Slashdot Mirror

← Back to Domains

Domain: openrbl.org

Stories and comments across the archive that link to openrbl.org.

Comments · 32

  1. Re:De-standardize, and make it worthwhile. by mikael · · Score: 1 · on 100 Email Bouncebacks - Welcome to Backscattering

    There's already a few mail reputation systems:

    Mail Abuse Prevention System

    And there's also a generic checklist for all anti-spam ideas:

    Anti-Spam Solutions Checklist

  2. DO NOT USE BLARS :o) by juanhf · · Score: 1 · on SORBS - Is There a Better Spam Blacklist?

    Whatever you do, DO NOT USE BLARS he runs a pretty mean black list, so bad that he his website probably got pulled or he was forced to pull it

    if you happen to be the mail admin i would suggest checking out mxtoolbox.com

  3. Some other zones by Anonymous Coward · · Score: 0 · on SORBS - Is There a Better Spam Blacklist?

    http://openrbl.org/client/t/zones.htm

  4. Re:I've run 2 ISP's, starting my third... by sofar · · Score: 1 · on Classed as Spam by Large-Scale Free Email Servers?

    not really, his IP is not listed in any important blocks according to openrbl. Mail should get out normally ... unless there's something fisy with his domain name... but the IP itself looks perfectly fine for SMTP usage.

  5. The point of these databases/lists by Anonymous Coward · · Score: 0 · on Should You Trust MAPS?

    Firstly, by calling MAPS "out of date, or insecure and flawed" is flawed logic -- if that statement were true, then MAPS just wouldn't get the wide-spread usage that it does. The fact that many SMTP server administrators are using the MAPS database to block known spammers indicates that their criteria for listings is one that these administrators agree with.

    Secondly, the MAPS database has criteria that is in many ways similar to other DNSBLs (MAPS is a "DNSBL"), while it also differs greatly from many others. If you take the time to understand even the most popular DNSBLs in use today (see http://www.openrbl.org/ for a short list of approximately 30), then you'll see that the criteria varies widely -- some list only single IPs, some list entire netblocks, some list internet domain names, etc., and then the reasons for being listed and de-listed add even more complexity to any sort of a comparison.

    Thirdly, each SMTP server is governed by different policies, and the administrators/owners of those systems are the ones who decide which criteria (or no criteria) is appropriate for reducing/eliminating spam. So to assume that a DNSBL is somehow controlling eMail on the internet is completely incorrect -- it is the SMTP server administrators who are in control of their own systems, and have every right to choose to use "delegation of authority" (and can just as easily stop using a DNSBL). A competent administrator can usually make such policy decisions take effect in a matter of seconds, and is accountable only to the users who pay them for spam-free eMail service.

    Anyway, waving a big red flag around in an attempt to gain sympathy from others is always a complete waste of time because DNSBL operators generally have a reputation for not making exceptions to their rules (that's why people tend to trust and rely on them). This is an example of good management (and it's not really suprising because good management skills tend to come from those with a strong sense of clarity; one of the most essential requirements for running a successful DNSBL).

    The main point of a DNSBL is to put pressure on ISPs who don't take the spam problem seriously. If your eMail is blocked because your IP address is listed in a DNSBL, then the very best course of action you can take is to demand that your ISP get the listing resolved (and provide a discount until your eMails are no longer blocked), or switch to a better ISP who does take the spam problem seriously (or just put up with it the way it is).

    If your ISP directs you to complain to the DNSBL operator, then they're probably just trying to avoid dealing with it themselves. This is the kind of problem that only your ISP can resolve by terminating their spamming customers' accounts, so why should you have to do the dirty work and put your own reputation at risk for their screw-ups?

    The fact of life is that as long as there are spammers, there will be spam fighers, and a good number of those spam fighters will operate DNSBLs. Practically all eMail software natively supports DNSBLs these days because customers demand it, and trying to change a DNSBL just because it's inconvenient to you isn't going to help anyone in the long run.

    Eventually, the internet will become divided into two factions, the spam-friendly, and the anti-spam, if more people don't fight back (I believe it's already happening to some extent today). Take a look at this article for a more complete view on this slowly-growing split:

    Good-Bye to middle-class ISPs
    http://www.inter-corporate.com/spam/classes.html

    To become a spam-fighter, an excellent place to get involved is in NANAE, a public newsgroup called "news.admin.net-abuse.email" where many spam-fighters (and a few idiots, clowns, stalkers, etc.) post regularly. Many victims of spam (including those who find their eMail blocked) also regularly ask for help, and there are many helpful people t

  6. Re:For example by tsvk · · Score: 1 · on Project Gutenberg Threatened Over PG Australia

    The cracks.am domain sure is registered in Armenia. But the www.cracks.am website has an IP address assigned to an ISP in Sealand, not Armenia.

