The Imminent Demise of SORBS 290
An anonymous reader lets us know about the dire straits the SORBS anti-spam blacklist finds itself in. According to a notice posted on the top page, long-time host the University of Queensland has "decided not to honor their agreement with... SORBS and terminate the hosting contract." The post, signed "Michelle Sullivan (Previously known as Matthew Sullivan)," says that the project needs either to "find alternative hosting for a 42RU rack in the Brisbane area of Queensland Australia" or to find a buyer. Offers are solicited for the assets of SORBS as an ongoing anti-spam service — it's now handling over 30 billion DNS queries per day. An update to the post says "A number of offers have already been made, we are evaluating each on their own merits." Failing a successful resolution, SORBS will cease operations on July 20, 2009 at 12 noon Brisbane time. Such a shutdown could slow or disrupt anti-spam efforts for large numbers of mail hosts worldwide.
Re:*snort* (Score:5, Informative)
And before anyone starts to give me any guff about being soft on spam -
I've been known to nuke accounts, and not bother asking questions. I chased down the Empire Towers group and helped put an end to them. I spent 18 months cleaning up the -very- tarnished reputation of a now bought out web host almost 10 years ago, and have the scars to prove it. I hunted a spammer down and ratted him out to his own mother in Vancouver, BC, Canada.
The news regarding Ralsky had me drop a shot in celebration.
Believe me - I -detest- spam. At the same time, the methods utilized by SORBS were ineffective, and most legitimate hosts and providers stopped using them years ago.
Selective DNSRBL systems, as a practical method, WORK. Blocking residential cable from sending email? Hella good idea, for example. Blocking known dial-up ranges, as well. Blocking webhosts in an attempt to get their customer base to force them into canceling contracts that may cost the web host hundreds of thousands, if not millions of dollars? Nuh-uh.
When 'collateral damage' was useful, losses MIGHT have hit 10k. Now? Talking millions? Businesses will buy a new IP block and move the affected customers, and call it a day. Especially if they're blocked not because a customer has been an idiot, per se, but because the customer was hacked and used as a bot.
So, yeah. Rock on with your bad selves.
Re:*snort* (Score:5, Informative)
The -smart- people are doing precisely that.
The problem is that there really are still people out there who are using lists, such as SORBS, as absolute arbiters in what is, or is not, from a spam source.
Thankfully, this number is shrinking daily as they realize just how broken some of these lists have been as a matter of policy.
Summary is absurd (Score:5, Informative)
Any mail admin who's depending in any significant way on the anti-spam wasteland of SORBS should be on their way to apply for jobs at local fast food restaurants as soon as possible. Even if someone handling spam control for a decent size business actually believed in SORBS' accuracy or effectiveness, the only effect of SORBS disappearing from the face of the Earth should have is a slight uptick in spam being caught by filters slightly further down the path to their users' mailboxes.
Seriously, is there anyone out there who isn't use a multi-tiered, inter-connected array of spam filtering methods at this stage of the game? ~96% of the mail going to my users is spam. My worst offender has some ~5300 messages a day of spam being filtered prior to reaching their inbox. If my best filter were rendered worthless tomorrow, I wouldn't expect to hear any complaints from users. (of course, I'd be pretty unhappy.)
I think honeypots are probably my best weapon again spammers at the moment, followed by my keyword blacklists.
Re:Um, is this at all credible? (Score:2, Informative)
That site is run by a known net-kook.
Heh.. you will find a lot of hostility (Score:5, Informative)
A lot of people have had their lives turn into a living hell because of some listing on SORBS. Thus if it wasn't me who chewed you out, somebody else probably would have :-)
Spamhaus's PBL?* I filter on that... the friggen ISP's make up most of that list. I'm pretty damn sure AOL and friends filter off that list too and my motto is "if AOL or Yahoo filters mail based on XYZ policy, I will too". Plus, you can get off that list on a web page.
