Slashdot Mirror

← Back to Stories (view on slashdot.org)

SORBS - Is There a Better Spam Blacklist?

Posted by Cliff on from the blacklists-in-general-are-like-this dept.

rootnl asks: "Recently I decided to upgrade my email server with better spam detection and decided to use the SORBS blacklist. It is a very aggressive blacklist and could be deemed quite effective. However, I discovered two totally legal servers currently being blocked by their Spam 'o Matic service: a Google Gmail server (64.233.182.185), and another server belonging to an ISP called Orange (193.252.22.249). Now, normally one would think these providers would probably get themselves de-listed, but the process provided revolves around donating money. As I just happen to have a friend that is using the said ISP, I have to seriously reconsider using SORBS. What is your experience with SORBS? If you have alternatives, what would you suggest as a better blacklist service?"

11 of 226 comments (clear)

  1. Dunno about better by melonman · · Score: 5, Informative

    But avoid SPEWS like the plague. They have a wonderful policy of blacklisting entire 16-bit IP ranges because one machine in an enormous server park has been used to send spam.

    They know this causes massive collateral damage to machines administrated by totally independent companies, many of them small and liable to suffer severe hardship because of this arbitrary action. That's precisely the idea: they keep hurting non-spammers to make them lobby the server parks to deal with the spammers.

    Unless you think that kidnapping children and refusing to return them unless their parents fight the mafia for you is an ethical law-enforcement policy, SPEWS is obviously far far worse than the problem they are allegedly attempting to solve.

    --
    Virtually serving coffee
  2. SURBL by tootired · · Score: 5, Informative

    SURBL is a URL blacklist.

    Employing it enables your spam software to block emails that have matching blocked urls in the message body.

    I have not gotten any false positives with it and it blocks a ton of nasty phishing stuff in addition to the usual SpermaMAXX crap.

  3. SORBS should be shut down. by finchwizard · · Score: 5, Interesting

    I'm sorry but SORBS should be shut down. The amount of time I myself and many colleagues have managed to get onto SOBS because we were classed as a dynamic IP range, despite having blocks of IP's and it's extremely hard to get off it. I understand blocking people with Open relay servers, but being in a dynamic range, which can mean IP's being assigned to you from your ISP is a joke. Everyone should be boycotting these guys, two of the large ISP's in Australia use these guys to filter out spam, and are being blocked by small business's and Education. I've never posted comments on Slashdot yet, but this is one I feel very strongly on, and SORBS should be avoided at all costs. If they deem you a Spammer, despite proving to them you are not, they still reserve the right to keep you on the list and completely screw over your business.

    1. Re:SORBS should be shut down. by finchwizard · · Score: 4, Insightful

      All 30 IP's I rent are Static, and that has never changed over the years I've owned them, my servers are also running Linux and are very secure with both Spamassassin and ClamAV scanning, as well as blocking certain mimetypes. So don't give me dynamic IP range stuff, I was lucky that my ISP managed to straighten them out, but I've had friends that aren't as lucky. Of course SORBS is going to block a high rate of spam, it's also blocking a lot of legitimate people, and the fact they are extorting people to get off the list is ludacris.

  4. Orange = Wanadoo by grahamm · · Score: 4, Informative

    Orange is part of Wanadoo who are known to be both spam friendly and to host spamvertised web sites. So maybe listing Orange is not such a bad idea.

  5. SORBS should be avoided at all costs by Anonymous Coward · · Score: 4, Informative

    Several reasons why:
    Large netblocks will be repeatedly put onto one of their lists if they dont comply with the founder/main admin's idea of how reverse dns should be configured. They will list IP blocks that dont conform to an RFC that funnily enough, he wrote.

    Getting in contact with them in any reasonable timeframe is damn near impossible in any timely manner.
    Primary/Secondary SMTP servers of ISP's will often by listed as part of their blanket block approach.

    They continually block whole IP ranges that are statically assigned, often automatically with seemingly no human oversight. There can be found many complaints on assorted web forums across the net, especially australian, full of people trying to figure out why they were listed on one of the sorbs lists, and how to be removed.

    Almost all of the issues i have run into with SORBS dont seem to have anything to do with eliminating spam, more to do with pushing the founders RFC for reverse lookups. Comply, and you are free from hassle forever. Fail to comply, and face loosing SMTP access to any providers using SORBS for anythere from a day to over a week.

