The Imminent Demise of SORBS

An anonymous reader lets us know about the dire straits the SORBS anti-spam blacklist finds itself in. According to a notice posted on the top page, long-time host the University of Queensland has "decided not to honor their agreement with... SORBS and terminate the hosting contract." The post, signed "Michelle Sullivan (Previously known as Matthew Sullivan)," says that the project needs either to "find alternative hosting for a 42RU rack in the Brisbane area of Queensland Australia" or to find a buyer. Offers are solicited for the assets of SORBS as an ongoing anti-spam service — it's now handling over 30 billion DNS queries per day. An update to the post says "A number of offers have already been made, we are evaluating each on their own merits." Failing a successful resolution, SORBS will cease operations on July 20, 2009 at 12 noon Brisbane time. Such a shutdown could slow or disrupt anti-spam efforts for large numbers of mail hosts worldwide.

No big loss!

A blacklist that charges you to get your IP removed will inevitably block far more than real spammers.

Re:No big loss!

[CarpetShark]

A blacklist that charges you to get your IP removed...

...is otherwise known as extortion.

Re:No big loss!

[MightyMartian]

Blacklists are more than just a pain, they're as much a cancer on SMTP infrastructure as spam. And among cancers, SORBS is the worst. I'll be glad to see it die.

Re:No big loss!

[Cramer]

In their words, "it's not extortion as *we* don't see any of the money." It's still bullshit.

I've had issue with them for many years... their "spamtrap" list is 100% untrustable. It only takes one email EVER to get on the list. They provide zero evidence of how you got on the list, just that you are on it. Enties never, ever, expire. And to get off the list... you have to "make a donation." (But if you're google, you get removed without ever knowing you were listed.)

Re:No big loss!

[wvmarle]

I have a fixed IP address (according to my provider, BizNetvigator - I'm paying for a fixed address at least!) but according to SORBS I am in a "dynamic IP range", and they can not and will not unlist my IP address. As a result I am forced to relay my mails through the mail server of my provider. Totally unnecessary but it's the only way to assure delivery of e-mails. Many of my mails are rejected and bounce at smtp handshake level, I guess there will be plenty that are silently dropping it - both I consider bad practice, I want to receive my suspected junk, dump it in a junk folder, and look through it once a day to make sure. Greylisting takes care of 95% of the spam already, so only a dozen or so junks come in every day.

Also I do see sometimes my mails being greylisted, but as I'm running a real mail server that just causes some delays. It will try again shortly after.

Re:No big loss!

[mvdwege]

So talk to your provider. They're the ones misrepresenting your IP space.

But that name says it all really. You're just a spammer, aren't you?

Mart

Re:No big loss!

[montyzooooma]

Isn't that the real problem? SORBS doesn't find anyone else to give them a home (good!) but then sell out to a bunch of crooks who start running the blacklist as a real extortion tool for profit.

Re:No big loss!

[tehSpork]

It's worth noting that pointing the extortion racket out during communications intended to get you removed from said blacklist will result in you never hearing another word from the people at SORBS. Funny thing though: After referring (numerous) complaining customers to SORBS as the source of all their woes I found myself removed from the blacklists in short order. Odd how that works.

Re:No big loss!

[sglewis100]

Actually, Barracuda's "whitelist" is far worse in this regard.

No it's not. If I can't get on a "whitelist" then I'm still not necessarily on a blacklist, and still not necessarily prevented from emailing Barracuda customers. That's better than being able to get on their blacklist for "free" and then having to pay to get off. In the latter, if I don't pay, I can't mail. In the former, if I don't pay, I can't bypass all the checks.

Re:No big loss!

[sglewis100]

Having a PTR record on your IP that matches the SMTP hostname is common practice. In fact, us mail administrators in particular love it, because except for the people who happen to have their own AS number and own their own IP space, it pretty much requires you to involve your ISP or hosting provider to get the entry setup. Which pretty much guarantees that those people have an ISP that knows you are running a mail server. Checking that your SMTP server's HELO/EHLO broadcast matches it's rdns lookup is one of my favorite checks in my mail gateways, since it's low cost (simple DNS query, easily cached) and very effective at weeding out people who maybe shouldn't be running a mail server in the first place due to having the wrong plan with an ISP, or perhaps someone who suffers from ineptitude about how to setup an outbound mail server. Sorry, those glory days of just opening up a SMTP server on port 25 and sending mail have been gone... for years!

