SORBS Blocklist Reportedly Sold For $451K

palegray.net writes "SORBS, a well-known email blocklist provider, has reportedly been sold for $451k. Early reports indicate an acquisition by GFI, a company specializing in various communications services. In recent years, SORBS has been the target of frequent accusations of mismanagement and poor conduct, leading many to wonder if this turn in events might signal a chance for improved behavior. Citing lack of ISP support, the blocklist released statements earlier this year that they would be shuttering their operation."

Whoa!

And changed gender in the process :)

Why put up with that?

[causality]

In recent years, SORBS has been the target of frequent accusations of mismanagement and poor conduct, leading many to wonder if this turn in events might signal a chance for improved behavior.

Honestly, that wouldn't make me wonder if SORBS will improve its behavior after an acquisition. No. That would have made me find another blocklist provider a long time ago. Shady/questionable behavior like that goes on only because it's so thoroughly tolerated and often actively supported.

Re:Why put up with that?

It wasn't at all shady.

They have a blacklist that blocks dynamic users. It can be a pain to get delisted. They also charge you $50 to remove you from a list of repeat offenders. They give the money to charity. I've been on the ass end of SORBS before and know it's painful, but that's why it blocks so much of my spam.

Re:Why put up with that?

[burne]

It might block much of your spam, but blocks a lot of legitimate mail too.

Given the availability of better alternatives, SORBS has been 'not an option' for me since like what. 2003 or so?

Re:Why put up with that?

[MightyMartian]

It's largely because most people who administrate mail servers are completely and utter idiots. I've had conversations with mail admins who clearly don't even understand how SMTP works.

Blacklists are bad... bad bad bad bad bad bad bad bad bad. Yes, there are better behaved blacklists than SORBS, but they're all bad because filtering relies ultimately on the sensibility of these administrating the filter.

I'm running no filters and just greylisting and I get spam maybe once every few days. The only legit mail your going to be filtering out is from old or misconfigured mailservers.

Too bad

[Jazz-Masta]

It is unfortunate that SORBS has gotten a bad rap. Although it has been plagued on the administrative side of things, its list was still helpful in detecting and removing spam.

GFI is a good company - but I am betting the list will no longer be free to use. Everything they sell is licenced on a "per mailbox" structure, and as such I imagine the list will be implemented into their anti-spam products. There may also be a nominal fee (per box) to use the list with other spam filters.

Re:Too bad

GFI sends shivers down my back. I always loathed having to pull up that clunky, outdated, poorly layed out interface to manage our Spam filter. I could have lived with the poor interface if their software actually was proactive in Spam filtering, but it was mediocre at best. It wasn't unusual to come in to the office, only to find that my inbox was full of people complaining about the flood of Spam that made it through our filter the previous night. To make matters worse, their tech support was attrocious. I would normally get half-baked answers that never solved my problem. To be fair, I know they just hired a new Tech Support company to deal with these issues, but it will take a lot more to change my opinion on them.

Re:Too bad

[thijsh]

[quote]Although it has been plagued on the administrative side of things[/quote] SORBS administrators (or other participants) plagued anyone who is just kindly informing about their list. In my experience they are uncoöperative, arrogant and some are even sadist BOFH kind of people why get their biggest kick out of tormenting people with problems. When my host in the US was added together with a huge IP range as 'spam friendly subnet' I informed what I should do, and if the listing was legitimate if should move away to show my anti-spam support. They just enjoyed ridiculing and outright insulting the people who come for help... At one point they even blocked my university mail servers in Amsterdam for some random reason (relay maybe), but that only lasted for a few days because of pressure I guess...

I long theorized that the crappy SORBS listings were intentional and these administrators just love to add random ranges of IPs to the list to laugh their ass off when they mess around with the hordes of mailserver admins that come looking for help.

Re:Too bad

[gmuslera]

Bad rap? Like putting in blacklist entire ISPs because a single customer had a trojan? Or whole hosting companies (a /19 range) because one client from a single IP got an intrusion? A lot simply stopped trying to get delisted by them, and not sure how much people trust in what they say anyway, just too much false positives and no easy/fast way to get out.

Re:Too bad

[nametaken]

Agreed. We moved away from their spam filtering products a couple years ago and picked up a barracuda appliance. The GFI app was such a worthless hunk of crap, we've never looked back.

