Re: Sorbs.net DNS Blacklist
Facekhan
message out to the sender, just an smtp error code. I think it is either
a error 553 or 550 to the other mail server. It is the originating mail
server's job to produce a bounce message for the sender when it receives
an error code. Standard or not, I think even that functionality is often
recommended to be disabled so that spammers can't use dictionary attacks
looking for live addresses and the resulting bounce messages produced
are more trouble than they are worth for large email systems.
Never used sorbs, but my experience is that roving black list operators
take an extreme stance towards getting off the list although asking for
money is a new one on me. You might just try telling them (think of it
as social engineering) that you disabled the functionality and see if
they will take you off the list. Don't pay them, that is clearly
extortion IMHO. If they won't take you off, you might want to contact
the other Admin and point out that Sorbs is blocking you for a spurious
reason and is shaking you down and they may want to cease using that
blocklist or otherwise whitelist you to continue doing business.
Jason
Dan Denton wrote:
>I've got some updated info since the original posting. I spoke by email
>with a gent at paym...@sorbs.net, and was told that the reason we were
>blacklisted was that a spammer sent a message from a forged username at
>a particular domain. The email hit an address at our server that was no
>longer in use, and of course a bounce message was sent back saying the
>address doesn't exist.
>
>Evidently, this response is considered spam in and of itself by
>sorbs.net, and that's what got us on the blacklist. Never mind that we
>were the ones who got spammed in the first place, and our mail gateway
>was only doing what it was supposed to do. I was told that if we ceased
>such "harassment", then we would be removed from the blacklist.
>
>Symantec, who makes our gateway, has it documented on their website that
>this feature cannot be disabled, and that such responses are required by
>RFC 821. I can see the point. If there's no response to the sender of an
>email who accidentally puts a typo in the email address they're sending
>to, how the heck would they know if their email reached the correct
>party or not? They'd receive no response from a real user, and they'd
>probably wonder why they're being ignored. In a business setting, that
>behavior could lose you money real quick.
>
>Can anyone please let me know if I'm the one being over-the-top here?
>I'd also still like to hear other people's input or experience with
>these folks.
>
>-----Original Message-----
>From: Dan Denton
>Sent: Thursday, March 09, 2006 9:31 AM
>To: securit...@securityfocus.com
>Subject: Sorbs.net DNS Blacklist
>
>
>Does anyone on the list have any prior experience with the folks at
>sorbs.net? For the past few weeks a customer who uses a blacklist
>supplied by them has had our emails blocked. Previous to this the
>company had no problem getting our emails. People at said company want
>to receive our emails and are frustrated that they can't receive them
>(important stuff like invoices and statements), but their IT admin says
>he has no control over the list itself.
>
>I went to sorbs.net, checked our status using one of their utilities,
>and the IP of our mail server shows up on their list. I've even sent in
>a request to be removed from the list and have received a ticket number.
>In their procedures for delisting, they claim that you must "donate" $50
>per email they supposedly received in their spam traps, and the
>donations are to be made to 2 charities of their choice. I for one think
>this is extortion, regardless of whether the intention is to stop
>spammers.
>
>Any background or experience you can share would be appreciated. Thanks
>in advance...
>
>Dan Denton
>
>------------------------------------------------------------------------
>---
>EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
>The Norwich University program offers unparalleled Infosec management
>education and the case study affords you unmatched consulting
>experience.
>Tailor your education to your own professional goals with degree
>customizations including Emergency Management, Business Continuity
>Planning,
>Computer Emergency Response Teams, and Digital Investigations.
>
>http://www.msia.norwich.edu/secfocus
>------------------------------------------------------------------------
>---
>
>
>---------------------------------------------------------------------------
>EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
>The Norwich University program offers unparalleled Infosec management
>education and the case study affords you unmatched consulting experience.
>Tailor your education to your own professional goals with degree
>customizations including Emergency Management, Business Continuity Planning,
>Computer Emergency Response Teams, and Digital Investigations.
>
>http://www.msia.norwich.edu/secfocus
>---------------------------------------------------------------------------
>
>
>
>
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
David Gillett
disguises itself as RFC821 bounce messages.