    Look it up: http://www.openrbl.org/ip/217/64/35/211.whois.htm.

  7. Re:What is the best way to stop this? by RT+Alec · · Score: 4, Informative · on Russia, China World's Biggest Spammers

    1. ISPs (and any other business that gives a workstation a "real" IP address) need to block egress port 25. Comcast is going to be doing this soon, others should soon follow suit. This plugs the zombies.
    2. IP addresses that continue to send spam will be blacklisted. With the zombies effectively out of the loop this will become easier (albeit never quite perfect).
    3. SPF and other authentication schemes need to be adopted to prevent "spoofing" and so called "Joe jobs".
    4. E-mail providers (including small companies) need to deploy mature e-mail systems for their users. In 1995 it was fine to accept e-mail from anyone on port 25, with no authentication and no encryption. In 2004, remote clients need to have an SSL connection available (both for sending mail and accessing inboxes), and must require authentication before accepting initial mail submission (SMTP+TLS+AUTH). Not only is this more secure, but it also addresses the issues always raised by blocking egress port 25 and deploying SPF.
    Once these techniques and practices be come commonplace, it won't matter if spam originates from lawless areas of the world. Existing laws against fraud (and other illegal business practices) will cover the extreme efforts that will be necessary to continue spamming.

    Appendix:
    SMTP+TLS+AUTH is not that tough, no whining. All modern mail clients support it, on all platforms. There is a little bit of work to do on the server end, but that's what you pay your ISP (or IT department) for:

  8. Re:How to tell? by bigberk · · Score: 5, Informative · on Comcast Thinks About Stopping Zombies
    Is there an easy way to tell if your own computer is a zombie spambot?
    Yes, there is! If your IP is sending spam, believe me, we will have noticed via our extensive spam traps. Just query your IP at OpenRBL or at dnsstuff to see if you're blocked due to spam received from your IP.

    Note that you can also appear on blocklists for various other reasons. So look into why you're blocked. If you're listed on AHBL, CBL, SpamCop, WPBL for example then your host is probably infected.
  9. Spamcop is least of Richter's worries by bigberk · · Score: 1 · on Accused Spammer to Debate SpamCop Founder

    I think it's kind of stupid for Richter to sue Spamcop. Scott Richter's "WholesaleBandwidth, Inc." is responsible for a ton of spamming, and he's being appropriately blocked for it. For example, look up 69.6.21.150 at OpenRBL to see just how fscked Richter is. You don't appear on 14 blocklists unless you are a spammer.

  10. Re:More Details by pclinger · · Score: 1 · on Taking Domain Control Back from the Registrar?

    Doing another search for other IPs in the same block as mine, you will find that the same 4 "positives" show up for all IPs with the prefix 207.44.184.

    That isn't me getting blacklisted, that is the entire block being blacklisted, which is not my doing. Parent should be modded down.

  11. Re:More Details by pclinger · · Score: 1 · on Taking Domain Control Back from the Registrar?

    Doing another search for other IPs in the same block as mine, you will find that the same 4 "positives" show up for all IPs with the prefix 207.44.184.

    That isn't me getting blacklisted, that is the entire block being blacklisted, which is not my doing. Parent should be modded down.

  12. Re:More Details by pclinger · · Score: 1 · on Taking Domain Control Back from the Registrar?

    Doing another search for other IPs in the same block as mine, you will find that the same 4 "positives" show up for all IPs with the prefix 207.44.184.

    That isn't me getting blacklisted, that is the entire block being blacklisted, which is not my doing. Parent should be modded down.

  13. Re:More Details by pclinger · · Score: 1 · on Taking Domain Control Back from the Registrar?

    Doing another search for other IPs in the same block as mine, you will find that the same 4 "positives" show up for all IPs with the prefix 207.44.184.

    That isn't me getting blacklisted, that is the entire block being blacklisted, which is not my doing. Parent should be modded down.

  14. Re:More Details by pclinger · · Score: 1 · on Taking Domain Control Back from the Registrar?

    Doing another search for other IPs in the same block as mine, you will find that the same 4 "positives" show up for all IPs with the prefix 207.44.184.

    That isn't me getting blacklisted, that is the entire block being blacklisted, which is not my doing. Parent should be modded down.

  15. Re:More Details by pclinger · · Score: 1 · on Taking Domain Control Back from the Registrar?

    Doing another search for other IPs in the same block as mine, you will find that the same 4 "positives" show up for all IPs with the prefix 207.44.184.

    That isn't me getting blacklisted, that is the entire block being blacklisted, which is not my doing. Parent should be modded down.

