The Imminent Demise of SORBS

An anonymous reader lets us know about the dire straits the SORBS anti-spam blacklist finds itself in. According to a notice posted on the top page, long-time host the University of Queensland has "decided not to honor their agreement with... SORBS and terminate the hosting contract." The post, signed "Michelle Sullivan (Previously known as Matthew Sullivan)," says that the project needs either to "find alternative hosting for a 42RU rack in the Brisbane area of Queensland Australia" or to find a buyer. Offers are solicited for the assets of SORBS as an ongoing anti-spam service — it's now handling over 30 billion DNS queries per day. An update to the post says "A number of offers have already been made, we are evaluating each on their own merits." Failing a successful resolution, SORBS will cease operations on July 20, 2009 at 12 noon Brisbane time. Such a shutdown could slow or disrupt anti-spam efforts for large numbers of mail hosts worldwide.

No big loss!

A blacklist that charges you to get your IP removed will inevitably block far more than real spammers.

Re:No big loss!

[CarpetShark]

A blacklist that charges you to get your IP removed...

...is otherwise known as extortion.

Re:No big loss!

[Sorthum]

Actually, Barracuda's "whitelist" is far worse in this regard.

Re:No big loss!

[CohibaVancouver]

I agree - Blacklists are a pain! My brother's domain got randomly blacklisted, as did another business venture I'm involved with. None of them were spammers, but email was blocked - And requests to be 'unblocked' went into what could best be described as a 'black' hole.

Re:No big loss!

[MightyMartian]

Blacklists are more than just a pain, they're as much a cancer on SMTP infrastructure as spam. And among cancers, SORBS is the worst. I'll be glad to see it die.

Re:No big loss!

[Cramer]

In their words, "it's not extortion as *we* don't see any of the money." It's still bullshit.

I've had issue with them for many years... their "spamtrap" list is 100% untrustable. It only takes one email EVER to get on the list. They provide zero evidence of how you got on the list, just that you are on it. Enties never, ever, expire. And to get off the list... you have to "make a donation." (But if you're google, you get removed without ever knowing you were listed.)

Re:No big loss!

[wvmarle]

I have a fixed IP address (according to my provider, BizNetvigator - I'm paying for a fixed address at least!) but according to SORBS I am in a "dynamic IP range", and they can not and will not unlist my IP address. As a result I am forced to relay my mails through the mail server of my provider. Totally unnecessary but it's the only way to assure delivery of e-mails. Many of my mails are rejected and bounce at smtp handshake level, I guess there will be plenty that are silently dropping it - both I consider bad practice, I want to receive my suspected junk, dump it in a junk folder, and look through it once a day to make sure. Greylisting takes care of 95% of the spam already, so only a dozen or so junks come in every day.

Also I do see sometimes my mails being greylisted, but as I'm running a real mail server that just causes some delays. It will try again shortly after.

Re:No big loss!

[mvdwege]

So talk to your provider. They're the ones misrepresenting your IP space.

But that name says it all really. You're just a spammer, aren't you?

Mart

Re:No big loss!

[montyzooooma]

Isn't that the real problem? SORBS doesn't find anyone else to give them a home (good!) but then sell out to a bunch of crooks who start running the blacklist as a real extortion tool for profit.

Re:No big loss!

[tehSpork]

It's worth noting that pointing the extortion racket out during communications intended to get you removed from said blacklist will result in you never hearing another word from the people at SORBS. Funny thing though: After referring (numerous) complaining customers to SORBS as the source of all their woes I found myself removed from the blacklists in short order. Odd how that works.

Re:No big loss!

[sglewis100]

Actually, Barracuda's "whitelist" is far worse in this regard.

No it's not. If I can't get on a "whitelist" then I'm still not necessarily on a blacklist, and still not necessarily prevented from emailing Barracuda customers. That's better than being able to get on their blacklist for "free" and then having to pay to get off. In the latter, if I don't pay, I can't mail. In the former, if I don't pay, I can't bypass all the checks.

Re:No big loss!

[sglewis100]

Having a PTR record on your IP that matches the SMTP hostname is common practice. In fact, us mail administrators in particular love it, because except for the people who happen to have their own AS number and own their own IP space, it pretty much requires you to involve your ISP or hosting provider to get the entry setup. Which pretty much guarantees that those people have an ISP that knows you are running a mail server. Checking that your SMTP server's HELO/EHLO broadcast matches it's rdns lookup is one of my favorite checks in my mail gateways, since it's low cost (simple DNS query, easily cached) and very effective at weeding out people who maybe shouldn't be running a mail server in the first place due to having the wrong plan with an ISP, or perhaps someone who suffers from ineptitude about how to setup an outbound mail server. Sorry, those glory days of just opening up a SMTP server on port 25 and sending mail have been gone... for years!

Re:No big loss!

[Sorthum]

There have been multiple occurrences of Barracuda blocking mail from legitimate senders, then offering their whitelist service to those senders to "ensure uninterrupted delivery."

It's a nice little extortion racket...

Re:No big loss!

[Minwee]

Having been on the pointy end of SORBS several times I can honestly say that I never had any trouble getting off of it. I never had to pay any money, make any threats, or invoke demons from the lower planes to do it.

Every single time all I had to do was go to their web page and follow the simple directions given for removing myself from the naughty mailers list. No demands for small, unmarked bills were ever made and nobody ever tried to hassle me about it.

Re:No big loss!

[Blakey+Rat]

The 'X' makes it sound cool.

Re:No big loss!

[hardwarefreak]

My brother's domain got randomly blacklisted, as did another business venture I'm involved with.

dnsbls are databases of IP addresses. They do not contain domains (example.tld). Thus, your brother's domain did not get black listed. And, contrary to your ignorance, there is no 'randomness' to a block list entry. Each IP address that goes into the database goes there for a very specific reason. Usually the reason is spam sent to a spam trap address from said IP address.

Care to be specific around your actual circumstances.

Wow!

[dotgain]

A 42RU cabinet just for SORBS! No wonder they're being kicked out.

Re:Wow!

[aweraw]

42RU of dodgy shit

ROM's being charged for: http://vampire.isux.com/ROMs/ [isux.com]

Dubious images: http://vampire.isux.com/pics/x/ [isux.com]

So what's going on here, Matthew... I mean, Michelle?

Re:Wow!

[djdavetrouble]

WTF are those links?

What does that have to do with SORBS?

MY EYES MY EYES. THEY BURN!

Re:Wow!

[aweraw]

Check the WHOIS info on isux.com, and it will all fall into place....

Oh my god

[bhenson]

Oh my god the spam is burning, burning I tell you

*snort*

[paitre]

"Such a shutdown could slow or disrupt anti-spam efforts for large numbers of mail hosts worldwide. "

You're kidding, right?

They have done more to give legitimate anti-spam efforts a black eye than ANY legislative attempts to 'solve' the problem ever could.

I -used- to believe that 'collateral damage' was a legitimate 'tactic' in the fight against spammers. I've grown up since then.

Re:*snort*

[doctorcisco]

Mod parent up. The death of SORBS would be a net gain in the fight against spam. Blacklisting entire ISP's who are "insufficiently responsive" only makes sense if you don't care whether email gets delivered or not.

doc

Re:*snort*

[LoadWB]

The only bad thing about this is the loss of mirrors of GOOD lists it provides.

Re:*snort*

[lawpoop]

Correct me if I'm wrong, but isn't it the case nowadays that blackhole lists ( or whatever they're called ) are used mainly as a factor in weighing scores in Bayesian methods of filtering spam, rather than just blocking email outright? In other words, the usage is still widespread, not for direct blocking, but for helping a program decide if its spam or not?

If so, this would let more spam through spam filters, really.

Re:*snort*

[paitre]

And before anyone starts to give me any guff about being soft on spam -

I've been known to nuke accounts, and not bother asking questions. I chased down the Empire Towers group and helped put an end to them. I spent 18 months cleaning up the -very- tarnished reputation of a now bought out web host almost 10 years ago, and have the scars to prove it. I hunted a spammer down and ratted him out to his own mother in Vancouver, BC, Canada.

The news regarding Ralsky had me drop a shot in celebration.

Believe me - I -detest- spam. At the same time, the methods utilized by SORBS were ineffective, and most legitimate hosts and providers stopped using them years ago.

Selective DNSRBL systems, as a practical method, WORK. Blocking residential cable from sending email? Hella good idea, for example. Blocking known dial-up ranges, as well. Blocking webhosts in an attempt to get their customer base to force them into canceling contracts that may cost the web host hundreds of thousands, if not millions of dollars? Nuh-uh.

When 'collateral damage' was useful, losses MIGHT have hit 10k. Now? Talking millions? Businesses will buy a new IP block and move the affected customers, and call it a day. Especially if they're blocked not because a customer has been an idiot, per se, but because the customer was hacked and used as a bot.

So, yeah. Rock on with your bad selves.

Re:*snort*

[paitre]

The -smart- people are doing precisely that.

The problem is that there really are still people out there who are using lists, such as SORBS, as absolute arbiters in what is, or is not, from a spam source.

Thankfully, this number is shrinking daily as they realize just how broken some of these lists have been as a matter of policy.

Re:*snort*

[Zontar_Thing_From_Ve]

You're kidding, right?

They have done more to give legitimate anti-spam efforts a black eye than ANY legislative attempts to 'solve' the problem ever could.

I -used- to believe that 'collateral damage' was a legitimate 'tactic' in the fight against spammers. I've grown up since then.

You get a big high five from me on that. On my previous job, SORBS caused us a lot of problems. It was very difficult to get off their lists once they listed you and if I remember correctly they also had a policy of not telling you why you were listed to begin with. I remember that one of the guys in our main European office was able to make friends with one of the SORBS guys in the same country and get some information about why we were blacklisted. Normally they didn't tell you why you were blacklisted, but this was some "countryman to countryman" special favor this SORBS guy did for us. We had a lot of email problems because some customers would use only SORBS for dealing with spam so if you're on the list, your email doesn't go through to them. I'm not saying that SORBS couldn't have been a useful minor part of an anti-spam solution, but all I saw was customers who blindly trusted SORBS and only SORBS and that made our life hell. I agree that I no longer think that SORBS' collection of tactics is legitimate. There are better ways to deal with spam and if SORBS dies, well, sign me up to dance on their grave.

Re:*snort*

[gad_zuki!]

>Believe me - I -detest- spam. At the same time, the methods utilized by SORBS were ineffective, and most legitimate hosts and providers stopped using them years ago.

Actually, thats untrue. Our solution at work is to weigh multiple blacklists. Im not sure what SORBS is weighed but its part of the overall spam score. Less blacklists means we are at the mercy of one or two big blacklists instead of averaging out the craziness by a weighted forumula. SORBS' faults dont matter when theyre only a small part of the equation. More samples means better signal to noise.

Re:*snort*

[EdIII]

There are not a lot of products out there that support anything but blocking based on those RBL's.

I would love to find a proprietary product out there that uses the RBL's like that and also provides the features I am looking for.

So far I have not run into too many problems with the outright blocking though. I figure if there is a real problem, that I will get a support call from a customer and I can act accordingly. So far, no calls after 3 years of running like this with quite a number of mail clients and domains.

Re:*snort*

[ZorinLynx]

>I would love to find a proprietary product out there that uses the RBL's like that and also provides the features I am looking for.

http://spamassassin.apache.org/

Why does the solution have to be proprietary? SA works great. Out of thousands of spams that come into my account per day, maybe only 1 or 2 make it through, and there's no almost no false positives lately.

Re:*snort*

[Onymous+Coward]

More samples means better signal to noise.

Does it also mean more DNS activity?

I agree with your idea that a list can almost always be useful if it gets weighed in (even if it receives negative weighting!), but the thing you replied to and contested was "most legitimate hosts and providers stopped using them years ago." Are you actually saying that most legitimate providers have not stopped using them?

As far as the "mercy of one or two big blacklists", that's the option I went for. I shopped around and looked at performance and looked at the methodology and infrastructure as much as I could, and I settled on two blacklists. (Though each of them is an aggregate of others, maybe something like blended vintage wines.) They've done a damn good job over the past year and I expect them to continue to work well for at least a few more years. (Probably longevity was another consideration.)

