Slashdot Mirror
The Imminent Demise of SORBS
An anonymous reader lets us know about the dire straits the SORBS anti-spam blacklist finds itself in. According to a notice posted on the top page, long-time host the University of Queensland has "decided not to honor their agreement with... SORBS and terminate the hosting contract." The post, signed "Michelle Sullivan (Previously known as Matthew Sullivan)," says that the project needs either to "find alternative hosting for a 42RU rack in the Brisbane area of Queensland Australia" or to find a buyer. Offers are solicited for the assets of SORBS as an ongoing anti-spam service — it's now handling over 30 billion DNS queries per day. An update to the post says "A number of offers have already been made, we are evaluating each on their own merits." Failing a successful resolution, SORBS will cease operations on July 20, 2009 at 12 noon Brisbane time. Such a shutdown could slow or disrupt anti-spam efforts for large numbers of mail hosts worldwide.
A blacklist that charges you to get your IP removed will inevitably block far more than real spammers.
A 42RU cabinet just for SORBS! No wonder they're being kicked out.
Oh my god the spam is burning, burning I tell you
Especially for someone with a sex change operation.
"Michelle Sullivan (Previously known as Matthew Sullivan),"
Huh?
That is an ugly woman.
"Such a shutdown could slow or disrupt anti-spam efforts for large numbers of mail hosts worldwide. "
You're kidding, right?
They have done more to give legitimate anti-spam efforts a black eye than ANY legislative attempts to 'solve' the problem ever could.
I -used- to believe that 'collateral damage' was a legitimate 'tactic' in the fight against spammers. I've grown up since then.
I don't suppose it's that vital for fighting spam or otherwise it would be government controlled wouldn't it?
Just tell Michelle to "man up" and let you stay . . .
Matthew? Michelle?
I believe we have either an identity crisis for spam or alter egos taking the internets
I don't know if this is subterfuge, but:
http://www.iadl.org/sorbs/sorbs-story.html
Let's get to the meat of the matter here, does he tuck or fold, and is he passable?
...eesh! Sounds bad!
HEY! Hold on just one second. What do you have against the Dire Straits??
Any mail admin who's depending in any significant way on the anti-spam wasteland of SORBS should be on their way to apply for jobs at local fast food restaurants as soon as possible. Even if someone handling spam control for a decent size business actually believed in SORBS' accuracy or effectiveness, the only effect of SORBS disappearing from the face of the Earth should have is a slight uptick in spam being caught by filters slightly further down the path to their users' mailboxes.
Seriously, is there anyone out there who isn't use a multi-tiered, inter-connected array of spam filtering methods at this stage of the game? ~96% of the mail going to my users is spam. My worst offender has some ~5300 messages a day of spam being filtered prior to reaching their inbox. If my best filter were rendered worthless tomorrow, I wouldn't expect to hear any complaints from users. (of course, I'd be pretty unhappy.)
I think honeypots are probably my best weapon again spammers at the moment, followed by my keyword blacklists.
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
I run an ISP in the midwest. SORBS has caused so many problems, I don't want to bore you all with them here. I briefly talked with Mr(s?) Sullivan via email back in 07 about several problems he caused by blocking subnets we had on both Nuvox and XO. His response to my email (which was long but detailed), I paster here for brevity:
---------snip---------
F_ck off.
Yours trully,
ms
---------snip---------
Hopefully, she/he takes up dancing at a crossdress clubs and stays the _hell_ off the internet.
SORBS: Don't let the door hit your ass on the way out.
RIP Herc.
Now that Alan Ralsky is out of business, who would want to buy it?
Whoa, whoa, whoa! Hold yer horses. We're missing the REAL story here:
>"Michelle Sullivan (Previously known as Matthew Sullivan),"
Who wants to chatter about some spam thing when there's dirt on a sex change??!?!?!
Its nice to see that most of ppl here have finally come to terms with the fact sorbs is worthless.
The only thing that would make me happier is if those involved with sorbs became burn victims from trying to freebase jenkem.
Your parent is right. There does exist a set of clueless people who straight filter based on RBL's like SORBS. Sure, filter your home mail server any way you want, but the *second* you have third-party people using your system (or the second you run the mail server for a business), you should be outright fired for filtering based solely on something like SORBS.
That is because I dont waste my time calling you. I call your boss and your sales department. If you really are running a business mail server and filtering based on SORBS, you are basically clueless and I'll gain nothing talking to you Your sales staff though, I'm sure they'd be happy to know you are blocking my customers inquiries into your companies products. And I'm probably also sure that if you are the type who filters like that, they probably have a bunch of other issues with the way you run their systems and this just might be the straw that broke the camels back.
and you are asking if there exists products that don't outright block based on crap like SORBS. In which case "You" refers the general type of idiot who I've dealt with that does block based on SORBS.