Re:No big loss!

[Minwee]

Having been on the pointy end of SORBS several times I can honestly say that I never had any trouble getting off of it. I never had to pay any money, make any threats, or invoke demons from the lower planes to do it.

Every single time all I had to do was go to their web page and follow the simple directions given for removing myself from the naughty mailers list. No demands for small, unmarked bills were ever made and nobody ever tried to hassle me about it.

Oh my god

[bhenson]

Oh my god the spam is burning, burning I tell you

*snort*

[paitre]

"Such a shutdown could slow or disrupt anti-spam efforts for large numbers of mail hosts worldwide. "

You're kidding, right?

They have done more to give legitimate anti-spam efforts a black eye than ANY legislative attempts to 'solve' the problem ever could.

I -used- to believe that 'collateral damage' was a legitimate 'tactic' in the fight against spammers. I've grown up since then.

Re:*snort*

[doctorcisco]

Mod parent up. The death of SORBS would be a net gain in the fight against spam. Blacklisting entire ISP's who are "insufficiently responsive" only makes sense if you don't care whether email gets delivered or not.

doc

Re:*snort*

[lawpoop]

Correct me if I'm wrong, but isn't it the case nowadays that blackhole lists ( or whatever they're called ) are used mainly as a factor in weighing scores in Bayesian methods of filtering spam, rather than just blocking email outright? In other words, the usage is still widespread, not for direct blocking, but for helping a program decide if its spam or not?

If so, this would let more spam through spam filters, really.

Re:*snort*

[paitre]

And before anyone starts to give me any guff about being soft on spam -

I've been known to nuke accounts, and not bother asking questions. I chased down the Empire Towers group and helped put an end to them. I spent 18 months cleaning up the -very- tarnished reputation of a now bought out web host almost 10 years ago, and have the scars to prove it. I hunted a spammer down and ratted him out to his own mother in Vancouver, BC, Canada.

The news regarding Ralsky had me drop a shot in celebration.

Believe me - I -detest- spam. At the same time, the methods utilized by SORBS were ineffective, and most legitimate hosts and providers stopped using them years ago.

Selective DNSRBL systems, as a practical method, WORK. Blocking residential cable from sending email? Hella good idea, for example. Blocking known dial-up ranges, as well. Blocking webhosts in an attempt to get their customer base to force them into canceling contracts that may cost the web host hundreds of thousands, if not millions of dollars? Nuh-uh.

When 'collateral damage' was useful, losses MIGHT have hit 10k. Now? Talking millions? Businesses will buy a new IP block and move the affected customers, and call it a day. Especially if they're blocked not because a customer has been an idiot, per se, but because the customer was hacked and used as a bot.

So, yeah. Rock on with your bad selves.

Re:*snort*

[paitre]

The -smart- people are doing precisely that.

The problem is that there really are still people out there who are using lists, such as SORBS, as absolute arbiters in what is, or is not, from a spam source.

Thankfully, this number is shrinking daily as they realize just how broken some of these lists have been as a matter of policy.

Re:*snort*

[Zontar_Thing_From_Ve]

You're kidding, right?

They have done more to give legitimate anti-spam efforts a black eye than ANY legislative attempts to 'solve' the problem ever could.

I -used- to believe that 'collateral damage' was a legitimate 'tactic' in the fight against spammers. I've grown up since then.