  6. SORBS!!! I'd like to ABsorb the so-and-so's!!! by Anonymous Coward · · Score: 5, Interesting

    I have a fixed IP address provided by my ISP. I run my own servers and have done for nearly 10 years. My servers are not now, and have never been Open Relay. I have run every possible test to make sure that is the case. SORBS, in their infinite wisdom, deem my address to be dynamic because it is part of a permanently leased dynamic range, so they block me, and therefore I cannot send email to anyone using two of the major ISP's in Australia. I have emailed sorbs and asked them to check my server. No response. I have spoken to the Telecommunications Industry Ombudsman in Australia, who tell me they can't do anything, that I should talk to "The Australian Communications and Media Authority", but if you are to check the SORBS site it specifically mentions that "The Australian Communications and Media Authority" have no influence over them at all. I have threatened SORBS with legal action. No response. Basically, they don't care less that I can't send email to the majority of Australia's internet users, because I won't donate money to them.

    If you visit their site their tag line says "Fighting spam by finding and listing Exploitable Servers." This really should read "Exploiting small businesses through a cash for delisting scam".

    Oh, and I forgot to mention, I've been told that the two major Australian ISP's who use SORBS just happen to form part of the "group of companies as a private venture" that make up SORBS. Interesting huh?

  7. Re:Use spam assassin with more that one RBL by Zocalo · · Score: 4, Informative

    To extend on that I also have a META rule set up to handle DNSBLs in SpamAssassin that adds some additional points based on how many RBLs each IP address has hit. A server on one DNSBL may be a false positive or an over aggressive listing, but if it's on three or four then it's almost certainly spam and gets an extra couple of points towards being classed as spam. If it matches five or more, then it gets an instant +50 file in the mailbox "/dev/null" score.

    --
    UNIX? They're not even circumcised! Savages!
  8. SpamHaus, SPEWS and SpamCop by christophe.vg · · Score: 4, Informative

    For a few years now, I'm using three RBL's to filter the incoming mails on our mail server, which hosts a few small-sized customers and some personal domains. The RBL's I use are: SpamHaus, SPEWS and SpamCop. We have set them up in sequence, so that a mail caught by one is not passed to the following anymore.

    Looking at two days ...

    01/01/07
    total mails processed : 1432
    considered non-spam : 719 (50.21%)
    total number of blocks : 713 (49.79%)
    spamhaus : 630 (88.36%)
    spews : 2 ( 0.28%)
    spamcop : 81 (11.36%)

    01/01/06
    total mails processed : 381
    considered non-spam : 155 (40.68%)
    total number of blocks : 226 (59.32%)
    spamhaus : 191 (84.51%)
    spews : 31 (13.72%)
    spamcop : 4 ( 1.77%)

    ... it shows the trend I've seen over this time: SpamHaus does a great job for me and we haven't received any complaints from the customers concerning people not able to contact them.

    Given these (poor-man's statistics) it seems that SPEWS is of little use to us. SpamHaus catches most of the problems. Maybe even if we switched SPEWS' and SpamCop's order, we might see that the latter would be able to catch those mails now caught by the former. It's surely something we're going to try.

    On the other hand, it might very well be that SPEWS would catch also all SPAM caught by SpamHaus. Reversing the current order might be a nice test before we come to any real conclusions on which RBL to drop ;-)

    The (current) bottom line: For us, SPEWS isn't causing any problems, but also doesn't help us that much. SpamHaus seems to be a great RBL source and SpamCop seems to be a nice addition.

    But it doesn't stop all SPAM.

  9. sbl-xbl by Halo1 · · Score: 4, Informative

    sbl contains the spamhauses, xbl trojaned boxes/open proxies etc (you can of course also only use one of them). See http://www.spamhaus.org/xbl/index.lasso

    --
    Donate free food here
  10. Blacklists are so 2004 by target562 · · Score: 4, Informative

    With the advent of the spam bot networks, blacklists aren't as useful for spam fighting as they used to be. Greylisting + content analysis is currently the way to go; though Spamhaus still does a decent job, but not Spamcop due to their "unsolicited bounces" thing...