Re:Too bad

[Just+Some+Guy]

It is unfortunate that SORBS has gotten a bad rap. Although it has been plagued on the administrative side of things, its list was still helpful in detecting and removing spam.

So is unplugging your mailserver. It'd get roughly the same number of false positives, except without the malice.

Re:Too bad

[palegray.net]

If the new owners decide to continue the trend of irresponsible behavior that has been the hallmark of SORBS in recent times, at least there's a U.S.-based entity that can be more easily sued by for losses now.

Re:Too bad

[NoNsense]

It's been poorly run for a long, long time. As an administrator who occasionally had a customer who was blocked by their fault system, I can tell you they have less then a good attitude. Joey, if you ready this, you can suck my nuts. At least Matti will help you if you need it.

Re:Too bad

[secolactico]

Took the words out of my mouth.

RBL are a pretty good tools, but they are only as good as the admin team and processes behind it.

"Esoteric" RBL like SORBS are the source of headaches of responsible mail and network admins.

But even SORBS is not much of a problem (not many mail admins use it to block email since they don't want all the false positives). Recently, senderbase has stepped up their efforst to be even more obscure in their reputation systems. And since they are a now Cisco product, you can bet a lot more "big players" are going to start blocking with it.

That's what I like about Spamhaus and Spamcop. They are pretty effective, provide clear instructions for removal/appeals and they always provide the cause of blacklisting, giving you a pretty good idea of where to start correcting whatever issue you may have.

Re:Too bad

[TPS+Report]

It is unfortunate that SORBS has gotten a bad rap. Although it has been plagued on the administrative side of things, its list was still helpful in detecting and removing spam.

Spoken like someone who's never had to deal with them in any capacity. SORBS was an arrogant list that was out of touch with reality and the problems administrators face. SORBS made far too many arbitrary decisions (like blocking netblocks because they LOOKED dynamic - without bothering to check) and caused real harm and damage to millions of people. They were an embarrassment compared to real lists like Zen/SpamHaus, SpamCop, etc who remained professional and logical and actually had policies and procedures to determine how they handled situations. SORBS felt and acted like a college-run side project. It was by no means professional. They even asked for (mandatory) donations to de-list. What the hell! They were a joke and any real admin stopped using them many years ago in favor of real solutions (DCC/Razor, real anti-spam lists, etc). Anyone who continued to use them was just doing themselves, their customers, and everyone else a disservice.

Re:Too bad

[efalk]

I'm not sure the problem is that the administrators enjoy their BOFH roles so much as that anyone who runs an anti-spam service is probably someone who's already really, really frustrated with the spam problem, and with dealing with lazy, greedy and incompetent ISPs.

Another thing to consider is that the anti-spam services work for the clients who want the spam stopped, and they don't work for the ISPs that are generating the spam. So they tend to get testy when those ISPs ask for help dealing with their own problem.

The anti-spam service's duty to the spamming ISPs ends with "fix it your own damn self". In the end, it may be counter-productive, but there you have it.

Re:Too bad

[aztracker1]

I have about 25 RBLs setup in my spam filtering, each given a different weight, allong with spamassasin, it takes 2-3 results to have a spam blocked (I actually just filter into a Junk folder for the most part, unless it's really bad (takes 5-7 fails) I spent a solid month simply tagging various emails, and checking to see how reliable each list was in my use case to give them their weights. Works pretty well overall, adding in greylisting, and SPF checking helps too. I've been getting about 2 false negatives a week, and honestly haven't noticed any false positives. Though if strong SPF records were more common, then the RBLs could work quite a bit better.

Re:Too bad

[Onymous+Coward]

25? That seems like a lot. I hope your setup uses short circuiting?

I did a lot of research to find good lists. That means vanishingly small false positive ratios, clear and reasonable methodology that agrees with my philosophies, good organizations behind them, and good coverage in union. I use Spamhaus XBL and SpamCop SCBL. Independently they're great. Adding them together nets an additional 4.4% with just the one additional DNS lookup, totalling, I think it was, 86% (hm, must have had other measures added into that, XBL shouldn't get 82%). Adding other lists got rapidly diminishing returns so I didn't bother.

I used Al Iverson's stats resource back when it was operational to give me a leg up on finding DNSBLs and checking their performances.