Caused me no end of grief back when I was on dialup with a dynamic IP address all the time. Kept me on their blacklist claiming I was a spam relay because of some windows exploit. I was on linux the whole time and absolutely was not part of some zombie spam relay thing. And they didn't care either, despite the obvious dichotomy there. "Take it up with your ISP" Ya RIGHT, the ISP was going to bump all their windows users or come up with the magic educate them all at the same time plan plus fix microsofts bogus buggy operating system. Like that is really going to happen. I mean, WTF, aren't half of windows machines compromised most of the time anyway? What's the purpose of these lists then "BTW, 7/8ths of the intertubes are spam relay nodes and/or part of some zombie network, so we here at SORRY are putting all of you on our evile blacklist!!1!"
These things serve no real purpose any longer, good to see them go. Nice idea, horrid implementation, ridiculous to think it could ever work, and this "power" went to their heads or something. Someone please send SORRY that copypasta about how their SPAM solution won't work, and please check every single box on the thing.
A lot of people have had their lives turn into a living hell because of some listing on SORBS. Thus if it wasn't me who chewed you out, somebody else probably would have :-)
Spamhaus's PBL?* I filter on that... the friggen ISP's make up most of that list. I'm pretty damn sure AOL and friends filter off that list too and my motto is "if AOL or Yahoo filters mail based on XYZ policy, I will too". Plus, you can get off that list on a web page.
It is SORBS that I have an issue with. SORBS was created out of pure spite. So my apologies random internet person :-)
* Excepting Godaddy who is fucking insane. Those assholes filter *URL's pointing to a PBL'd IP that are embedded in a message*!!! Worse, they dont tell you. Had fun learning that.
ROM's being charged for: http://vampire.isux.com/ROMs/
Dubious images: http://vampire.isux.com/pics/x/
So what's going on Matthew... I mean, Michelle?
5468652047616D65
Sorbs are alive and kicking.
The death of SORBS should be good news to any decent ISP mail admin out there. Nothing like being forced to pay to get your mail server IP removed from a blacklist because you somehow can't keep the thousands of residential customers on your service from occasionally getting a virus and sending a few spams.
SORBS sucks and has for years. Don't get me wrong, I hate spam as much as the next guy, but sometimes a few get through, that's just how it is.
Luckily we haven't had much trouble with them lately since it seems that the vast majority of mail admins came to their senses and stopped using SORBS... frankly I'm surprised they need that many servers.
Sigs are awesome huh?
I recommend Spamhaus XBL and Spamcop Blocking List .
Spamcop used to have problems, but I think they resolved them a couple years ago.
Back when http://stats.dnsbl.com/ was operational I used their data to give me a quick leg up on figuring out which lists to look at. Then I checked out the lists for how they operate and then did a performance analysis.
Aside from policy/operation, two things that were particularly important to me were false positives and overlap. These lists get very low false positives and they combine nicely.
Old stats:
http://stats.dnsbl.com/zen.html
http://stats.dnsbl.com/spamcop.html
Hey mods, I was trying to be funny. How about you mod me down again? Just wastin' modpoints. Just wastin' modpoints.
Die, douchebag. Suck my nipples. Eat after my intestinal tract. There. DIEEEEEEEEEEEEEEEEEE
The issue of Matthew/Michelle is totally relevant. It lets us see what a fucked up individual Matthew Sullivan is. It's now apparent he has a severe mental illness, one so severe he is infact considering genital mutilation.
Mental Illness goes part the way to explain why sorbs was such a fucked up service run by someone who appeared to be complete mad, irrational and illogical.
Now, heres hopeing he takes his mental illness to the next level, and removes himself from the gene pool. The unfortunate fact is Matthew has a 15 year old son.
I used to know Matthew when he was still a guy, gave me a chuckle to see he is calling himself Michelle now.
She has updated the photo on her linkedin profile;
http://www.linkedin.com/in/sorbs
I have dealt with BL services for years now from the ISP side of things. From my own experience, the only ones worse than SORBS were APEWS /SPEWS where one would have to go to the Usenet to post for removals and when one would post a removal, one was met with endless trolling, an utter waste of time. APEWS would block entire ISPs, and even /8 which is more than slightly ridiculous. SORBS, on the other hand, was unprofessional in responses time to time. Quick to resort to name-calling, which in my view is juvenile. In the past 2 years or so getting a response was like pulling teeth, so SORBS being shutdown is probably the best thing for it. I contend that SORBS own volunteerism dropped off and they stayed behind not addressing requests for removal. One of their tacky tactics was to respond to people who asked for removal within the block full well knowing that the ISP is to address the issue and not one of the sufferers in the /23 or /19 blocks they would list over a few spams hitting their spamtraps. I know of some people at large ISPs are happy that it is being shutdown. Being rude and ignoring requests for removal are utterly inexcusible. At times the volunteers at SORBS behaved like juveniles, so no ISP wanted to even deal with them.
