SORBS - Legitimate Anti-Spam organisation?

[chicken]

There is not a lot more to say about this that isn't in my letter to them earlier today. Some of you might have come across SORBS before, but something they've done recently is causing problems to innocent companies and I'm wondering from their website whether they are honest and this was a mistake, or are trying to create a problem for their own profit...


My Letter to SORBS

Dear Sir/Madam,

I am writing this from my Yahoo account as I do not wish to give you my company domain, following a recent trend I have noticed which leads me to doubt the morality of your company's actions.

I work for a business where we support other companies in their IT needs, and was surprised to find on Monday 16th Jan that three of our clients all reported mail rebounding from certain addresses. Further investigation showed that all of these rebounds had been a result of your "Anti-Spam" listings.

None of these companies have any history of sending spam, but all use internet connections from BT which don't support Reverse DNS, and as recent events would suggest, this causes your system to automatically bar them completely from all of their legitimate clients, suppliers and other contacts who use your system.

Resolving this issue would either require moving anyone affected to a different ISP, or setting up smart-hosting, both of which are costly considering the cause of this problem has nothing to do with them.

Assuming you are a legitimate Anti-Spam organisation, I trust you will do all you can to avoid causing unnecessary problems to innocent companies. I can't help but notice however the phrase "Spam Database Deleting Payment Enquires" which worries me, as if you genuinely are about fighting spam, you would take no payment from a spam company to remove them, and would not charge mistaken listings for their removal.

I am sending this to more than one account as you seem to be making a point of not taking replies unless they are exactly what you want to hear, the money issue being the most disconcerting. Hopefully you will prove my suspicions wrong.

I look forward to your reply.



Regards,

- David

[hoodmeister]

There's an easy buck to be made for those with loose morals here... It wouldn't surprise me if this company was less than legitimate :/

[pak000]

was with most blacklists the following thoughts should be applied before using the blacklist generated...Does it contain what i want?

There are plenty of blacklists out there, they all offer different detection methods, inclusion protocols and ttl's, if it is really a concern, you should speak to the companies that are blocking to either a) request they enter your ip on the whitelist or b) use a more appropraite blacklist.

You say that the companies are using BT..are there ip's static? if not then they will occasionally run into problems as the ips are blacklisted when a compromised pc is using it.

Also have you run a security check to make sure that there is no hole in the companies networks that may have resulted in their sending spam unwittingly.

Most blacklists have a "please remove me" option in which case they will remove you until you do something to result in being readded again.

If these blacklists are used appropriately, they can be used to great affect, however people need to be more careful in their use.

[GDVS]

SORBS lists compromised machines, all dynamic IP addresses, open relays, spammers, basically the whole ball of wax. Most listings can be removed at no charge, spam is treated differently though. If an IP or netblock is listed because spam originating there was received by a SORBS spam trap then they will only delist it if you donate $50 to one of their nominated charities. They will reduce netblock listings down to IP listings if the spammer is gone but the actual IP used needs a donation to get clear. This is to encourage people to pay more attention to what their users are doing and stop spammers before they become a problem.

Your email is factually inaccurate regarding delisting charges and will (I believe) go straight in the bit bucket. You are also incorrect about "innocent companies", increasing listings to netblocks is done to deliberately cause collateral damage. In this way pressure grows on the ISP (BT in this case) to do something about the problem. Some DNSBLs tend to take a hard line on ISPs hosting or supporting spammers and SORBS is one of them, the mail administrators at the companies rejecting your mail will be aware of this and have chosen to use the BL in full knowledge of the consequences. Your only recourse is to contact BT and ask them to deal with the listing, I suspect however that they will already be doing so. Being listed in SORBS is not good for an ISP and they tend to try and deal with the problem fairly quickly.

Put another way, this is how the system works and also why it works, collateral damage is the leverage used to make ISPs deal with their less reputable customers.

[pak000]

my late night drunken post, laden with typos does not put as succinctly what i was trying to convey as gdvs' post.

[ikonia]

the simple solution - which is also the designed sollution for companies using hired managed internet connections (such as BT broadband) is to use the the ISP's smarthost.

SORBS is %100 legitimate and one of the most respected orginisations around.

Your company that offers "support to IT needs" should be more than aware of this orginisation and how these things work on the internet.

Good job you didn't use your companies domain name, or you would have made your company look very stupid.

FYI: I've managed to get a few Broadband IP style addresses (such as the reverse DNS problem you suggested in your origional email) you just have to justify your reason and provide evidence that you have and will continue to meet the non spam criteria. These IP blocks are marked as exceptions.

[RedPutty]

Sounds like they need their email set up better (not sure exactly what setup they have, doesnt sound ideal) rather than trying to get SORBS to change how they work.

[Mike Fishcake]

Not sure which company it is, but one of our company's mailservers is on a blacklist, so the people that subscribe to those blacklists don't get our email. Several people have tried to contact them with regards to removal, but so far tehy'ev been less than helpful :-(

[ikonia]

Mike,

Take a look at the mail rules on the SORBS site, and see which or the rules your client doesn't meet eg:

Open Relay
reverse DNS doesn't match the host name
Generic reverse DNS server DNS names
TTLS too short
Address Markings and Owners in RIPE
Dynamic Address range
Mail Relay host
etc (that not all of them just some obvious examples)

Once you have found out which rules you don't comply with - fix it, and send a mail to the correct address (they have a black whole address to make sure people read the site to get the right address) stating you are aware the problem was X and you have done X and Y to solve the problem.