Training my own filter to blend multiple blacklists isn't that unappealing an option, though. It just didn't occur to me as easily configurable when I built my system.

Re:*snort*

[jmcvetta]

I hunted a spammer down and ratted him out to his own mother

Let me buy this man a beer!

Re:*snort*

[djdavetrouble]

Let me buy this man a beer!

He prefers to drop a shot....

Re:*snort*

[omnichad]

I don't think blocking IP addresses just because they look dynamic is a good idea. I tried to run a web server on a static (ok, sticky) IP address from a Pro AT&T DSL account. Just about half the blocklists still blocked the IP and some of them even denied delisting. For a small server with low bandwidth requirements, should there really be a data center tax? I, for one, don't like the Internet closing off into a pay-for-play system that spits on the open nature of the Internet.

Re:*snort*

[MightyMartian]

When I had to switch ISPs, my static IP ended up in the middle of a block of addresses blocked by SORBS. Dealing with that miserable, vile prick who was running it was impossible, and finally my new ISP went to bat for me. Despite all of that, no less than Hotmail was still blocking based solely on SORBS.

SORBS is bad. Michael/Michelle/Debbie/Frank/Whoever is a worthless repugnant piece of scum.

Re:*snort*

[MightyMartian]

So far as I'm concerned, if you've got a legitimate reverse entry that matches one of your MX records (I know there's still some debate over that, but I think it's good form), I'm letting your email through. I'll say it again, the real key to knocking the larger degree of spam and worms is not RBLs, it's greylisting. What little makes it past that can usually be nailed by Bayesian filters.

It's a big world out there, and I don't think I should be punishing a guy who has a static IP address and has made the effort to get his DNS entries right. RBLs are just too easy to get false positives out of, and SORBS seems almost designed to hit folks with false positives.

Re:*snort*

[omnichad]

Even had the reverse DNS. Former ISP wouldn't even do that for us, despite business plan and "real" static IP.

Re:*snort*

Blacklisting entire ISP's who are "insufficiently responsive" only makes sense if you don't care whether email gets delivered or not.

In lieu of blacklisting, how would you suggest giving ISPs a disincentive towards knowingly hosting spammers for lucrative "pink contracts"?

Re:*snort*

[Cramer]

If there's a greater than 90% chance the sender is going to be sending you junk -- which is what RBLs are supposed to tell you, then it's infintely less work to simply tell them to f*** off before they send you anything at all than to receive the entire message, parse it, and then throw it in the trash.

On a Google scale, 90% isn't good enough. But then you have a sufficient volume of messages and direct user reports to build a far better list than all the RBLs combined. For my personal email, that's more than enough -- heck, I deny entire countries.

Re:*snort*

[Cramer]

My current static address from AT&T is listed in only one list... MAPS. Despite it being neither dynamic nor "dialup", they refuse to remove it first stating the request must come from the ISP, then stating the ISP explicitly listed the range with them as dynamic (which is a complete lie, as Bellsouth doesn't bother.)

Re:*snort*

[Antique+Geekmeister]

Not much. It's computationally expensive to scan for blacklist based email, accept the deluges of it, and then process it. A small shop might not have the spare horsepower to do sophisticated processing, which takes some knowledge and some negotiation with your clients about how much to block accidentally versus how much to allow.

So SORBS' demise may slow some filtering that previously blocked it at the IP address. But there are at least half a dozen, more legitimate, less offensively capricious blackhole lists that will easily fill the void.

Re:*snort*

[Zerth]

In lieu of blacklisting, how would you suggest giving ISPs a disincentive towards knowingly hosting spammers for lucrative "pink contracts"?

.

A method of discouraging ISPs from hosting spammers that does not interfere with "regular" email delivery?

Kneecapping. Spammers first, ISP sales/mgmt second.

A system I have gets 150,000 SMTP connection attempts per hour and it hasn't been a mailserver for several months. (mostly .br & .ru)

Some spammer ISP needs to refresh their DNS cache, their MX entries are stale.

Re:*snort*

[mortonda]

Correct me if I'm wrong, but isn't it the case nowadays that blackhole lists ( or whatever they're called ) are used mainly as a factor in weighing scores in Bayesian methods of filtering spam, rather than just blocking email outright? In other words, the usage is still widespread, not for direct blocking, but for helping a program decide if its spam or not?

As paitre says, the smart people are... but it's not as clear cut as that. Some locations receive so much traffic they have to weed out some connections at the SMTP level. This is usually done wish a conservative DNSBL, and greylisting. After that, messages can be subjected to a gauntlet of tests and the final answer based on the sum of those tests. Some degree of SMTP level filtering at the front end saves a lot of resources on the backend scanning.

Disclaimer/plug: I am a developer of Maia Mailguard (but the heavy lifting belongs to SpamAssassin)

Re:*snort*

[mikael_j]

My problem here is that my current ISP (which is one of very few around here that I trust seeing as how I know a bit too much about the inside operations of way too many ISPs) currently charges me around $30/month for residental ADSL (fullt g.dmt) with an IP address that may or may not change depending on what mood they're in (had the same one for about six months right now). If I want a static IP address I'll need to upgrade to "business" DSL for around $100/month, for that I get the possibility of "purchasing" a static IP address and they officially allow me to use my connection for business purposes. If I want reverse DNS then I have to take a further step up to what could be translated to their "Business pro" package, which for ADSL costs somewhere just under $200/month, and I'd still have to pay them extra for anything beyond a single static IP address, and yes, reverse DNS is extra.

I'd switch ISPs but most ADSL providers around here know those of us who use DSL don't have any other choice so they gouge us. I do have the possibility of using cable (DOCSIS) but the only ISP available to me then doesn't sell to "business" customers and block incoming traffic on port 25 to "limit spam". Yes, incoming traffic on port 25 is blocked with the excuse that they're trying to fight spam.

/Mikael

Re:*snort*

[TheLink]

I had that problem with Hotmail+SORBS too. Hotmail is so crap I don't know why so many people keep insisting on using it as their primary email. Use it for junk you don't care about (since Hotmail seems to be happy to delete emails after just a short time of disuse).

As for SORBS, I hope they get shutdown permanently. Good riddance.

Re:*snort*

[dotgain]

Geez, I had to look 'Pink Contract' up, for a minute my dirty mind had me thinking busloads of hookers.

Re:*snort*

[Znork]

You could take a look at VPN providers; I've noticed that some VPN providers provide solutions for exactly the problem you're having: static ip, configurable reverse, etc. At around $10-$15 per month it's certainly more affordable than a 'business DSL', and about on par with the cheapest virtual hosts you can get.

And as an added plus, that would also allow you to switch providers at will without having to change any configurations for your servers.

Re:*snort*

[bakes]

if I remember correctly they also had a policy of not telling you why you were listed to begin with

AFAIK this is common to all RBLs - if they told you why and you were an evil spammer you could just work around whatever put you on the list and go on with your evil spamming. Of course this makes life difficult if you are trying to track down a problem with a rogue PHP script that is getting you blacklisted and you have no idea what is causing it. I finally found my problem, but even just a hint would have been helpful.

Re:*snort*

[sglewis100]

"Such a shutdown could slow or disrupt anti-spam efforts for large numbers of mail hosts worldwide. "

While I happen to agree that SORBS was... well let's just say not the RBL for my organization's needs, the statement is sadly probably very true. So many mail hosts have poorly configured antispam setups, point to half a dozen or more RBLs, with longer than acceptable timeouts. When one goes dead, they start accepting mail slowly while they wait 4-6 seconds for a DNS query to timeout. Some don't even have anything setup to stop checking a list for a set period of time in case of excessive failures.

I'm sure the operator of SORBS meant it more as a plea "hey look at me, I'm so important to keeping spam away", but in reality, if it goes dark, some companies relying on systems setup by lousy administrators will suffer while they try to figure out what's up.

Re:*snort*

[geminidomino]

The charges leveled at SORBS is that they are demonstrably arbitrary - at times demanding all sorts of unusual documentation or fees to remove listings including listings that have demonstrably changed legal possession.

You are familiar with the business tactic of splintering off a shell company and moving assets under it, right? Even easier for a spammer to do when all said assets are virtual. Changing "legal possession" doesn't imply at all that it's changed ACTUAL possession.

Re:*snort*

[MikeBabcock]

The known dial-up ranges are a problem, and a stupid way to block spam.

I have several business mail servers running on static IP ranges from DSL providers that regularly run into "why are they blocking my mail?" issues because of this. Until the ISPs agree on a way to publish "should" and "should not" lists for their users' services, the Internet should be considered the Internet with arbitrary range blocking avoided.

IMHO it wouldn't be hard for ISPs to use a reverse-DNS range for specifying users who have business/static IP accounts for checking purposes, but its not being done to my knowledge.

Re:*snort*

[Just+Some+Guy]

When 'collateral damage' was useful,

For some of us, that was never the case. There are three viable ISPs in my city: Qwest, cable, and the local mom-and-pop. I went with the latter to host my little home server because I knew the admins and the company had a good reputation. Now, suppose SORBS blocks [1] their upstream. What am I supposed to do, exactly? Switch to one of the mega-ISPs that will actively try to prevent me from running a server?

No, the whole idea of collateral damage only looks good to sociopaths or people who've never had limited options.

[1] Their take on it: "We don't block! We blacklist!" My take on it: the hell you don't. That's like CYBERsitter claiming that they don't block; they only provide recommendations.

Re:*snort*

[Just+Some+Guy]

AFAIK this is common to all RBLs - if they told you why and you were an evil spammer you could just work around whatever put you on the list and go on with your evil spamming.

And now you know otherwise. If you put in your IP, it'll tell you exactly why you're blocked (if you are). My ISP registered my whole netblock as dynamic, forgetting about my static allocation. I filled out the form to remove myself and was off the list in about half an hour. Spamhaus runs their RBL the way they were meant to be run and I have nothing but good to say about them.

Re:*snort*

[paitre]

Beer works, too :)

I even brew my own.

Re:*snort*

[value_added]

Seems like you've got a bum deal.

To offer a counter-example (or to rub it in), I have ATT residential DSL with 5 static IPs, free backup or primary DNS (with control over reverse), no PPPoE, and no caps or restrictions, all for about $70 per month.

Not being able to have any of the above, or worse, paying someone to provide some part of it, would seem absurd to me. Shelling out $200 (I assume that figure wasn't a typo on your part) for a similar setup I would characterise as a scam.

Just so that I'm not completely off-topic, yes I do use Spamhaus' DNSRBLs. No way I'll consider accepting email from people on residential connections. ;-)

Re:*snort*

[mikael_j]

Yeah, what's "funny" is that if I was willing to pay for installation costs then I could a faster connection than my current one, symmetric and with all the typical business connection "perks" since it would then be a fiber connection, and if you look at the bang per buck of that it beats the "business pro" DSL by miles, but all I want is my current connection with a static IP address, IPv6 and reverse DNS.

Oh well, at least residental service is quite cheap around here (my current ISP is actually quite expensive at ~$30/month but unlike most of their competitors they're not incompetent morons (I was once witness to a "minor" oops in the form of a software update on every DSLAM in one of their competitors' net, about half the DSLAMs went down so hard they had to be physically rebooted)).

/Mikael

Re:*snort*

[sjames]

That's a decent way to filter the spams out, but can be a bit heavyweight. By the time SA looks at it, the mail has already been accepted and queued. Even a small mail server may have a huge volume of spam to deal with.

I finally resorted to checking multiple RBLs and just rejecting mail from servers that were in several lists. SORBS, BTW, is not one that I check, too many false positives to be useful. When I turned that on, my loadavg went below 1 for the first time in weeks.

Re:*snort*

[mikael_j]

I used to work for a hosting company and I've dealt with several others, there's no way I'd let any of those bozos handle my personal data. With an SLA I'd gladly rent machines for work since then it wouldn't be my personal data and for the $$$ we'd be paying them we'd get some guarantee of them keeping track of our data (or that they'd have to pay for fuckups on their end).

The normal cheap services are often painfully unreliable (if not the service itself then just think of the billing system, if you've ever had to deal with "oopsie, seems these -- users' accounts were deleted because the system thought they didn't pay their bills..." then you'll understand).