You get a big high five from me on that. On my previous job, SORBS caused us a lot of problems. It was very difficult to get off their lists once they listed you and if I remember correctly they also had a policy of not telling you why you were listed to begin with. I remember that one of the guys in our main European office was able to make friends with one of the SORBS guys in the same country and get some information about why we were blacklisted. Normally they didn't tell you why you were blacklisted, but this was some "countryman to countryman" special favor this SORBS guy did for us. We had a lot of email problems because some customers would use only SORBS for dealing with spam so if you're on the list, your email doesn't go through to them. I'm not saying that SORBS couldn't have been a useful minor part of an anti-spam solution, but all I saw was customers who blindly trusted SORBS and only SORBS and that made our life hell. I agree that I no longer think that SORBS' collection of tactics is legitimate. There are better ways to deal with spam and if SORBS dies, well, sign me up to dance on their grave.

Re:*snort*

[EdIII]

There are not a lot of products out there that support anything but blocking based on those RBL's.

I would love to find a proprietary product out there that uses the RBL's like that and also provides the features I am looking for.

So far I have not run into too many problems with the outright blocking though. I figure if there is a real problem, that I will get a support call from a customer and I can act accordingly. So far, no calls after 3 years of running like this with quite a number of mail clients and domains.

Re:*snort*

[ZorinLynx]

>I would love to find a proprietary product out there that uses the RBL's like that and also provides the features I am looking for.

http://spamassassin.apache.org/

Why does the solution have to be proprietary? SA works great. Out of thousands of spams that come into my account per day, maybe only 1 or 2 make it through, and there's no almost no false positives lately.

Re:*snort*

[Cramer]

My current static address from AT&T is listed in only one list... MAPS. Despite it being neither dynamic nor "dialup", they refuse to remove it first stating the request must come from the ISP, then stating the ISP explicitly listed the range with them as dynamic (which is a complete lie, as Bellsouth doesn't bother.)

Re:*snort*

[Znork]

You could take a look at VPN providers; I've noticed that some VPN providers provide solutions for exactly the problem you're having: static ip, configurable reverse, etc. At around $10-$15 per month it's certainly more affordable than a 'business DSL', and about on par with the cheapest virtual hosts you can get.

And as an added plus, that would also allow you to switch providers at will without having to change any configurations for your servers.

Re:*snort*

[Just+Some+Guy]

When 'collateral damage' was useful,

For some of us, that was never the case. There are three viable ISPs in my city: Qwest, cable, and the local mom-and-pop. I went with the latter to host my little home server because I knew the admins and the company had a good reputation. Now, suppose SORBS blocks [1] their upstream. What am I supposed to do, exactly? Switch to one of the mega-ISPs that will actively try to prevent me from running a server?

No, the whole idea of collateral damage only looks good to sociopaths or people who've never had limited options.

[1] Their take on it: "We don't block! We blacklist!" My take on it: the hell you don't. That's like CYBERsitter claiming that they don't block; they only provide recommendations.

Re:*snort*

[Just+Some+Guy]

AFAIK this is common to all RBLs - if they told you why and you were an evil spammer you could just work around whatever put you on the list and go on with your evil spamming.

And now you know otherwise. If you put in your IP, it'll tell you exactly why you're blocked (if you are). My ISP registered my whole netblock as dynamic, forgetting about my static allocation. I filled out the form to remove myself and was off the list in about half an hour. Spamhaus runs their RBL the way they were meant to be run and I have nothing but good to say about them.

Re:Explanation please

[MichaelSmith]

She looks like a really good girl, as girls go.

Um, is this at all credible?

I don't know if this is subterfuge, but:

http://www.iadl.org/sorbs/sorbs-story.html

Re:Um, is this at all credible?

That site is run by a known net-kook.

Re:Um, is this at all credible?

[e9th]

So is the FSF, but that alone is not reason to disregard it.

Re:Um, is this at all credible?

[kv9]

http://www.iadl.org/sorbs/sorbs-story.html

I don't care how real or fake that is, but the drama is absolutely delicious.

Summary is absurd

[Loki_1929]

Any mail admin who's depending in any significant way on the anti-spam wasteland of SORBS should be on their way to apply for jobs at local fast food restaurants as soon as possible. Even if someone handling spam control for a decent size business actually believed in SORBS' accuracy or effectiveness, the only effect of SORBS disappearing from the face of the Earth should have is a slight uptick in spam being caught by filters slightly further down the path to their users' mailboxes.