It is SORBS that I have an issue with. SORBS was created out of pure spite. So my apologies random internet person :-)
* Excepting Godaddy who is fucking insane. Those assholes filter *URL's pointing to a PBL'd IP that are embedded in a message*!!! Worse, they dont tell you. Had fun learning that.
Re:*snort* (Score:3, Informative)
>I would love to find a proprietary product out there that uses the RBL's like that and also provides the features I am looking for.
http://spamassassin.apache.org/ [apache.org]
Why does the solution have to be proprietary? SA works great. Out of thousands of spams that come into my account per day, maybe only 1 or 2 make it through, and there's no almost no false positives lately.
Re:The REAL story (Score:3, Informative)
I asked myself the same question. In all fairness, that is how she signed off in the link included in TFS, but I still think its inclusion wasn't strictly needed for the "News for Nerds" aspect of the story....
some good DNSBLs (Score:3, Informative)
I recommend Spamhaus XBL [spamcop.net] and Spamcop Blocking List [spamhaus.org] .
Spamcop used to have problems, but I think they resolved them a couple years ago [dnsbl.com].
Back when http://stats.dnsbl.com/ [dnsbl.com] was operational I used their data to give me a quick leg up on figuring out which lists to look at. Then I checked out the lists for how they operate and then did a performance analysis.
Aside from policy/operation, two things that were particularly important to me were false positives and overlap. These lists get very low false positives and they combine nicely.
Old stats:
http://stats.dnsbl.com/zen.html [dnsbl.com]
http://stats.dnsbl.com/spamcop.html [dnsbl.com]
Re:No big loss! (Score:3, Informative)
In their words, "it's not extortion as *we* don't see any of the money." It's still bullshit.
I've had issue with them for many years... their "spamtrap" list is 100% untrustable. It only takes one email EVER to get on the list. They provide zero evidence of how you got on the list, just that you are on it. Enties never, ever, expire. And to get off the list... you have to "make a donation." (But if you're google, you get removed without ever knowing you were listed.)
Re:*snort* (Score:2, Informative)
My current static address from AT&T is listed in only one list... MAPS. Despite it being neither dynamic nor "dialup", they refuse to remove it first stating the request must come from the ISP, then stating the ISP explicitly listed the range with them as dynamic (which is a complete lie, as Bellsouth doesn't bother.)
Never said turn off the spam filter (Score:3, Informative)
Obviously you can't turn that off. I said "stop blocking based on SORBS". Huge, huge difference. And yes, there are idiots who block based on nothing more then SORBS. Ask me how I know.
Re:SORBS is probably useless (Score:4, Informative)
The reason SORBS is so universally reviled by a lot of the anti-spam crowd is because the creator and the whole cadre of folks that maintained (and I use that word hesitantly) really didn't seem nearly as interested in battling spam as in enforcing their own bizarre view of who should and should not be sending email. The entire ethos was abusive and ego-stroking. The last time I had problems, the one thing I noticed that was different than my old battles with this pack of scumbags was just how few mail servers seem to be using it now. Hotmail was what forced me to even bother dealing with it, because my employer does a lot of correspondence with people on Hotmail addresses (another cancer on SMTP). My general attitude about mail admins who reject messages because SORBS blacklists my IP address is "fuck you", because those admins, as I've said elsewhere, are either morons or just lazy and don't want to put the effort into building a good, solid, rugged SMTP server.
What I can't believe is that SORBS still has some defenders, when my experience from the years when I was working most of my days as an admin for a few hundred domains was that SORBS was just as bad as spam. I really do hope that it is allowed to die, and maybe a few more retarded mail admins finally get the hint and start implementing measures that don't essentially poison SMTP.
Re:*snort* (Score:3, Informative)
You could take a look at VPN providers; I've noticed that some VPN providers provide solutions for exactly the problem you're having: static ip, configurable reverse, etc. At around $10-$15 per month it's certainly more affordable than a 'business DSL', and about on par with the cheapest virtual hosts you can get.
