JJV
Premium
join:2001-04-25
Seattle, WA
clubs:
 ·Vonage
| SORBS got my buddy
My friend in Alaska has been having problems sending me pictures and stuff. I thought I had some kind of email problem.
He was finally able to email me the error message he was getting. It looked like this.
> Delivery attempt history for your mail:
>
> Tue, 21 Jun 2005 17:49:51 -0800 (AKDT)
> myemailchanged.net: smtp;451 Spam Received See:
»www.sorbs.net/lookup.shtml?209.165.130.11
I went to the link and sorbs tells me the ip is blacklisted.
I think this is his providers mail server. gci.net
Is there anything he can do other than complain to his email provider?
Im on comcast and everything seems good here. |
|
Suffering
Retrovertigo
Premium,VIP
join:2004-03-06
127.0.0.1
clubs: | he should contact sorbs... they are the one blocking him... what is his ISP going to do?
His ISP can't do jack.
--
Positive Affirmation Of Creative Destruction |
|
JJV
Premium
join:2001-04-25
Seattle, WA
clubs: | reply to JJV
I believe its his isp's mail server that is on the sorbs list. |
|
Jon_Hanson
Mountain Dew Rules
Premium
join:2001-07-09
Gilbert, AZ
| reply to Suffering
SORBS doesn't block anybody. Whoever is receiving his e-mail uses SORBS on their server to determine if they want to receive e-mail from various sources.
His contacting SORBS won't do anything. His ISP has to contact them to straighten this out. |
|
Suffering
Retrovertigo
Premium,VIP
join:2004-03-06
127.0.0.1
clubs:
| reply to JJV
ok, maybe I worded it wrong.
Sorbs has control over their list. If it's a dynamic IP they should change that.
Your buddy should tell that to sorbs so they change their list to show it's not a spammer IP but a dynamic IP address (which brings me to my problem with sorbs... if you are going to make a list of spammers IP addresses why would you include dynamic IP addresses? Why not work with the ISP's to find out if the IP address is static and if you determine it is static and the ISP's security dept will not turn that person off THEN block it? It's more work for sorbs, but it's a much more accurate tool.)
Or he could talk to whomever is blocking his mail (because they are using sorbs list).
Talking to sorbs would fix the issue.
--
Positive Affirmation Of Creative Destruction |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| said by Suffering  :...(which brings me to my problem with sorbs... if you are going to make a list of spammers IP addresses why would you include dynamic IP addresses? Why not work with the ISP's to find out if the IP address is static and if you determine it is static and the ISP's security dept will not turn that person off THEN block it? It's more work for sorbs, but it's a much more accurate tool.) Or he could talk to whomever is blocking his mail (because they are using sorbs list). Talking to sorbs would fix the issue. Maybe, maybe not; fix the issue. SORBS does maintain a list of dynamic IP address space; as do other DNSBL maintainers. If the IP address in question is a dynamic IP address, only the ISP can request any changes, and only according to the SORBS criteria.
Accurate? Here is what is accurate. Better than 90% of the spam I get is sent through open proxies on compromised computers connecting via dynamic IP addresses. 0% of the good email I receive comes from dynamic IP addresses. Explain to me why I should not block email from dynamic IP address space? If you have a dynamic IP address, you also have an ISP SMTP server, in most cases. There are still a few email service providers which offer SMTP service at no charge.
The SORBS list works just fine for my MX; if it changes to match your criteria, I would stop using it. Indeed, if the DNSBLs were to suddenly disappear, I would run my own DNS and create my own blocking lists. I would not be alone.
--
Norman
~A deam, dream, no dream
~Voices of the night go across the forest
~A dream, dream, no dream
~Good night my good child |
|
Suffering
Retrovertigo
Premium,VIP
join:2004-03-06
127.0.0.1
clubs:
1 edit | reply to JJV
I see your point. That said, how can you say it's accurate when it is blocking legitimate email that isn't from a spammer.
Certainly the spam issue needs to be resolved but honestly I don't think sorbs way of doing it works long term.
For instance Grandma gets some nasty software installed on her computer and she's a spam zombie. She has a dynamic IP address. Her ISP warns her and asks her to remove it from her computer (even provides links on how to do so), meantime someone has reported her spam to sorbs. Grandma power cycles her modem, pulls another IP address... more spam more reports to sorbs. ISP gets reports as well, deactivates accnt... grandson comes over and uninstalls his Kazaa and says it's gone, ISP reactiaves accnt... IP address #3. More spam, more dynamic IP addresses blocked by sorbs until grandma is finally told she will need to find another ISP.