Seriously, is there anyone out there who isn't use a multi-tiered, inter-connected array of spam filtering methods at this stage of the game? ~96% of the mail going to my users is spam. My worst offender has some ~5300 messages a day of spam being filtered prior to reaching their inbox. If my best filter were rendered worthless tomorrow, I wouldn't expect to hear any complaints from users. (of course, I'd be pretty unhappy.)

I think honeypots are probably my best weapon again spammers at the moment, followed by my keyword blacklists.

Re:Summary is absurd

[Ed+Avis]

My boss and our customers pay me to keep spam away. I've not had any complaints whatsoever.

Of course not. If someone they haven't met sends them mail, and it's dropped as spam, why would they complain? They never even knew about it.

Death to SORBS

I run an ISP in the midwest. SORBS has caused so many problems, I don't want to bore you all with them here. I briefly talked with Mr(s?) Sullivan via email back in 07 about several problems he caused by blocking subnets we had on both Nuvox and XO. His response to my email (which was long but detailed), I paster here for brevity:

---------snip---------
F_ck off.

Yours trully,
ms
---------snip---------

Hopefully, she/he takes up dancing at a crossdress clubs and stays the _hell_ off the internet.

Re:Death to SORBS

[mynubarta]

Very unprofessional, Michelle, owner of SORBS. I don't care about your complicated personal life as others have brought it up here, but your comments like that to ISPs or whoever else is completely unneccessary. You DO NOT deserve any help in keeping SORBS up. I hope all your offers fall through. totally lame.

I didn't know Kevin Sorbo was sick.

[fyrie]

RIP Herc.

Re:The REAL story

[bruns]

How is what Michelle did any of your business?

You dont count

[coryking]

Your parent is right. There does exist a set of clueless people who straight filter based on RBL's like SORBS. Sure, filter your home mail server any way you want, but the *second* you have third-party people using your system (or the second you run the mail server for a business), you should be outright fired for filtering based solely on something like SORBS.

I figure if there is a real problem, that I will get a support call from a customer and I can act accordingly

That is because I dont waste my time calling you. I call your boss and your sales department. If you really are running a business mail server and filtering based on SORBS, you are basically clueless and I'll gain nothing talking to you Your sales staff though, I'm sure they'd be happy to know you are blocking my customers inquiries into your companies products. And I'm probably also sure that if you are the type who filters like that, they probably have a bunch of other issues with the way you run their systems and this just might be the straw that broke the camels back.

Re:(of course, I may have mis-read you)

[EdIII]

Wow. That's a lot of hostility there.

First off, I never said I used SORBS. I did some research first about which ones would probably be best, respond to delisting requests in a timely fashion, and could provide me with a list that was had a lot of maintenance. Spamhaus and Spamcop are fairly decent and AFAIK, they DO respond to delisting requests and don't just put IP blocks up willy nilly.

I'm hardly an idiot. If I could find an open source software package capable of doing what I require, I would have gone that way a long time ago. As it stands, I have to use a proprietary software package that does not allow me to weight the incoming emails based of *any* RBL's. I can only refuse the connection based on the RBL's.

My original point stands. You want to be so incredibly hostile and label anyone that dares to use a RBL (or maybe just SORBS, could you clarify?) as an idiot, but fail to realize just how many mail server software packages out there don't do what you are asking for.

Try taking the hostility down a notch or two, and if you are so knowledgeable about mail server product that do offer weighting based on RBL's, why not just post it here for people to read? Maybe there are people new to running a mail server, don't understand the implications of a RBL (which hardly makes them an idiot), and would gladly implement a better solution.

Or... you could just attack people personally and denounce them for being idiots without actually writing anything productive while foaming at the mouth.

Heh.. you will find a lot of hostility

[coryking]

A lot of people have had their lives turn into a living hell because of some listing on SORBS. Thus if it wasn't me who chewed you out, somebody else probably would have :-)

Spamhaus's PBL?* I filter on that... the friggen ISP's make up most of that list. I'm pretty damn sure AOL and friends filter off that list too and my motto is "if AOL or Yahoo filters mail based on XYZ policy, I will too". Plus, you can get off that list on a web page.