However, since bounce messages *are* required by RFC821, it
seems to me that outfits like sorbs.net need to therefore
cultivate some expertise in differentiating faked bounces
from the real thing. I suspect that sending a message to
the allegedly bouncing address and examining the response,
if any, would be pretty conclusive.
If they can't be bothered to do that, they're members of
the problem set rather than the solution set.
David Gillett
Kelly Winters
I work for an isp and we deal with these self-proclaimed guardians of the
internet daily. Some of the lists are impossible to get off, like Spews.org.
(Check out their FAQ, they even tell you that there is no support, no
guarantee, nothing.)
All you can do is try to "educate" the people who have chosen to use one of
these extremely unreliable methods of filtering their email. It is
ultimately their choice. The services are mostly free, and you really do get
what you pay for.
Another option is to see if your ISP will give you a new block if IP's that
have been "scrubbed" to make sure you aren't inheriting another blacklisted
block.
There are much more reliable and configurable options out there for those
wishing to blacklist (or whitelist) email senders.
Good luck,
kw
-----Original Message-----
From: Dan Denton [mailto:dde...@PAYLESSOFFICE.com]
Sent: Thursday, March 09, 2006 9:31 AM
To: securit...@securityfocus.com
Subject: Sorbs.net DNS Blacklist
Does anyone on the list have any prior experience with the folks at
sorbs.net? For the past few weeks a customer who uses a blacklist supplied
by them has had our emails blocked. Previous to this the company had no
problem getting our emails. People at said company want to receive our
emails and are frustrated that they can't receive them (important stuff like
invoices and statements), but their IT admin says he has no control over the
list itself.
I went to sorbs.net, checked our status using one of their utilities, and
the IP of our mail server shows up on their list. I've even sent in a
request to be removed from the list and have received a ticket number.
In their procedures for delisting, they claim that you must "donate" $50 per
email they supposedly received in their spam traps, and the donations are to
be made to 2 charities of their choice. I for one think this is extortion,
regardless of whether the intention is to stop spammers.
Any background or experience you can share would be appreciated. Thanks in
advance...
Dan Denton
---------------------------------------------------------------------------
Dan Tesch
Sorbs? I hope someone takes them down. I have a client that uses SBC and
they way their IP range was
named was an issue for Sorbs - this was rectified and now it's that the MX
record TTL isn't right - the
DNS records are hosted for now with Network Solutions who won't change the
TTL - lots of bounce backs!
AAAAAARRRRRRRRRRRGGGGGGGGGGHHHHHHHH!!!!!!!!!!!
I've got some updated info since the original posting. I spoke by email with
a gent at paym...@sorbs.net, and was told that the reason we were
blacklisted was that a spammer sent a message from a forged username at a
particular domain. The email hit an address at our server that was no longer
in use, and of course a bounce message was sent back saying the address
doesn't exist.
Evidently, this response is considered spam in and of itself by sorbs.net,
and that's what got us on the blacklist. Never mind that we were the ones
who got spammed in the first place, and our mail gateway was only doing what
it was supposed to do. I was told that if we ceased such "harassment", then
we would be removed from the blacklist.
Symantec, who makes our gateway, has it documented on their website that
this feature cannot be disabled, and that such responses are required by RFC
821. I can see the point. If there's no response to the sender of an email
who accidentally puts a typo in the email address they're sending to, how
the heck would they know if their email reached the correct party or not?
They'd receive no response from a real user, and they'd probably wonder why
they're being ignored. In a business setting, that behavior could lose you
money real quick.
Can anyone please let me know if I'm the one being over-the-top here?
I'd also still like to hear other people's input or experience with these
folks.
Daniel Gil
Tell your customer to user another Blacklist.
I have got some problems with SORBS. One of my customers had got is IP
address listed on SORBS. But it was listed so long time ago and an entire
block was listed (something like 192.168.1.1/255.255.255.0) so I email
them.
I just ask them if my customer should complain with is ISP in order to get
their IP address unlisted. They answer me that was not nescesary because
that IP was listed so long time age and they didn't notice SPAM traffic for
a long time comming from this IP (my customer one) so they decide to
delisted.
I haven't to pay. So in my opinion these guys are not radicals. You can
talk with them, they listen to you.
But as I said before, the easy way is telling your customer to use another
blacklist till you get your IP delisted.
Visit: http://rbls.org/ there you can check your IP against a lot of
blacklists.