So, sorbs has blocked several completely legitimate dynamic IP addresses and then wants the ISP to contact THEM in order to verify that it's a dynamic IP address.
Sorbs has no authority to make such requests to have the ISP's contact them.. I understand the concept, but if they want it to truly be accurate THEY should setup communication with the ISP's. If the ISP is responsible and takes care of it then there ya go. If the ISP says that they like spammers, then sorps steps in... otherwise it seems like too rash of a decision.
--
Positive Affirmation Of Creative Destruction |
|
JJV
Premium
join:2001-04-25
Seattle, WA
clubs: | reply to JJV
It looks like sorbs wants a 50.00 ransom to be paid to a charity to remove the blacklist too. |
|
Suffering
Retrovertigo
Premium,VIP
join:2004-03-06
127.0.0.1
clubs:
| said by JJV :It looks like sorbs wants a 50.00 ransom to be paid to a charity to remove the blacklist too. which is stupid and insane
--
Positive Affirmation Of Creative Destruction |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to Suffering
said by Suffering :I see your point. That said, how can you say it's accurate when it is blocking legitimate email that isn't from a spammer. A list of dynamic IPs is not a list of spammers; it's just a list of dynamic IPs, and it's usually maintained separately from the list of actual spammers. Mailserver owners can choose to subscribe to whichever lists they like: they can figure out the cost/benefit ratios for their own tastes.
Generally speaking, people with dynamic IPs have a low ratio of legit to bogus mail servers, so it's not a bad plan at all to block. There is no way to block all the spam and keep all of the regular mail, so there is going to be some fallout. The guy who owns the mailserver gets to make that call, not grandma.Certainly the spam issue needs to be resolved but honestly I don't think sorbs way of doing it works long term. Then I guess you won't be installing it on your mailserver, now will you?So, sorbs has blocked several completely legitimate dynamic IP addresses and then wants the ISP to contact THEM in order to verify that it's a dynamic IP address. Grandma should be sending email through her ISP's mailserver; if she wants to run her own mailserver, get a static.
Sorry.
Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
·AT&T Midwest
| reply to JJV
The SORBs listing reports that spam was received from that server. It is apparently not listed as a dynamic block, but as a spam source.
I'm not sure exactly what is the SORBS policy here. If I blocked every site from which I received spam, I would be blocking most mail. Instead, I try to make allowances for mail coming from what appear to be ISP mail servers. I block those only if the amount of spam is excessive. I expect that ISP servers will send some unavoidable amount of spam, simply because they are relaying mail from their users, and may have some bad eggs among their users.
In this case the best JJV can do is complain to his ISP. It is up to the ISP to negotiate this with SORBS, or to decide to live with the problem. If the ISP can't fix it, then JJV will need to find another way of communicating with this correspondent.
The spammers and malware writers have broken the mail system. We live with it as best we can. But you have to live with the fact that people will take protective action against the continued bombardment of garbage. And sometimes that protective action will block good mail. If the ideal is unachievable, then you live with what seems to be a reasonable compromise. |
|
Suffering
Retrovertigo
Premium,VIP
join:2004-03-06
127.0.0.1
clubs:
| said by nwrickert :In this case the best JJV can do is complain to his ISP. It is up to the ISP to negotiate this with SORBS, or to decide to live with the problem. If the ISP can't fix it, then JJV will need to find another way of communicating with this correspondent. But not all ISP's will communicate with sorbs, nor are they required to. It is not the responsibility of the ISP to make sure sorbs is correct.
To me it's an insane policy.... like I'm going to start a mail server, but nobody can email me unless your ISP contacts ME and tells me you are ok!
--
Positive Affirmation Of Creative Destruction |
|
Suffering
Retrovertigo
Premium,VIP
join:2004-03-06
127.0.0.1
clubs:
| reply to Steve
Steve I didn't say dynamic IP = spammer. I've had a dynamic IP with my dsl for nearly 5 years. Sorbs doesn't just block people running their own mail server... and sometimes people get infected with malware that sends out spam (I'm sure you know this, just saying), and sorbs will block ISP's dynamic IP's that people might have been pulling when they were a spam zombie... even ISP's who are quite vigilant about keeping spammers off their network.