It is SORBS that I have an issue with. SORBS was created out of pure spite. So my apologies random internet person :-)

* Excepting Godaddy who is fucking insane. Those assholes filter *URL's pointing to a PBL'd IP that are embedded in a message*!!! Worse, they dont tell you. Had fun learning that.

Re:Heh.. you will find a lot of hostility

[mynubarta]

"A lot of people have had their lives turn into a living hell because of some listing on SORBS." Yes, and because SORBS volunteers were at times unprofessional and trollish in their responses for removal, it is just as well they are shutdown. Most other RBL volunteers would not behave this way, except SPEWS or whatever name changed to.

Re:Heh.. you will find a lot of hostility

[NitroWolf]

Holy shit, SPEWS. I had forgotten about that... the guy was worse than SORBS. Wasn't he the creator of Courier as well? How can someone that messed up create something like Courier? Or maybe I am thinking of someone else...

But yeah, SPEWS was a giant bag of shit. Thanks for reminding me there was something worse than SORBS.

Re:Heh.. you will find a lot of hostility

[siliconincdotnet]

> It is SORBS that I have an issue with. SORBS was created out of pure spite.

No, you're confusing "spite" with "greed". There's a difference. Spite is blacklisting a spammer's ISP in a fit of anti-spam zealotry. Greed is blacklisting a spammer's ISP hoping to extort a huge amount of money from them so their customers can send email again, and then blacklisting them again right after you un-blacklist them (yes, SORBS does this).

Good riddance to them. They've done nothing but tarnish the reputation of legitimate RBLs.

Spamcop, Spamhaus, and Uceprotect are plenty of RBL for me.

What's this then, eh?

[aweraw]

ROM's being charged for: http://vampire.isux.com/ROMs/

Dubious images: http://vampire.isux.com/pics/x/

So what's going on Matthew... I mean, Michelle?

Re:The REAL story

[Trillian_1138]

I asked myself the same question. In all fairness, that is how she signed off in the link included in TFS, but I still think its inclusion wasn't strictly needed for the "News for Nerds" aspect of the story....

Re:Explanation please

[MichaelSmith]

Sorry if I offended you. That was a Suzanne Vega reference. Maybe SV isn't geeky enough for /.

Good!

[jidar]

The death of SORBS should be good news to any decent ISP mail admin out there. Nothing like being forced to pay to get your mail server IP removed from a blacklist because you somehow can't keep the thousands of residential customers on your service from occasionally getting a virus and sending a few spams.
SORBS sucks and has for years. Don't get me wrong, I hate spam as much as the next guy, but sometimes a few get through, that's just how it is.
Luckily we haven't had much trouble with them lately since it seems that the vast majority of mail admins came to their senses and stopped using SORBS... frankly I'm surprised they need that many servers.

some good DNSBLs

[Onymous+Coward]

I recommend Spamhaus XBL and Spamcop Blocking List .

Spamcop used to have problems, but I think they resolved them a couple years ago.

Back when http://stats.dnsbl.com/ was operational I used their data to give me a quick leg up on figuring out which lists to look at. Then I checked out the lists for how they operate and then did a performance analysis.

Aside from policy/operation, two things that were particularly important to me were false positives and overlap. These lists get very low false positives and they combine nicely.

Old stats:

http://stats.dnsbl.com/zen.html

http://stats.dnsbl.com/spamcop.html

Re:Explanation please

[Trillian_1138]

I appreciate your apology, and your comment didn't (in and of itself) offend, just the moderation. I definitely didn't get the reference and it would appear, according to Suzanne Vega herself (scroll down to interview excerpt), the song was certainly written with good intent.

All that said, and having nothing to do with your comment, I'm not thrilled with Vega saying, "...I found out she wasn't really a girl," (emphasis added) in reference to the song's inspiration. Again, I don't think Vega is coming from a transphobic or hateful place, I just want to point out that that's not generally considered respectful language. (This isn't directly specifically at you, MichaelSmith, just more a general note...)