/Mikael

Re:*snort*

[hardwarefreak]

Correct me if I'm wrong, but isn't it the case nowadays that blackhole lists ( or whatever they're called ) are used mainly as a factor in weighing scores in Bayesian methods of filtering spam, rather than just blocking email outright? In other words, the usage is still widespread, not for direct blocking, but for helping a program decide if its spam or not?

  If so, this would let more spam through spam filters, really.

It depends on the individual mail admin or organization. Some outright block on a dnsbl hit, some use it for scoring in their fav content filtering daemon. On my 'vanity' MX that hosts my personal domain, I block outright based on dnsbl hits. However, I'm pretty selective in the dnsbls that I use, and yes, SORBS is among the 6 or so I have configured. I've only seen one "false positive" in 3 years or so of using SORBS, and that's because Playboy's "send this pic to a friend" feature has apparently caused too many complaints over the years, resulting in a listing of the sending IPs at Playboy's contractor, rsys.com or something like that.

Nothing of value lost?

[Jonas+Buyl]

I don't suppose it's that vital for fighting spam or otherwise it would be government controlled wouldn't it?

Re:Nothing of value lost?

[maxume]

What now?

Re:Nothing of value lost?

[Techman83]

<sarcasm> Like all the other vital Government controlled anti-spam operations.... </sarcasm>

Re:Explanation please

[MichaelSmith]

She looks like a really good girl, as girls go.

Um, is this at all credible?

I don't know if this is subterfuge, but:

http://www.iadl.org/sorbs/sorbs-story.html

Re:Um, is this at all credible?

That site is run by a known net-kook.

Re:Um, is this at all credible?

[emurphy42]

Evidence? I've never heard of them before (I'm not an e-mail admin of any sort), Google / Google Groups seem to turn up nothing supporting your claim, and whois just turns up a PO box that turns out to belong to an ISP (AV8 Internet Services) which may just happen to have the guy as a customer. So you could be lying, or I could be missing something; both seem plausible to me so far.

Re:Um, is this at all credible?

[e9th]

So is the FSF, but that alone is not reason to disregard it.

Re:Um, is this at all credible?

[kv9]

http://www.iadl.org/sorbs/sorbs-story.html

I don't care how real or fake that is, but the drama is absolutely delicious.

Re:Um, is this at all credible?

[Ilgaz]

Picking on a sex change makes entire thing useless.

So what if he changed sex? Funny is, people supposed to know mail systems should have a bit clue about its history.

(quote)

There is some sort of perverse pleasure in knowing that it's basically impossible to send a piece of hate mail through the Internet without its being touched by a gay program. That's kind of funny.

Eric Allman, author of sendmail.

Re:Um, is this at all credible?

[Jay+L]

I'd say being a net.kook probably *increases* your credibility in the anti-spam community! That said, this guy's main page at www.iadl.org lists Paul Vixie and Steve Sobol as "counterfeit anti-spammers".

Now, I'm not always a fan of Vixie, and MAPS turned into a disaster, but calling him a phony seems about as net.kooky as you can get. I've met Steve Sobol, and even been the target of his displeasure; he always struck me as a scrupulous, all-around good guy as well.

So I'm not sure IADL's subterfuge, but not sure it's a reliable accounting of facts, either.

Summary is absurd

[Loki_1929]

Any mail admin who's depending in any significant way on the anti-spam wasteland of SORBS should be on their way to apply for jobs at local fast food restaurants as soon as possible. Even if someone handling spam control for a decent size business actually believed in SORBS' accuracy or effectiveness, the only effect of SORBS disappearing from the face of the Earth should have is a slight uptick in spam being caught by filters slightly further down the path to their users' mailboxes.

Seriously, is there anyone out there who isn't use a multi-tiered, inter-connected array of spam filtering methods at this stage of the game? ~96% of the mail going to my users is spam. My worst offender has some ~5300 messages a day of spam being filtered prior to reaching their inbox. If my best filter were rendered worthless tomorrow, I wouldn't expect to hear any complaints from users. (of course, I'd be pretty unhappy.)

I think honeypots are probably my best weapon again spammers at the moment, followed by my keyword blacklists.

Re:Summary is absurd

[MightyMartian]

One of the best weapons against spam has been for several years now greylisting. Over 90% of the crap that gets flung at my mail server never makes it past the Postfix server I have sitting between my Exchange server (I know I know, I hate it, and I'd get rid of it if I could) and the outside world. RBLs maybe, just maybe, had some justification a decade ago, but they have none now, and only retards who should be set to work cleaning toilets still use them. I frankly wouldn't even use them as part of a weighting system. RBLs are bad bad bad. SORBS was the worst (by about a lightyear), but they're all bad, even the best are bad.

Re:Summary is absurd

[Ed+Avis]

My boss and our customers pay me to keep spam away. I've not had any complaints whatsoever.

Of course not. If someone they haven't met sends them mail, and it's dropped as spam, why would they complain? They never even knew about it.

Re:Summary is absurd

[mvdwege]

Actually, they do. Because I am not the one dropping mail. Get a clue about SMTP before you comment, OK?

Mart

Re:Summary is absurd

[Ed+Avis]

I wasn't referring to any detail of the SMTP protocol. If somebody sends a message and it is automatically classified as spam then there are two choices - either the users see it or they don't. If they don't see it then that is what I meant by 'dropped'. If the users do see it, then you're not 'keeping spam away from your users'. The effect of spam is mitigated a little bit if messages are diverted into a special 'spam' folder rather than dropped altogether, but if you have to comb through a folder of mostly-spam to pick out false positives you still waste quite a bit of time and risk missing things.

Re:Summary is absurd

[Ed+Avis]

On second thoughts I might be wrong - did you mean you used SORBS to help with greylisting? So a host from a block of IP addresses in SORBS could still send mail but with a few seconds' delay in the SMTP chatter? In that case you are preventing spam from being sent but without needing to drop any message, so my bad.

Death to SORBS

I run an ISP in the midwest. SORBS has caused so many problems, I don't want to bore you all with them here. I briefly talked with Mr(s?) Sullivan via email back in 07 about several problems he caused by blocking subnets we had on both Nuvox and XO. His response to my email (which was long but detailed), I paster here for brevity:

---------snip---------
F_ck off.

Yours trully,
ms
---------snip---------

Hopefully, she/he takes up dancing at a crossdress clubs and stays the _hell_ off the internet.

Re:Death to SORBS

[mynubarta]

Very unprofessional, Michelle, owner of SORBS. I don't care about your complicated personal life as others have brought it up here, but your comments like that to ISPs or whoever else is completely unneccessary. You DO NOT deserve any help in keeping SORBS up. I hope all your offers fall through. totally lame.

Re:Death to SORBS

[MightyMartian]

Ah look, one of the foul little control freaks whose so pathetic that he "volunteers" his time to a vicious little extortionist.

I'll dance on your little RBL's grave, my friend, and ponder just how worthless a human being you are.

Re:Death to SORBS

[MightyMartian]

Um, that's another poster who made that claim. I've never talked to the guy/girl/whatever. I just know that the whole lot of you have produced an RBL that is, in fact, much worse than spam.

I didn't know Kevin Sorbo was sick.

[fyrie]

RIP Herc.

Re:I didn't know Kevin Sorbo was sick.

[CarpetShark]

Hey, as long as Andromeda's still hot.

Potential bidders?

[e9th]

SORBS is officially "For Sale" should anyone wish to purchase it as a going concern

Now that Alan Ralsky is out of business, who would want to buy it?

Re:The REAL story

[bruns]

How is what Michelle did any of your business?

You dont count

[coryking]

Your parent is right. There does exist a set of clueless people who straight filter based on RBL's like SORBS. Sure, filter your home mail server any way you want, but the *second* you have third-party people using your system (or the second you run the mail server for a business), you should be outright fired for filtering based solely on something like SORBS.

I figure if there is a real problem, that I will get a support call from a customer and I can act accordingly

That is because I dont waste my time calling you. I call your boss and your sales department. If you really are running a business mail server and filtering based on SORBS, you are basically clueless and I'll gain nothing talking to you Your sales staff though, I'm sure they'd be happy to know you are blocking my customers inquiries into your companies products. And I'm probably also sure that if you are the type who filters like that, they probably have a bunch of other issues with the way you run their systems and this just might be the straw that broke the camels back.

Re:You dont count

[Boomerang+Fish]

Having worked in IT Admin for an ISP in the past, I have to to tell you're positioning yourself as exactly the type of customer I used to tell our sales staff we didn't want.

If you weren't willing to work with our support staff and provide us the necessary information to understand where our efforts were failing, you are useless. The threats on the internet change daily (sometimes hourly) and what works today is broken tomorrow... I had enough trouble keeping up with the obvious threats that, unless a customer worked WITH me, his problems really didn't bother me.

And before you respond telling me that I lost our company business, let me just say that the one time a sales person tried to have management fire me over this, I had them check recent sales and showed that 70% of the people who left because "we weren't addressing their concerns", came back... because our support team did respond -- when utilized correctly and not through the sales filter which amounts to a bunch of commission based telemarketer monkeys screaming "it doesn't work and I can't make a sale!"

You want support, then talk to the support people and give them the details they need. Otherwise take your business to AOL or Comcast...

--
I drank what?

Re:You dont count

[Cramer]

Clueless, no. Lazy, maybe.

Fine. Call the "boss" and "sales department", they'll just forward you to me. Even if you manage to get them to listen to your whining, they will never, EVER, come to me and ask to have the "spam filters" turned off. The former CEO learned that lesson the hard way -- to the tune of 100+ messages per hour.

I prefer the "go away" method over the "receive your junk and then throw it away" method. It saves me a lot of bandwidth.

Re:You dont count

[Loki_1929]

Your parent is right. There does exist a set of clueless people who straight filter based on RBL's like SORBS. Sure, filter your home mail server any way you want, but the *second* you have third-party people using your system (or the second you run the mail server for a business), you should be outright fired for filtering based solely on something like SORBS.

I figure if there is a real problem, that I will get a support call from a customer and I can act accordingly

That is because I dont waste my time calling you. I call your boss and your sales department. If you really are running a business mail server and filtering based on SORBS, you are basically clueless and I'll gain nothing talking to you Your sales staff though, I'm sure they'd be happy to know you are blocking my customers inquiries into your companies products. And I'm probably also sure that if you are the type who filters like that, they probably have a bunch of other issues with the way you run their systems and this just might be the straw that broke the camels back.

I think you're misreading things a bit. First of all, nearly all modern RBLs are absolutely nothing like SORBS. They work on multiple reports, expire quickly, and narrowly target IPs being used to send spam. Once in a long while you might catch a Comcast or AOL mail server in there, but not very often anymore. Great care and research should be done before implementing any new filtering to ensure it won't create an unacceptably high number of false positives. That's common sense. What isn't common sense is that there are plenty of IP and content URL blacklists which are plenty reliable enough for virtually anyone to confidently use as concrete walls in their filtering scheme.

I admin mail servers which have a total of about 1,200 mailboxes spread over around 100 domains. As they're all small to medium size businesses, there are two simple facts I have to keep in mind: 1) that every piece of spam making it into their employees' inboxes reduced productivity and costs them money and 2) that every false positive has the potential to lose us that customer (assuming it were to create enough of a problem). Well over a million messages a day hit the mail servers I admin, and roughly 96% of those messages never reach my customers because they're filtered as spam. So how do you reliably make all of it work? It's a combination of multi-tiered filters (some of which include blacklists of various sorts) and whitelists, tailored to each customers' individual needs.

For instance, if you're a local ice cream shop who doesn't want or care for any contact outside the country, I'm going to block IP ranges tentatively identified as being from regions high in spam production for your domain. That means China, Russia, and a whole host of others are being cut off right from the start. That's fine for the ice cream shop because they don't care about anyone who isn't local and if a message or two gets dropped here and there due to geo-location issues, then they're just fine with that. But what of the electronic parts manufacturer with regional offices all over the world (including a plant in China)? Well, you can't do country filtering for them at all. Missing email from a potential customer in Moscow could mean thousands of dollars or more of profits out the window in a flash. What you do is let the other filters carry more of a burden and lower their expectations for how much spam is going to end up being filtered. Finding each company's balance between avoiding spam and avoiding false positives is important. The vast majority of my users see less than three spam emails a day in their inbox and probably average a false positive once every three months or so. The ones who are hyper-sensitive about false positives see a bit more of their spam and never have false positives (so far as I'm aware).