Daniel Gil
Gerencia de
Investigación y
Desarrollo (I+D)
Danie...@itcon.com.ar
Te
l/
Fa
x:
50
31
-3
35
0
In
te
rn
o
7
(Embedded image moved
to file: pic06536.gif)
(Embedded image moved Itcon Argentina S.R.L. - Cerrito 1070 Piso 1º "B"
to file: pic06677.gif) C1010AAV - Bs. As. - Argentina
Tel/Fax: (0)11-5031-3350
http://www.itcon.com.ar
John Mason Jr
> I've got some updated info since the original posting. I spoke by email
> with a gent at paym...@sorbs.net, and was told that the reason we were
> blacklisted was that a spammer sent a message from a forged username at
> a particular domain. The email hit an address at our server that was no
> longer in use, and of course a bounce message was sent back saying the
> address doesn't exist.
The "proper" way to deal with this is to reject during the smtp
conversation, that way your mailserver will not generate the bounce
message and get stuck in a blacklist.
<http://spamlinks.net/prevent-secure-backscatter.htm>
>
> Evidently, this response is considered spam in and of itself by
> sorbs.net, and that's what got us on the blacklist. Never mind that we
> were the ones who got spammed in the first place, and our mail gateway
> was only doing what it was supposed to do. I was told that if we ceased
> such "harassment", then we would be removed from the blacklist.
Backscatter is bad, I hope you can find a way to fix your problem
The link explains it better than I can
>
> Symantec, who makes our gateway, has it documented on their website that
> this feature cannot be disabled, and that such responses are required by
> RFC 821. I can see the point. If there's no response to the sender of an
> email who accidentally puts a typo in the email address they're sending
> to, how the heck would they know if their email reached the correct
> party or not? They'd receive no response from a real user, and they'd
> probably wonder why they're being ignored. In a business setting, that
> behavior could lose you money real quick.
It is not about getting the NDR but which server should generate it.
John
<snip>
Dan Denton
people at Sorbs saw fit to remove me from their blacklist. Thanks to all
of you who responded to my post. You help is greatly appreciated...
Devdas Bhagat
> Does anyone on the list have any prior experience with the folks at
> sorbs.net? For the past few weeks a customer who uses a blacklist
Apologies for the late response, I have been afk.
> supplied by them has had our emails blocked. Previous to this the
> company had no problem getting our emails. People at said company want
> to receive our emails and are frustrated that they can't receive them
> (important stuff like invoices and statements), but their IT admin says
> he has no control over the list itself.
>
The administrato should be able to whitelist your sending IP address.
> I went to sorbs.net, checked our status using one of their utilities,
> and the IP of our mail server shows up on their list. I've even sent in
> a request to be removed from the list and have received a ticket number.
> In their procedures for delisting, they claim that you must "donate" $50
> per email they supposedly received in their spam traps, and the
> donations are to be made to 2 charities of their choice. I for one think
No. You can donate to _any_ charity you like, they merely provide a
couple of examples. Alternatively, you can wait until your listing
expires (I believe they have a 90 day blackhole period).
> this is extortion, regardless of whether the intention is to stop
> spammers.
>
SORBS itself does not block you. They do not charge you money for
delisting. Their argument is "You have done damage to the Internet
commons. If you want to be a good citizen, please undo the damage by
donating $ to <random charity>. Alternatively, wait for 90 days to be
delisted automatically."
Not extortion.
Devdas Bhagat
Devdas Bhagat
> I've got some updated info since the original posting. I spoke by email
> with a gent at paym...@sorbs.net, and was told that the reason we were
> blacklisted was that a spammer sent a message from a forged username at
> a particular domain. The email hit an address at our server that was no
> longer in use, and of course a bounce message was sent back saying the
> address doesn't exist.
WTF are you bouncing email for non-existent users instead of rejecting
at SMTP time?
>
> Evidently, this response is considered spam in and of itself by
> sorbs.net, and that's what got us on the blacklist. Never mind that we
And by a few others as well. Google: bounce attack spam, outscatter,
backscatter.
This may not sound like much to you, but when you get a million bounces
(or two) because you got joe-jobbed and a bunch of bonehead admins decided
to accept-then-bounce, it does becaome a serious issue.