And as an added plus, that would also allow you to switch providers at will without having to change any configurations for your servers.
Re:full disclosure (Score:4, Informative)
SourceForge isn't the sister company, SourceForge is Slashdot's owner. The PARENT company.
But I think it's only listed because Sorbs has a project on sourceforge.net, in which case Sourceforge "sponsors" eleventy bajillion people and companies anyway.
Re:No big loss! (Score:3, Informative)
So talk to your provider. They're the ones misrepresenting your IP space.
But that name says it all really. You're just a spammer, aren't you?
Mart
Re:No big loss! (Score:2, Informative)
Actually, Barracuda's "whitelist" is far worse in this regard.
No it's not. If I can't get on a "whitelist" then I'm still not necessarily on a blacklist, and still not necessarily prevented from emailing Barracuda customers. That's better than being able to get on their blacklist for "free" and then having to pay to get off. In the latter, if I don't pay, I can't mail. In the former, if I don't pay, I can't bypass all the checks.
Re:(of course, I may have mis-read you) (Score:2, Informative)
My first guess is that you're using Exchange. If so, ever since Exchange evolved into the emacs of mail servers (boy, it does a lot of awesome stuff, but it sure would be nice if they had a MTA in there somewhere), the "new hotness" has been to put a real mailserver in front of the Exchange server to "soften the blow" of incoming mail and deal with all of the crap. Of course, whether you go with an appliance like the barracuda, or some other server, it'll take a bit of money and elbow grease to get it to work well (eg validating incoming addresses against AD rather than just bouncing them off the exchange server, defeating the purpose).
While you are 100% correct in the sheer crap that is referred to as "SMTP" in Exchange, setting up a Barracuda to verify against AD (or LDAP) is drop dead simple. It's default LDAP search string covers both OpenLDAP and Active Directory servers out of the box. If entering in a couple of hostnames and making sure there's a path from your front-end server to your back-end LDAP infrastructure in your firewall is complex... then you probably are lucky to be using a Barracuda, since a hand built setup is beyond you for sure.
We have multiple domains, multiple LDAP environments, multiple mail servers (corporate: Exchange, our franchises are on a Zimbra cluster), yet we still have no problems even though Exchange has shit support for split domains. We even got single sign on to the mail quarantines to work relatively easily.
It's also the best bet for someone who needs local and remote clustering but maybe isn't an expert in Linux. Also, another advantage to such a person not having gone with a FOSS solution would be the vendor support. Even the front line guys at Barracuda aren't bad (well except that one moron who keeps posting strangely incoherant and ignorant ramblings about amavisd-new on the Postfix list the last couple of days - but I hear he doesn't work there presently). I haven't needed this, but a former client of mine has Barracudas in place, and their support routinely configures it for you.
Probably the biggest disadvantage to more experienced but time challenged administrators is that you can't put your own custom rules into Spam Assassin, although you can send their support any requests and they'll implement them.
Re:*snort* (Score:3, Informative)
AFAIK this is common to all RBLs - if they told you why and you were an evil spammer you could just work around whatever put you on the list and go on with your evil spamming.
And now you know otherwise [spamhaus.org]. If you put in your IP, it'll tell you exactly why you're blocked (if you are). My ISP registered my whole netblock as dynamic, forgetting about my static allocation. I filled out the form to remove myself and was off the list in about half an hour. Spamhaus runs their RBL the way they were meant to be run and I have nothing but good to say about them.
Re:Not that disrespectful (Score:3, Informative)
It's, unfortunately, not that simple.... [wikipedia.org]
It's possible you're generally commenting rather than directing that at me specifically, in which case you can ignore this, but I don't think I overly took offense. I pointed something out that seemed, to me, to be disrespectful and have been trying to engage in a conversation about why I feel that way.
-Trillian