What are the two biggest tricks to making it work? 1) Whitelists created specifically for your customers and 2) k

Re:You dont count

[geminidomino]

I prefer the "go away" method over the "receive your junk and then throw it away" method. It saves me a lot of bandwidth.

That's also the smart way to do it (provided you're actually rejecting at SMTP time and not "generating bounces" like a lot of idiots).

Re:You dont count

[hardwarefreak]

Your parent is right. There does exist a set of clueless people who straight filter based on RBL's like SORBS. Sure, filter your home mail server any way you want, but the *second* you have third-party people using your system (or the second you run the mail server for a business), you should be outright fired for filtering based solely on something like SORBS.

I figure if there is a real problem, that I will get a support call from a customer and I can act accordingly

That is because I dont waste my time calling you. I call your boss and your sales department. If you really are running a business mail server and filtering based on SORBS, you are basically clueless and I'll gain nothing talking to you Your sales staff though, I'm sure they'd be happy to know you are blocking my customers inquiries into your companies products. And I'm probably also sure that if you are the type who filters like that, they probably have a bunch of other issues with the way you run their systems and this just might be the straw that broke the camels back.

I disagree. Here's why:

The vast majority of these cases are caused by small business "email admins" or contractors who have no clue how to setup a mail server. And I'm not talking the host (machine) itself, but all the DNS magic that makes a mail server a legitimate mail server. Mismatched rDNS, hosting the mail server behind a dynamic IP xDSL line and using wildcard dynamic DNS to make the MX record work (i.e. inbound email delivery), etc, etc. All of these things will often cause one to end up on a dnsbl, and rightly so. Then they bitch about it. Getting listed because of something like this should be a cluestick to the guy running the listed system that he needs to make some changes to come into compliance with community standards. This is one of the main benefits of dnsbls. Spammers get caught, and those with misconfigured systems get a wake up call.

There are community standards one *must* meet when setting up and outbound mail server, lest one be listed in dnsbls or flagged by other spam countermeasures.

(of course, I may have mis-read you)

[coryking]

and you are asking if there exists products that don't outright block based on crap like SORBS. In which case "You" refers the general type of idiot who I've dealt with that does block based on SORBS.

Re:(of course, I may have mis-read you)

[EdIII]

Wow. That's a lot of hostility there.

First off, I never said I used SORBS. I did some research first about which ones would probably be best, respond to delisting requests in a timely fashion, and could provide me with a list that was had a lot of maintenance. Spamhaus and Spamcop are fairly decent and AFAIK, they DO respond to delisting requests and don't just put IP blocks up willy nilly.

I'm hardly an idiot. If I could find an open source software package capable of doing what I require, I would have gone that way a long time ago. As it stands, I have to use a proprietary software package that does not allow me to weight the incoming emails based of *any* RBL's. I can only refuse the connection based on the RBL's.

My original point stands. You want to be so incredibly hostile and label anyone that dares to use a RBL (or maybe just SORBS, could you clarify?) as an idiot, but fail to realize just how many mail server software packages out there don't do what you are asking for.

Try taking the hostility down a notch or two, and if you are so knowledgeable about mail server product that do offer weighting based on RBL's, why not just post it here for people to read? Maybe there are people new to running a mail server, don't understand the implications of a RBL (which hardly makes them an idiot), and would gladly implement a better solution.

Or... you could just attack people personally and denounce them for being idiots without actually writing anything productive while foaming at the mouth.

Re:(of course, I may have mis-read you)

Might I suggest

http://assp.sourceforge.net/

Developers can be a little hostile but it's so good you can use the defaults, train it a bit and leave it be.

Re:(of course, I may have mis-read you)

[FireFury03]

If I could find an open source software package capable of doing what I require, I would have gone that way a long time ago. As it stands, I have to use a proprietary software package that does not allow me to weight the incoming emails based of *any* RBL's. I can only refuse the connection based on the RBL's

I'm curious what you are doing that can't be done with one of the Free MTAs...?

Re:(of course, I may have mis-read you)

[EdIII]

Exchange server emulation. Contacts, Calenders, Tasks, Notes, etc. Basically just groupware. It has a special connector that works with Outlook as well.

Re:(of course, I may have mis-read you)

[Kalriath]

Please don't tell me you're describing MDaemon.

Re:(of course, I may have mis-read you)

[EdIII]

Yes....... MDaemon is a requirement for some clients, but not all. Most of the email is serviced by Postfix on several CentOS servers.

I have a feeling your going to tell me that MDaemon is bad. Personally, I have not had many issues with it at all. The connector gave us some problems early on, but the latest versions have been working out quite well.

Other than Exchange Server proper, there are not that many other solutions out there. None free, that I am aware of.... unless you got some information I don't. Zimbra and OpenExchange seem to be a HECK of a lot more expensive than Mdaemon, and at those prices you might as well just go full Exchange. Sure, both of those alternatives have quite a bit of flexibility and you can design stuff into yourself to suit specific needs of certain clients, but we don't need that. Just some simple groupware features that Exchange always had like shared contacts, shared calenders, tasks, notes, etc.

As far as a MTA, I have always felt that MDaemon was pretty darn solid. Only real challenge is that we need to run on it a Windows Server platform, while I prefer most services to be run off Linux.

Re:(of course, I may have mis-read you)

[sglewis100]

My first guess is that you're using Exchange. If so, ever since Exchange evolved into the emacs of mail servers (boy, it does a lot of awesome stuff, but it sure would be nice if they had a MTA in there somewhere), the "new hotness" has been to put a real mailserver in front of the Exchange server to "soften the blow" of incoming mail and deal with all of the crap. Of course, whether you go with an appliance like the barracuda, or some other server, it'll take a bit of money and elbow grease to get it to work well (eg validating incoming addresses against AD rather than just bouncing them off the exchange server, defeating the purpose).

While you are 100% correct in the sheer crap that is referred to as "SMTP" in Exchange, setting up a Barracuda to verify against AD (or LDAP) is drop dead simple. It's default LDAP search string covers both OpenLDAP and Active Directory servers out of the box. If entering in a couple of hostnames and making sure there's a path from your front-end server to your back-end LDAP infrastructure in your firewall is complex... then you probably are lucky to be using a Barracuda, since a hand built setup is beyond you for sure.

We have multiple domains, multiple LDAP environments, multiple mail servers (corporate: Exchange, our franchises are on a Zimbra cluster), yet we still have no problems even though Exchange has shit support for split domains. We even got single sign on to the mail quarantines to work relatively easily.

It's also the best bet for someone who needs local and remote clustering but maybe isn't an expert in Linux. Also, another advantage to such a person not having gone with a FOSS solution would be the vendor support. Even the front line guys at Barracuda aren't bad (well except that one moron who keeps posting strangely incoherant and ignorant ramblings about amavisd-new on the Postfix list the last couple of days - but I hear he doesn't work there presently). I haven't needed this, but a former client of mine has Barracudas in place, and their support routinely configures it for you.

Probably the biggest disadvantage to more experienced but time challenged administrators is that you can't put your own custom rules into Spam Assassin, although you can send their support any requests and they'll implement them.

Re:(of course, I may have mis-read you)

[hardwarefreak]

I'm hardly an idiot. If I could find an open source software package capable of doing what I require, I would have gone that way a long time ago. As it stands, I have to use a proprietary software package that does not allow me to weight the incoming emails based of *any* RBL's. I can only refuse the connection based on the RBL's.

You're kidding right? What (where) is your skill set? Build a Linux or FreeBSD smart host box with Postfix and SpamAssassin. Then relay the scrubbed mail stream to your current mail server. You can block outright based on dnsbl hits within Postfix, or you can score based on dnsbl hits in SpamAssassin.

Here's a decent head start:
http://www.debian.org/
http://wiki.debian.org/Postfix
http://www.debianhelp.co.uk/spam.htm
http://wiki.apache.org/spamassassin/DnsBlocklists

If you're currently running Exchange, all you have to do is tell Postfix to relay all inbound mail to the IP address of your Exch server. For example, in main.cf you'd have:

relayhost = 10.3.2.1

To get Postfix to accept mail for your users, you can either have Postfix poll your AD server for valid user addresses, or you can just manually type them into a relay_recipients file, if you're a small organization, say 100 users or less. The manual thing gets really tedious for larger user counts.

It's a fantastic anti spam solution. If you're not a sysadmin type and don't know anything about dns and changing MX IPs in your dns server or getting your provider to do it, you may not want to take this plunge. You've got to have some decent networking background, including configuring dns entries on your authoritative server.

Re:(of course, I may have mis-read you)

[EdIII]

My original point was that most of the proprietary mail servers I have seen that run on Windows servers don't allow scoring based on RBL's. They just simply disconnect. The poster seemed, very hostile to say the least, and I just wanted to point out that it might not always be a feature that administrators could implement when taking into consideration limitations like platforms, budgets, etc. which hardly makes them stupid or idiots.

Now my specific case with a a few clients involves a 3rd party program that emulates Exchange and must run on a Windows platform. So email alone is not the only consideration. It needs to be able to emulate Exchange. That makes the number of potential programs even smaller.

Aside from this client, we are running CentOS with Postfix/Spamassassin right now for the rest of the email. So I do have the skill set required to setup up what you suggest, but it's not always possible to implement every solution you can come up with. Providing these clients the ability to have their email scrubbed by our servers and then passed on to them would represent additional costs, and that is probably something they are not interested in right now. If it ain't broke don't fix it. I certainly could not just do it for free, nor do I have the authority in this case.

Granted, I could just do it. However, when it comes time to explain the increased usage of resources like bandwidth, what do I say?

Re:(of course, I may have mis-read you)

[Kalriath]

Actually, I was going to tell you that you CAN tell it just to use the RBL functionality as a part of the scoring for SpamAssassin. You might want to go look at spamd.conf and change it to stop rejecting emails and just tack in an extra header.

Re:The REAL story

[emurphy42]

Since when did trolls ever stop to worry about that?

Re:The REAL story

[Nimey]

You might ask the ever-sensationalistic kdawson that as well. Why was that included in the summary?

Heh.. you will find a lot of hostility

[coryking]

A lot of people have had their lives turn into a living hell because of some listing on SORBS. Thus if it wasn't me who chewed you out, somebody else probably would have :-)

Spamhaus's PBL?* I filter on that... the friggen ISP's make up most of that list. I'm pretty damn sure AOL and friends filter off that list too and my motto is "if AOL or Yahoo filters mail based on XYZ policy, I will too". Plus, you can get off that list on a web page.

It is SORBS that I have an issue with. SORBS was created out of pure spite. So my apologies random internet person :-)

* Excepting Godaddy who is fucking insane. Those assholes filter *URL's pointing to a PBL'd IP that are embedded in a message*!!! Worse, they dont tell you. Had fun learning that.

Re:Heh.. you will find a lot of hostility

[omnichad]

Yeah. That GoDaddy thing had me confused for the longest time. I don't remember how I ever figured it out. I never saw it written anywhere, that's for sure. They. Should. Die. For that.

Re:Heh.. you will find a lot of hostility

[mynubarta]

"A lot of people have had their lives turn into a living hell because of some listing on SORBS." Yes, and because SORBS volunteers were at times unprofessional and trollish in their responses for removal, it is just as well they are shutdown. Most other RBL volunteers would not behave this way, except SPEWS or whatever name changed to.

Re:Heh.. you will find a lot of hostility

[NitroWolf]

Holy shit, SPEWS. I had forgotten about that... the guy was worse than SORBS. Wasn't he the creator of Courier as well? How can someone that messed up create something like Courier? Or maybe I am thinking of someone else...

But yeah, SPEWS was a giant bag of shit. Thanks for reminding me there was something worse than SORBS.

Re:Heh.. you will find a lot of hostility

[siliconincdotnet]

> It is SORBS that I have an issue with. SORBS was created out of pure spite.

No, you're confusing "spite" with "greed". There's a difference. Spite is blacklisting a spammer's ISP in a fit of anti-spam zealotry. Greed is blacklisting a spammer's ISP hoping to extort a huge amount of money from them so their customers can send email again, and then blacklisting them again right after you un-blacklist them (yes, SORBS does this).