-Trillian

PS - I know I've been spoiled by the Internet, because I'm frustrated I wasn't able to imediately find an audio and/or video version of As Girls Go, so I could check it out, with a 30 second Google search...

Sorry pal

[coryking]

And I realize you aren't the kind of idiot who blocks based on SORBS (or god forbid SPEWS, remember them?), and you are an ISP so if you were filtering based on SORBS you wouldn't have much business anyway, so I'm not really talking about you--I'm talking about small to medium sized businesses and other hotspots of cluelessness... "Me" in this case is my ISP and my customers trying to send email to *you* and your funky smelling email servers. In other words, imagine if some asshole listed *your* ISP or one of your upstreams in SORBS... Your (er, my) customers are now bitching to *you* (er, me). This is what I'm ranting about here.

If you weren't willing to work with our support staff and provide us the necessary information to understand where our efforts were failing, you are useless.

If you are filtering inbound email based 100% on SORBS, you are clueless and it would be a waste of my time to deal with you. Why? Either you are ignorant (thus it wouldn't do me any good anyway) or you are an asshole who does this for kicks, in which case you'd tell me to FOAD. As such, talking to you is a waste of time.

I used to tell our sales staff we didn't want [you as a customer]

You are the IT guy. Why would they listen to you? The probably already hate your guts for installing some other spite-ware or have them change their password every week. They dont listen to you and they dont like you (again, I'm not talking about you sir, but the SORBS filtering BOFH guy--ISP's are typically not the type to filter this way anyway). My calling them is just more ammo to go after you. It is politics my friend :-)

Otherwise take your business to AOL or Comcast

Funny enough, AOL has a 24 hour 1-800 number you can call to talk with the postmaster.

Re:Possible Alternate Hosting

[MightyMartian]

Can you provide all the domains you host, so that I can get as many mail admins together to arbitrarily block your servers, and demand "donations" to unblock them?

Thanks in advance, you worthless pile of trash.

Don't let the door hit you in the ass...

[NitroWolf]

This is the best news I've heard all week!

SORBS is a blight on the anti-spam effort front and should have been run out of town on a rail years ago. It has done more damage to the perception of anti-spam lists than any other single entity on the internet. Hell, some spammers are better behaved and have better morals than the operator(s) of SORBS. I would literally turn to Microsoft or McAffee for anti-spam solutions before I'd even consider SORBS.

I hope the dirtbags that ran SORBS end up destitute in a gutter somewhere.

Re:The REAL story

[corbettw]

Yes, it was. Without it, those of us who used to have to deal with "Matthew's" temper tantrums when our mail servers ended up on his blocklist would have been confused as to his wife or sister was now shutting things down. kdawson's comment explained the issue simply and directly, but without trampling on Sullivan's privacy too greatly.

full disclosure

[corbettw]

kdawson should've included the disclosure that SourceForge, one of Slashdot's sister companies, is a sponsor of SORBS. There's an ad on the right side of the SORBS main page touting this fact, so it's not like it should've been difficult for him to find to point out in the summary.

Re:full disclosure

[Kalriath]

SourceForge isn't the sister company, SourceForge is Slashdot's owner. The PARENT company.

But I think it's only listed because Sorbs has a project on sourceforge.net, in which case Sourceforge "sponsors" eleventy bajillion people and companies anyway.

Never said turn off the spam filter

[coryking]

Obviously you can't turn that off. I said "stop blocking based on SORBS". Huge, huge difference. And yes, there are idiots who block based on nothing more then SORBS. Ask me how I know.

Not that disrespectful

[justinlee37]

I just want to point out that that's not generally considered respectful language

I'm not so sure that holding a different definition of the word "girl" than you do is really disrespectful. I get what you're saying but you've got to understand that to the population at large there is a difference between someone born biologically female and someone who surgically removed their genitals and started hormone therapy (or whatever other combination of measures you took to legally change your gender). For example, you never could and never will bear a child. Not that all women can, but they've generally got a higher likelihood of being able to do so. So people like to have different words for those different things. You've got to face the music, to Joe six-pack you're not a girl, you're a post-op transsexual.