> were the ones who got spammed in the first place, and our mail gateway
> was only doing what it was supposed to do. I was told that if we ceased
> such "harassment", then we would be removed from the blacklist.
>
> Symantec, who makes our gateway, has it documented on their website that
> this feature cannot be disabled, and that such responses are required by
> RFC 821. I can see the point. If there's no response to the sender of an
> email who accidentally puts a typo in the email address they're sending
> to, how the heck would they know if their email reached the correct
> party or not? They'd receive no response from a real user, and they'd
> probably wonder why they're being ignored. In a business setting, that
> behavior could lose you money real quick.
>
_REJECT_ not _BOUNCE_. A "550 No such user" message from your SMTP
gateway would work fine, let senders know that their mail has not
reached its intended recipients and would be less abusive on the
Internet infrastructure.
Joseph
Beilin is right, in sendmail you can use the "access" file to allow a mail
server to connect regardless the state of what RBL says, with the syntax;
Connect:paylessoffice.com OK
make; and restart your sendmail server.
On Thu, 9 Mar 2006, Beilin Zhang wrote:
> You can ask your customer's IT admin to white list your mail server, that's
> something that he has control.
>
> Beilin Zhang
>
> -----Original Message-----
> From: Dan Denton [mailto:dde...@PAYLESSOFFICE.com]
> Sent: Thursday, March 09, 2006 7:31 AM
> To: securit...@securityfocus.com
> Subject: Sorbs.net DNS Blacklist
>
>
> Does anyone on the list have any prior experience with the folks at
> sorbs.net? For the past few weeks a customer who uses a blacklist
> supplied by them has had our emails blocked. Previous to this the
> company had no problem getting our emails. People at said company want
> to receive our emails and are frustrated that they can't receive them
> (important stuff like invoices and statements), but their IT admin says
> he has no control over the list itself.
>
> I went to sorbs.net, checked our status using one of their utilities,
> and the IP of our mail server shows up on their list. I've even sent in
> a request to be removed from the list and have received a ticket number.
> In their procedures for delisting, they claim that you must "donate" $50
> per email they supposedly received in their spam traps, and the
> donations are to be made to 2 charities of their choice. I for one think
> this is extortion, regardless of whether the intention is to stop
> spammers.
>
> Any background or experience you can share would be appreciated. Thanks
> in advance...
>
> Dan Denton
>
> ---------------------------------------------------------------------------
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity Planning,
>
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity Planning,
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
>
--
Joseph Renda <Jos...@Renda.CA>
Devdas Bhagat
<snip>
> and have them prove in court that they did infact donate ALL of the previous
> $50 donations to the charity of their choice
SORBS does not accept direct donations. They never touch the money, so
it isn't extortion.
Devdas Bhagat
Dale Fay
> However, since bounce messages *are* required by RFC821, it
> seems to me that outfits like sorbs.net need to therefore
> cultivate some expertise in differentiating faked bounces
> from the real thing. I suspect that sending a message to
> the allegedly bouncing address and examining the response,
> if any, would be pretty conclusive.
>
RFC821 is now obsolete and replace by RFC2821. RFC2821 says that
undeliverable mail can be bounced or rejected. If you send message
instead of rejecting it at the time of the SMTP connection, you risk
being blacklisted or flooding an innocent third party with spam.
Corey Watts-Jones
n 1: an exorbitant charge 2: unjust exaction (as by the misuse of
authority); "the extortion by dishonest officials of fees for performing
their sworn duty" 3: the felonious act of extorting money (as by threats of
violence)
Though the money isn't going to them, denying you service that could cause
the loss of money for your business and asking that funds be sent
*anywhere*, not just to them, counts as unjust exaction and enters into a
really sticky legal realm.
Really though, I just have lots of dirty words to say about anyone that is
that holier-than-thou about anything. :)
Corey
-----Original Message-----
From: Facekhan [mailto:face...@gmail.com]
Sent: Friday, March 10, 2006 4:16 PM
To: Dan Denton; securit...@securityfocus.com
Subject: Re: Sorbs.net DNS Blacklist
Jason Williams
>The "proper" way to deal with this is to reject during the smtp
conversation, that way your mailserver will not generate the bounce
message and get stuck >in a blacklist.
