back to article Spam blacklist snafu prompts global gnashing of teeth

Many email users around the world have been unable to send messages because of ongoing technical problems with a popular service designed to prevent spam from reaching its intended destination. The problems at SORBS — short for the Spam and Open Relay Blocking System — began on Wednesday and continued into much of Thursday, …

COMMENTS

This topic is closed for new posts.
Gold badge

Ahhhh....

Well that explains a few things. Good luck to them. I hope the techs involved get a nice week off after all of this. When the whole world is your userbase, every screwup results in overwhelming negativity. They provide an excellent service for free and I think everyone involved will need some time to recover from the stress of this incident.

Pint, because despite the latest SNAFU I'd buy the lads on without hesitation for years of a job well done.

6
0
Paris Hilton

Excellent service for free? Not SORBS...

A valid view if you were talking about any of the reputable RBLs out there with well documented policies and good practices. It does however sound like you've never actually had to deal with SORBS directly. They really are the arse-end of the RBL community.

SORBS are absolutely horrible to deal with, delisting process when they get something wrong and list a static range as dynamic is painful, and usually requires manual intervention by the one-and-only person behind SORBS, Matthew/Michelle. And that usually only happens after the correct "payment" has happened.

Seriously, do some reading on the history of this RBL

http://forums.whirlpool.net.au/forum/?action=threads_search&f=9&q=SORBS

and if you're actually using them anywhere, change to a better RBL. There are lots of other organisations that do the same thing better.

Paris - because Michelle Sullivan has about that much clue.

4
0
Gold badge
Pint

Being mean is sometimes required.

There is no automatic delisting. They make you jump through hoops to get off the list. I have been caught by them. (I believe it was a badly configured mail server that allowed spammers to use it for bounce spamming.) They are a miserable ***** to get off of...which is why I think they are fantastic.

They rightly and properly presume guilt. The basic Internet protocols (such as e-mail) were written by fools who presumed innocence. Look where it got them. Look, I believe in “Innocent unless proven guilty” as much as the next man, but on the wild, woolly Interwebs…the same approaches just can’t apply. If you have been shown to send spam once, then you are (statistically) incredibly likely to send it again. You need to prove your innocence; it is not up to the rest of the internet to prove your guilt.

Now, I don’t know where you get off claiming that you have to pay to get off the list. I have hosted mail from within a dynamic range and managed to get off the list just fine. It took time, and a properly worded explanation, but they did accommodate me. The fact that they are so aggressive in their blocklist policies however is exactly why I love them. Spamhaus and other blocklists are great; I use them as well. The reality however is that SORBS blocks far more of the spam than any of the other lists I use.

My mail servers scan SORBS first; only if you are not found on SORBS does it bother to proceed to scanning other lists. Very rarely has it had it; SORBS lists the bulk of the bad guys. Maybe you don’t like how difficult it is to get off of their list. All I can say is…

…GOOD.

Maybe you, and everyone else in the world will wake up to how unbe****ingleivably broken e-mail is. Like so many other basic protocols of the internet it’s complete trash and needs to be rewritten from a significantly more defensive standpoint. Even if that means it’s less “open.” You can thumbsdown the crap out of me for that belief is you like, but I think the time for the “Wild West” internet is done. Governments, standards bodies and systems administrators need to start getting together to create an Internet that is as open and free as possible whilst still taking into consideration that people are generally douchebags and will try to game any system ever created.

SORBS is aggressive for good reason. Blacklisting fundamentally doesn’t work. No matter how high you pile the sandbags, the storm finds a way through. Blacklisting however is the best defence we currently have. Until we collectively wake up and replace the utterly broken shite that underpins most of the basic protocols (like email) that underlie the internet, aggressive and high-handed organisations like SORBS are required.

4
2
WTF?

unlike

yeah they're great - blacklisting entire /23 subnets.....

That's effective....

where's that sarcasm icon.....?

0
0
FAIL

SNAFU now FUBAR?

SORBS and ex Blueyonder (R.I.P) were SNAFU for years. Advanced BY users trying to run their own mailservers ran up against this spam bouncing with the BY user forums full of SORBS bounces. I don't know if the company known as Blueyonder ever paid the SORBS fine, um, administration fee to remove the spamblock.

0
0
Pint

SORBS is agressive

It does say on the SORBS site that they operate a very agressive anti-spam policy - the slightest transgression (intentional or accidental) and the IP address gets listed.

Users have the choice of not using their blacklists as there are ones like Spamcop that delists automatically after 3 days of non-reports but I can understand why users choose to SORBS's lists. When I managed a previous employer's mail server several years ago, we were getting some 200 spam mails a minute. The use of SORBS' lists cut it down to about 7.

If anything, the cost of unblocking has contributed to forcing ISPs and authorities to focus on spam handling policies and bringing the whole subject of spam mailing to the forefront. Currently the level of spam as a whole has dropped dramatically and personally I am very grateful for the work SORBS, Spamhaus, Spamcop and all the other anti-spam campaigners have done and especially, as they are all non-profit organisations.