Good riddance to them. They've done nothing but tarnish the reputation of legitimate RBLs.

Spamcop, Spamhaus, and Uceprotect are plenty of RBL for me.

Re:Heh.. you will find a lot of hostility

[kopo]

filter *URL's pointing to a PBL'd IP that are embedded in a message*!!!

My university does that, too. I run a student organization site that has a university subdomain, but is hosted on a shared host. The host inexplicably got listed in the CBL several times, and that screwed up email for the organization staff, and mailing lists for hundreds of students for days at a time.

I didn't realize anyone else used this brilliant filtering scheme.

Re:Heh.. you will find a lot of hostility

[FireFury03]

my motto is "if AOL or Yahoo filters mail based on XYZ policy, I will too".

AOL and Yahoo are some of the worst for filtering on crazy criteria. They are also *very* bad at responding to mail server operators who want to discuss what they can do to get off their block lists...

Re:Heh.. you will find a lot of hostility

[aaribaud]

Plus, you can get off that list on a web page. Wish it were that easy. My ISP provides its users with dynamic and static IPs, from different RIPE ranges, clearly identified, and there is no way a user can switch from one type to another, so users with a static IP will keep it no matter what. Yet, Spamhaus:

• flags as wide as /16 ranges when blacklisting these static IPs, causing wide collateral damage
• refuses to deal with users (regardless of whether these users are actual spammers or were just collateral damage), and
• insists in dealing with the ISP and the ISP only,

... effectively ignoring the whole point of giving and advertising static IPs, which is putting responsibility and responsibility in the hands of the static IP user.

Re:Heh.. you will find a lot of hostility

[jafiwam]

You are missing the whole point of the lists then.

They create collateral damage by design, to make it painful for the ISP or organization to have spammers using their stuff.

Which, in turn encourages policies of closing port 25 (a good thing IMHO) for end users, watching who they have as customers and well, not being spammers.

The frustration of some mail admins needs to be directed at their stupid virus-getting users and shitty network infrastructure that allows people on dynamic dial up lines to send mail directly. As a RBL user myself, I LIKE the collateral damage aspect. Take care with whom you do business with and you won't have a problem. It's that simple.

Relaying mail through your ISP is not a big deal, it's a cost of living in a society where people can't be trusted to do stuff properly, just like street lights, bike locks, and every other such device.

Re:Heh.. you will find a lot of hostility

[coryking]

Correct me if I'm wrong, but I was operating under the impression that it is the ISP who added them self to the list (for the most part). If this holds true, you probably *do* want to talk to your ISP as they are the ones who added your netblock.

That said, this stuff is a tricky deal I know. Most people using the Spamhaus stuff have been there, done that, when it comes to dealing with shitty RBL's. If spamhaus turns foul, most people will dump them.

Re:Heh.. you will find a lot of hostility

[aaribaud]

You are missing the whole point of the lists then. They create collateral damage by design, to make it painful for the ISP or organization to have spammers using their stuff. Which, in turn encourages policies of closing port 25 (a good thing IMHO) for end users, watching who they have as customers and well, not being spammers. The frustration of some mail admins needs to be directed at their stupid virus-getting users and shitty network infrastructure that allows people on dynamic dial up lines to send mail directly. As a RBL user myself, I LIKE the collateral damage aspect. Take care with whom you do business with and you won't have a problem. It's that simple. Relaying mail through your ISP is not a big deal, it's a cost of living in a society where people can't be trusted to do stuff properly, just like street lights, bike locks, and every other such device.

I have not missed the point of the lists, then; I disagree with it, which is a different thing. One can indeed consider that an ISP should treat its customers as a parent should treat unruly chidren; or one can consider them as persons, responsible for their actions. Especially when they act from a fixed IP, I take the "responsible person" approach, and consider that retaliation agaist spamming, when there has to be, must be directed at the offender, and certainly not at considerable amounts of innocent bystanders "by design".

Re:Heh.. you will find a lot of hostility

[Sleepy]

Filter? I *block* SMTP based on Spamhaus and SpamCop.

Filtering is very expensive in terms of CPU.

FYI the test you do not like GoDaddy using is called URIBL_SBL, and it's part of SpamAssassin. The test normally adds a few points to a message (not block). That is how I use the test (other things must be wrong with the email for it to be filtered).

If GoDaddy actually blackholes messages based on URIBL_SBL, it would be far smarter for them to BLOCK SMTP before end of DATA. (OT: Then again, GoDaddy is a Microsoft shop and that means their admins come in and leave through a revolving door, and such admins have no interest in solving problems on their own as that's what UPGRADES are for!)

And yes, if you webhost on a ISP or server that's INFESTED with spammers, you deserve to have email containing your URL blocked... same as if your email came from a blacklisted IP. It's not about punishing bad ISPs; it's about the very low probability one of their hosted sites ISN'T spam. Some ISPs make a lot of money off pop-tart day old domain registration spammers.. ironically, GoDaddy is one of the largest spammer registrars after China.

Re:Heh.. you will find a lot of hostility

[aaribaud]

I don't think the ISP is necessarily in charge of handling its IP ranges at Spamhaus. Actually, it is kindly allowed to help, but if id it does not, then the Spamhaus team obligingly does the work alone. And I do understand the reluctancy of my ISP to provide free workforce just to fix the ill effects of a blocking list's policy, not when this list could fix its policy and decide to go after the ISP only when the offending IP is dynamic and thus makes it impossible to retaliate against the real spammer (besides, I wasn't talking about "my" netblock; I'm only an observer on that topic.)

Re:Heh.. you will find a lot of hostility

[NecroBones]

You're complaining about SORBS but you use uceprotect? Yikes.

Uceprotect is one of those zealots that blocks entire /16 blocks because of a few spam sources, across entire ISPs.

On the VPS service I use, we occasionally get blocked because of some spammer IPs on an entirely different service, because further up the chain we share a common provider. To make it even more ridiculous, if we complain about this amongst ourselves on the VPS service's forum, the uceprotect folks come into the forum (they don't use the VPS service themselves as far as I know) and ARGUE WITH US, trying to tell us why WE'RE TO BLAME, as customers of a VPS service whose datacenter's ISP is shared by a few bots somewhere in the chain.

I'm not defending SORBS, but if you're going to complain about poor practices, you need to unclude uceprotect too.

Re:Heh.. you will find a lot of hostility

[siliconincdotnet]

Actually there are three Uceprotect RBLs - the first one (which is the one I use) only lists single IPs. It's pretty conservative and gets very few false positives.

It's the second and third ones that block entire ranges/ISPs/ASNs/etc. I couldn't really imagine anyone using these two in any kind of production environments.

Re:Heh.. you will find a lot of hostility

[Psyberian]

As an administrator for a regional ISP that this has happened to. SORBS made our life a living hell. They blacklisted our IP space not for spam, but because they thought our static IP space rDNS appeared like a dynamic block. We lost customers, were on and off their list until we threatened to sick lawyers on them. Then magically we were off the list and white listed.

Good riddance. I may through a "ding dong the witch is dead" party on July 20th. But I don't know where to find 50 midgets to dance around singing about it.

Re:Heh.. you will find a lot of hostility

[hardwarefreak]

* Excepting Godaddy who is fucking insane. Those assholes filter *URL's pointing to a PBL'd IP that are embedded in a message*!!! Worse, they dont tell you. Had fun learning that.

That's interesting, considering GoDaddy hosts a number of spammers on their VPS service. It'd be really interesting to know if they've filtered an email with one of their own IP addresses in it due to the reason you mention. It wouldn't surprise me. They probably have.

Re:Heh.. you will find a lot of hostility

[hardwarefreak]

On the VPS service I use, we occasionally get blocked...

Full STOP.

Occasionally? Apparently you either:

A. Are a spammer, or
B. Are completely clueless

VPS is rapidly becoming *the* most popular hosting method used by non bot herder spammers. The hosting is terribly cheap, often free for the first month, and the spammer doesn't have to worry about acquiring IP space as in days past because it's provided by the VPS hosting firm, thus, no more problems getting more and more netblocks from ARIN once the current set is scorched by local blocklists at receivers and by dnsbls. And the customer vetting at VPS providers seems to be almost non-existent.

Accepting mail at this point in the decade is all about the reputation of the sender. Ask any mail admin worth his salt if he trusts email coming from a VPS cluster. An intrinsic quality of being a trustworthy sender is having clue. If you're trying to send from a VPS cluster this means you have no clue, and thus cannot be trusted.

Sorry pal. In a fair world a mail server on a VPS cluster shouldn't be discriminated against any more than a bare metal mail server inside AT&T's core mail services data center. But it's not a fair world, because spammers have ruined it. Running a mail sending host from a VPS cluster makes you look far more like a spammer than an AT&T.

Get it yet? Pull out your wallet and get some real hosting with a company with a real reputation. Build your own box and colo up with a respectable ISP. THEN, if you get listed by a dnsbl, you have a legit gripe. Assuming you're NOT a spammer, that is.

BTW, exactly whose VPS service are you using. That alone may shed much light on why you're getting listed. I've got quite a number of VPS providers in my local block list due to tons of showshoe emission. I wonder if you're using one of them.

Re:Heh.. you will find a lot of hostility

[hardwarefreak]

filter *URL's pointing to a PBL'd IP that are embedded in a message*!!!

My university does that, too. I run a student organization site that has a university subdomain, but is hosted on a shared host. The host inexplicably got listed in the CBL several times, and that screwed up email for the organization staff, and mailing lists for hundreds of students for days at a time.

I didn't realize anyone else used this brilliant filtering scheme.

So, you admit it's a shared server. It gets listed. So, instead of actually finding out what caused the problem, likely a bot infection, you blame the entity which alerted you to said problem.

When you take your car to the shop, and the mechanic finds something wrong with the car that you didn't already know about, do you then blame the mechanic for the problem?

The primary function of dnsbls is to help prevent spam from reaching inboxen. A very important secondary function of dnsbls is to alert good citizens to the fact that their host is spewing, whatever the reason. It's up the the owner of the listed host to dig in and find out what's wrong. Too many people are too fucking lazy to bother these days. So, they just blame the dnsbl as the source of the problem, when in fact, the dnsbl is merely delivering the message that something is wrong.

Re:Heh.. you will find a lot of hostility

[NecroBones]

Occasionally? Apparently you either:

A. Are a spammer, or
B. Are completely clueless

VPS is rapidly becoming *the* most popular hosting method used by non bot herder spammers.

Or C. Neither. Thanks for assuming I don't know what I'm doing.

I'm referring to Linode.com. It's possible that it's getting abused by spammers occasionally, but I'm not aware of such complaints, it's a relatively small operation, and the staff seems pretty on-the-ball. The times that UCE-protect has added us to their blacklist that I'm aware of, it has been entirely due to IPs outside the Linode ranges as far as I could tell (which is supported by their arguments on the forum). I could be wrong, of course.

Whether it's a fair world or not, blacklisting entire blocks and not just the bot-infected or spammer hosts does more harm than good, especially when you're talking about blocking entire netblocks that cross multiple businesses full of non-spammer customers.

I am a mail admin, and I'm aware of VPS reputation, but that's not what this is about. I wouldn't use UCE-protect because I see it as nothing but a source of false-positives. Stopping spam is an important service to your users, but getting their legit mail through is more important.

Full STOP yourself.

Re:Heh.. you will find a lot of hostility

[kopo]

It wasn't the listing of the shared host that was the problem. It was the fact that the university's filters resolve URLs in message texts to IP addresses, and block messages based on that criterion alone, rather than merely influencing a spam score. If you get a bounced message like this, you can't even report it to an administrator on the university mail network without removing all the URLs.

Block lists are useful, but, as several people in this article's discussion pointed out, they're not accurate or granular enough to be used for deterministic blocking. And this particular usage, resolving link URLs to block messages, is illogical for many more reasons.

Re:Heh.. you will find a lot of hostility

[hardwarefreak]

Whether it's a fair world or not, blacklisting entire blocks and not just the bot-infected or spammer hosts does more harm than good, especially when you're talking about blocking entire netblocks that cross multiple businesses full of non-spammer customers.