I get what you're trying to say but I also feel like you're trying to strongarm others into changing the definitions of their words. If somebody doesn't think you're "really a girl" and you take offense to that, you're just picking a fight over semantics. Go ahead and wait until they say something really inflammatory and hateful before you bust out the righteous indignation, you'll win more hearts and minds.

Re:Not that disrespectful

[idlemachine]

You've got to face the music, to Joe six-pack you're not a girl, you're a post-op transsexual.

Or to put it in a way /.ers will understand: you're not a Mac, you're OSX running on hackintosh hardware.

Re:Not that disrespectful

[Shatrat]

If you've got more X's than Y's then you're genetically female and vice versa.

I think the only way to have more Y's than X's is to be from west virginia or european royalty.

Re:Not that disrespectful

[Trillian_1138]

I'm not so sure that holding a different definition of the word "girl" than you do is really disrespectful. I get what you're saying but you've got to understand that to the population at large there is a difference between someone born biologically female and someone who surgically removed their genitals and started hormone therapy (or whatever other combination of measures you took to legally change your gender). For example, you never could and never will bear a child. Not that all women can, but they've generally got a higher likelihood of being able to do so. So people like to have different words for those different things. You've got to face the music, to Joe six-pack you're not a girl, you're a post-op transsexual.

I agree with everything you've said here. As I said, I don't think Vega was intending the language to be disrespectful or hurtful. Likewise, I understood exactly what she meant, and Vega was using an culturally-understood phrasing when said, "...she wasn't really a girl."

However, I think you raise the point I'm trying to make by saying, "Not that all women [can bear a child]..." The fact is, any individual definition of 'girl' (or 'boy') will ultimately boil down to "I knows it when I sees it," because there are so many edge cases: definitions of genetics get tricky with people who have XXY or XYY instead of XX or XY, definitions of childbearing get difficult (as you mention) with people who are infertile, definitions of how one was raised get confusing with trans people (and other definition-straddling or -crossing individuals), definitions based on appearance get muddled with anyone not confirming to strict gendered appearances (and people with AIS), etc, etc.

As such, what I'm putting forth is that it's most respectful to use someone's own self-identification when labeling someone a man or a woman.

I get what you're trying to say but I also feel like you're trying to strongarm others into changing the definitions of their words.

Oh, completely - I'm 100% trying to get people to change their definitions of 'man' and 'woman' (and 'boy' and 'girl' and so on and so forth). I'd like to think I'm trying to convince them rather than strongarm them, but I suppose that'd just be a different semantic argument. ::grin::

If somebody doesn't think you're "really a girl" and you take offense to that, you're just picking a fight over semantics. Go ahead and wait until they say something really inflammatory and hateful before you bust out the righteous indignation, you'll win more hearts and minds.

Well, definitions are important. I identify as a Jew, too, and I would be offended if someone else said I wasn't "really" a Jew because I don't observe the sabbath or keep kosher (or a number of other things...I said I was a Jew, not a particularly observant one). I don't think I was in the wrong (or, as a note to moderators, trolling...) when I said it's "...not generally considered respectful language [to say someone who is trans isn't "really" a girl]." You're right, I should wait until there's overt transphobia before being similarly divisive, butI don't think I was being righteously indignant in what I said. At least I certainly wasn't trying to be. But pointing out that I'll ruffle feathers by sticking up for myself doesn't mean I shouldn't.

-Trillian

Re:Not that disrespectful

[Trillian_1138]

If you've got more X's than Y's then you're genetically female and vice versa.

It's, unfortunately, not that simple....

I have no problem with transgendered people wanting to be called whatever gender it is they identify with, but they really need to stop taking offence at how awkward it is for everyone else to figure it out in the border cases. Heck, there are some pretty gender neutral looking people I've met who have had no surgeries.

It's possible you're generally commenting rather than directing that at me specifically, in which case you can ignore this, but I don't think I overly took offense. I pointed something out that seemed, to me, to be disrespectful and have been trying to engage in a conversation about why I feel that way.