1
0
Silver badge

nice work

"During a data migration, the flags that were used to indicate that a listing was historical were deleted, causing the addresses to be considered current. SORBS is in the process of restoring the flags. The historical entries are used to help programs rate the likelihood that a given IP address is malicious."

Ooo, competent! Just makes me want to use their services.

3
0
WTF?

Sure, heh more likely...

They were flexing their muscle to prove their hotness. Like SPEWS RIP. I remember that one really well, all our business email bounced to the null bucket and we spent the day fielding phone calls asking us if we still were in business. SPEWS isn't missed, and soon, neither will be SORBS. There are other quite effective means of killing off spam.

0
0
WTF?

You've gotta love BT

Spoke to a BT techie about the issue yesterday and he told me that my mailserver was not configured correctly and was not accepting reverse dns requests... best thing is I was using their mailserver at the time!

1
0
Pint

Re: You've gotta love BT

Dunno about how it works in BT's mind and call me old fashioned, but I like my DNS servers handing reverse dns requests.

A pint, for having to deal with the engineer in question.

0
0
Megaphone

A BT shareholder talks about spam prevention...

... I've reverted to receiving all of my BT share dividend information by post on real paper because I gave up trying to explain to Shareview that sending their e-mails from a non-existent e-mail address meant that it is never accepted by my SMTP mail server, which (by choice) uses sender callout verification.

They just don't get it.

And, whilst I'm having a rant, e-mails to me from all of the financial institutions that have now been subsumed into Santander (Alliance & Leicester, Abbey, et al) don't get delivered either, for exactly the same reason... their SMTP mail servers are all sending from the pre-Santander domain addresses but the new servers don't accept mail to those addresses (not even to postmaster, in direct contravention of RFC2822) so in the end I've referred them to the Financial Services Ombudsman as it's costing me money in lost interest.

And did you know that the FSO charges financial institutions £400 per case (after the first three cases each year) for disputes referred to them for resolution? Even if the customer's complaint is not upheld? Handy to know when you are arguing about unfair bank charges, etc.!

0
0
FAIL

A BT shareholder talks about spam prevention...

Speaking as a sysadmin for mail systems operated by a spam filtering company it fills me with sadness that someone seemingly so knowledgeable and uppity about proper RFC practices is using sender address verification.

One of my pet hates is lack of reverse DNS, but I know from looking at my stats that if I were to reject connections based on this our customers would be up in arms. I'd love to, but there are too many systems out there set up by people without a clue. Instead, I settle for taking the information and adding it to the message's holistic overview.

In your case the phrase "cutting off your nose to spite your face" comes to mind.

0
0
Go

I blame the spammers

None of this ever would have happened in the first place if there were no spammers.

I use SORBS.net to block eMail from spammy sources, and it works really REALLY well. Given how hard the folks at SORBS work at being good samaritans in a positive way that actually helps people, I'm more than happy to write this problem off as a minor inconvenience since it far FAR outweighs the cost of not blocking spam.

The Lumber Cartel, local 42 (Canadian branch)

Beautiful British Columbia, Canada

http://www.lumbercartel.ca/

0
0
Silver badge

Um... FFS!

Important net-wide service. Huge database. Messed up flags. Lots of entries. Woe is us, etc.

And the backup copy is WHERE???

2
0
Alert

Did you even read...

...the article.

Quote: "They are in the process of rebuilding the database"

Now this usually means they are rebuilding from the transaction log backups.

0
1
Thumb Up

Thank you!

Was wondering the same. And, also, why not configure it on a separate network, and fake some IPs with a mail server to attempt sending against it? This way you don't take the other offline and switch until you KNOW the new one's working.

Yes, it's a lot of work to do such a thing, but, if that's your complaint, then you shouldn't be providing WORLDWIDE services.

0
0
Silver badge
Stop

@ Ragarath

Yeah, I read the article, hence my post.

You know, if I accidentally delete/corrupt/screw up an important document, I have to spend a *week* taking apart the harddisc to see if I can paste my precious document together from bits of the journalling and anything that might have been splattered into the current "free space".

Bzzzzzt!

Totally wrong! I look to see if said document is on "the big harddisc" on the LAN, and if not I pop in the most recent backup DVD-R and pull it off of that. Doesn't take a week, takes minutes, and usually the longest part of the process walking across the room to fetch the DVD...

0
0
FAIL

SORBS extortion

They blacklisted all demon fixed IP addresses in the early days. When we contacted SORBS we were asked to pay a 100UKP fee to be "delisted". I dont think anything has changed since those early days - we had the same problem with a BT fixed IP range. I think some parts of the Zen fixed ip ranges are still listed/unusable because of sorbs.

If you consider they were asking 100UKP per IP address from every demon customer (this was well over 10 years ago) that is a lot of moolah! I would be rich now if I had considered a similar extortion racket for all of the fixed IP DSL ranges out there...

Personally, I have an IP on sorbs (intentionally) and keep a blacklist of any mailgates who use sorbs. Smaller MSP's often complain when we blacklist thier incoming email and I suggest they pay our delisting fee similar to SORBS. They dont seem to appreciate that response.

