006 07:54:27 EDT
Suffering :
said by sweintz :

Why? Given the complaints of fake rolex spam spewing from 209.165.130.11, i'd say it's accurate to list it as a spam source.

GCI needs to fix the problem by convincing SORBS it won't happen again. (the rolex spam, that is)

So you are telling me that:
1.) you know for a fact that this IP address has always belonged to this guy.
2.) mail headers can't be forged?

GCI owes sorbs nothing. If anything sorbs needs to contact the ISP's before blacklisting them in order to verify that spam is being sent out on that IP and the ISP isn't going to do anything about it. (btw, sorbs won't take the 'we fixed it' answer... they will make you give a 'donation')

I've said it before in this thread; sorbs has absolutely no authority to try to exert this pseudo control over ISP's IP addresses. They lead people to believe that their ISP can just drop them a line and all is well in the internet world when this is far from the truth.

Of course we are operating under the assumption that this guy didn't do the spamming and someone else did, but I would hope that would go without saying.
--
kicking screaming gucci little piggy

Re: SORBS got my buddy

Wed, 18 Jan 2006 07:46:05 EDT
Suffering :
said by sweintz :

NONONONO!!!
NO!

SORBS is *NOT* blocking anything. The receivers ISP *IS* blocking. THEY are choosing to block any address listed in SORBS. SORBS is only a list. It does nothing by itself. In order for blocking to occur, the receieving mail server admin (IE: the ISP the mail was sent yo) needs to specifically set up their server to look in the sobrs list and block mail from servers listed there.

I know what you are saying, but it's unfair for you to say 'it's all their fault, they followed sorbs' list!' sorbs doesn't make the list to do nothing but exist, they created it in order for people to use it to block mail. Blaming it all on the mail server admin doesn't solve the bigger problem that sorbs has him on their list and will blackmail him in order to have his IP removed.
--
kicking screaming gucci little piggy

Re: SORBS got my buddy

Tue, 17 Jan 2006 16:53:59 EDT
sweintz :
said by Suffering :

ok, maybe I worded it wrong.

Your buddy should tell that to sorbs so they change their list to show it's not a spammer IP
Why? Given the complaints of fake rolex spam spewing from 209.165.130.11, i'd say it's accurate to list it as a spam source.

GCI needs to fix the problem by convincing SORBS it won't happen again. (the rolex spam, that is)

Re: SORBS got my buddy

Tue, 17 Jan 2006 16:49:25 EDT
sweintz :
said by Suffering :

he should contact sorbs... they are the one blocking him... what is his ISP going to do?

His ISP can't do jack.

NONONONO!!!
NO!

SORBS is *NOT* blocking anything. The receivers ISP *IS* blocking. THEY are choosing to block any address listed in SORBS. SORBS is only a list. It does nothing by itself. In order for blocking to occur, the receieving mail server admin (IE: the ISP the mail was sent yo) needs to specifically set up their server to look in the sobrs list and block mail from servers listed there.

Re: SORBS got my buddy

Fri, 06 Jan 2006 02:05:52 EDT
NormanS :
said by hyipo :

Still SORBS should never block dynamic IPS...

SORBS doesn't blocking sending from dynamic IP address. Do, please, remember; no DNSBL can block the sending of email. They can be used to block receipt of email, if the administrator of the receiving email system so desires.

I don't use SORBS, but I do use NJABL and DSBL to block mail hosts on dynamic IP addresses from delivering email my MX server. If you want to deliver email to my MX server, use a mail host with a fixed IP address.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Thu, 05 Jan 2006 23:40:17 EDT
hyipo : Still SORBS should never block dynamic IPS because theres always terrorism, and cracks in the wall of security even if we block the most innocent people from email. Spammers have many tools to hurt people like Fake Emailing, spamming hosted emails and keep sending emails as spam, going for the most weak servers, and even send spam server viruses. SORBS should stop this because there is always ways to spam someone and hurting the people that can't afford static IPs should not pay for terrorism.

There will always be a way to break from a cage and caging the innocent (SORBS has mastered) is gonna make things worse and make them angry.

the bad thing is if someone where to send fake emails under the biggest corporations name then they will have to keep paying $50.00 and SORBS could cause new methods of revenge. Just report someone and they have to pay.

Re: SORBS got my buddy

Thu, 05 Jan 2006 23:32:58 EDT
nwrickert : Don't blame SORBS. Blame the spammers.

It is the spammers who have forced people to not accept mail from dynamic IP ranges. You are probably in other blocklists beside SORBS.

Re: SORBS got my buddy

Thu, 05 Jan 2006 22:32:52 EDT
hyipo : I run my own SMTP and promise people I will never spam, and I have closed smtp relays, No open proxies, My domain is the only allowed email address for sending email, and I use heavy passwords like over 20 digits to send email.
I never abuse, spam, and I hardly even send emails.
I got blacklisted for no reason. I tried to keep reseting my IP because I wanted my listing removed and my smtp is not open relay, but never got deblacklisted.

I am very angry at SORBS because not everyone can afford to pay $60/more a month for a static IP. They mostly ban the poor because they can't afford domain name email like me.