They will check it up and remove you from their DNS blocklist and 2 days later the world will see you as an unlisted host.

If you look in your mail log, you normally get a message in the DNS lookup for the intended address, which gives you a URL to a sorbs page that explains why you are being blocked.

If you do a search on the SORBS page with the IP address, it will also give you a clue of why your clients are being listed. Hope that helps.

[chicken]

Mike's issue is exactly what I am talking about, it isn't fair to blacklist companies simply on the fact their IP doesn't reverse DNS properly when they aren't offered the chance to set up reverse DNS by their host. It's one thing blocking spam, but when it interferes with many innocent companies it causes a bigger problem than it fixes.

Also it isn't easy to get in contact with them, let alone that you have to go out of your way to sort something that wasn't a problem before you even do, or they won't lift a finger. The charging-for-removal is far easier to access than any legit system they may have. I don't see how it's their place to be putting these rules on everyone.

I posted here because I wanted to find out if they are a proper organisation or people in it to make a quick buck. I have been assured by people that they are, but I can't say I agree with the way in which they are going about it. Little too cavalier for my likings.

[ikonia]

There is nothing cavalier about them at all, hence why a large proportion of the internet uses sorbs.

Blacklisting reverse DNS maps that doesn't match to machines is an excellent way of removing bulk temporary IP ranges as such provided by broandband or dial up. Email should not really be hosted as an SMTP service on broandband - as thats not really what its therefore (one of the reasons is ISP's can't maintain DNS maps for so many hosts) therefore what an excellent way to stop mass spam than to block all the broadband style IP addresses.

Pretty much any respectable ISP home user/small business provides SMTP relays or smarthosts - and users should use that meaning that all mail can be verified and futher redcue spam.

Any respectable hosting ISP will provide smathosts or email relays, or if your with a resonable ISP you can get your reverse DNS map changed, as its normally much smaller IP blocks. Which means you won't be blacklisted.

they are VERY easy to get in contact with - I've contacted and worked with them on many occasions to get IP blocks changed status, individual hosts de-listed etc. You just have to really read how the website to know what critera to post and to which address. This is to really stop quick IT know it alls pestering them with "please de-list my IP". If you read the details and post the correct details to the correct address your obviously a.) aware of why you are listed b.) serious about fixing it c.) understand the principals of whats going on with the mail systems - which really is whos its aimed at mail/network administrators.

This sort of approach is EXCELLENT and has done masses to reduce spam (I can see in my mail logs how much spam is rejected through the 4 mail lists I use - sorbs is one). its so effective its untrue. If it was not effective then so many big companies would not be using and supporting it.

If you want to chat about your mail problems, I'd be happy to go through it with you and perhaps give you a few tips or contacting sorbs.

Bottom line is - home/small business users, use your ISP's mail relays, its not a costly or time costly thing, infact - its free.

People running legitiate mail systems, manage it properly.

[Mike Fishcake]

Ikonia - I'm nothing to do with the people that look after the mail servers, I just know that tey're complaining about it. I would have thought they would have tried it, but maybe they haven't.

I'll investigate some more anyway - many, many thanks for the info!

[pak000]

Mike's issue is exactly what I am talking about, it isn't fair to blacklist companies simply on the fact their IP doesn't reverse DNS properly when they aren't offered the chance to set up reverse DNS by their host. It's one thing blocking spam, but when it interferes with many innocent companies it causes a bigger problem than it fixes.

There is a blacklist site called blackholes.us, it is has numerous blacklists based on country, every ip for your country is listed in it, therefore you can blacklist china if you wish. Now, I am sure there are numerous legitamate people sending emails from china, but is it wrong that they are in this blacklist? it is set up with the express intension of listing EVERY ip in that country. should people be removed from the list because they have a legitamate reason to send spam? NO

This site is regularly threatened with legal action about removing ips, and they refuse to back down, rightfully so.

the list you are blocked on is apparently ips that don't reverse dns properly, your ip is not reversing properly and therefore it is rightly on the list, if it was not on the list, the list would be wrong.

How people use these lists is up to them, however they should be aware of the concequences of doing so. I can understand you frustration, but you will never get sorbs or any other decent blacklist to remove an ip that is legitamately on there

[chicken]

So you're saying banning an entire country under the heading "This is an anti-spam list" is fine? They may know what their list does, but not all who use it.

These companies mentioned DON'T send spam, so therefore shouldn't be on an anti-spam list, whether they be in China, or just on an ISP that doesn't reverse DNS properly. These factors do not prove they send spam, therefore have no place on an anti-spam site. All you're proving the legitimacy of with your arguement is putting them on a list, whether it's to do with spam or not.

The purpose of spam blacklists is to remove unwanted mail, anyone in charge of such lists should do their upmost to ensure this doesn't affect genuine mail, and not take the shoot first, ask questions later approach.

[RedPutty]

No hes saying that if you are sending email from an address that doesnt have reverse DNS then dont be surprised if you end up on a list of people who dont have reverse DNS

Its the choice of the recipient ISPs to use these lists, SORBS et al do not force people to use them.

I understand its annoying but perhaps this is a good opportunity to sort out their email setup.

[atrull]

the problem with sorbs is that they wouldn't even recognise if you had tried to stop spam passing through your relay - one message through in a thousand and they'll stick you on the list and not the originator of the spam (i.e. where the test message was first relayed through). Pain in the ass. Thankfuly, none of my own email systems are insecure, but joey must be racking up quite alot of dough.