>
><http://spamlinks.net/prevent-secure-backscatter.htm>
Very interesting. I did not know the ramifications that can occur from
backscatter. I appreciate the link.
>Backscatter is bad, I hope you can find a way to fix your problem The
link explains it better than I can
>
Let me explain what I did, to make sure I don't contribute to the
problem.
I run a mailgateway, with Postfix, MailScanner and a couple of virus
scanners, plus spamassasin and other goodies.
I wrote a perl script that basically queries my domain controller and
pulls a list of legit employees who have email addresses. It updates the
file as needed (similar to what is posted above, but my setup is a
little different, so I needed to adjust it accordingly.) After that,
postmap the file, reload postfix, wallla. (Cron job runs nightly)
So as of 9:00am PST time, I have a relay_recipient list with only valid
users to accept email for. Anything that comes in with a non-legit email
address, gets rejected with a message explaining that the user is not a
valid email user.
Is that the correct way to do this? Any other caveats I should be aware
of?
Thanks
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Devdas Bhagat
>
>
> >The "proper" way to deal with this is to reject during the smtp
> conversation, that way your mailserver will not generate the bounce
> message and get stuck >in a blacklist.
> >
> ><http://spamlinks.net/prevent-secure-backscatter.htm>
>
>
> Very interesting. I did not know the ramifications that can occur from
> backscatter. I appreciate the link.
>
a fairly large email service provider, and we face this daily.
>
> >Backscatter is bad, I hope you can find a way to fix your problem The
> link explains it better than I can
> >
>
> Let me explain what I did, to make sure I don't contribute to the
> problem.
>
> I run a mailgateway, with Postfix, MailScanner and a couple of virus
> scanners, plus spamassasin and other goodies.
>
Note that mailscanner is officially unsupported with Postfix. Use
amavisd-new instead.
> I wrote a perl script that basically queries my domain controller and
> pulls a list of legit employees who have email addresses. It updates the
> file as needed (similar to what is posted above, but my setup is a
> little different, so I needed to adjust it accordingly.) After that,
> postmap the file, reload postfix, wallla. (Cron job runs nightly)
>
> So as of 9:00am PST time, I have a relay_recipient list with only valid
> users to accept email for. Anything that comes in with a non-legit email
> address, gets rejected with a message explaining that the user is not a
> valid email user.
>
> Is that the correct way to do this? Any other caveats I should be aware
> of?
This is the right way to do it. If you ever need a realtime list, look
at the reject_unverified_recipient parameter in
smtpd_recipient_restrictions.
Devdas Bhagat
soul...@gmail.com
IT IS NOT LEGAL !!!
I worked in the past for one ISP and some of our custommer were hitted by Sorbs list.
It is a shame...
Asking money is not legal, the best way could be a system where ISP block their IP block to deny access to their list.
We waitted more then 2 months to get answer ( when they answer... ).
Their system is dark and why there is no automtic remover like spamcop ..?
Just to make $$$!!! 50$ for beeing removing is what we can call Racket!
regards
Brad Berson
stuff interests me greatly since I started my own anti-spam crusade a
few years ago, and particularly since the SORBS DNSBL is one of the six
lists I use to check and possibly refuse incoming emails.
First off, SORBS is a tool. And like any tool, there are correct ways
and faulty ways to use the tool. If you use a tool wrong you can damage
the device on which you use that tool. Unfortunately the lines between
correct and faulty can be somewhat fuzzy and to some degree, revolve
around the amount of collateral damage you are willing to sustain.
To that effect, my own use of SORBS involved NOT using the 127.0.0.6
zone, which in my experience causes way too many sporadic false
positives, for whatever reason. This leaves ten other zones on that
DNSBL which function marvelously for me. I also had some false
positives from SpamCop but they are fairly predictable, limited mostly
to Yahoo! Groups' mail relays due to Yahoo!'s poor policy regarding list
member subscription methods and how easily their system is abused by
spammers. Since I haven't yet been spammed through Yahoo! snd since I
and a few of my clients use Yahoo! Groups, I've whitelisted most of
their relays to compensate.