Another list from a few years ago was BLARS just another one that was just one big PITA. A few BLs that are much more useful to the ISPs are Spamhaus, Spamcop, and CBL.
Though there is interest, I really hope no one purchases SORBS and keeps it going, it ruined its own reputation over time by being too aggressive and non-responsive. The only good thing I can think of about SORBS is it had a FeedBackLoop (FBL) report sent on a weekly basis, IIRC, that would let the ISP know which IPs appeared to be sending out compromised spam.
ALL,
Matthew is watching this thread!!! Doesn't it feel good? Basking in the shadow of a mentally disturbed, cross dressing, homosexual, AIDS FAGGOT!
Hi Michelle, One of our staff have left you a voice mail via the number posted on us.sorbs.net and I've shot you an email. Please feel free to contact me back regarding possible alternate hosting. Wilko
Wilko
And I realize you aren't the kind of idiot who blocks based on SORBS (or god forbid SPEWS, remember them?), and you are an ISP so if you were filtering based on SORBS you wouldn't have much business anyway, so I'm not really talking about you--I'm talking about small to medium sized businesses and other hotspots of cluelessness... "Me" in this case is my ISP and my customers trying to send email to *you* and your funky smelling email servers. In other words, imagine if some asshole listed *your* ISP or one of your upstreams in SORBS... Your (er, my) customers are now bitching to *you* (er, me). This is what I'm ranting about here.
If you are filtering inbound email based 100% on SORBS, you are clueless and it would be a waste of my time to deal with you. Why? Either you are ignorant (thus it wouldn't do me any good anyway) or you are an asshole who does this for kicks, in which case you'd tell me to FOAD. As such, talking to you is a waste of time.
You are the IT guy. Why would they listen to you? The probably already hate your guts for installing some other spite-ware or have them change their password every week. They dont listen to you and they dont like you (again, I'm not talking about you sir, but the SORBS filtering BOFH guy--ISP's are typically not the type to filter this way anyway). My calling them is just more ammo to go after you. It is politics my friend :-)
Funny enough, AOL has a 24 hour 1-800 number you can call to talk with the postmaster.
Are those who let people delist simply by visiting a website and clicking "unlist me". After that, they are instantly unlisted. See also--spamhaus. You can pretty much outright block traffic listed in the PBL.
Completely ridiculous that you need to pay to get your IP removed from there. If you run your own mail server or whatever and someone gets a virus and some spam is sent out without them knowing then having your IP blacklisted is just stupid, and then having to pay to get it removed it even worse.
http://antimatter.atbhost.net/
Not sure if it's gone or slashdotted but it's giving zero sized replies now. Can anyone tell me what it was?
Perhaps I should hand in my geek card, I had no idea SORBS was in the same small city I live in, although strangely enough on the other side I know Brisbane was at one point infested with three of the top ten spammers. I've got the space for a rack but dismal network access down two ADSL lines - thanks to Telstra most of the city has worse net access than Latvia.
This is the best news I've heard all week!
SORBS is a blight on the anti-spam effort front and should have been run out of town on a rail years ago. It has done more damage to the perception of anti-spam lists than any other single entity on the internet. Hell, some spammers are better behaved and have better morals than the operator(s) of SORBS. I would literally turn to Microsoft or McAffee for anti-spam solutions before I'd even consider SORBS.
I hope the dirtbags that ran SORBS end up destitute in a gutter somewhere.
SORBS would repeatedly list netblocks purely cos they did not comply with an RFC Michael himself wrote. /24 netblocks, which he claimed were "dynamic". I dont ever actually recall being blocked by SORBS for any sort of spam or open relay issue - Always to do with his ego-stroking DNS crap.
They would delist them after a week or so, and usually be relisted within the month. And i am talking larger than
kdawson should've included the disclosure that SourceForge, one of Slashdot's sister companies, is a sponsor of SORBS. There's an ad on the right side of the SORBS main page touting this fact, so it's not like it should've been difficult for him to find to point out in the summary.
God invented whiskey so the Irish would not rule the world.