The reason I became my own SMTP is because I want my own domain email address, and I use individual emails per website and that would cost me $100's each month just to get my domain emails hosted.

SORBS can't ban me for being poor, and can't afford static ips.

Re: SORBS got my buddy

Tue, 27 Dec 2005 03:53:14 EDT
Suffering : thank you NormanS , that sounds familiar. I don't think there really is any legal recourse for qwest or gmail.

However both could do some creative blocking on their own to *convince* sorbs to see the errors of their way and I'm sure it wouldn't be legal either.

I guess in the long run sys admins just need to see stuff like this in order for them to stop using sorbs to block spam. Does it block spam? absolutely. Does it block legitimate mail? absolutely.
--
kicking screaming gucci little piggy

Re: SORBS got my buddy

Tue, 27 Dec 2005 00:58:35 EDT
NormanS : Extortion is illegal in Australia; file a criminal complaint.

From their web site it appears that they break down the listing into assorted reasons. For any legal action to be taken, a plaintiff would have to prove that the listing was incorrect, based on the reason given for the listing.

If they are expecting Qwest to pay, then the reason must be covered by the "Spam Database" part of their listing. All they would need to do is show the court a copy of the spam, with intact headers, as evidence. If any spam went through the Qwest mail server, then the listing would be accurate.

Unless you can prove inaccuracy, there isn't much you can do WRT to libel. Unless you can prove elements of extortion, there isn't much you can do WRT a criminal complaint. I am sure that they have covered their bases, WRT to the Australian legal system, very well.

The only real recourse is to convince administrators using SORBS that there is a real problem of excess aggressiveness to that particular DNSBL, or that the de-listing process is based on a flawed, or unethical model; for which reasons they should drop SORBS.

I have tested my MTA with, and without SORBS; I can't see that they make any difference, either way, on my MTA. But I prefer less aggressive lists; I don't block based on the über aggressive lists, such as SPEWS, SCBL, and Blars.

Edit: Modified to conform with author's understanding of information posted at this site:

»www.nl.sorbs.net/overview.shtml

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Tue, 27 Dec 2005 00:09:49 EDT
Suffering : nonetheless sorbs is listing it and you shouldn't have to pay to have something fixed that you didn't break.

Sorbs has proved they blacklist things without through examination (qwest and gmail mail servers) and to get it off the list is the equivalent of extortion.
--
kicking screaming gucci little piggy

Re: SORBS got my buddy

Tue, 27 Dec 2005 00:05:21 EDT
NormanS :
said by Suffering :

It's not your ISP's fault, so where does the blame lie? With whomever has control but refuses to do something. that rests squarely on the shoulders of sorbs.

Actually, responsibility rests squarely on the entity blocking the IP address; SORBS is listing it, but the administrator using the list is doing the blocking, not SORBS.

Re: SORBS got my buddy

Mon, 26 Dec 2005 22:10:51 EDT
Suffering : it's a usable ip address. sorbs is blocking it? talk to them. There are NO ISP's that have any control over sorbs. Shoot, they don't even have any authority to do what they are doing. They aren't sponsored by ICANN or any other group that has any say what so ever.

That's like saying 'I'm trying to get to dslreports.com but their webserver is blocking IP addresses from the 71.x.x.x range.' SO WHAT? What is your ISP going to do? force dslr to accept your IP address? No you talk to dslr.

It's not your ISP's fault, so where does the blame lie? With whomever has control but refuses to do something. that rests squarely on the shoulders of sorbs.
--
Beer is proof that God loves us and wants us to be happy -Benjamin Franklin

Re: SORBS got my buddy

Mon, 26 Dec 2005 22:04:17 EDT
nwrickert : They provided you an IP address that was not usable for what you wanted to do. That sounds damaged to me.

Re: SORBS got my buddy

Mon, 26 Dec 2005 21:53:05 EDT
Suffering :
said by nwrickert :

In this case, it would seem that your ISP has provided you damaged goods. You should complain to your ISP.

How did the isp provide damaged goods? They have zero control over what sorbs says. It is not the ISP's responsibility to keep sorbs up to date, nor is it the ISP's responsibility to pay sorbs' bribe money to whitelist your IP address.
--
Beer is proof that God loves us and wants us to be happy -Benjamin Franklin

Re: SORBS got my buddy

Mon, 26 Dec 2005 21:37:12 EDT
nwrickert :
However it's not fair if I lease a static IP address from my ISP to monetarily punish me if the person who was leasing it before me was sending spam (and quite possibly had their internet connection terminated because they were spamming).
In this case, it would seem that your ISP has provided you damaged goods. You should complain to your ISP.