  16. Re:More Details by pclinger · · Score: 1 · on Taking Domain Control Back from the Registrar?

    Doing another search for other IPs in the same block as mine, you will find that the same 4 "positives" show up for all IPs with the prefix 207.44.184.

    That isn't me getting blacklisted, that is the entire block being blacklisted, which is not my doing. Parent should be modded down.

  17. Re:More Details by Pathwalker · · Score: 3, Informative · on Taking Domain Control Back from the Registrar?

    Looks like your domain being suspended might just be the beginning of your problems.

    You appear to be listed on four blocklists.

    You might want to keep a closer eye on your customers in the future...

  18. Check your status.... by tsvk · · Score: 1 · on Removing Site from Spam Filters and ISP Blocks?

    To get a grasp on how widely blocked you are, look up your IP address on the various DNS-based blocklists.

    Enter your mail server IP address into OpenRBL and the spam database lookup form at DNS Stuff.

    The "Google" and "Senderbase" links at OpenRBL are also useful.

  19. How about my old hardware? by bigberk · · Score: 3, Informative · on Microsoft Researching Anti-Spam Technique

    How is my older hardware (or even pretty recent hardware on a huge ISP, with lots of SMTP activity) supposed to be able to handle this? Bah. It seems to me that adding computational difficulty is not such a great way to combat spam. Do you have any idea how effective IP blocklists and statistical filters alone are? (Or, you could combine them as this project is doings).

  20. Re:What about netstat? by chrsbrwn · · Score: 1 · on Sobig Worm Attacking RBL Lists?

    Note that OpenRBL is back up, using a distributed proxy system to weather the DDOS (which I'm currently trying to find more info about, it is technically very interesting). You can search spamhaus records (among many others) from there.

  21. Re:The Heavy Hitters Are Still Around by Havokmon · · Score: 2, Informative · on Anti-Spammers DDoSed Out Of Existence
    Yeah, but look at OpenRBL, DSBL references them..

  22. Re:Distrustful of Network Level Censorship by RT+Alec · · Score: 4, Insightful · on O'Reilly Article on Spam Defense

    Spam control with RBLs is, in fact, decentralized. There are many RBLs to choose from, and any that are too severe will not be used for long if they generate too many false positives. As a system admin, I have my choice. I use 4 RBLs right now:

    • spamhaus.relays.osirusoft.com
      (this is a mirror of the Spamhaus Block List) Well known spam operations, and is checked hourly.
    • dialups.relays.osiruSoft.com
      (details at OsiruSoft) This list is of DHCP IP addresses of home users (DSL, cable, dial up).
    • dnsbl.njabl.org
      (extensive details of what's on this list)
    • rbl.restongeek.com
      I maintain this one myself for anything I want all my servers, primary and backup MX, to block
    And there are many more to choose from. I am very happy with my results, it is a pleasure to see the reports of the mail that is blocked (see my /. journal for a sample report). If I start to think maybe one of these lists is a little too severe, or someone lets me know that there are problems with one or more of the lists, I will delete it and pick another. Or maybe not. It is my choice, I want to keep down the spam on my system, for my sake as well as my clients'.
  23. Re:Just got this from Internap: by frankie · · Score: 2, Insightful · on Major Flaw Found In Cisco IOS Devices
    Flirzan, just wondering, why do you host with Internap? Are you a spammer?
  24. The man knows his html... by crapulent · · Score: 3, Informative · on What Website has the Cleanest Site Design?

    Come on, the timecube guy is obviously a master at modern UI deign and html layout. :-)

    Seriously though, here are some sites whose design I like:

    Sweetcode

    Mathworld

    openrbl.org

    perldoc

    Paul Borke's website

    the Joel On Software forums

    the Tech Report (a debatable choice, but the best of its type)

    Dmitry's Design Lab

  25. Re:Out of contest by blowdart · · Score: 1 · on Microsoft and the SPAM Game
    Digital Impact is not a "known spammer". Everything they send out has clear and effective unsubscribe methods.

    Can you prove it's effective? Hell, "make penis now boobies here" spam has clear unsubscribe methods.

    If DI/m0.net aren't spammers, why haven't they gotten out of the blacklists they are in? Why the complaints on usenet

    Why did I get an email bounce
    23:36:06 Wirehub! Internet DNSBL 209.11.164.116 microsoft2003launch@email.microsoft.com

    I don't recall signing up for product launch emails. In fact, the only reason MS has my main home address is for their security bulletins. My profile on MS's site only has this option ticked. I doubt that email from microsoft2003launch@email.microsoft.com is a security bulletin. Ironically, if MS had mailed it from their own IP space, it would have reached my inbox.