Obviously you can't turn that off. I said "stop blocking based on SORBS". Huge, huge difference. And yes, there are idiots who block based on nothing more then SORBS. Ask me how I know.
Or PBL... one of the two. Self listed too (as almost all of them are), as they dont want you to send email from their stuff. Sucks there are idiots in this world who don't understand the purpose of those lists :-(
My record so far is three months to get a single MX record corrected (TelstraClear NZ). I'm not as patient anymore, the last time I got a response from an ISPs support that showed they had no understanding of the problem and were not willing to pass it on it was time to look at their WHOIS entry which gave me the managing directors email address (I won't name who it is, they may improve). The utter stupidity of the error (MX record to a machine that would not accept mail for the domain), the ease of detection (less than ten seconds to diagnose the problem) and the long timespan between the client's initial complaint to their ISP and when they got me involved (between three and six months) made it look very bad for the poor half trained fool that attempted to brush it all off until they got word from above. I ended up sending an email to apologise after (emails were sent to me later trying to prove the person responsible had a clue) but would do it the same way again.
It's a worry when the f*ing obvious lifted directly out of an introductory textbook is seen as a "novel approach" by support staff - at that point you need to find a way around them that is as painless as possible for all or just give up.
I'm aware that some people point a secondary MX to nowhere as a pointless and rather stupid attempt to avoid spam and they just accept the lost legitimate email as the price of less spam. That wasn't the case for the two incidents above and several others - it was just stupid mistakes instead of stupid design.
You need to go here and tell me what you think. Or try timecop's site
Let me know how it goes.
Yeah.... Sorbs Sucks may they suffer a quick agonizing death. These clowns have held a couple of IP's hostage that they have "identified" as being spammers. Of course they did this based on a single email sent over one year ago. They don't even seem to have an expiry date on their blacklists. Asshats.... and of course they want money. Ten seconds of research would show that we are a legit ISP, of course I could understand a one week blacklist. But years come on.
Sorbs is what it is. It reports dynamic ip's, isp's who have major spam problems, etc. How (or if) you use the info is up to you. No reason to bitch at them, unless you're a spammer. I've used sorbs for years, no complaints from my users. And ISP's only have themselves to blame if they end up on the list. It's not that hard to detect spam or massive amounts of email coming from your IP's. The fact is that many IPS's don't care or happily pocket the money they get from spammers. And yes I happily block entire ISP's if spam from them doesn't stop after I send to their abuse@. Even if it's from a different IP the second and third time. Once ISP's realize that their IP blocks are useless because they didn't do their job in detecting what's coming from them maybe they will wise up.
Why not ask Sun/Oracle if they will host it on their cloud at network.com? I hear they are giving alot of the capacity away right now.
FREAKING GOOD RIDDANCE.
Sorbs put my company on their blacklist once, and it took me MONTHS to get us off. Meanwhile I logged a half a dozen incidents a day, where mail servers refused mail from us because we were on SORBS. These were real business communications- some potential clients, and some existing clients who needed tech support.
We hadn't sent any spam. We had static IPs. What was our sin? I set our Reverse DNS TTL down too low for SORBs liking- for a week, because I was transitioning our internet connectivity. In that week, Sorbs checked our DNS records, decided they didnt like them, and put us on their list. Even after they went back to normal, SORBS never fucking responded to any form of contact from either us, or our ISP- Telepacific.
I hope SORBS and it's administrators rot in hell.
I maintain several mail servers for various clients. Dealing with spam takes up a lot of time and resources, but I have also spent a lot of time trying to get my legitimate fixed-IP business class IPs off of SORBS "dynamic IP" list. I think SORBS probably ended up being a net loss in the spam war, because admin resources that could have been spent fighting spam were instead spent trying to avoid friendly fire.
I just want to point out that that's not generally considered respectful language
I'm not so sure that holding a different definition of the word "girl" than you do is really disrespectful. I get what you're saying but you've got to understand that to the population at large there is a difference between someone born biologically female and someone who surgically removed their genitals and started hormone therapy (or whatever other combination of measures you took to legally change your gender). For example, you never could and never will bear a child. Not that all women can, but they've generally got a higher likelihood of being able to do so. So people like to have different words for those different things. You've got to face the music, to Joe six-pack you're not a girl, you're a post-op transsexual.
I get what you're trying to say but I also feel like you're trying to strongarm others into changing the definitions of their words. If somebody doesn't think you're "really a girl" and you take offense to that, you're just picking a fight over semantics. Go ahead and wait until they say something really inflammatory and hateful before you bust out the righteous indignation, you'll win more hearts and minds.