-Trillian

Re:SORBS is probably useless

[MightyMartian]

The reason SORBS is so universally reviled by a lot of the anti-spam crowd is because the creator and the whole cadre of folks that maintained (and I use that word hesitantly) really didn't seem nearly as interested in battling spam as in enforcing their own bizarre view of who should and should not be sending email. The entire ethos was abusive and ego-stroking. The last time I had problems, the one thing I noticed that was different than my old battles with this pack of scumbags was just how few mail servers seem to be using it now. Hotmail was what forced me to even bother dealing with it, because my employer does a lot of correspondence with people on Hotmail addresses (another cancer on SMTP). My general attitude about mail admins who reject messages because SORBS blacklists my IP address is "fuck you", because those admins, as I've said elsewhere, are either morons or just lazy and don't want to put the effort into building a good, solid, rugged SMTP server.

What I can't believe is that SORBS still has some defenders, when my experience from the years when I was working most of my days as an admin for a few hundred domains was that SORBS was just as bad as spam. I really do hope that it is allowed to die, and maybe a few more retarded mail admins finally get the hint and start implementing measures that don't essentially poison SMTP.

Re:So, what is it?

[raju1kabir]

Kind of off-topic, but Latvia has excellent net access speed. e.g., check out speedtest.net's stats. Latvia average download: 11.73 mbps. Australia average download: 4.92 mbps. In fact Latvia is their 6th highest worldwide. Speedtest.net isn't entirely scientific but is broadly representative in my experience.

Nothing's wrong with SORBS

[mvdwege]

I use SORBS professionally. It works. It stops spam. The few times IP space from our customers got listed, they got delisted within 24 hours after contacting SORBS by e-mail. All it cost me was registering an account for my employer at SORBS.

As usual in the discussion on blocklisting, Slashdot is being overrun by, ehm, 'legitimate biznizmen' and their supporters, and people who know jack shit about blocklisting and its history, but believe those who shout the loudest.

Mart

Re:(of course, I may have mis-read you)

[sglewis100]

My first guess is that you're using Exchange. If so, ever since Exchange evolved into the emacs of mail servers (boy, it does a lot of awesome stuff, but it sure would be nice if they had a MTA in there somewhere), the "new hotness" has been to put a real mailserver in front of the Exchange server to "soften the blow" of incoming mail and deal with all of the crap. Of course, whether you go with an appliance like the barracuda, or some other server, it'll take a bit of money and elbow grease to get it to work well (eg validating incoming addresses against AD rather than just bouncing them off the exchange server, defeating the purpose).

While you are 100% correct in the sheer crap that is referred to as "SMTP" in Exchange, setting up a Barracuda to verify against AD (or LDAP) is drop dead simple. It's default LDAP search string covers both OpenLDAP and Active Directory servers out of the box. If entering in a couple of hostnames and making sure there's a path from your front-end server to your back-end LDAP infrastructure in your firewall is complex... then you probably are lucky to be using a Barracuda, since a hand built setup is beyond you for sure.

We have multiple domains, multiple LDAP environments, multiple mail servers (corporate: Exchange, our franchises are on a Zimbra cluster), yet we still have no problems even though Exchange has shit support for split domains. We even got single sign on to the mail quarantines to work relatively easily.

It's also the best bet for someone who needs local and remote clustering but maybe isn't an expert in Linux. Also, another advantage to such a person not having gone with a FOSS solution would be the vendor support. Even the front line guys at Barracuda aren't bad (well except that one moron who keeps posting strangely incoherant and ignorant ramblings about amavisd-new on the Postfix list the last couple of days - but I hear he doesn't work there presently). I haven't needed this, but a former client of mine has Barracudas in place, and their support routinely configures it for you.

Probably the biggest disadvantage to more experienced but time challenged administrators is that you can't put your own custom rules into Spam Assassin, although you can send their support any requests and they'll implement them.

Re:Asshats

[orngjce223]

I'll oblige ya. Here's the copypasta, filled in for your convenience:

 

Your post advocates a

(x) technical ( ) legislative ( ) market-based (x) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(X) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
(X) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
(X) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(X) Blacklists suck
(X) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
(X) Nice try, assh0le! I'm going to find out where you live and burn your
house down!