Re: SORBS got my buddy

Mon, 26 Dec 2005 21:25:27 EDT
Suffering : I remember someone saying something (really specific I know) about Australia having fairly loose laws in relation to the internet so they are somewhat immune to prosecution.
--
Beer is proof that God loves us and wants us to be happy -Benjamin Franklin

Re: SORBS got my buddy

Mon, 26 Dec 2005 21:21:13 EDT
NormanS : I expect that anybody with standing for legal action in Australia would have tried something, by now...
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Mon, 26 Dec 2005 20:38:45 EDT
Suffering : I doubt there could be any legal recourse as they based in Australia.

domain: SORBS.NET
owner-name: Sullivan, Matthew
owner-address: PO Box 5150
owner-address: 6217
owner-address: Bruce
owner-address: Australia Capital
owner-address: Australia
owner-phone: +61.262015928
owner-e-mail: dns@isux.com
admin-c: MS1367-GANDI
tech-c: MS1367-GANDI
bill-c: MS1367-GANDI
nserver: ns0.sorbs.net 203.15.51.35
nserver: ns4.sorbs.net 216.168.31.53
nserver: ns2.sorbs.net 194.134.64.71
reg_created: 2002-01-25 03:27:24
expires: 2009-01-25 03:27:24
created: 2002-12-10 19:57:09
changed: 2005-11-04 00:19:35

person: Matthew Sullivan
nic-hdl: MS1367-GANDI
address: SORBS
address: PO Box 5150
address: 6217
address: Canberra
address: Australia Capital
address: Australia
phone: +61.414861744
e-mail: dns@isux.com
lastupdated: 2005-06-21 00:30:05
--
Beer is proof that God loves us and wants us to be happy -Benjamin Franklin

Re: SORBS got my buddy

Mon, 26 Dec 2005 20:24:03 EDT
NormanS : Quite. FWIW, I don't use SORBS, myself. But, unless they are breaking some law, and I am sure that they have run this by an attorney familiar with the applicable laws where the SORBS servers are located, all that anybody can do is lobby against administrators using SORBS.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Mon, 26 Dec 2005 19:59:51 EDT
Suffering : yeah I agree with that.

I guess my main point is that there are many alternatives to sorbs and people should explore them.
--
Beer is proof that God loves us and wants us to be happy -Benjamin Franklin

Re: SORBS got my buddy

Mon, 26 Dec 2005 19:50:12 EDT
NormanS :
said by Suffering :

sorbs is trying to be the internet spam police and they need to examine some of their policies.

Maybe they should, maybe they have, and decided to leave it. The way it is.

They are within their rights to publish such information as they publish.

Maybe those who use it should examine their policies.

You are caught in the cross-fire. Maybe there should be a law; but what kind of a law? Until we can sort that out, this is the way it is on the Internet.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Mon, 26 Dec 2005 19:39:57 EDT
Suffering : I think you are misunderstanding my objections to sorbs. I like the fact that they are trying to block spam, however I disagree with some of their concepts.

Yes, block mail from servers that are open relays.
Block mail from known IP address that are leased by spammers.

However it's not fair if I lease a static IP address from my ISP to monetarily punish me if the person who was leasing it before me was sending spam (and quite possibly had their internet connection terminated because they were spamming).
It's not fair to punish email service providers by blocking entire mail servers when a small minority of their users are spamming (and any reputable ISP or email provider like gmail has in place steps to combat spam from coming from their network)

The only problems I've ever had with sorbs is from my work. Here's how it goes: customer calls in because sorbs is blocking them - they don't want to pay the $50 to get their IP unblocked (nor should they have to) so they call their ISP to have us unblock it. We explain that we have no control over sorbs database and issue them a different static IP address.

Sorbs has built a system of punishment to get off their list. anyone who is willing to spend $50 to get unblocked are more than likely not the responsible party for being black listed in the first place.

sorbs is trying to be the internet spam police and they need to examine some of their policies.
--
Beer is proof that God loves us and wants us to be happy -Benjamin Franklin

Re: SORBS got my buddy

Mon, 26 Dec 2005 18:02:40 EDT
NormanS :
said by Suffering :

said by NormanS :

You shouldn't be running an end-to-end SMTP client from a dynamic IP address.

yep I agree with you.

but you shouldn't email AOL users either ;)

If you aren't running an end-to-end SMTP relay client, you shouldn't worry about whether your assigned IP address is in the SORBS list, or not. The list is only used by some small number of mail administrators to block incoming port 25 connections to their MX servers; and you aren't making any, so why should you care?

Why shouldn't I send email to AOL users? :p
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Mon, 26 Dec 2005 17:58:28 EDT
Suffering : »Is SORBS Blocking Gmail?

Re: SORBS got my buddy

Mon, 26 Dec 2005 02:44:14 EDT
Suffering :
said by NormanS :

You shouldn't be running an end-to-end SMTP client from a dynamic IP address.

yep I agree with you.

but you shouldn't email AOL users either ;)
--
Beer is proof that God loves us and wants us to be happy -Benjamin Franklin

Re: SORBS got my buddy

Mon, 26 Dec 2005 01:43:19 EDT
NormanS :
said by Suffering :

I understand and like some parts of sorbs, however I disagree with the fact they they punish people based on the fact that someone else used an IP address to spam and now if I lease that IP address I am forced to pay sorbs bribe money to forgive the sins of another (and it happens every day).

