SORBS Contact

Don't forget racketeering.

"A person who commits crimes such as extortion, loansharking, bribery, and obstruction of justice in furtherance of illegal business activities."

I think most network operators have learned about the ultra-liberal listing activities of RBLs these days.

-Michael

I think we can sufficiently indict SORBS by saying that they are a poorly managed email blacklist which isn't used by anyone with a clue, without putting on our tinfoil hats. http://www.iadl.org makes some interesting claims, but anyone who puts Paul Vixie in the same list of offenders with Alan Brown and Matt Sullivan is clueless at best. SORBS, SPEWS, etc. are a problem, but they aren't a criminal conspiracy, and claiming that they are isn't going to win any points among people who haven't followed the instructions at http://zapatopi.net/afdb/build.html

Michael Nicks wrote:

Albert Meyer wrote:

I think we can sufficiently indict SORBS by saying that they are a poorly managed email blacklist which isn't used by anyone with a clue, without putting on our tinfoil hats. http://www.iadl.org makes some interesting claims, but anyone who puts Paul Vixie in the same list of offenders with Alan Brown and Matt Sullivan is clueless at best. SORBS, SPEWS, etc. are a problem, but they aren't a criminal conspiracy, and claiming that they are isn't going to win any points among people who haven't followed the instructions at AFDB | Building

Please parse usage of "you and your" as being generic and not directed at Albert Meyer except insomuch that I am replying to his message, thanks.
Correct me if I'm wrong but this thread started because someone acquired from ARIN IP Space which was previously infested with spammers. The person acquiring the IP space sent multiple tickets (which annoys the crap out of every support list I've ever contacted) within the period of "less than a week". CAN-SPAM which is a poorly conceived and almost totally unenforced law allows spammers one week to remove users from their lists, and this person seems to expect instant turnaround from a volunteer organization. It's unfortunate that he got tainted space from a RIR, and further unfortunate that it takes time to process removals, and further unfortunate that he is not capable of reading and following the directions on Matthew's website which clearly describe how to achieve removal from SORBS. Calling unpaid volunteers "clueless" because they don't process removals instantly is in and of itself clueless, especially considering that 1. dozens of people are removed from SORBS daily and 2. this person has failed to follow the stated policies and procedures to be removed from SORBS. SORBS, SPEWS, The AHBL all operate on their own set of rules, it's up to the administrators of the mail servers that use our lists whether or not they agree with our policies. Remember, and this is very important: When blacklisting there is no such thing as a "false positive". You are either blocked or you aren't at the determination of the administrator using our list. Blacklisting is not, nor has it ever been based on whether your message is spam or not. If it helps you, think of it more as wanted and unwanted e-mail. By using SORBS the administrator is stating "I do not want e-mail from people Matthew believes are spammers", and only a clueless person would think to enforce their will on someone else's mail server.
And yes if you request removal from the AHBL and can't follow the simple removal instructions, you are in my mind and in my list too clueless to contribute e-mail to the public Internet, I therefore don't miss your traffic and have never had one of my users complain that they miss it either.

Actually I think this thread progressed from someone getting dirty blocks, to complaining about liberal-listing-RBLs (yes SORBS is one), to RBLs defending themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements.

Best Regards,
-Michael

Michael Nicks wrote:

Actually I think this thread progressed from someone getting dirty blocks, to complaining about liberal-listing-RBLs (yes SORBS is one), to RBLs defending themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements.

Fair enough.

End users ought not to have the functionality of email destroyed because originating SP's won't show due diligence in preventing abuse of the network.

If you don't like SORBS, don't use it.

Don't send email to anybody who does.

We were hit by the requirement to include the word "static" in our DNS names to satisfy requirements. It wasn't enough to just say "this /17 is only static IPs, one customer, one IP, no dhcp or other dynamics at all), we actually had to change all PTR records to this arbitrary "standard".

Took several weeks to get delisted even after that.

Doesn't really surprise me to be frankly honest. The way their requirements are structured, they remind me a lot of a state agency.

Best Regards,
-Michael

Would people support if there was a defined and standardized way that providers can specify if the system with this ip address does or does
not send email? There are several proposal for this but so far ISPs
have not shown sufficient interest in implimenting any one - if
number of ISPs agree to enter some records and it catches on then
the need for 3rd party maintained lists of dynamic ip addresses
would go away.