I use SORBS professionally. It works. It stops spam. The few times IP space from our customers got listed, they got delisted within 24 hours after contacting SORBS by e-mail. All it cost me was registering an account for my employer at SORBS.
As usual in the discussion on blocklisting, Slashdot is being overrun by, ehm, 'legitimate biznizmen' and their supporters, and people who know jack shit about blocklisting and its history, but believe those who shout the loudest.
Mart
"I know I will be modded down for this": where's the option '-1, Asking for it'?
"Michelle Sullivan (Previously known as Matthew Sullivan),"
The hint of what I thought could be 'slander' in the article made me "Google" the name. http://www.myspace.com/michelle_i_sullivan - turns out it's not slander.
Whoever modded this as "Troll" is playing slashdot censor.
The BUTCH ones that keep modding me down because youre trying to be "manly"
Go to the timecop link. It made me laugh out loud.
The days of the "Usenet Death Penalty" and whatnot are over. Every single webhost, ISP, Xbox running Linux, or IPv6 microwave has probably either been hacked and turned into a warez server for a day or been abused by some spammer who signed up for a few days before getting booted.
In otherwords, he who has not sinned cast the first stone. We've all had our networks abused. 95% of us aren't doing for "pink contracts". Those 5% "pink contract" people probably have to cut deals with satan himself to get an upstream that won't boot him. Nobody wants spammers on their network--they cost far too much for what they gain.
That is why RBL's like SORBS or SPEWS failed. They punish the 95% for the 5% and have no way to differentiate. With Bayesian filtering and some modern automated RBL's, we dont need or desire RBL's maintained by humans.
But in my experience, their baseline "fuck you, we dont want to talk to you ever" filtering is pretty sane--it is basically filtering out fucked HELO's, bad tasting reverse DNS, and dialup/broadband users. It is their "hey pal, I know you are sending an announcement to like 5,000 yahoo.com addresses, but slow and try again in 5 hours" that gets annoying. All it takes is one person to mark their email as spam to throw a wrench in the 4,999 who a) love getting the updates and b) opted-in into them in the first place. I can understand why they do it, but it is annoying.
But YMMV as my gear is in the US and I'm on a US netblock. My hunch is life might not be so easy for those on other countries netblocks :-(
I get the odd call from a Postini client who's been on mxtoolbox.com, crying, "why am I blacklisted? zomg!". SORBS == idiots.
body massage!
Much like everyone else, I'm overjoyed by this news!!! Having to fight with SORBS about delisting IP blocks for months at a time, while irrate customers are threatening to cancel their services with you, and having your CFO breathing down your neck for resolution is not my idea of fun.
July 20th, 2009 can't come soon enough for me. I just hope no one decides to resurrect this fatally flawed and unresponsive system.
Sorry buddy. You aren't a pro if you use SORBS. You are either ignorant, in which case you should read over this thread to learn or you are an asshole with a chip on your shoulder, in which case, well... you are soooooo good looking!
Seriously, you can't claim to be a professional and use SORBS. It is about the most unprofessional way to filter email ever.
Let them burn!
Some Old Rusty Blacklist Software
So there.
Good riddance SORBS. Won't miss you at all!
As an admin at an ISP I usually cheer any efforts aimed at reducing spam volume, but I've come to hate SORBS over the years -- mostly because of the Dynamic Hosts list. If you can't do a thing well, you shouldn't do it at all. Pity it took so long for them to -- hopefully -- disappear and/or get replaced by someone more competent.
Finally, these self-righteous, blackmailing schmoosters go down in flames! I wonder how much money they extorted over the years, but I guess people eventually came to their senses and stopped paying.
On the "do-not-sell-this-to-spammer" byline,
SORBS, MAPS, and Spamhaus have been connected to a spammer called Whitehat.com, aka Whitehat, Inc. Incorporation documents and Annual reports show that Paul Vixie, John Levine, Rodney Joffe and others are directors of Whitehat. Spamhaus' Registry of Known Spam Operations (ROKSO) doesn't list Whitehat. Vixie and Rand (MAPS founders, spammers) provides technical and hosting support to SORBS. SORBS isn't a real spam blacklist, but a revenge list. SORBS is cover for spammers to conduct scanning for abuse, shake down ISPs, and interfere with Whitehat's competitors.
See related articles at http://www.iadl.org/whitehat/whitehat-story.html
http://www.iadl.org/maps/maps-story.html
http://www.iadl.org/sorbs/sorbs-story.html
http://www.iadl.org/spamhaus/spamhaus-story.html
Full Disclosure: I am the official admin for 130.105/16 and 198.3.136/21, which SORBS falsely claims is hijacked. SORBS has made this claim since 2003, and knows it to be false.