You shouldn't be running an end-to-end SMTP client from a dynamic IP address. AOL won't ask to to make a $50 contribution; but they won't de-list you, either:
554- (RTR:BB) http://postmaster.info.aol.com/errors/554rtrbb.html
554- AOL does not accept e-mail transactions from dynamic or residential
554- IP addresses.
554 Connecting IP: 71.131.248.172
There is no more; AOL dropped that connection rather abruptly. If you run an end-to-end mail client, you should be running it from a static IP address; preferably with a ptr record which matches the forward DNS lookup.

You could also, of course, attempt to sue those parties who use SORBS...

A Qwest server got listed by SORBs? I wonder if they do what an SBC server did to me; bounced back a message to an email address forged as the sender of the spam. It can be a frustrating experience, trying to keep bounces from overwhelming your mailbox when regular ISP output servers are swamping it with bounces to a forged email address; I had that happen to me. But that is another issue...

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Mon, 26 Dec 2005 00:42:59 EDT
Suffering :
said by NormanS :

The mail server is still listed. You do understand the difference? Well, yes, I realize some networks won't accept email from mail servers listed by SORBS; but that is not the same thing as the mail server being blocked. From the POV of a mail server not using SORBS, the Qwest mail server is not blocked at all.

I realize that not everyone uses sorbs (and applaud those who don't), but I think you missed my point. Sorbs mad a mistake and instead of black listing an IP address of someone who had spread spam they mistakenly listed one of qwest's mail servers. They then acknowledged their mistake and wanted qwest to pay in the neighborhood of $750,000 to delete one single IP address.

I understand and like some parts of sorbs, however I disagree with the fact they they punish people based on the fact that someone else used an IP address to spam and now if I lease that IP address I am forced to pay sorbs bribe money to forgive the sins of another (and it happens every day).
--
Beer is proof that God loves us and wants us to be happy -Benjamin Franklin

Re: SORBS got my buddy

Sun, 25 Dec 2005 22:15:26 EDT
GunnCat :
said by NormanS :

The problem with C/R, when it doesn't uses spam filters for pre-filtering, is that spam with forged sender email addresses results in challenges sent to innocent parties. I have gotten such challenges before. My procedure is simple; if it was a response to spam with my email address forged, I take the "Turing Test", and release the spam to the intended recipient; if it was a response to a message I sent, I ignore the "Turing Test" and make the sender jump through his own hoops to add me to his white list. If he isn't so inclined, well, I probably didn't need to hear from him, anyway.

That would explain those few pieces of spam I have gotten.
Good points and good to have a real debate about this topic.

Re: SORBS got my buddy

Sun, 25 Dec 2005 20:38:13 EDT
NormanS :
said by Suffering :

...I still contend that SORBS are money hungry idiots.

Here's a great example. Sorbs blocked one of qwest.net's mail servers. qwest security contacted sorbs to get it taken off (obviously qwest doesn't use one of their mail servers specifically for spamming, this was a mistake on sorbs part). Sorbs recognized the mistake and said they would whitelist the IP address for a $50 donation for every qwest.net subscriber that uses that mail server. Qwest replied back telling them that somewhere along the lines of 15,000 people use that mail server and maybe they didn't understand the issue. Sorbs replied back (with their usually modus operandi) that they would not budge on the price.

The mail server is still blocked.

The mail server is still listed. You do understand the difference? Well, yes, I realize some networks won't accept email from mail servers listed by SORBS; but that is not the same thing as the mail server being blocked. From the POV of a mail server not using SORBS, the Qwest mail server is not blocked at all.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Sun, 25 Dec 2005 17:12:37 EDT
Suffering :
said by Keith :

Any good provider will will act fast I know mine (Cogeco) dose and I was surprised how fast Sympatico acted on a complaint from a non Sympatico user

that's great that your sister's ISP did that, but I still contend that SORBS are money hungry idiots.

Here's a great example. Sorbs blocked one of qwest.net's mail servers. qwest security contacted sorbs to get it taken off (obviously qwest doesn't use one of their mail servers specifically for spamming, this was a mistake on sorbs part). Sorbs recognized the mistake and said they would whitelist the IP address for a $50 donation for every qwest.net subscriber that uses that mail server. Qwest replied back telling them that somewhere along the lines of 15,000 people use that mail server and maybe they didn't understand the issue. Sorbs replied back (with their usually modus operandi) that they would not budge on the price.

The mail server is still blocked.
--
Beer is proof that God loves us and wants us to be happy -Benjamin Franklin

Re: SORBS got my buddy

Sat, 24 Dec 2005 12:44:41 EDT
NormanS :
said by GunnCat :

btw, just for your general knowledge. I have been in internet marketing since 2001. I have never and will never use email to advertise. I know people that do and they laugh at SORBS as it hasn't affected their business in the least.
I use a Turing test to filter my email. In the last year these are my statistics:

Messages Processed 100164
Messages Forwarded 8616
Spam Percentage 91.4%

I can say that of those emails I have had 3 spammers who actually took the time to enter the proper code so that I get the email in my inbox, at which point I login and block the email address. This is a manual decision, not some arbitrary crap like SORBs. I have also known webmasters who dropped SORBs because they weren't receiving emails from important clients.
I could go on. Spending my time slamming some crap like SORBs is surely worth it, but I have to buy some gifts :)

Turing test? Or Challenge Response? Turing test != Challenge Response. I block C/R servers from sending email to my domain. I don't think it is so much a problem, any more, since early C/R systems getting blocked brought about a change in the behavior of C/R operators. Most now use some kind of pre-filtering to sort out spam with forged sender email addresses.