That (blocking SMTP) could become illegal is some proposed "net
neutrality" legislation is passed.

<I apologize in advance for stoking the flames>

End users ought not to have the functionality of email

  > destroyed because originating SP's won't show due
  > diligence in preventing abuse of the network.

This is crisis mongering of the worst sort. Far more damage has been
done to the functionality of email by antispam kookery than has ever
been done by spammers. I have one email address that has:

  Existed for over a decade.

  Been posted all over Usenet and the Web in unmangled form.

  Only three letters so it gets spam from the spammers that send
  copies to every possible short address.

  All blacklisting turned off because that was causing too much mail
  to go into a black hole.

In short it should be one of the worst hit addresses there is. All I
have to do to make it manageable is run spamassassin over it. That is
the mildest of several measures I could use to fix the "spam problem".
If it became truly impossible I could always fall back to requiring an
address of the form "apoindex+<password>" and blocking all the one's
that don't match the password(s). That would definitely fix the
problem and doesn't require any pie in the sky re-architecting of the
entire Internet to accomplish.

For almost a decade now I have listened to the antispam kooks say that
spam is going to be this vast tidal wave that will engulf us all.
Well it hasn't. It doesn't show any sign that it ever will. In the
meantime in order to fix something that is at most an annoyance people
in some places have instigated draconian measures that make some mail
impossible to deliver at all or *even in some case to know it wasn't
delivered*. The antispam kooks are starting to make snail mail look
good. It's pathetic.

The functionality of my email is still almost completely intact. The
only time it isn't is when some antispam kook somewhere decides he
knows better than me what I want to read. Spam is manageable problem
without the self appointed censors. Get over it and move on.

That (blocking SMTP) could become illegal is some proposed "net
neutrality" legislation is passed.

hahaha try enforcing that in other countries

also, most networks are private (not state run) therefore we have the
right to say yes/no what data enters our own network, because unless
unless a contract (payment) exists for the senders ISP to receivers ISP
to accept data off them, the senders ISP can be told to go to hell

Allan Poindexter wrote:

The functionality of my email is still almost completely intact. The
only time it isn't is when some antispam kook somewhere decides he
knows better than me what I want to read. Spam is manageable problem
without the self appointed censors. Get over it and move on.

Interesting comment - so would you consider as it is my network, that I should not be allowed to impose these 'draconian' methods and perhaps I shouldn't be allowed to censor traffic to and from my networks? Should you not be allowed to censor my traffic going to your network (if any)? The "self appointed censors" are not self appointed - they produce lists the admins of their own networks choose what traffic to accept or deny, if they choose to accept or deny based on a third party it doe not automatically make that person a "self appointed censor".

Regards,

Mat

We've had our moments with SORBS, Matthew is a very approachable person.
Things get sorted out pretty quickly, generally within a few days,
Matthew also has others who help him and one of them is an obnoxious
####.

I do agree though, the requirment to have X TTL and 'static' or non
'dsl' 'dial' in DNS is a bit too far, I understand this is for
automation, its the only part of SORBS i disagree with, that said we
still use them, as do many large carriers ion this country, because the
use of RBL's is for one reason, to STOP the wanker, and SORBS along
with spamcop and spamhaus and njabl go a very long way to prevent
peoples privacy being invaded by those vernom

> That (blocking SMTP) could become illegal is some proposed "net
> neutrality" legislation is passed.

Man, I really butchered that one. I look so much smarter when I don't
post on NANOG...

hahaha try enforcing that in other countries

That has never stopped the US from making terrible policy (-:

also, most networks are private (not state run) therefore we have the
right to say yes/no what data enters our own network, because unless
unless a contract (payment) exists for the senders ISP to receivers ISP
to accept data off them, the senders ISP can be told to go to hell

We're talking about owned Windows boxes on consumer/retail access
networks (cable/dsl/whathaveyou).

Noel wrote:

We were hit by the requirement to include the word "static" in our DNS names to satisfy requirements. It wasn't enough to just say "this /17 is only static IPs, one customer, one IP, no dhcp or other dynamics at all), we actually had to change all PTR records to this arbitrary "standard".