I find SORBS' de-listing policy a little confusing. In most cases it
appears that a re-test submission and 48 hours of patience is sufficient
and the "donation" is not required. On the other hand I find it strange
that such donations are to be to a fund regarding a legal case that was
dismissed over three years ago, but a little research shows that this
fund contributed nearly $5000 to OsiruSoft's defense against the whacko
running Pallorium, so I really can't complain. OsiruSoft (Joe Jared)
was running a DNSBL of its own several years ago and got Pallorium's
panties in a twist when it was discovered that OsiruSoft's DNSBL was
instrumental in much of Pallorium's spam failing to reach its targets.
This case was won by OsiruSoft just a few months ago after dragging on
for YEARS, and Mr. Jared is still thousands of dollars in the red in
spite of contributions.
Which brings me to another bit of ugliness. Yes, SORBS does not take a
particularly friendly approach to its practice. Nor did Mr. Jared.
That Mr. Jared was not only very effective but was also a grade-A jerk
about it, resulted in his business being DOS'd into submission. Jared
soon caved to the relentless attacks and shut down his DNSBL
permanently. He still participates in NANAE (usenet) but no longer in
any useful manner. I fear that if the SORBS admin maintains this
attitude that he too will eventually end up as the next target and the
honest Internet community will end up losing another valuable tool in
the fight against spam.
Does the fifty bucks constitute extortion? It's a fine line they're
riding, and remember that SORBS is subject to the laws in their country
of operation, not necessarily YOUR country. I don't think it's a good
idea, personally, and feel that eventually it will be just another nail
in SORBS' coffin. But the key fact here is that the list does not
maintain any information that is not factual and true. And to give the
dead horse one more unnecessary whack, remember that SORBS is only
information, provided at no charge. It's up to mail server admins as to
what they shall do with that information. Since the recipient mail
server admins are under no legal obligation to specifically receive your
email or anyone else's, you can't pursue them legally either.
Finally a note about backscatter. Since a huge amount of spam is
directed at email addresses that no longer exist or perhaps never
existed, as an email admin it benefits you to set your server not to
accept such delivery attempts. From an email admin and even a user
perspective the backscatter is a nightmare (last year I had two or three
weeks where I personally was receiving a thousand bounces per day from
AOL addresses that I obviously never emailed). But the other
consequence of trying to bounce all that traffic is that it wastes more
of your own bandwidth on sending NDRs and could fill up your server's
/badmail directory with all undeliverable NDRs, perhaps to the point of
a full volume and a stopped mail server.
From a security perspective SORBS is a wonderful tool. It helps block
huge amounts of spam, phishing attempts, email -borne virii, etc. The
SORBS zone that describes the dynamic netblocks is one of the most
useful since the overwhelming percentage of spam and viruses come
through compromised broadband customers these days. At the moment I'm
delighted to say I get no reported false positives in spite of using SIX
DNSBLs to screen my incoming messages. Your milage may vary!
-Brad
Cloy Tobola
<devdas_at_dvb.homelinux.org>
>SORBS itself does not block you.
Uh, if they are sharing blacklists that include a particular IP
address... I would say that they are definitely blocking something.
>They do not charge you money for delisting.
Really? Then why is this an issue? The fact that they don't pocket
the money is beside the point.
>Their argument is "You have done damage to the Internet
>commons. If you want to be a good citizen, please undo the damage by
>donating $ to <random charity>. Alternatively, wait for 90 days to be
>delisted automatically."
And what about the fact that they block IP ranges?
And what about the people that got listed because spam with faked
email addresses that were bounced?
And what about those people on shared servers who end up blocked by
association?
>Not extortion.
>Devdas Bhagat
If it looks like a duck and quacks like it duck....
Start dropping $50 here and there. Before you know it, they'll start
with, "Next time send the money to US. We need it for expenses."
-Cloy
Jim Serino
Colocation and Internap and Go Daddy.com for the websites they directly
control are nothing more than SCAM website that are using UDP Ports to
Advertise their scam thru the old Message Alert Pop-ups but are using them
to port attack me thru their advertisement. I have documented this in more
than one occurrence especially with the Fast Colocation that every time I
sent in a abuse report I was placed on the SORBS Blacklisting because they
wanted to stop me. I have another company called REALBESTWEB.com now doing
it thru RBL and I had warned the company and reported them to the
authorities but I am listed as blacklisted again. These Companies don't like
the constantly barrage of emails to their abuse line. In fact the fist one
to block me was Communist China since I was somehow following the 'Titan
Rain" Group. I send out security information to many of my old Computer
friends from our days at DEC and I send it out to my friends and relatives.