Unfortunately one of the roles a dnsbl plays in society is carrying a big stick. Listing large'ish blocks makes legit customers complain to their host. If the host doesn't eject the bad apples from their network, they may lose all those legit customers. Yes, unfortunately, the innocent bleed in the process as well.

Back in the day, SPEWS was effective at this, and network operators were forced to be vigilant in keeping spammers off their nets. Nearly everyone hated SPEWS, but, it was effective. Aggressive dnsbls don't fight as much to keep spam out of inboxen as they fight to get spammers booted from their host.

Stopping spammers is not a technical problem, and cannot be accomplished by technical means. It is a social problem, and business problem, and can only be solved by stopping the spammers from being able to send their spew--preempted at the source. The only way to do this is to keep them off the networks. Legislation is also useless. dnsbls are a critical component of this effort. However, not all dnsbls are equal, and their criteria for listing can be very different.

When you need to scream at someone, scream first at the receiver who rejected your mail. HE rejected it, not the dnsbl. The dnsbl is a tool only and provides data. The receiving mail admin makes the decision to reject an email based on that data. If that admin tells you "buzz off spammer", then scream to your provider to get the real spammers off the network. In other words, YOU have to spend some time doing research in the fight, not just screaming that it's someone else's problem that your email was blocked. The fight against spam includes us ALL. It's going to waste some of your time. Blame this on the spammers, not the dnsbls.

Re:Heh.. you will find a lot of hostility

[hardwarefreak]

Sounds like a misconfiguration. Some dnsbls explicitly state NOT to use them for URL scoring or blocking due to this very reason. AFAIK, there are only a handful of dnsbls worldwide that can actually be used this way properly.

What's this then, eh?

[aweraw]

ROM's being charged for: http://vampire.isux.com/ROMs/

Dubious images: http://vampire.isux.com/pics/x/

So what's going on Matthew... I mean, Michelle?

Re:The REAL story

[Trillian_1138]

I asked myself the same question. In all fairness, that is how she signed off in the link included in TFS, but I still think its inclusion wasn't strictly needed for the "News for Nerds" aspect of the story....

Re:Explanation please

[MichaelSmith]

Sorry if I offended you. That was a Suzanne Vega reference. Maybe SV isn't geeky enough for /.

Re:The REAL story

[bruns]

It still doesn't answer the question why it needed to be included with the story, given it doesn't have anything to do with 'news for geeks'.

And, its Male to female. Female to male is a completely different process. Hardly something to joke about regardless.

Good!

[jidar]

The death of SORBS should be good news to any decent ISP mail admin out there. Nothing like being forced to pay to get your mail server IP removed from a blacklist because you somehow can't keep the thousands of residential customers on your service from occasionally getting a virus and sending a few spams.
SORBS sucks and has for years. Don't get me wrong, I hate spam as much as the next guy, but sometimes a few get through, that's just how it is.
Luckily we haven't had much trouble with them lately since it seems that the vast majority of mail admins came to their senses and stopped using SORBS... frankly I'm surprised they need that many servers.

Re:Good!

[mynubarta]

Yep, glad SORBS is going to the way side. Their BL was one of the worst to deal with, total headache and unprofessoinal in their responses at times (when a response was sent back, sometimes they totally ignored removal requests). I hope no one buys them, but I already read that some are interested in keeping SORBS online. :( Gawd, I hope not.

some good DNSBLs

[Onymous+Coward]

I recommend Spamhaus XBL and Spamcop Blocking List .

Spamcop used to have problems, but I think they resolved them a couple years ago.

Back when http://stats.dnsbl.com/ was operational I used their data to give me a quick leg up on figuring out which lists to look at. Then I checked out the lists for how they operate and then did a performance analysis.

Aside from policy/operation, two things that were particularly important to me were false positives and overlap. These lists get very low false positives and they combine nicely.

Old stats:

http://stats.dnsbl.com/zen.html

http://stats.dnsbl.com/spamcop.html

Re:some good DNSBLs

[91degrees]

Spamhaus are okay. I do have issue with them occasionally using the list as a political tool rather than simply a spam blocking list.

It's not that I disagree with their objectives since persuading organisations to disconnect phishing scams is a good thing. Just their methodology.

Re:some good DNSBLs

[MikeBabcock]

I've found the RBL lists that Spamcop hosts to be quite reliable. They also have very good explanations of how and why sites are listed and are very cooperative in all my encounters with them. Their very nice "report your spam" interface is also cool, and useful for keeping their information up to date.

Re:some good DNSBLs

[Onymous+Coward]

This is why it's important to look at list methodology before subscription.

I think if you are having problems with the methods behind "the" Spamhaus list, maybe you haven't looked closely enough.

Re:some good DNSBLs

[Sleepy]

You'd be AMAZED at how many clueless admins use Spamhaus ZEN as a content filter. For a SMTP blocklist, Zen is great.

For a content-filter, it's broken. Yes, content filter. Some anti-spams apparently let you select Zen for filtering, which is wrong. Residential IP email clients and servers get blocked even though they relayed THROUGH their ISPs mailserver. They could just be using Outlook, as standard for a home user.

Spamhaus needs a non-engineer to document how to use their blacklists. They DO say no not "deep header parse" messages with Zen, but it's like one line out of 12 paragraphs on the page. It's not emphasised in a FAQ. It's not translated.

I would go insane without Spamhaus Zen... it's great. But I also go insane with what some mail sites do with it, and looking at the Spamhaus documentation I can't say they're making it difficult for those sites to make such mistakes...

Re:Explanation please

[Trillian_1138]

I appreciate your apology, and your comment didn't (in and of itself) offend, just the moderation. I definitely didn't get the reference and it would appear, according to Suzanne Vega herself (scroll down to interview excerpt), the song was certainly written with good intent.

All that said, and having nothing to do with your comment, I'm not thrilled with Vega saying, "...I found out she wasn't really a girl," (emphasis added) in reference to the song's inspiration. Again, I don't think Vega is coming from a transphobic or hateful place, I just want to point out that that's not generally considered respectful language. (This isn't directly specifically at you, MichaelSmith, just more a general note...)

-Trillian

PS - I know I've been spoiled by the Internet, because I'm frustrated I wasn't able to imediately find an audio and/or video version of As Girls Go, so I could check it out, with a 30 second Google search...

Re:Matthew/Michelle

[bruns]

They don't call it 'anonymous coward' for nothing. If you are so sure about how you feel and your beliefs, why don't you post with your actual slashdot username and an e-mail address? Or is it, you are worried about how the world will view you once your words are put with a name?

Re:The REAL story

[n30na]

Its because they try to include as much useless information for people to go off on ideological tirades about as possible. How else would slashdot stay interesting?

Sorry pal

[coryking]

And I realize you aren't the kind of idiot who blocks based on SORBS (or god forbid SPEWS, remember them?), and you are an ISP so if you were filtering based on SORBS you wouldn't have much business anyway, so I'm not really talking about you--I'm talking about small to medium sized businesses and other hotspots of cluelessness... "Me" in this case is my ISP and my customers trying to send email to *you* and your funky smelling email servers. In other words, imagine if some asshole listed *your* ISP or one of your upstreams in SORBS... Your (er, my) customers are now bitching to *you* (er, me). This is what I'm ranting about here.

If you weren't willing to work with our support staff and provide us the necessary information to understand where our efforts were failing, you are useless.

If you are filtering inbound email based 100% on SORBS, you are clueless and it would be a waste of my time to deal with you. Why? Either you are ignorant (thus it wouldn't do me any good anyway) or you are an asshole who does this for kicks, in which case you'd tell me to FOAD. As such, talking to you is a waste of time.

I used to tell our sales staff we didn't want [you as a customer]

You are the IT guy. Why would they listen to you? The probably already hate your guts for installing some other spite-ware or have them change their password every week. They dont listen to you and they dont like you (again, I'm not talking about you sir, but the SORBS filtering BOFH guy--ISP's are typically not the type to filter this way anyway). My calling them is just more ammo to go after you. It is politics my friend :-)

Otherwise take your business to AOL or Comcast

Funny enough, AOL has a 24 hour 1-800 number you can call to talk with the postmaster.

Re:Sorry pal

[FireFury03]

Either you are ignorant (thus it wouldn't do me any good anyway)

How are the ignorant supposed to learn (and thus become non-ignorant) if no one tells them when they got something wrong?

or have them change their password every week.

That would also demonstrate a lack of clue - forced regular password changes harm security and piss people off.

Re:Sorry pal

[Kalriath]

That would also demonstrate a lack of clue - forced regular password changes harm security and piss people off.

And yet, asshole IT policy writers still insist on it. Constantly.

One of the biggest dreams of any user where I work is to be able to have that little "password never expires" box ticked. Most people's password is just the same word with an incrementing number after it, or on a post-it note.

Re:Sorry pal

[1u3hr]

Funny enough, AOL has a 24 hour 1-800 number you can call to talk with the postmaster.

Those motherfuckers -- they block me because I'm in Hong Kong. I spent hours looking for a contact address. Never found a fucking thing. Not even a webform. Where the hell is this number listed? Though it would only be good in the USA anyway. They seem to have the attitude "foreigners are spammers", and especially anyone in Asia. I've had to get my clients to use Yahoo mail so I can communicate with them.

Angry? Me? How perceptive.

The only RBLs worth considering

[coryking]

Are those who let people delist simply by visiting a website and clicking "unlist me". After that, they are instantly unlisted. See also--spamhaus. You can pretty much outright block traffic listed in the PBL.

Re:Possible Alternate Hosting

[MightyMartian]

Can you provide all the domains you host, so that I can get as many mail admins together to arbitrarily block your servers, and demand "donations" to unblock them?

Thanks in advance, you worthless pile of trash.

Re:Possible Alternate Hosting

[bruns]

Can you provide all the domains you host, so that I can make sure that when they get blocked by the AHBL for abuse, they won't get removed? :)

So, what is it?

[dbIII]

Not sure if it's gone or slashdotted but it's giving zero sized replies now. Can anyone tell me what it was?
Perhaps I should hand in my geek card, I had no idea SORBS was in the same small city I live in, although strangely enough on the other side I know Brisbane was at one point infested with three of the top ten spammers. I've got the space for a rack but dismal network access down two ADSL lines - thanks to Telstra most of the city has worse net access than Latvia.

Re:So, what is it?

[raju1kabir]

Kind of off-topic, but Latvia has excellent net access speed. e.g., check out speedtest.net's stats. Latvia average download: 11.73 mbps. Australia average download: 4.92 mbps. In fact Latvia is their 6th highest worldwide. Speedtest.net isn't entirely scientific but is broadly representative in my experience.

Don't let the door hit you in the ass...

[NitroWolf]

This is the best news I've heard all week!

SORBS is a blight on the anti-spam effort front and should have been run out of town on a rail years ago. It has done more damage to the perception of anti-spam lists than any other single entity on the internet. Hell, some spammers are better behaved and have better morals than the operator(s) of SORBS. I would literally turn to Microsoft or McAffee for anti-spam solutions before I'd even consider SORBS.

I hope the dirtbags that ran SORBS end up destitute in a gutter somewhere.

Re:Possible Alternate Hosting

[NitroWolf]

I, too, would like to know what company he works for so I can avoid them and direct the companies I deal with away from them as well.

What a dirtbag.

Re:The REAL story

[corbettw]

Yes, it was. Without it, those of us who used to have to deal with "Matthew's" temper tantrums when our mail servers ended up on his blocklist would have been confused as to his wife or sister was now shutting things down. kdawson's comment explained the issue simply and directly, but without trampling on Sullivan's privacy too greatly.

full disclosure

[corbettw]

kdawson should've included the disclosure that SourceForge, one of Slashdot's sister companies, is a sponsor of SORBS. There's an ad on the right side of the SORBS main page touting this fact, so it's not like it should've been difficult for him to find to point out in the summary.

Re:full disclosure

[Kalriath]

SourceForge isn't the sister company, SourceForge is Slashdot's owner. The PARENT company.

But I think it's only listed because Sorbs has a project on sourceforge.net, in which case Sourceforge "sponsors" eleventy bajillion people and companies anyway.

Re:full disclosure

[corbettw]

I stand corrected. Guess I was thinking of the good ol' days when SourceForge and Slashdot were both owned by VA Linux or Andover. But the point still stands, kdawson should've mentioned something about the corporate relationship, no matter how tenuous.