Took several weeks to get delisted even after that.
    
We've had our moments with SORBS, Matthew is a very approachable person.
Things get sorted out pretty quickly, generally within a few days,
Matthew also has others who help him and one of them is an obnoxious
####.
  

I'd love to know which one... I have had several (had being the operative word) and from time to time some still are.

I do agree though, the requirment to have X TTL and 'static' or non
'dsl' 'dial' in DNS is a bit too far, I understand this is for
automation,

It is for automation, but it is also so that the SORBS DUHL would become pointless. If a standard format was used admins would be able to choose their policy by simple regexs instead of relying on third-party lists which cannot possibly ever be 'uptodate' just because of the number of changes that happen on a daily basis around the world. This is also why I took the time to create:

http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt

There are things in the works that will enable the most complained about aspects of SORBS to be fixed and to go away permanently... The only thing that is delaying it is developer time... So I will say this publicly - those that want to see drastic changes @ SORBS that are, or have access to a perl coder with SQL knowledge, and is able to spend 20-40 hours of pure coding time writing a user interface for user permissions & roles in Perl contact me off list as the user interface is the only thing that is holding up moving to the beta stage of the SORBS2 database. The SORBS2 database will allow registered RIR contacts to update list/delist parts/all of their netblocks within SORBS as well as getting instant reporting of issues (by mail or by SMS (fee applicable for SMS)) with minimal intervention from SORBS admins - this includes spam and DUHL listings.

Regards,

Mat

Actually there can be false positive. ISP's
  who put address blocks into "dialup" blocks
  which have the qualification that the ISP is
  also supposed to only do it if they *don't*
  allow email from the block but the ISP's
  policy explicitly allows email to be sent.

  They have a default port 25 filter that will
  be turned off on request. i.e. they allow
  direct out going email on request.

  The said ISP *thinks* they are doing the
  right thing by listing the block when in
  reality they are lying by listing the block.

  Mark

I'll post this back to NANOG as others are likely to comment similar ways...

Michael J Wise wrote:

This is also why I took the time to create:

    <http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt&gt;

Seems like it specifies a bit TOO much detail, but.

This is why it says that it is a suggestion and indicated that the level of detail you choose to use is upto you, however if you adopt some of the more specific detail you should use the less specific detail.

ie if you follow it you should as a minimum specify static/dynamic. If you want to add more detail like service type, that is your choice, but you shouldn't specify the service types (eg wifi) without specifying static/dynamic (does that make sense?).

Also it should be noted that it is a 'suggested naming scheme for generic records' and therefore not intended to be mandatory, further it says you should indicate the hostname of the machine in preference to generic records.

The idea being a common but extensible naming scheme for organisations want to specify generic/generated records rather than go to the hassle of creating individual records for each customer/host.

Regards,

Mat

That is not even good enough to be wrong.

---Rsk, with apologies to Enrico Fermi

Mark Andrews wrote:

  Actually there can be false positive. ISP's
  who put address blocks into "dialup" blocks
  which have the qualification that the ISP is
  also supposed to only do it if they *don't*
  allow email from the block but the ISP's
  policy explicitly allows email to be sent.
  

Actually that's debatable - the SORBS DUHL is about IPs assigned to hosts/people/machines dynamically. We do not list addresses where the ISP have sent the list explictitly saying 'these are static hosts, but they are not allowed to send mail' - similarly we do list hosts in the DUHL where the ISP has said 'these are dynamic but we allow them to send mail' - it's about the people using the SORBS DUHL for their purposes, not for helping ISPs getting around the issue of whether to use SORBS as a replacement to port 25 blocking.

Regards,

Mat

Allan Poindexter wrote:

The functionality of my email is still almost completely intact. The
only time it isn't is when some antispam kook somewhere decides he
knows better than me what I want to read. Spam is manageable problem
without the self appointed censors. Get over it and move on.

I rather suspect that your spam problem is manageable because
other admins are using DNSBLs and are thereby putting pressure
on ISPs to boot spammers off their networks.

Even a list like SPEWS, which is used by very few people, may
motivate ISPs to clean up their network.