The problem with C/R, when it doesn't uses spam filters for pre-filtering, is that spam with forged sender email addresses results in challenges sent to innocent parties. I have gotten such challenges before. My procedure is simple; if it was a response to spam with my email address forged, I take the "Turing Test", and release the spam to the intended recipient; if it was a response to a message I sent, I ignore the "Turing Test" and make the sender jump through his own hoops to add me to his white list. If he isn't so inclined, well, I probably didn't need to hear from him, anyway.

BTW, my current line-up of DNSBLs is working just fine, without the backscatter of C/R:

Spamhaus
DSBL
NJABL
Cluecentral, China
Cluecentral, Korea
Cluecentral, Brazil

You have a right to freedom of speech; keep on blasting SORBS. The guys who run SORBS also have a right to freedom of speech; and their publication of the SORBS list is their exercise of their freedom. Mail administrators are free to use SORBS, or not, as they see fit.

Mail advertisers may laugh at DNSBLs, but they are not doing much business with people whose mail servers utilize them.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Sat, 24 Dec 2005 11:12:56 EDT
Keith : My sister (isp= Sympatico) e-mailed me (isp= Cogeco)
it bounced back to her Sympatico got listed on sorbs
she had no idea what to do, I e-mailed Sympatico's tech support explained and sent them the bounced e-mail
next morning e-mail back to normal

Any good provider will will act fast I know mine (Cogeco) dose and I was surprised how fast Sympatico acted on a complaint from a non Sympatico user
--
The only stupid question is the one not asked

Re: SORBS got my buddy

Sat, 24 Dec 2005 09:47:14 EDT
GunnCat : btw, just for your general knowledge. I have been in internet marketing since 2001. I have never and will never use email to advertise. I know people that do and they laugh at SORBS as it hasn't affected their business in the least.
I use a Turing test to filter my email. In the last year these are my statistics:

Messages Processed 100164
Messages Forwarded 8616
Spam Percentage 91.4%

I can say that of those emails I have had 3 spammers who actually took the time to enter the proper code so that I get the email in my inbox, at which point I login and block the email address. This is a manual decision, not some arbitrary crap like SORBs. I have also known webmasters who dropped SORBs because they weren't receiving emails from important clients.
I could go on. Spending my time slamming some crap like SORBs is surely worth it, but I have to buy some gifts :)

Re: SORBS got my buddy

Sat, 24 Dec 2005 09:34:59 EDT
GunnCat : Of course a Turing test would, and is stopping spam. My spam filter has blocked tens of thousands of spam emails. It's often hard for a host with thousands of servers to see if anyone is running an open relay, therefore mistakes happen. Should entire businesses be punished because some self managed client who leases a server doesn't realize he has one?
I don't believe in censorship either, but once again SORBS sucks and should be purged from the internet.
Go on with your arguments. I'll just come back every few months and reply to your posts.
Maybe some of you should better educate yourselves :)
»www.google.com/search?sourceid=n···bs+sucks

Merry Xmas!
All I want is for SORBS to be purged from the internet :)

Re: SORBS got my buddy

Tue, 18 Oct 2005 17:50:01 EDT
fantomposter :
said by NormanS :

If not SORBS, then something else like it...

Like private block lists, which never get adjusted/removed unless a user of that system complains. And then only if they ask nice :)

Re: SORBS got my buddy

Tue, 18 Oct 2005 17:03:46 EDT
anon : The ISP is at fault here for using anonymous relay. If they used the authenticated user method, they wouldn't be blocked. We encountered this problem and were blacklisted by SORBS until we sorted it. The ISP in fact DOES have to contact SORBS about removing the block. They will remove you but ultimately its up to your ISP to stay off the list. Hope this helps!

Re: SORBS got my buddy

Tue, 18 Oct 2005 12:42:04 EDT
NormanS :
said by GunnCat :

If you want to get rid of spam, use a Turing Test. SORBS is garbage. My host had a spammer once and our entire block of IPs was banned by SORBS.
Again, SORBS should be purged from the internet. It's completely out of hand. It doesn't stop spam, it just bans ips. Again, only a Turing Test can helpo prevent spam.

A Turing Test would no more stop spam than pissing into the wind would. Spam is here to stay. So is SORBS. If not SORBS, then something else like it...
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: SORBS got my buddy

Tue, 18 Oct 2005 11:07:14 EDT
izy : I was under the impression the Turing Test was a way of measuring how well a computer could hold a conversation with a human.

dammit! Your post passed! :hmm:
--
"When I played in the sandbox, the cat kept covering me up.." ~Rodney Dangerfield

Re: SORBS got my buddy

Tue, 18 Oct 2005 07:52:44 EDT
GunnCat : If you want to get rid of spam, use a Turing Test. SORBS is garbage. My host had a spammer once and our entire block of IPs was banned by SORBS.
Again, SORBS should be purged from the internet. It's completely out of hand. It doesn't stop spam, it just bans ips. Again, only a Turing Test can helpo prevent spam.