Re:full disclosure

[deananderson]

Those companies aren't sponsors. This is just another scam by SORBS. People are meant to *think* they are sponsors lending some kind of credibilty to SORBS. If you read closely, it says something to the effect of "Don't contact these companies to complain about SORBS"

The confidence scam strikes again. All I can say is, Steve Cohen, SEX.COM thief appears to be connected to SORBS through Vixie, Cerf, the Crockers, and was the master of confidence scams.

Never said turn off the spam filter

[coryking]

Obviously you can't turn that off. I said "stop blocking based on SORBS". Huge, huge difference. And yes, there are idiots who block based on nothing more then SORBS. Ask me how I know.

Re:Never said turn off the spam filter

[TheLink]

> And yes, there are idiots who block based on nothing more then SORBS. Ask me how I know.

Hey someone go ask him how he knows... I might ask, but I'm a bit scared - he's built up quite a huge head of steam already... ;)

Seriously though, I hate those stupid blacklists too.

They blacklist entire ISPs, and they say "too bad it's the ISP's fault". But really, if an ISP has millions of subscribers, a fair number of them are going to be spam spewing zombies. And often it just takes a few spam messages to get their IPs or range of IPs on the list.

Very often the users will use the ISP's smtp gateway, and so will the zombie program. The ISP is likely to set their outbound spam filters on their gateways to have very low false positives. So some spam will leak out, and their gateway IPs get blacklisted. Whoopee.

If the zombies don't use the smtp gateway and go directly out, it gets the ISP's range of IPs on the list as well. And affects the other users trying to directly send legitimate email out without using the smtp gateways.

If the ISP blocks all outbound SMTP (and forces users to send email through strict filtering gateways), a bunch of people will complain and Slashdot will run negative story on them.

I don't run an ISP, but my ISP's smtp gateways have been blacklisted before. Fortunately I could go to the relevant website and request the ISP IPs to be unblacklisted for them... Doh. I've just checked psbl and their records showed that way back in 24-feb-2009, 10 emails from that gateway went to spam trap addresses. SORBS still has that IP listed, but I guess nobody I care to _resend_ email to is using SORBS.

But if anyone wants to rely solely on blacklists think about this:

The ISP has maybe a million subscribers, yes 10 spamtrapped emails * number of addresses in each "marketing campaign" is a lot of annoyed users, but from the POV of an ISP it could be a few zombies (or even just one) that got through. Then it's welcome to blacklist land, and all of the subscribers will either have their emails blocked or rated down.

What do you want the ISP to do? Stop all spam? That's impossible. Stop relaying emails for subscribers? That's crazy. Not have customers who would ever have spam spewing zombies? Not going to have many customers that way ;).

Re:Never said turn off the spam filter

[geminidomino]

What do you want the ISP to do? Stop all spam? That's impossible. Stop relaying emails for subscribers? That's crazy. Not have customers who would ever have spam spewing zombies? Not going to have many customers that way ;).

Which fallacy is it again where you list a bunch of non-solutions, then claim there is no solution? The ISPs need to stop THEIR OWN spammers. No listwashing (Looking at you, NAC.net), ip shuffling, and whatnot. Whether it's some jerkoff chickenboner or a zombie, it needs to be cut off of SMTP access until the problem is fixed.

Not only do I filter based on the spamhaus lists, but I keep up an internal DNSBl too. Going to keep doing it, and expanding them, until it happens

Re:Never said turn off the spam filter

[TheLink]

If you have a way to block all spam 100% without too many false positives, I'm sure lots of people would be interested.

As I said, if you have 1 million users, some of their spam is going to get through, and you will end up on some stupid blacklist. And SORBS is a stupid blacklist that doesn't let you remove yourself easily.

Basically you will be permanently be on SORBS blacklist. Even though you cut off SMTP access to zombies etc. Because some spam will get through faster than you get to remove yourself from their stupid blacklist.

See the problem?

Re:Never said turn off the spam filter

[geminidomino]

SORBS is a bad example. It was, and always has been, some guy grinding an axe. One bad execution doesn't invalidate the concept, though.

And you're still missing the point. It's not a question about "some spam getting through." It's about that spam getting through more than once, and these days, precisely because of systems like spamhaus, that there's been a lot of improvement.

I block SMTP access from dynamic IP ranges. Suddenly, the zombie problem gets a lot more manageable. When spam comes from legitimate mail servers, I report it. If the spam keeps coming from there, then obviously the admin there doesn't care, so the admin on my end has to make the call. So hotmail is 55x, but gmail is ok (for the moment).

Amazon EC2 is in the CBL

[coryking]

Or PBL... one of the two. Self listed too (as almost all of them are), as they dont want you to send email from their stuff. Sucks there are idiots in this world who don't understand the purpose of those lists :-(

It can take months to deal with support

[dbIII]

You want support, then talk to the support people and give them the details they need

My record so far is three months to get a single MX record corrected (TelstraClear NZ). I'm not as patient anymore, the last time I got a response from an ISPs support that showed they had no understanding of the problem and were not willing to pass it on it was time to look at their WHOIS entry which gave me the managing directors email address (I won't name who it is, they may improve). The utter stupidity of the error (MX record to a machine that would not accept mail for the domain), the ease of detection (less than ten seconds to diagnose the problem) and the long timespan between the client's initial complaint to their ISP and when they got me involved (between three and six months) made it look very bad for the poor half trained fool that attempted to brush it all off until they got word from above. I ended up sending an email to apologise after (emails were sent to me later trying to prove the person responsible had a clue) but would do it the same way again.
It's a worry when the f*ing obvious lifted directly out of an introductory textbook is seen as a "novel approach" by support staff - at that point you need to find a way around them that is as painless as possible for all or just give up.
I'm aware that some people point a secondary MX to nowhere as a pointless and rather stupid attempt to avoid spam and they just accept the lost legitimate email as the price of less spam. That wasn't the case for the two incidents above and several others - it was just stupid mistakes instead of stupid design.

Re:It can take months to deal with support

[dotgain]

TelstraClear NZ are fucking monkeys, no doubt brother.

Network.com?

[plasticpixel]

Why not ask Sun/Oracle if they will host it on their cloud at network.com? I hear they are giving alot of the capacity away right now.

SORBS is probably useless

[RGRistroph]

I maintain several mail servers for various clients. Dealing with spam takes up a lot of time and resources, but I have also spent a lot of time trying to get my legitimate fixed-IP business class IPs off of SORBS "dynamic IP" list. I think SORBS probably ended up being a net loss in the spam war, because admin resources that could have been spent fighting spam were instead spent trying to avoid friendly fire.

Re:SORBS is probably useless

[MightyMartian]

The reason SORBS is so universally reviled by a lot of the anti-spam crowd is because the creator and the whole cadre of folks that maintained (and I use that word hesitantly) really didn't seem nearly as interested in battling spam as in enforcing their own bizarre view of who should and should not be sending email. The entire ethos was abusive and ego-stroking. The last time I had problems, the one thing I noticed that was different than my old battles with this pack of scumbags was just how few mail servers seem to be using it now. Hotmail was what forced me to even bother dealing with it, because my employer does a lot of correspondence with people on Hotmail addresses (another cancer on SMTP). My general attitude about mail admins who reject messages because SORBS blacklists my IP address is "fuck you", because those admins, as I've said elsewhere, are either morons or just lazy and don't want to put the effort into building a good, solid, rugged SMTP server.

What I can't believe is that SORBS still has some defenders, when my experience from the years when I was working most of my days as an admin for a few hundred domains was that SORBS was just as bad as spam. I really do hope that it is allowed to die, and maybe a few more retarded mail admins finally get the hint and start implementing measures that don't essentially poison SMTP.

Re:Sorbs ok by me

[MightyMartian]

First of all, blacklists are evil. There are far more effective ways to deal with spam. Lazy and stupid mail admins use RBLs, or at the very least, use RBLs to actually reject messages. I don't even use RBLs in any kind of weighting process. RBLs are run by people, and are therefore inherently unreliable and too easily abused.

As to SORBS, it's rationale is nothing more than an excuse to extort money. It's standards for what constitutes a misbehaving server are not shared by any expert on spam or SMTP transport that I'm aware of. It has long been among the most abusive, least responsive RBLs out there, and that's saying a lot, considering how frequently RBLs are used for abusive purposes. At least the other major RBLs have easy ways of removing IPs from the list, which does make them far less vile and repugnant than SORBS.

Not that disrespectful

[justinlee37]

I just want to point out that that's not generally considered respectful language

I'm not so sure that holding a different definition of the word "girl" than you do is really disrespectful. I get what you're saying but you've got to understand that to the population at large there is a difference between someone born biologically female and someone who surgically removed their genitals and started hormone therapy (or whatever other combination of measures you took to legally change your gender). For example, you never could and never will bear a child. Not that all women can, but they've generally got a higher likelihood of being able to do so. So people like to have different words for those different things. You've got to face the music, to Joe six-pack you're not a girl, you're a post-op transsexual.

I get what you're trying to say but I also feel like you're trying to strongarm others into changing the definitions of their words. If somebody doesn't think you're "really a girl" and you take offense to that, you're just picking a fight over semantics. Go ahead and wait until they say something really inflammatory and hateful before you bust out the righteous indignation, you'll win more hearts and minds.

Re:Not that disrespectful

[idlemachine]

You've got to face the music, to Joe six-pack you're not a girl, you're a post-op transsexual.

Or to put it in a way /.ers will understand: you're not a Mac, you're OSX running on hackintosh hardware.

Re:Not that disrespectful

[MikeBabcock]

If you're going to make that argument in the future, just go with chromosomes, its much easier.

If you've got more X's than Y's then you're genetically female and vice versa.

I have no problem with transgendered people wanting to be called whatever gender it is they identify with, but they really need to stop taking offence at how awkward it is for everyone else to figure it out in the border cases. Heck, there are some pretty gender neutral looking people I've met who have had no surgeries.

Re:Not that disrespectful

[Shatrat]

If you've got more X's than Y's then you're genetically female and vice versa.

I think the only way to have more Y's than X's is to be from west virginia or european royalty.

Re:Not that disrespectful

[Trillian_1138]

I'm not so sure that holding a different definition of the word "girl" than you do is really disrespectful. I get what you're saying but you've got to understand that to the population at large there is a difference between someone born biologically female and someone who surgically removed their genitals and started hormone therapy (or whatever other combination of measures you took to legally change your gender). For example, you never could and never will bear a child. Not that all women can, but they've generally got a higher likelihood of being able to do so. So people like to have different words for those different things. You've got to face the music, to Joe six-pack you're not a girl, you're a post-op transsexual.

I agree with everything you've said here. As I said, I don't think Vega was intending the language to be disrespectful or hurtful. Likewise, I understood exactly what she meant, and Vega was using an culturally-understood phrasing when said, "...she wasn't really a girl."

However, I think you raise the point I'm trying to make by saying, "Not that all women [can bear a child]..." The fact is, any individual definition of 'girl' (or 'boy') will ultimately boil down to "I knows it when I sees it," because there are so many edge cases: definitions of genetics get tricky with people who have XXY or XYY instead of XX or XY, definitions of childbearing get difficult (as you mention) with people who are infertile, definitions of how one was raised get confusing with trans people (and other definition-straddling or -crossing individuals), definitions based on appearance get muddled with anyone not confirming to strict gendered appearances (and people with AIS), etc, etc.

As such, what I'm putting forth is that it's most respectful to use someone's own self-identification when labeling someone a man or a woman.

I get what you're trying to say but I also feel like you're trying to strongarm others into changing the definitions of their words.

Oh, completely - I'm 100% trying to get people to change their definitions of 'man' and 'woman' (and 'boy' and 'girl' and so on and so forth). I'd like to think I'm trying to convince them rather than strongarm them, but I suppose that'd just be a different semantic argument. ::grin::

If somebody doesn't think you're "really a girl" and you take offense to that, you're just picking a fight over semantics. Go ahead and wait until they say something really inflammatory and hateful before you bust out the righteous indignation, you'll win more hearts and minds.