Now that I'm looking at it I can't remember why I didn't choose the combined Spamhaus SBL-XBL instead of XBL.

Running a small system with users who are fine with it, I get to implement greylisting as well. Which seems to augment DNSBL effectiveness.

Re:Too bad

[gujo-odori]

Barracuda was a step _up_?!?! Wow, GFI must be really something :p

Re:Too bad

[Guspaz]

Or how about listing entire netblocks because the RDNS of an IP "looks" dynamic?

I'm serious, they've blocked huge swathes of Linode (a virtual server provider) because Linode's default RDNS format (li12-345.members.linode.com) looks dynamic as if such a thing exists.

Linode's attempts to get the netblocks delisted was met with silence; SORBS simply ignores anybody who tries to get delisted.

Re:Too bad

[Cramer]

Lemme guess, there answer was "spamtrap"? For which they will give zero evidence and demand payment to get removed. (That's extortion, btw. But since "we never touch the money" it's not illegal.) All it takes is ONE MESSAGE, EVER, to land in the spamtrap list; listings never expire, and you have to make a "donation" to get delisted. Most interesting is the number of charities refusing to be associated with the SORBS extortion racket.

While I doubt there was much intentional (mis)listings, there certainly were a number of listing made as a strong-arm tactic. ('spam friendly XXX' falls in that bucket.)

Re:Too bad

[Cramer]

Having worked for a former ISP of Jermey Janes, lemme just say, it's impossible to educate sales people. They care about their commission, and nothing else. When I checked, they had, in fact, had several connections with us for several years -- all under different names, to different addresses. But T1's were just too small for any real volume. When they ordered a DS3 and colo space, they screwed up and sent out 100,000 "template" spam messages and abuse@ received "many" complaints -- and the f'ing morons included some of our addresses as well (spamming your own ISP... priceless.) They were disconnected about an hour after their circuit was turned up. :-) [That's when I went hunting.] We terminated their connectivity as per the terms of our contract, but they remained as a colo customer -- $175/hr "escorted access" on top of colo was "madd money". (almost made up for PSI going out of business.)

SPAMHAUS was informed of all their address blocks -- and a few aliases/shell corps. they didn't know about. They were even told of the /20 we were allocated for them -- ARIN refused to give them anything -- before it even appeared in whois. :-)

Re:Too bad

I'm serious, they've blocked huge swathes of Linode (a virtual server provider) because Linode's default RDNS format (li12-345.members.linode.com) looks dynamic as if such a thing exists.

Linode's attempts to get the netblocks delisted was met with silence; SORBS simply ignores anybody who tries to get delisted.

Christ almighty (and I'm an agnostic!) if this isn't dead on. I work for an organization that owns a class B network and have requested removal of a legit mail server IP many times, with absofuckinglutely no response.

Re:Too bad

[EvilStein]

.......unless it's accompanied by cash, naturally.

Check out the Wikipedia entry for SORBS. Someone pointed out that they blocked entire ISPs for almost nothing, and the SORBS revisionists went and started slapping wikipedia vandalism warnings around.

Fuck SORBS, and screw Wikipedia. :|

SORBS became useless years ago. Filtering evolved significantly, they remained back in the useless stone ages. Good riddance.

Re:Too bad

GFI sends shivers down my back. I always loathed having to pull up that clunky, outdated, poorly layed out interface to manage our Spam filter. I could have lived with the poor interface if their software actually was proactive in Spam filtering, but it was mediocre at best. It wasn't unusual to come in to the office, only to find that my inbox was full of people complaining about the flood of Spam that made it through our filter the previous night. To make matters worse, their tech support was attrocious. I would normally get half-baked answers that never solved my problem. To be fair, I know they just hired a new Tech Support company to deal with these issues, but it will take a lot more to change my opinion on them.

I have not heard that they hired a new tech support company...

Re:Too bad

[danomac]

I find it rather interesting that I just now found out about the mismanagement of SORBS and how hard it is to get off the list. I basically set up our spam filter and check it periodically; that's about it. I honestly never paid attention to the politics of the lists themselves...

SORBS simply ignores anybody who tries to get delisted.