Re: SORBS got my buddy

Sat, 06 Aug 2005 18:46:43 EDT
elvey :
said by JJV :

My friend in Alaska has been having problems sending me pictures and stuff. I thought I had some kind of email problem.
»www.sorbs.net/lookup.shtml?209.165.130.11

Interesting. Comcast uses SORBS! Your friend needs to call his ISP ( GCI Communications ). They're at fault for not keeping their noses clean. Blaming Comcast or SORBS is just blaming the victim. (It's like saying a rape victim they need to change.) Having him power cycle his modem might help too, since he'll get a new IP.

BTW, someone doesn't seem knowledgeable enough to know the difference between the Internet and an internet.
--
SBC is the world's second-largest SpamHaus and leads an Organized Crime Syndicate.

Re: SORBS got my buddy

Fri, 05 Aug 2005 12:30:59 EDT
NormanS :
said by GunnCat :

SORBS should be purged from the internet completely.

Fortunately for those of us who dislike spam, you are not the "God of the Internet".
--
Norman
~A deam, dream, no dream
~Voices of the night go across the forest
~A dream, dream, no dream
~Good night my good child

Re: SORBS got my buddy

Fri, 05 Aug 2005 12:18:41 EDT
nwrickert :
said by GunnCat :

SORBS should be purged from the internet completely.

I'm against censorship. SORBS has as much right to be on the internet as other sites that I don't like. Nobody is forced to use the SORBS list.

Re: SORBS got my buddy

Fri, 05 Aug 2005 12:15:30 EDT
izy :
said by GunnCat :

SORBS should be purged from the internet completely.

Yeah, they make it tough to be a spammer. :o
--
"There's a fine line between fishing and just standing on the shore like an idiot." ~Steven Wright

Re: SORBS got my buddy

Fri, 05 Aug 2005 11:20:33 EDT
GunnCat : SORBS should be purged from the internet completely.

Re: SORBS got my buddy

Sat, 25 Jun 2005 01:14:50 EDT
NormanS :
said by mabus :

SORBS is a bit too overbearing at times when it comes to enforcement of their lists.

If you don't like the way that SORBS operates, you don't have to use their list to check the source IP addresses of the SMTP clients connecting to your MX server.
--
Norman
~A deam, dream, no dream
~Voices of the night go across the forest
~A dream, dream, no dream
~Good night my good child

Re: SORBS got my buddy

Fri, 24 Jun 2005 22:42:49 EDT
fantomposter :
said by mabus :

one of our ISP's had their ENTIRE RANGE of IP's blacklisted.

Who was the ISP?

Re: SORBS got my buddy

Fri, 24 Jun 2005 16:24:55 EDT
mabus : SORBS has a nasty habit of blacklisting entire ranges of IP's from well-known ISP's. CEO of my company was dialed in one time and sent an e-mail that was blocked because one of our ISP's had their ENTIRE RANGE of IP's blacklisted.

SORBS is a bit too overbearing at times when it comes to enforcement of their lists.
--
Mister Scruff makes my ears happy

STEREOLAB - THE GREATEST BAND ON EARTH

Re: SORBS got my buddy

Fri, 24 Jun 2005 00:38:31 EDT
NormanS :
said by Suffering :

said by nwrickert :

In this case the best JJV can do is complain to his ISP. It is up to the ISP to negotiate this with SORBS, or to decide to live with the problem. If the ISP can't fix it, then JJV will need to find another way of communicating with this correspondent.
But not all ISP's will communicate with sorbs, nor are they required to. It is not the responsibility of the ISP to make sure sorbs is correct.

To me it's an insane policy.... like I'm going to start a mail server, but nobody can email me unless your ISP contacts ME and tells me you are ok!

You aren't blocked from receiving mail, only from sending it. My own dynamic IP addresses are more often blocked by NJABL than by SORBS. I do run a mail server, and no email to my MX is blocked unless it is from an IP address in one of about eight DNSBLs that I use. My own outbound email is blocked, usually because of my IP address being listed by NJABL. I get around that my using my ISP's SMTP server.

Mail server administrators make the decision to use a DNSBL, or not, according to their own needs. They decide which DNSBLs to use, if they do choose to use any at all. If you are blocked, you have some choices: Contact your ISP, contact the mail server administrator which is blocking you, contact the maintainer of the block list. The latter is iffy; if their policy requires that the controller of the listed IP address contact them, then you are out of luck. The former is equally iffy; your ISP may simply decide that the hoops required of the list maintainer are too much trouble to jump through. Your best hope is contacting the receiving mail server administrator; even so, if the list they use works for them then they likely won't stop using it.