With Fast Colocation I have it document that EVERY TIME I sent in an abuse
report to their website I was blacklisted within minutes to SORBS. Now I am
being blacklisted by RBL and this is getting to be a game to them. Since I
takes far longer for an individual to clear the abuse than it does the ISP's
But I have Earthlink and I report all such incidents to them.
In the Beginning the Chinese were blacklisting me, and calling me a spammer
since I had been reporting to them of someone abusing their equipment and
the next day I would attacked in such a way I had to log off and dial
another phone line. Then the Chinese would contact the ISP they were using
as a jumping off site and then I would get blacklisted. I have been after
several of these scammer for a few years now but I only have 6 month worth
of emails and the blacklisted that started in January thru SORBS and now
thru RBL.
So as I write this I have been port scanned attacked and I am sending that
information along with firewall Traffic report to the ISP and the FTC and
Virginia's Cyber crime unit. I have 3 months of logs on 2 different systems
I use to connect to the Internet. But before you tell me to disable the
Message Service that was done in 2000 when I first saw the Message disable
in the Microsoft's Knowledge base for free and told the FTC that their were
scammers that were using that service to scam people into paying for a
program that would more than likely do more harm than good and that the
information was Free and these people were charging a fee to disable the
service. But my Firewall logs show that many are using it still to get
unsuspecting users to buy into these broadcast message that tell you to
download a Registry Cleaner or a Trojan Cleaner. It was when I saw that
within the Privacy statement that these companies first allow the scan to be
done and then somehow a clean machine has something in their registry and
that they must download the cleaner but there wasn't anything there and now
what the scanner is also doing is downloading a Keylogger and then
downloading personal information to their website and that they have
Security measure in place to make sure that your information will not be
used or that it is protected from hackers.
I have a listing of the jump thru site and the final websites. In Fact as I
was writing this I was Port Scan Attacked to tell me that I have a virus in
my Registry and to download their program.
Just thought all of you should understand what is happening to me since I
have taken it upon myself to close these scammers down.
Sincerely
James J. Serino
Ex-DEC Field Service Systems Engineer and Ex-OpenVMS Systems/Cluster/Network
Manager
-----Original Message-----
From: Cloy Tobola [mailto:cl...@tobola.com]
Sent: Monday, March 20, 2006 20:55
To: securit...@securityfocus.com
Subject: Re: Sorbs.net DNS Blacklist
Devdas Bhagat
> On Mon, 13 Mar 2006 at 23:48, Devdas Bhagat
> <devdas_at_dvb.homelinux.org>
>
> >SORBS itself does not block you.
>
> Uh, if they are sharing blacklists that include a particular IP
> address... I would say that they are definitely blocking something.
>
blocking anything are the administrators/owners of the recipient's mail
servers. SORBS does not control the remote mailservers. If the recipient
MTAs admins choose to trust the list SORBS gives them, it is their
responsibility.
Without a contract guaranteeing delivery, senders have no choice about
it. "My servers, my rules" applies.
> >They do not charge you money for delisting.
>
> Really? Then why is this an issue? The fact that they don't pocket
> the money is beside the point.
>
It isn't. OP brought it up.
> >Their argument is "You have done damage to the Internet
> >commons. If you want to be a good citizen, please undo the damage by
> >donating $ to <random charity>. Alternatively, wait for 90 days to be
> >delisted automatically."
>
> And what about the fact that they block IP ranges?
What about it? SORBS advertises a policy. They run their BL according to
that policy. If I agree with it, I will use it. If not, I won't.
> And what about the people that got listed because spam with faked
> email addresses that were bounced?
Uh? Bring that to the notice of the SORBS admins. AFAIK, SORBS blocks
based on the client IP address, not the sender email.
> And what about those people on shared servers who end up blocked by
> association?
>
Sucks to be them? The point of an IP based blocklist is to be able to
say "I do not want any mail from this host. I don't care who you are,
you do not have consent to send mail to my servers."
Spam is about consent, not content. I can choose not to consent to
getting mail from a netblock, a single IP, a domain, a particular email
address, anything. You do not have _any_ say in how I run my server(s).
Feel free to offer significant money for deliverability.
Devdas Bhagat