4
0

Re: SORBS extortion

"They dont seem to appreciate that response."

Not surprised really, it's not terribly nice of you.

1
0
Alert

/.'ed

When /. picks this up, SORBS's website will have another huge DDoS for their admins to worry about...

0
0
FAIL

Amateurs

Title says all.

I've always kept well clear of 'em, just a single idiot flagging your message as spam with them - as a stupid joke - lands you in a week's communication limbo.

I don't like spammers, no. I HATE them. I want them nailed to a wall, quartered and buried at the four corners of the universe.

But there's more sophisticated, advanced tools to filter spam when you manage a mail server.

Collective intelligence is an example: If more than 5 users on your platform get the same message around the same time, the likelihood it's spam are VERY high.

I know this should be the principle on which SORBS relies upon, but why should I rely on an external source to determine what is spam on MY mail server? Sorry, I don't get it.

To me looks a "I've dun summat" for a lazy mail server admin.

2
0

False positives

Someone should sue blacklist sites like this for defamation and loss of business if they're blacklisted inappropriately. False positives cause infinitely more harm than false negatives. I rely on email for business (eg. responding to a request for a quote) and I have to be able to assume that if I send an email it either arrives at the recipient or I get a bounce message, not been silently gobbled up by some overzealous antispambot.

On the other hand, why do people still get away with sending spam? If authorities pursued these fraudsters (and sending an email with forged heads for financial gain is FRAUD, in exactly the same way that forging a cheque or bond certificate would be) with a fraction of the zeal they use for other international criminal activitie, then the problem would quickly disappear.

0
0

RE: False positives

>> False positives cause infinitely more harm than false negatives.

That I agree with, and there are many, many ways (some quite creative) that people have come up with for breaking their systems !

>> I rely on email for business (eg. responding to a request for a quote) and I have to be able to assume that if I send an email it either arrives at the recipient or I get a bounce message, not been silently gobbled up by some overzealous antispambot.

Your complaint is with the clueless imbeciles configuring their mail servers. My No 1 rule is "don't accept a message for delivery unless I'm going to deliver it". So I reject messages (ie scan them at receipt time) because once you've accepted a message, you have few options. If you send a bounce message then you are part of the problem because you'll add to the backscatter. If you silently delete it then you've failed rule no1.

Unfortunately, many mail servers aren't easy to configure to do "before acceptance" checking of mail. That means it's harder to do, and so harder for the aforementioned clueless people who think they can administer a server on the basis that they ticked a few boxes and it seems to work.

If everyone applied rule no 1 then you would at least know that your message hadn't been delivered !

And don't get me started on the people who "fix" the backscatter problem by dropping non-delivery notices ...

I don't see the situation changing because SMTP is too entrenched and too few people are prepared to accept that it can't be fixed by further porking about - SPF is **NOT** a fix, it breaks as much as it fixes). As someone has already said, it needs a complete review of the protocols, and designing something that has security and sender verification built in from the start. Unless a good few of the bigger players get involved then it will never happen.

Look up IM2000, seems to tick most of the boxes - but even then it won't deal with the unscrupulous operators who don't care what sort of **** is sent through their service. So we'll still need some sort of blacklist service to deal with them - the difference is that the blacklist can be distinctly more targetted. The biggest factor in it's favour is that it shifts the cost from the recipient to the server where the mail originates - and that should change the economics of sending spam enough to greatly reduce teh problem without any other technical measures.

0
0

SORBS only for the lazy and incompetent ISP

SORBS is a complete waste of everybody's time. Only lazy and incompetent ISPs use it. I've seen it blocking swaths of IP addresses belonging to the biggest ISP serving a whole region because someone somewhere reported a problem with one IP address in that range.

2
0
Megaphone

Payments...

... requested by SORBS are to *donate* to a third-party officially registered charity such as red-cross.

... may be "requested" if the person has responded to the delisting by abusing SORBS admin with threatening emails.

... are "requested" if the person is NOT the registered owner of the IPs to be delisted.

... are "requested" if the IP is on record as a frequent repeat offender.

So who complains loudly about being forced to pay?

You would be surprised by the number of Spammers who attempt to get their zombie bots delisted just so they can continue for a few more hours.

And no, I'm not part of SORBS, just a happy client of their free service.

0
0

demon daya

In the demon days, they asked each member of demon to pay roughly 100UKP to be delisted.

Demon contacted them at the time and was told how much it woud cost to delist their ranges - it was silly money. Demon decided that was too expensive and i dont blame them.

Sorry, SORBS was initially a SPEWS extortion racket. I have not had any dealing with then (apart from trying to keep one IP on thier database and keeping an eye in the various mail lists) but I somehow doubt things have changed much even with the buyout.

0
0

Like a group of vigilanties sitting up in the hills picking off the Pony Express.

I really thought that SPEWS was dead and gone.

The Internet will never really be much more than a poor joke with this kind of crap going on.

New customers cannot email for a quote; if they do you cannot reply; yeah ready for business.

0
0
This topic is closed for new posts.

Forums