I can say right now that this is untrue. I inherited a blacklisted IP address for one of my servers just last week and figured out the hard way that the IP was blacklisted by several lists. I've got proper DNS, rDNS and SPF records set up for the domain in question. SORBS happened to be one of the four major lists that had blacklisted the IP I inherited. I went to their site, and submitted our IP and the details as well as indicated the presence of the relevant DNS records for a domain. I got a message back in approximately five minutes saying it was received and was being checked for validity. Ten minutes after I submitted the request I got a notice saying it passed initial checks and has been submitted to a human to remove the block. The next morning (around 18 hours later) I received an email stating we have been removed from the list. I went and checked their database online and confirmed we were removed from the list.

Now if you want to talk about pigheaded lists, fiveten is one. I put in a request; I was ignored. I asked my ISP to act on my behalf, and after two days he messaged me back saying that they blacklisted the entire subnet and refuse to remove it. So, if you want to block most of the internet's legitimate servers, use fiveten. You'll never get any mail! ;)

Re:Too bad

Or getting your mail server blacklisted, because they let their boss/friend forward any mail to an override spam/ham address, regardless of whether that person had opted in to a mailing list. Yes, this happened to us.

Re:Too bad

[nametaken]

Yup. Why, have you found something that works better than a barracuda appliance?

Right now I might get 1 or 2 spam emails a week with the 'cuda. I haven't had a false positive in 2 years. When we had GFI + RBL's, I'd get about 20+ per day. So... roughly 140 per week down to 1 (sometimes 2). This is not a big company, roughly 3,000 emails per day across all users.

Re:Too bad

[Guspaz]

While you may have had a good experience, Linode was met with silence when they requested that their netblocks be removed.

They weren't even listed for spam, they were listed because they were supposedly dynamic! That's right, a SERVER HOST specializing in providing servers with STATIC IP addresses.

Re:Too bad

[Sl4shd0t0rg]

I used to work as an email admin for a large ISP (over 5 million users) and SORBS was very receptive about removing false positive IPs from their list...if we paid them. We finally had to tell customers and outside users that complained to stop using SORBS and use other well run RBLs like Spamhaus.

Re:Too bad

[MightyMartian]

It is unfortunate that SORBS has gotten a bad rap. Although it has been plagued on the administrative side of things, its list was still helpful in detecting and removing spam.

It was helpful in detecting email and, based on the lunatic who was running it's particular whims, probably included a healthy dose of legitimate servers that, through no fault of their own, were somehow associated in some convoluted way with IP blocks where spam probably originated at some point anywhere in the last decade or so.

If I just randomly shoot people on the street, or even better, shoot everyone where leather jackets, I'm sure I'll take out some bad guys, but I'll take out a lot of innocent people as well. If that's your measure of success, then fine.

Re:Too bad

Many years ago, we used SORBS as an advisory, but wouldn't drop mail based solely on their data. After a while, they weren't offering any thing that we weren't getting from CBL, XML, or our home-grown lists, and we dropped them without a care.

Well-run RBLs are a boon. SORBS was never a boon.

has it

[spongman]

blocklists should be one-way hashes. the user's email address should never even be sent over the wire.

Re:has it

[doon]

Well sorbs (like most DNSBL's) is based on IP address, so generally speaking the users's email address isn't passed over the wire (in terms of BL usage).

Re:has it

[WuphonsReach]

You're confusing RBLs (which are based on a DNS lookup of the IP address) and "suppression lists" which are lists of email addresses that have unsubscribed.

The latter is best implemented as a one-way hash (usually md5) so that the resulting list can't be used for other mailings.

$451k? That sounds almost... reasonable?

It is refreshing to see a remotely known company to get sold for under $10E8.

I mean honestly, could anyone of you imagine Google paying less than millions of dollars for anything at all?

GFI - oh god no

GFI - Oh great. Ask any ex employee how much of a complete joke GFI are... Im wondering where they got the cash as the balance books are seriously bad

Re:GFI - oh god no

[DigiShaman]

I've had to deal with GFI on many Windows Servers. Their products are way overkill for a small businesses. I've also seen it lock up SMTP services now and then. I have yet to see any other 3rd party application do that (I'm sure there out there though). Sucks.

If the mail server is naked, I'll at least get IMF up and running back to Spamhaus. Not perfect by a long shot, but at least it filters out anything on their RBL list.

you bleeping amateurs.

Right before signing, you should have said, you know what, let's make it $419k. You guys just never miss an opportunity do you.