Their is no law against publishing such a list; opinion is covered by freedom of speech guarantees, where such exist under law. Their is no law against using such a list; my server is my private property. Just as I can control access to my physical premises, so I can control access to my virtual premises. I actually tossed a kid from a store where I worked; legally! I do the same with SMTP clients trying to access my mail server.

Internet email sucks, really bad; but you have to live with the way it works.
--
Norman
~A deam, dream, no dream
~Voices of the night go across the forest
~A dream, dream, no dream
~Good night my good child

Re: SORBS got my buddy

Thu, 23 Jun 2005 22:32:59 EDT
nwrickert :
But not all ISP's will communicate with sorbs, nor are they required to.
Well it seems I had some details wrong. It isn't JJV , but his friend in Alaska who is having problems sending email. The Alaskan friend can ask his ISP to contact SORBS. That ISP may decide not to, in which case the Alaskan friend has to find another way to communicate.

JJV can ask his provider to stop using the SORBS blocklist, or to whitelist the particular server. There is no guarantee that JJV 's provider will agree.
To me it's an insane policy

Which policy is insane?

90% of the smtp connections to my mail server are trying to send spam or viruses. To me, it seems insane not to do my best to block as much of the garbage as I can, while blocking as few non-spam messages as I can manage. But there is no perfect way of doing this.

I don't use the SORBS list myself, but I understand why some people do use it.

Re: SORBS got my buddy

Thu, 23 Jun 2005 22:28:25 EDT
Suffering : Steve I didn't say dynamic IP = spammer. I've had a dynamic IP with my dsl for nearly 5 years. Sorbs doesn't just block people running their own mail server... and sometimes people get infected with malware that sends out spam (I'm sure you know this, just saying), and sorbs will block ISP's dynamic IP's that people might have been pulling when they were a spam zombie... even ISP's who are quite vigilant about keeping spammers off their network.
--
Positive Affirmation Of Creative Destruction

Re: SORBS got my buddy

Thu, 23 Jun 2005 21:49:29 EDT
Suffering :
said by nwrickert :

In this case the best JJV can do is complain to his ISP. It is up to the ISP to negotiate this with SORBS, or to decide to live with the problem. If the ISP can't fix it, then JJV will need to find another way of communicating with this correspondent.
But not all ISP's will communicate with sorbs, nor are they required to. It is not the responsibility of the ISP to make sure sorbs is correct.

To me it's an insane policy.... like I'm going to start a mail server, but nobody can email me unless your ISP contacts ME and tells me you are ok!
--
Positive Affirmation Of Creative Destruction

Re: SORBS got my buddy

Thu, 23 Jun 2005 21:38:01 EDT
nwrickert : The SORBs listing reports that spam was received from that server. It is apparently not listed as a dynamic block, but as a spam source.

I'm not sure exactly what is the SORBS policy here. If I blocked every site from which I received spam, I would be blocking most mail. Instead, I try to make allowances for mail coming from what appear to be ISP mail servers. I block those only if the amount of spam is excessive. I expect that ISP servers will send some unavoidable amount of spam, simply because they are relaying mail from their users, and may have some bad eggs among their users.

In this case the best JJV can do is complain to his ISP. It is up to the ISP to negotiate this with SORBS, or to decide to live with the problem. If the ISP can't fix it, then JJV will need to find another way of communicating with this correspondent.

The spammers and malware writers have broken the mail system. We live with it as best we can. But you have to live with the fact that people will take protective action against the continued bombardment of garbage. And sometimes that protective action will block good mail. If the ideal is unachievable, then you live with what seems to be a reasonable compromise.

Re: SORBS got my buddy

Thu, 23 Jun 2005 21:17:59 EDT
Steve :
said by Suffering :

I see your point. That said, how can you say it's accurate when it is blocking legitimate email that isn't from a spammer.
A list of dynamic IPs is not a list of spammers; it's just a list of dynamic IPs, and it's usually maintained separately from the list of actual spammers. Mailserver owners can choose to subscribe to whichever lists they like: they can figure out the cost/benefit ratios for their own tastes.

Generally speaking, people with dynamic IPs have a low ratio of legit to bogus mail servers, so it's not a bad plan at all to block. There is no way to block all the spam and keep all of the regular mail, so there is going to be some fallout. The guy who owns the mailserver gets to make that call, not grandma.
Certainly the spam issue needs to be resolved but honestly I don't think sorbs way of doing it works long term.
Then I guess you won't be installing it on your mailserver, now will you?
So, sorbs has blocked several completely legitimate dynamic IP addresses and then wants the ISP to contact THEM in order to verify that it's a dynamic IP address.
Grandma should be sending email through her ISP's mailserver; if she wants to run her own mailserver, get a static.

Sorry.

Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site

Re: SORBS got my buddy

Thu, 23 Jun 2005 21:05:00 EDT
Suffering :
said by JJV :

It looks like sorbs wants a 50.00 ransom to be paid to a charity to remove the blacklist too.

which is stupid and insane
--
Positive Affirmation Of Creative Destruction

Re: SORBS got my buddy

Thu, 23 Jun 2005 20:48:53 EDT
JJV : It looks like sorbs wants a 50.00 ransom to be paid to a charity to remove the blacklist too.