  26. Re:datacommarketing.com by odaiwai · · Score: 2, Informative · on MonsterHut Jammed for Spam

    They're on a lot of blacklists: Choose from one of the following

    http://openrbl.org/ip/65/242/117/50.htm

    dave

  27. Re:Simple Solution for ISPs by Anonymous Coward · · Score: 0 · on Verizon Loses Suit Over Subpoena of Subscriber Info

    My ISP does block outbound port 25. The problem is that they still end up in the RBL Lists all the time as a multi-hop spam relay. All blocking outbound port 25 does is prevent people like me from running a legit amateur mail server.

    At least my ISP doesn't block inbound port 25 too, like some others do!

    -Ben

    PS: I can still set a static SMTP route, but things such as mail bouncing, etc don't work properly in this situation.

  28. Re:More proof that this guy is a moron... by Vainglorious+Coward · · Score: 2, Informative · on Google Responds to SearchKing's Lawsuit
    People like searchking should be lined up and shot next to all the spammers

    Funny you should mention that, there's a post at Lawmeme :

    First, according to OpenRBL SearchKing either IS, or is affiliated with, Mach 10 Hosting, a known spammer. I have to wonder if Bob Massa is in fact the owner of, or a principal in, Mach 10 Hosting (i.e. a spammer) in addition to being a purveyor of banner ads? I think it's funny that his web site's IP address (209.217.135.144) has a reverse-DNS name of "dave144.mach10hosting.com" instead of any name concerning "searchking.com"...

    We can save Bob Massa's bullet and have two for Alan Ralsky

  29. Re:If he's annoyed, then it's working. by Anonymous Coward · · Score: 0 · on The Spam Problem: Moving Beyond RBLs
    Every one of my email addresses is in some blacklist or another. (And no, I'm not a spammer!) Check out your smtp server's ip address at openrbl.org

    If I move to another provider, will they stay off one of the lists for more than a week?

    I did find one provider that threatens to charge me something like $1000 if someone accuses me of spamming. Gee, I guess they don't get many spammers (assuming the ISP is telling the truth - all the ISPs have some clause against spamming), but why would I want to run the risk of fighting a $1000 bill if there is some misunderstanding?

  30. Re:Spamming for dumbasses by Anonymous Coward · · Score: 0 · on Rep. Bill Jones Thinks Spam is "Innovative"
    From a well below current threshold post:
    You sir are correct, this is not t0qer this is anoymous coward..

    65.89.25.90
    Note, this is 1 IP off of his subnet, the rest you'll have to figure out on your own.

    Easy: Found the bastard!

    Life_Enhancement_Society (NETBLK-BRW-3614-LIFEENHANC)
    4551 California Ave. #10
    Bakersfield, CA 93309 US
    Netname: BRW-3614-LIFEENHANC
    Netblock: 65.89.25.0 - 65.89.25.255
    Record last updated on 10-Mar-2001.

    Dutcher,Les (EVERYTHINGHERESITE-DOM)
    7850 White Lane, #E221
    Bakersfield, CA 93309
    US

    Domain Name: EVERYTHINGHERESITE.COM

    Administrative Contact:
    Dutch, L (LD8015) admin@everythingheresite.com
    7850 White Ln E221
    Bakersfield, CA 93309
    US
    661-637-1230 123 123 1234

    Billing Contact:
    Dutcher, Les (LD7700) mspss@hotmail.com
    Dutcher,Les
    7850 White Lane, #E221
    Bakersfield, CA 93309
    661-637-1220 (FAX) 661-637-1230

    Record last updated on 07-May-2001.
    Record expires on 07-Feb-2003.
    Record created on 07-Feb-2001.
    Database last updated on 1-Mar-2002 07:48:00 EST.

    Domain servers in listed order:
    SPOT.EVERYTHINGHERESITE.COM 65.89.25.5
    LARRY.EVERYTHINGHERESITE.COM 65.89.25.6


    Found the 'fo in this record at SPEWS!

    Looks like he's listed all over the place!

    Hosted by Broadwank... ugh...

    I think I'll bounce his packets too... but anything else done against his network would be wrong... so wrong...

    -- I HATE SPAMMERS --

    Nice ass on her though!
  31. Has the server been blacklisted? by CritterNYC · · Score: 3, Informative · on What's So Bad about e-Mail Forwarding?

    Head over to openrbl.org or osirusoft or Sam Spade and see if the server has been listed in any blacklists. If so, that's probably why your mail has been blocked. If not, contact road runner and find out what's up.

  32. Re:More fuel for this fire by Anonymous Coward · · Score: 0 · on Are SPAM Blacklists Unreasonable?

    Or have it done for you at