Is this good or bad?

[bc316]

That is one hell of a donation. :) I sure hope they fix the removal process. I have been struggling for weeks now to get some netblocks removed.

Re:Is this good or bad?

That is one hell of a donation. :) I sure hope they fix the removal process. I have been struggling for weeks now to get some netblocks removed.

been in the same boat for almost a year...

Re:Is this good or bad?

[cptsexy]

It took me about 6 months. I took over as the lead IT guy for a company who had their own Win Small Business server, but didn't have in house people to manage it. The initial setup wasn't done correctly and thus Sorbs had them blacklisted (along with several others I might add). I found and fixed the issues within my first week and then followed their process for removal and six months later finally got an email that I had been removed and things started working. The problem is that it seems a lot of people still use this list, because I know several of our vendors and customers were having trouble getting our email during this time. You can't expect that a business can wait 6 months to be removed. How is it fair for my company, who hired an incorporated company to set up their small business server, to have to pay SORBS bullshit fine? Esp when I've talked to other administrators who have paid it and still had to wait a bit. As far as I'm concerned SORBS is a confederacy of douchenozzles, and I for one wish they would have gone the way of geocities.

Re:Is this good or bad?

[Gerald]

This is one of the reasons I use Postini. Dealing with crap like this is now Someone Else's Problem, and that someone happens to be a large, resourceful corporation.

Re:Is this good or bad?

[dasmoo]

Send spam, be punished? Doesn't really sound that bad to me. If you were worth your salt as an IT guy you would've had your ISP change your IP address though. I've dealt with SORBS in getting a range of IP addresses removed before, it took two weeks. During that time we routed all outbound mail through a different IP address. You're going to have trouble with blacklists because they have to be annoying to be effective.

Re:Is this good or bad?

[Cramer]

... who have random mailservers listed in SORBS' spamtrap list. The day my mailserver dropped a message from gmail is the day I stopped using SORBS. This was cast in cement by their bitchy response to my inquiry... "[gmail] doesn't do outbound content filtering, so f*** 'em."

Re:Is this good or bad?

[cptsexy]

If you were worth your salt as an IT guy you would've had your ISP change your IP address though.

Um, no. Just change your IP, lol like nothing else is tied to it. We had a lot of other things that were pointed at that IP, again I did not set it up that way, but nonetheless would have been a cluster had we just up and changed it. In the perfect world you are correct, but we don't live there. And even two weeks in business is way too long to have to wait. Fix the problem let the software test and then de-list. My God I could understand if this was 1969 and some retard was taking requests by phone and manually testing but give me a break, any turn around time that is less that same day is ridiculous.

GFI is probably not going to be an improvement

When I came to my current employer, they were using GFI Mail Security for mail scanning. I don't know if the issue was Windows or GFI, but the Windows admin said "I have 3 gateways... I should be able to have at least one running on any day."

Yeah, OMG was my reaction too. I replaced them with two gateways running postfix+amavis-new etc., and never had to look at them again other than updates in the last 5 years. And spam filtering is about 10,000 times better now.

Shuttering their operation?

[hackel]

I can't tell if this is a typo or an actual term someone might use. I suppose shuttering the operation would simply mean concealing it from the public?

Re:Shuttering their operation?

[eln]

Shuttering a company (or part of a company) generally means to shut it down. Michelle was looking to close down SORBS, but evidently found someone to give her lots of money for it instead.

Re:Shuttering their operation?

[hardwarefreak]

Shuttering -

1. closing the shutters on the windows of a building (old term, most don't have shutters in 2009)
2. nailing wooden panels over the windows and doors of a condemned building to keep people out
3. nailing wooden panels over the windows and doors of a foreclosed building to preserve resale value of the structure (i.e. prevent vandalism)

The term, in the context used, is perfectly applicable.

Re:Shuttering their operation?

[palegray.net]

evidently found someone to give her lots of money for it instead

That's the part that has a bunch of people seriously ticked off. It appears she's landed a "Director of Engineering" title in the process, which I pretty much interpret as being handsomely rewarded for abject failure to run a responsible operation.

Re:Shuttering their operation?

[Cramer]

450k isn't that much money as these things go. Still, that's a lot of folding money in one's pocket.

$451k for what excactly?

Having seen the state of the codebase that SORBS was running on a few years ago I have to wonder what value GFI will be getting for their $451k.

