Slashdot Mirror
SORBS - Is There a Better Spam Blacklist?
rootnl asks: "Recently I decided to upgrade my email server with better spam detection and decided to use the SORBS blacklist. It is a very aggressive blacklist and could be deemed quite effective. However, I discovered two totally legal servers currently being blocked by their Spam 'o Matic service: a Google Gmail server (64.233.182.185), and another server belonging to an ISP called Orange (193.252.22.249). Now, normally one would think these providers would probably get themselves de-listed, but the process provided revolves around donating money. As I just happen to have a friend that is using the said ISP, I have to seriously reconsider using SORBS. What is your experience with SORBS? If you have alternatives, what would you suggest as a better blacklist service?"
I'm sorry but SORBS should be shut down. The amount of time I myself and many colleagues have managed to get onto SOBS because we were classed as a dynamic IP range, despite having blocks of IP's and it's extremely hard to get off it. I understand blocking people with Open relay servers, but being in a dynamic range, which can mean IP's being assigned to you from your ISP is a joke. Everyone should be boycotting these guys, two of the large ISP's in Australia use these guys to filter out spam, and are being blocked by small business's and Education. I've never posted comments on Slashdot yet, but this is one I feel very strongly on, and SORBS should be avoided at all costs. If they deem you a Spammer, despite proving to them you are not, they still reserve the right to keep you on the list and completely screw over your business.
They're currently allegedly trying to extort money from a UK ISP Freedom2Surf (sadly now part of the Pipex group).
By default SORBS apparently block all dynamic IP's. For some strange reason they've deemed that 8192 IP's that are actually in the F2S static range are dynamic because the reverse DNS includes the IP address.
I've heard that they want $50 per IP to unblock them. They wont even talk to users who have static IP address in that range to get the block lifted.
I am NaN
I have a fixed IP address provided by my ISP. I run my own servers and have done for nearly 10 years. My servers are not now, and have never been Open Relay. I have run every possible test to make sure that is the case. SORBS, in their infinite wisdom, deem my address to be dynamic because it is part of a permanently leased dynamic range, so they block me, and therefore I cannot send email to anyone using two of the major ISP's in Australia. I have emailed sorbs and asked them to check my server. No response. I have spoken to the Telecommunications Industry Ombudsman in Australia, who tell me they can't do anything, that I should talk to "The Australian Communications and Media Authority", but if you are to check the SORBS site it specifically mentions that "The Australian Communications and Media Authority" have no influence over them at all. I have threatened SORBS with legal action. No response. Basically, they don't care less that I can't send email to the majority of Australia's internet users, because I won't donate money to them.
If you visit their site their tag line says "Fighting spam by finding and listing Exploitable Servers." This really should read "Exploiting small businesses through a cash for delisting scam".
Oh, and I forgot to mention, I've been told that the two major Australian ISP's who use SORBS just happen to form part of the "group of companies as a private venture" that make up SORBS. Interesting huh?
I abosolutely HATE sorbs. We have roadrunner buisness class at work with a static IP. SORBS blocks our mail because according to thier "superior" knowledge our IP is dynamic. When I tried to get us delisted, I got an automated response that said basically This is an automated response, no human has read your request but we've denied your request to be delisted.
If I ever meet the guy who runs sorbs I believe I will punch him in the mouth.
Gadget News at Gizmo.com
SpamHaus is the only blacklist that I trust to do straight blocking on. We've been using them for years and have gotten a grand total of two complaints about blocked mail; in both cases the sender was on the XBL because their machine was compomised. Considering our active userbase is in the hundreds of thousands, I'd say that isn't bad at all. :)
We actively discourage people from using SORBS. Even if they were more accurate, their removal policy is extortion.
Any of the other blacklists out there I would recommend only as part of a scoring algorithm. Most are fairly cavalier about blocking entire netblocks even if the problem is isolated, most have no automatic aging of entries, many have poor delisting policies or are slow to respond and the false positive rates tend to vary from ok to abysmal (SpamCop, for example, doesn't seem to know the difference between a bounce message and a piece of spam... though to their credit they are fairly good about removals and provide a feedback loop so you at least know when they've tagged a message as spam).
The problem with this argument is, as usual, collateral damage. While there may be a spammer using Wanadoo somewhere, there are also many legitimate users who will be caught in the blast radius.
Before anyone replies with the usual holier-than-thou "Well they should change their ISP then", please consider that this is not trivial for a lot of people. Moreover -- and here's the real kicker -- pretty much every ISP is "spam-friendly" because, as the recent spam wave has demonstrated all too clearly, pretty much every ISP has lots of compromised machines running on it, and those machines can be abused without the informed consent of either their owner or the ISP.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
At this point, very few people take SORBS seriously. They're inaccurately over-aggressive. If you use it for more than your personal email, you're begging for a lot of user complaints.
My own fun story is that they went on to my web site and subscribed their spamtraps to my opt-in email list. I didn't double-confirm, so I guess its my fault that they scammed me. SORBS then used the emails emitted from that single IP address to justify blocking 8,192 of my ISP's email addresses.
Every other RBL maintainer has found my list to be clean. The only non-SORBS problem I've had with an RBL was with Spamcop. That was immediately resolved when the only folks who responded to further inquiry apologized for reporting the list mail by mistake.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Well, I have a number of servers on static IPs that SORBS think are dynamic.
I have tried telling the idiots that they are wrong, but to no avail.
It's really a problem that people trust such a bunch of retards, because it's hard for the administrators of the mail servers to know if important mail is being blocked, very hard for users to know and even more impossible for users to smack some sense into the the head of the fool who runs their mail server.
What I have done in stead of using the static and poorly administered black lists is to use a number of short term, spamtrap driven blacklists, sbl-xbl.spamhaus.org which is somewhat static, but seems to be well run along with greylisting.
With greylisting most spammers never try again and even if they do there is a good chance that they will fall into a spamtrap and be stopped by the RBL the next time around.
I used to use SORBS (that was before I figured out they were fucking around), ORDB (which ended up taking almost no hits) and a few other lists and with the new setup I have gone from getting 70 or more spams pr. day to less than one.
Ditch SORBS, they suck because they list much more than just dynamic addresses and refuse to fix their mistakes.
-- To dream a dream is grand, but to live it is divine. -- Leto ][