Re: SORBS got my buddy

Thu, 23 Jun 2005 20:42:13 EDT
Suffering : I see your point. That said, how can you say it's accurate when it is blocking legitimate email that isn't from a spammer.

Certainly the spam issue needs to be resolved but honestly I don't think sorbs way of doing it works long term.

For instance Grandma gets some nasty software installed on her computer and she's a spam zombie. She has a dynamic IP address. Her ISP warns her and asks her to remove it from her computer (even provides links on how to do so), meantime someone has reported her spam to sorbs. Grandma power cycles her modem, pulls another IP address... more spam more reports to sorbs. ISP gets reports as well, deactivates accnt... grandson comes over and uninstalls his Kazaa and says it's gone, ISP reactiaves accnt... IP address #3. More spam, more dynamic IP addresses blocked by sorbs until grandma is finally told she will need to find another ISP.

So, sorbs has blocked several completely legitimate dynamic IP addresses and then wants the ISP to contact THEM in order to verify that it's a dynamic IP address.

Sorbs has no authority to make such requests to have the ISP's contact them.. I understand the concept, but if they want it to truly be accurate THEY should setup communication with the ISP's. If the ISP is responsible and takes care of it then there ya go. If the ISP says that they like spammers, then sorps steps in... otherwise it seems like too rash of a decision.
--
Positive Affirmation Of Creative Destruction

Re: SORBS got my buddy

Thu, 23 Jun 2005 19:51:44 EDT
NormanS :
said by Suffering :

...(which brings me to my problem with sorbs... if you are going to make a list of spammers IP addresses why would you include dynamic IP addresses? Why not work with the ISP's to find out if the IP address is static and if you determine it is static and the ISP's security dept will not turn that person off THEN block it? It's more work for sorbs, but it's a much more accurate tool.)

Or he could talk to whomever is blocking his mail (because they are using sorbs list).

Talking to sorbs would fix the issue.

Maybe, maybe not; fix the issue. SORBS does maintain a list of dynamic IP address space; as do other DNSBL maintainers. If the IP address in question is a dynamic IP address, only the ISP can request any changes, and only according to the SORBS criteria.

Accurate? Here is what is accurate. Better than 90% of the spam I get is sent through open proxies on compromised computers connecting via dynamic IP addresses. 0% of the good email I receive comes from dynamic IP addresses. Explain to me why I should not block email from dynamic IP address space? If you have a dynamic IP address, you also have an ISP SMTP server, in most cases. There are still a few email service providers which offer SMTP service at no charge.

The SORBS list works just fine for my MX; if it changes to match your criteria, I would stop using it. Indeed, if the DNSBLs were to suddenly disappear, I would run my own DNS and create my own blocking lists. I would not be alone.
--
Norman
~A deam, dream, no dream
~Voices of the night go across the forest
~A dream, dream, no dream
~Good night my good child

Re: SORBS got my buddy

Thu, 23 Jun 2005 19:23:16 EDT
Suffering : ok, maybe I worded it wrong.

Sorbs has control over their list. If it's a dynamic IP they should change that.

Your buddy should tell that to sorbs so they change their list to show it's not a spammer IP but a dynamic IP address (which brings me to my problem with sorbs... if you are going to make a list of spammers IP addresses why would you include dynamic IP addresses? Why not work with the ISP's to find out if the IP address is static and if you determine it is static and the ISP's security dept will not turn that person off THEN block it? It's more work for sorbs, but it's a much more accurate tool.)

Or he could talk to whomever is blocking his mail (because they are using sorbs list).

Talking to sorbs would fix the issue.
--
Positive Affirmation Of Creative Destruction

Re: SORBS got my buddy

Thu, 23 Jun 2005 19:10:27 EDT
Jon_Hanson : SORBS doesn't block anybody. Whoever is receiving his e-mail uses SORBS on their server to determine if they want to receive e-mail from various sources.

His contacting SORBS won't do anything. His ISP has to contact them to straighten this out.

Re: SORBS got my buddy

Thu, 23 Jun 2005 18:06:02 EDT
JJV : I believe its his isp's mail server that is on the sorbs list.

Re: SORBS got my buddy

Thu, 23 Jun 2005 16:24:23 EDT
Suffering : he should contact sorbs... they are the one blocking him... what is his ISP going to do?

His ISP can't do jack.
--
Positive Affirmation Of Creative Destruction

SORBS got my buddy

Wed, 22 Jun 2005 21:19:29 EDT
JJV : My friend in Alaska has been having problems sending me pictures and stuff. I thought I had some kind of email problem.
He was finally able to email me the error message he was getting. It looked like this.
> Delivery attempt history for your mail:
>
> Tue, 21 Jun 2005 17:49:51 -0800 (AKDT)
> myemailchanged.net: smtp;451 Spam Received See:
»www.sorbs.net/lookup.shtml?209.165.130.11

I went to the link and sorbs tells me the ip is blacklisted.
I think this is his providers mail server. gci.net
Is there anything he can do other than complain to his email provider?
Im on comcast and everything seems good here.