Few years back SORBS was running on some very poor perl which was being patched & rewritten to keep the service running as the demand continued to grow. I don't believe there is much value in the code or the stack of donated servers that SORBS was running on. Since the partner and customer relationships with SORBS has disintergrated what value is GFI getting from this?

Re:$451k for what excactly?

[just_another_sean]

The blacklist itself? The many thousands of IP addresses they have identified as (a lot incorrectly btw) as deliverers of spam?

Re:$451k for what excactly?

[Cramer]

The servers, software, database, "reputation", etc. Basically, an anti-spam operation on wheels. ('tho I don't recommend rolling fully loaded racks around. A fully loaded 43U rack can weigh nearly a ton.)

Shutting down

[gmuslera]

Hope that the "shutdown" means that answer everything as NOT blacklisted for the people/devices that surelly will still use them for a while (not sure how will be interpreted to not be able to connect to the service), not the opposite that happened with others blacklists in the past.

Re:Shutting down

[amorsen]

not the opposite that happened with others blacklists in the past.

In the one instance that comes to my mind, they answered NOT blacklisted for more than a year after disabling the service. Still the queries came flooding in. In the end the choice was between abandoning the domain (and pushing all that load to the .com or whichever name servers) or answering blacklisted to make people wake up.

Re:Shutting down

[TheRaven64]

They could have reduced the load a lot by setting a very large TTL and returning NXDOMAIN at the root. For most of these systems NXDOMAIN means 'don't block' (this address is not in our block list, it does not exist). If you set it on the root for the DNSRBL then no queries will be delivered for addresses under that and every ISP nameserver will cache the NXDOMAIN. Even with a 24-hour TTL, you'd be reducing the traffic to at most one request per client per day.

Re:Shutting down

The dnsbl subzone could be delegated to a minimal/dumb dns server with a blind "is OK, and forever" answer against any question.

They could also send mail to the admins of the domains questioning them, but would not work because that spam-like mailing will surely be stoped by sorbs.

Too bad

I was hoping that extortion factory would shut down for good. Hopefully the new owners will run it like professionals instead of petulant a$$holes.

Traditional route

[russotto]

So, will they go the traditional route and block /0 when they shut down?

I hope they all die in a fire

I hope they all die in a fire along with anyone they love. These people are dirt; WORSE THAN THE SPAMMERS. They lie, exhort, disrupt and laugh with glee at the collateral damage they cause. May they rot in hell.

Oh my...they overpaid by about $450,999.99

[Ritz_Just_Ritz]

I don't know of ANY serious ISP that pays any attention to SORBS and it's been that way for a few years. Whoever cashed that $451k check had better squirrel that money away quickly before the unwitting buyer tries to claw it back.

I did not like my interaction with SORBS

[GoNINzo]

I was one of the people that had a very bad experience with SORBS.

My company got a new ISP with an external block. I'm sure at some point that block had been used as a dynamic range. I had not set a PTR record (because the IP of the mail server changed at the last second), my PTR and A record for that mail server were not set to 12 hours (seriously, who does that?), and I was banned on the SORBS list. I had an SPF record, you could obviously see that I'm part of a legitimate organization, and it would have taken maybe 2 minutes of work for an physical admin to realize that this was a mistake.

It took two support tickets with SORBS, 5 calls to my ISP, and around 10 days to get off the list. In the meantime, we could not contact certain people using it. And what's worse is that the only solution that the admin of SORBS had was to get everyone to stop using the SORBS list. I think that the TTL requirements are the worst part of their solution.

In my opinion, an unattended, automated black list is worse than the problem of too much spam. You are blocking valid mails, and because you are blocking it at the IP level, the end user doesn't even see it show up in their spam bucket many times. If SORBS had a single admin, checking their email once a day, they could easily filter out some of these issues.

I encouraged several anti-spam vendors to stop using their services for this reason, through the different companies that we interact with. There are several other blacklists that do their job well, there is no need to use an unattended blacklist.