--
Positive Affirmation Of Creative Destruction |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to Suffering
But not all ISP's will communicate with sorbs, nor are they required to. Well it seems I had some details wrong. It isn't JJV , but his friend in Alaska who is having problems sending email. The Alaskan friend can ask his ISP to contact SORBS. That ISP may decide not to, in which case the Alaskan friend has to find another way to communicate.
JJV can ask his provider to stop using the SORBS blocklist, or to whitelist the particular server. There is no guarantee that JJV 's provider will agree.
To me it's an insane policy
Which policy is insane?
90% of the smtp connections to my mail server are trying to send spam or viruses. To me, it seems insane not to do my best to block as much of the garbage as I can, while blocking as few non-spam messages as I can manage. But there is no perfect way of doing this.
I don't use the SORBS list myself, but I understand why some people do use it. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to Suffering
said by Suffering :said by nwrickert :In this case the best JJV can do is complain to his ISP. It is up to the ISP to negotiate this with SORBS, or to decide to live with the problem. If the ISP can't fix it, then JJV will need to find another way of communicating with this correspondent. But not all ISP's will communicate with sorbs, nor are they required to. It is not the responsibility of the ISP to make sure sorbs is correct. To me it's an insane policy.... like I'm going to start a mail server, but nobody can email me unless your ISP contacts ME and tells me you are ok! You aren't blocked from receiving mail, only from sending it. My own dynamic IP addresses are more often blocked by NJABL than by SORBS. I do run a mail server, and no email to my MX is blocked unless it is from an IP address in one of about eight DNSBLs that I use. My own outbound email is blocked, usually because of my IP address being listed by NJABL. I get around that my using my ISP's SMTP server.
Mail server administrators make the decision to use a DNSBL, or not, according to their own needs. They decide which DNSBLs to use, if they do choose to use any at all. If you are blocked, you have some choices: Contact your ISP, contact the mail server administrator which is blocking you, contact the maintainer of the block list. The latter is iffy; if their policy requires that the controller of the listed IP address contact them, then you are out of luck. The former is equally iffy; your ISP may simply decide that the hoops required of the list maintainer are too much trouble to jump through. Your best hope is contacting the receiving mail server administrator; even so, if the list they use works for them then they likely won't stop using it.
Their is no law against publishing such a list; opinion is covered by freedom of speech guarantees, where such exist under law. Their is no law against using such a list; my server is my private property. Just as I can control access to my physical premises, so I can control access to my virtual premises. I actually tossed a kid from a store where I worked; legally! I do the same with SMTP clients trying to access my mail server.
Internet email sucks, really bad; but you have to live with the way it works.
--
Norman
~A deam, dream, no dream
~Voices of the night go across the forest
~A dream, dream, no dream
~Good night my good child |
|
mabus
Dissociated But Not Disconnected
join:2002-11-12
Fort Wayne, IN
| reply to JJV
SORBS has a nasty habit of blacklisting entire ranges of IP's from well-known ISP's. CEO of my company was dialed in one time and sent an e-mail that was blocked because one of our ISP's had their ENTIRE RANGE of IP's blacklisted.
SORBS is a bit too overbearing at times when it comes to enforcement of their lists.
--
Mister Scruff makes my ears happy
STEREOLAB - THE GREATEST BAND ON EARTH |
|
fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH
| said by mabus :one of our ISP's had their ENTIRE RANGE of IP's blacklisted. Who was the ISP? |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to mabus
said by mabus :SORBS is a bit too overbearing at times when it comes to enforcement of their lists. If you don't like the way that SORBS operates, you don't have to use their list to check the source IP addresses of the SMTP clients connecting to your MX server.
--
Norman
~A deam, dream, no dream
~Voices of the night go across the forest
~A dream, dream, no dream
~Good night my good child |
|
GunnCat
join:2001-08-11
Torrington, CT | reply to JJV
SORBS should be purged from the internet completely. |
|
izy
Premium,MVM
join:2000-09-21
Naples, FL
| said by GunnCat :SORBS should be purged from the internet completely. Yeah, they make it tough to be a spammer. 
--
"There's a fine line between fishing and just standing on the shore like an idiot." ~Steven Wright |
|