Well, definitions are important. I identify as a Jew, too, and I would be offended if someone else said I wasn't "really" a Jew because I don't observe the sabbath or keep kosher (or a number of other things...I said I was a Jew, not a particularly observant one). I don't think I was in the wrong (or, as a note to moderators, trolling...) when I said it's "...not generally considered respectful language [to say someone who is trans isn't "really" a girl]." You're right, I should wait until there's overt transphobia before being similarly divisive, butI don't think I was being righteously indignant in what I said. At least I certainly wasn't trying to be. But pointing out that I'll ruffle feathers by sticking up for myself doesn't mean I shouldn't.

-Trillian

Re:Not that disrespectful

[Trillian_1138]

Now that's a funny trans joke! ::grin::

Re:Not that disrespectful

[Trillian_1138]

If you've got more X's than Y's then you're genetically female and vice versa.

It's, unfortunately, not that simple....

I have no problem with transgendered people wanting to be called whatever gender it is they identify with, but they really need to stop taking offence at how awkward it is for everyone else to figure it out in the border cases. Heck, there are some pretty gender neutral looking people I've met who have had no surgeries.

It's possible you're generally commenting rather than directing that at me specifically, in which case you can ignore this, but I don't think I overly took offense. I pointed something out that seemed, to me, to be disrespectful and have been trying to engage in a conversation about why I feel that way.

-Trillian

Re:Not that disrespectful

[justinlee37]

All good points. Gender and sexuality are both more of a continuum than a binary state. At any rate I think that deciding what to call transgendered people is a relatively minor issue when compared to the larger ongoing issue of whether or not they'll be accepted into society at all. Persecution of LBGT individuals is a deplorable witch hunt. It's too bad people can't just live and let live.

Re:Not that disrespectful

[Trillian_1138]

Persecution of LBGT individuals is a deplorable witch hunt. It's too bad people can't just live and let live.

On that, we completely agree. Thanks for the discussion, and for being willing to engage - I'd much rather talk politely and intelligently with someone who doesn't agree with me 100% than superficially with someone who might agree with me completely...

-Trillian

Re:Not that disrespectful

[MikeBabcock]

lol excuse my lack of coffee ;-) But i'm sure at least a couple people figured out what I was saying.

If you've got at least as many Y's as X's you're male. How's that?

To be fair though, some people do have more Y's than X's.

Re:Not that disrespectful

[MikeBabcock]

Entirely general, toward the few people I hear getting all upset because they were called a he instead of a she or vice-versa by some sales clerk who barely looked at them while making change.

Re:The REAL story

[MightyMartian]

SORBS is kinda like SCO for generating those kinds of discussions. Just imagine how great a SCO thread would be if it had pictures of Daryl McBride in drag!

Re:THIS IS THE BEST NEWS I HAVE HEARD ALL YEAR!

[Kalriath]

Um, that's a REJECTED RFC no less.

Re:Sorbs ok by me

[Kalriath]

And it stays blocked until the ISP yells "fuck it" and implements Ma... Michelle Sullivan's rejected draft RFC for reverse DNS.

Nothing's wrong with SORBS

[mvdwege]

I use SORBS professionally. It works. It stops spam. The few times IP space from our customers got listed, they got delisted within 24 hours after contacting SORBS by e-mail. All it cost me was registering an account for my employer at SORBS.

As usual in the discussion on blocklisting, Slashdot is being overrun by, ehm, 'legitimate biznizmen' and their supporters, and people who know jack shit about blocklisting and its history, but believe those who shout the loudest.

Mart

Re:Nothing's wrong with SORBS

[Just+Some+Guy]

As usual in the discussion on blocklisting, Slashdot is being overrun by, ehm, 'legitimate biznizmen' and their supporters, and people who know jack shit about blocklisting and its history, but believe those who shout the loudest.

I got paid to write an article on how to block spam, partially by using DNSBLs. Am I qualifed to say that SORBS sucks, or am I still in your "amateur" or "'legitimate biznizmen" categories?

Re:Nothing's wrong with SORBS

[MightyMartian]

That's a defamatory load of crap. Anyone who defends SORBS has no idea how much it's reviled by the rest of the anti-spam community. Saying "SORBS works" is rather like saying "pulling half the breakers out of your electrical panel is a good way to save on electricity".

You may be a professional, but that's only because there's no meaningful code of standards or abilities for people who run mail servers. Believe me, pal, I ain't spammer. I was the sysadmin at a small ISP for a decade, and was pretty involved in a number of anti-spam communities, and the only people that defended SORBS were half-wits like you, who didn't understand how a badly managed RBL like SORBS could do serious harm to SMTP infrastructure. In fact, most of the anti-spam guys I talked to over the years dislike RBLs in general, but at the very least some of them, like Spamhaus, are run by a guy (or girl or whatever) who isn't an extortionist and control freak.

If you think SORBS works, then I pity your customers. I don't know what kinds of lies or distortions you used to get your contracts, but they're being ripped off by an ignorant and lazy moron.

Re:Nothing's wrong with SORBS

[Kamamura]

That is exactly the middle-management mentality that causes so much trouble: "Look, it works, it killed the fly. Oh, and it also killed the whole village..."

Maybe you would be better off plugging the network cable off - voila, stops spam 100%. The problem is that blacklists like these create a lot of false positives - legitimate customers of other ISPs whose IPs and IP ranges got blacklisted can't mail to your clients. Not your problem? Wrong, it is your problem, because by applying the blacklist "solution" without proper consideration, you are punishing innocent people collectively (bad practice).

Imagine an ISP with outgoing mailserver for many ADSL users - many users today have compromised Windows instalations serving as zombies for spammers. ISPs cannot effectively prevent this, yet when the zombie awakens and spams, everyone else using the same server is punished by the blacklist.

You are just moving the hassle to the other guy, which is once again, bad. There is no "magic bullet" solution to spam, but it pays to be considerate and responsible. And if your customers leave because they can't receive legitimate mail, don't be surprised. And if your answer is "It ain't my problem", you don't deserve them anyway.

Re:Nothing's wrong with SORBS

[jidar]

You're a bad mail admin. Period.

Re:Nothing's wrong with SORBS

[prockcore]

Turning off your mail server completely is more effective than SORBS, and blocks only slightly more legitimate email.

Interesting...

[Mish]

"Michelle Sullivan (Previously known as Matthew Sullivan),"

The hint of what I thought could be 'slander' in the article made me "Google" the name. http://www.myspace.com/michelle_i_sullivan - turns out it's not slander.

Re:Matthew/Michelle

[oliderid]

So what? What's the point? She does a good job, this what matters for those using her service. If she likes to be dressed as a gladiator, mickey mouse or whatever she wants to while doing it, that's totally up to her. I don't care, I won't be forced to live with her, that's her life and her choice. If you feel threatened by her choice, I suggest you to visit a shrink to talk about your sexuality or move to Iran.

It ain't SORBS, that is for sure

[coryking]

The days of the "Usenet Death Penalty" and whatnot are over. Every single webhost, ISP, Xbox running Linux, or IPv6 microwave has probably either been hacked and turned into a warez server for a day or been abused by some spammer who signed up for a few days before getting booted.

In otherwords, he who has not sinned cast the first stone. We've all had our networks abused. 95% of us aren't doing for "pink contracts". Those 5% "pink contract" people probably have to cut deals with satan himself to get an upstream that won't boot him. Nobody wants spammers on their network--they cost far too much for what they gain.

That is why RBL's like SORBS or SPEWS failed. They punish the 95% for the 5% and have no way to differentiate. With Bayesian filtering and some modern automated RBL's, we dont need or desire RBL's maintained by humans.

To an extend, I agree

[coryking]

But in my experience, their baseline "fuck you, we dont want to talk to you ever" filtering is pretty sane--it is basically filtering out fucked HELO's, bad tasting reverse DNS, and dialup/broadband users. It is their "hey pal, I know you are sending an announcement to like 5,000 yahoo.com addresses, but slow and try again in 5 hours" that gets annoying. All it takes is one person to mark their email as spam to throw a wrench in the 4,999 who a) love getting the updates and b) opted-in into them in the first place. I can understand why they do it, but it is annoying.

But YMMV as my gear is in the US and I'm on a US netblock. My hunch is life might not be so easy for those on other countries netblocks :-(

The have Postini's block listed

[gravyface]

I get the odd call from a Postini client who's been on mxtoolbox.com, crying, "why am I blacklisted? zomg!". SORBS == idiots.

Re:The have Postini's block listed

[hardwarefreak]

I get the odd call from a Postini client who's been on mxtoolbox.com, crying, "why am I blacklisted? zomg!". SORBS == idiots.

Really? Idiots? I've never received a legit email from Postini, but I've received tons of spam from them. I'd say in this case SORBS is on the money.

lusers and spammers seem to congregate at the same watering holes, intermixed with one another: Postini, Yahoo, Hotmail, AOL, etc. When the only weapon you have is a shotgun, you're bound to hit some lusers even though you're aiming at the spammers.

Thank God

Much like everyone else, I'm overjoyed by this news!!! Having to fight with SORBS about delisting IP blocks for months at a time, while irrate customers are threatening to cancel their services with you, and having your CFO breathing down your neck for resolution is not my idea of fun.

July 20th, 2009 can't come soon enough for me. I just hope no one decides to resurrect this fatally flawed and unresponsive system.

Your post contradicts itself

[coryking]

I use SORBS

[I am a] professional...

Sorry buddy. You aren't a pro if you use SORBS. You are either ignorant, in which case you should read over this thread to learn or you are an asshole with a chip on your shoulder, in which case, well... you are soooooo good looking!

Seriously, you can't claim to be a professional and use SORBS. It is about the most unprofessional way to filter email ever.

Re:Your post contradicts itself

[mvdwege]

Seriously, you can't claim to be a professional and use SORBS.

I use SORBS. Spam gets stopped. My users and customers are happy. I get paid to do this.

Sorry, but that's the very definition of professional.

Mart

Re:Your post contradicts itself

[coryking]

Your users wouldn't be happy if they knew all the legit email they are missing from SORBS. And I'll be more then happy to jump over your "professional" role and just talk to your customers and let them know what an idiot you are. I've done it before, and I get great delight getting them all riled up about your "professionalism". Every time I talk to the person who couldn't get my customers email because of people like you, magically the email works again.

Re:Your post contradicts itself

[mvdwege]

Who says we're missing legitimate e-mail? I handle rejections from legitimate relations as I should: by prompt and immediate white-listing.

Sorry, but that you don't know how to run a mail server is not my problem.

Mart

Good riddance!

As an admin at an ISP I usually cheer any efforts aimed at reducing spam volume, but I've come to hate SORBS over the years -- mostly because of the Dynamic Hosts list. If you can't do a thing well, you shouldn't do it at all. Pity it took so long for them to -- hopefully -- disappear and/or get replaced by someone more competent.

Hip, hip, hooray!

[Kamamura]

Finally, these self-righteous, blackmailing schmoosters go down in flames! I wonder how much money they extorted over the years, but I guess people eventually came to their senses and stopped paying.

Re:Asshats

[orngjce223]

I'll oblige ya. Here's the copypasta, filled in for your convenience:

 

Your post advocates a

(x) technical ( ) legislative ( ) market-based (x) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(X) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
(X) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
(X) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(X) Blacklists suck
(X) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
(X) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

SORBS is connected to spammers

[deananderson]

On the "do-not-sell-this-to-spammer" byline,
SORBS, MAPS, and Spamhaus have been connected to a spammer called Whitehat.com, aka Whitehat, Inc. Incorporation documents and Annual reports show that Paul Vixie, John Levine, Rodney Joffe and others are directors of Whitehat. Spamhaus' Registry of Known Spam Operations (ROKSO) doesn't list Whitehat. Vixie and Rand (MAPS founders, spammers) provides technical and hosting support to SORBS. SORBS isn't a real spam blacklist, but a revenge list. SORBS is cover for spammers to conduct scanning for abuse, shake down ISPs, and interfere with Whitehat's competitors.

See related articles at http://www.iadl.org/whitehat/whitehat-story.html
http://www.iadl.org/maps/maps-story.html
http://www.iadl.org/sorbs/sorbs-story.html
http://www.iadl.org/spamhaus/spamhaus-story.html

Full Disclosure: I am the official admin for 130.105/16 and 198.3.136/21, which SORBS falsely claims is hijacked. SORBS has made this claim since 2003, and knows it to be false.