Re:I did not like my interaction with SORBS

[EvilIdler]

I run into the same problems constantly. There are far too many small providers around the world who don't know better and subscribe to these awful blocklists. I have a reseller account through Hostnine which I portion out webspace from when non-technical friends need it. The IP address for the space they get is often in SORBS, so a lot of their mail doesn't go through. I find myself moving accounts from the selected location to another part of the world about half the time :(

What we REALLY need is a list of places which use SORBS so people can be steered away ;)

Re:I did not like my interaction with SORBS

[dasmoo]

You had a bad experience, ipso facto everyone should stop using a service that works. That's bullshit. Spam is far worse than losing one or two emails because someone's IT guy didn't have the balls to tell his boss to keep the two ISP connections running concurrently while they tested everything. Then you complain about the user not receiving the mail? The best thing about a DNSBL is that you don't receive the mail, reducing bandwidth, reducing cost. Also, you couldn't have just forwarded all mail through your ISP? Why are you guys all so sour when you get listed on a blacklist for a few days, there are workarounds for you, but not many for the spammers.

Re:I did not like my interaction with SORBS

[palegray.net]

Wow. You have absolutely no idea what you're talking about; do you even work in any sector remotely associated with large-scale network operations? How about this: I'll issue you a new netblock that's blocked via the SORBS DUHL (dial-up host list), even though the range isn't dynamically allocated at all. You'll try to get it removed from the list, at which point you'll be informed that you need to set your reverse DNS to something they find acceptable to even be considered for removal. You'll probably try to get ahold of a real person to explain the situation to; that will fail.

Meanwhile, several hundred brain-dead mail administrators, responsible for the delivery of email of tens of thousands of people, are happily using SORBS to block mail based on false assertions that your IP space is dynamically allocated. There's the one-two punch that pretty much guarantees you'll have mail delivery problems. If you're a business, that's a big deal; you could easily find yourself (as many have) unable to send email to partners, suppliers, and customers due to negligence beyond your control.

This isn't about being listed for a few days. It's about doing absolutely nothing wrong in the first place, having SORBS make provably false statements about the usage of entire netblocks, and then sitting by helplessly while SORBS refuses to address the situation, causing real damages to your business for months. I've got news for you: the Internet is bigger than "your ISP", and it's generally considered a bad practice to rely on another organization's SMTP service for your email unless they're an operation specifically geared toward doing so as their primary business model.

Next time you decide to post on a topic, please be certain you're well educated on the subject matter first.

Re:I did not like my interaction with SORBS

It could be worse. Some person you wanted to email might use SPEWS, and you'd have to sacrifice your goat's virginity on some newsgroup lists to get yourself taken off of this secretive, standards-free, star chamber of a blacklist. Check out http://joejared.cc/spews-faq.htm, not merely for a third-party FAQ, but to display the level of the group's maturity.

Re:I did not like my interaction with SORBS

[GoNINzo]

I think the other poster explained my position perfectly well, he gets the issue. The fact that I could get delisted within 10 days is pretty impressive for being listed there, it's normally months. And that's only because my ISP had problems with them before because the guy blocked /20's from them on a regular and repeated basis, it looks like mostly virus related.

And both ISPs were running at the same time, but you can only send mail out one direction. Am I supposed to short circuit our entire operations across our network just because we cannot send mail? It wasn't even something we even noticed for two days. You can't relay your mail through your ISP for a large company either.

So, ask yourself, which is worse, extra spam in your mailbox, or a valuable mail from a business partner to you getting dropped with no notice to you. Because if you honestly think it's the first thing, then just block 0.0.0.0/0 already and then you won't get any spam. But make sure to give them a bunch of things to fill out to make it look like you'll get right on reading their mail!

In the future, just make sure to check your new mail server IP against the blacklists beforehand. And when he says 'TTL of 12 hours', just do it already and don't argue how DNS is supposed to work.

Re:I did not like my interaction with SORBS

[Cramer]

A GREAT MANY people can tell the same story. SORBS was half-automated. Getting on any of their lists was simple -- a SINGLE email is all it takes. Getting off the list is not automated in ANY way. It takes a human being -- and by all accounts, there was only ever one human -- to remove you. The removal process was never speedy and usually involved a ransom in the form of a donation to an ever dwindling number of charities. (no respectable charity would have anything to do with this crap.)

The internet is a constantly changing landscape. SORBS was always a stick in the mud refusing to face the realities of the changing landscape. Spammers move around. Address space gets reassigned. A single email is not a valid reason to blacklist an address for ever more.

Re:I did not like my interaction with SORBS

[MSojka]

I think the other poster explained my position perfectly well, he gets the issue. The fact that I could get delisted within 10 days is pretty impressive for being listed there, it's normally months.

Strange. We've got an entire /16 listed there a few weeks ago, and it took less than three hours for the block to be gone after us explaining the situation (basically, some hosts were leased using stolen identities to send spam from and were shut down less than 24 hours after they started doing so).

The necessary observation

The problem is that it seems a lot of people still use this list, because I know several of our vendors and customers were having trouble getting our email during this time.

That is free markets at work. Company selling it's services to other companies. The results are excellent as companies always choose the best provider, right?

Now, just imagine the mess if our healthcare system worked like that... Oh. Yeah.

I felt this comment was necessary after having seen so many "And this people should be in charge of our healthcare??" comments every time the government screws something up.

Re:Too bad - not!

[billstewart]

It's unfortunate that SORBS deserved the bad rap they got, but they were quite effective at false-positive mis-detection of legitimate emails as spam, unlike lists such as Spamhaus, and quite unwilling to remove addresses that had been tagged as spam or as part of variously large blocks of ISPs that had had some spammers use them.

There are legitimate uses for a rabid-overkill list, such as directing mail from those IP addresses to a check-more-carefully server if you've got a multi-tier multi-server spam-blocking environment anyway, or perhaps adding a bit of weight to your Spamassassin weights, but they weren't a list you could depend on if you wanted to actually receive all your non-spam mail.

451K - the temperature that _____ burns?

[billstewart]

Spam? Flamers? Email?

Deep Six?

[SpeedyG5]

I hope they bought it to deep six it. There is just no use for it other than to let it die. Course thats expensive but could be a huge chunk of advertising dollars. ;)

I *Stopped* using SORBS and SPAM *decreased*.

[my_left_nut]

I'd stopped using SORBS awhile back, after numerous instances of it flagging real email as spam. Since then, the amount of UCE that I've been receiving since has actually *gone down*. Go figure.

Re:I *Stopped* using SORBS and SPAM *decreased*.

[my_left_nut]

I'm using spamhaus exclusively now. After discontinuing SORBS, I might get at most 10 spams a day.

Re:I *Stopped* using SORBS and SPAM *decreased*.

[LodCrappo]

are you suggesting it would not have gone down if you had continued using sorbs? i don't get it. how can you get less spam by blocking less IPs, regardless of whether those IPs are spammers or not?

Re:I *Stopped* using SORBS and SPAM *decreased*.

[Just+Some+Guy]

Don't question it. Nothing involving SORBS made a whole lot of sense.

Who uses SORBS anyways?

[gweihir]

Not me. There are far better ones out there.

SORBS--What a joke it became.

I got brand new IP's from ARIN which are still SORBS listed. I requested removal months ago and no reply.

I guess the transition of man to woman (owner of sorbs) Michael I mean Michelle Sullivan will finally commence. lol

Its good to hear someone who knows how to run a business is taking over..goodluck GFI!

Interesting blog from the former owner ...

[ZeekWatson]

http://www.myspace.com/michelle_i_sullivan

"I'm 40 year old transsexual girl ..."

I'm not making this up!

WTF

HOW THE FUCK CAN HIS SHITTY LIST OF IP ADDRESSES BE WORTH HALF A MILLION DOLLARS?

AND HOW DARE GFI REWARD THIS FUCKING FAGGOT FOR HIS CAMPNESS, INEPTITUDE, AND PISS POOR ATTITUDE DEALING WITH USERS.

FUCK THE WORLD IS ALL WRONG WHEN LOWLIFE FAGGOTS LIKE SULLIVAN ARE GIVEN HALF A MILLION BUCKS.

Matthew/Michelle, FUCK YOU. I really hope you get aids :) Really.

Also, fuck you, slashdot posting filter.
aaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaa aaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaa aaaaaaaaaaaaaaaaa
aaaaaa aaaaaaaaaaaaa aaaaa
aa aaaaa aaa aa aaa aaaaaaaaa
aaa aaaaaaa aaaa aaaaa aaaa
aaaa aaaaa aaaaaaaaaa aaaa
aaa aaaaa aaaaaa aa a aaaaaaa
aaaaaaaaa aaaaaaaa aaaaaaaaaaaaaa aaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaa aaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaa