Re: Re: OT: sorbs blacklisting scam
Perhaps I will reply after all.
Mike Bird wrote:
On Mon, 2006-05-01 at 00:46, Craig Sanders wrote:
the only non-whinge (i.e. valid) complaint mentioned was the possibility
of being listed by SORBS because of a mailing list confirmation being
sent to a (forged) SORBS honeypot address. while that would indeed be
broken behaviour, 1. nobody has actually provided any proof that SORBS
don't filter them out and 2. SORBS have every right to be broken if they
want to....that would be yet another reason to not use the SORBS RBL,
not to sue them.
Numerous real-world examples of problems caused by SORBS
have been cited in this thread. Rather than repeat them,
You mean, numerous *possible* problems. Please cite evidence (not
blogs, they are as accurate as you in most cases) of it actually
happening where it was an accidental listing and not corrected as soon
as it was spotted. Cite any one of your made up examples where there is
evidence of it actually happening where SORBS failed to correct the
behavior/listing upon notification of error.
I'll add one which I don't recall having been mentioned yet:
email forwarding. Many of us on this list have numerous
webmaster@, security@, abuse@ etc accounts forwarded to
us from a ton of mail servers. Each of those perfectly
reasonable forwards has a potential for backscatter.
Not if you have configured your servers in a responsible manor.
Furthermore, legally sufficient proofs have been provided
here that several of SORBS' problems have occurred in
practice and caused problems for ISPs and customers.
With any popularly used DNSbl, listings whether errors or not will have
a significant impact - except of course to you who have indicated that
all bar one of the people you mail have stopped using SORBS.....
Assertions that SORBS is somehow immune to tort action fall
to proof by example: ORBS. Google ORBS and "Alan Brown"
if you have forgotten.
I suggest you actually read what AB did, rather than speak with feigned
authority about what SORBS is doing is anything like what AB did (was
accused of doing) with ORBS. SORBS has no business to support nor does
it need to blacklist ISPs deliberately and without reason. In fact
SORBS keeps very clear records indicating exact reason for listing and
when, just in case anyone decides to take SORBS to court.
There are many RBLs, of which some are well maintained. Best
to use them, not SORBS.
Dome people know how to configure mailservers, some don't. Don't use
ISPs who don't know how to configure mailservers.
For the others reading and wondering here is what we will and won't list:
Backscatter that is generated by virus and spam filters will be listed
as spam (delisting will not incur a fine if the backscatter cause is
resolve - permanently).
Any server that sends the entire spam to a SORBS server is likely to be
listed - however with the correct Status codes (defined in the RFCs)
the chance of listing is substantially lowered (delisting of an IP where
the backscatter was an RFC compliant notification is immediate on
notifying a SORBS admin, and does not incur a fine).
Auto-Replies (of the vacation type) to never used email addresses which
are the input to the spamtrap system are going to be listed - however
delisting is just a matter of notifying the SORBS Admins (ie no fine,
and immediate)
Auto-Replies from mailing lists have never (known) been listed, though
the occasional mailing list has been listed when someone has sent spam
via it.
Mail from mailing lists sent to SORBS admins will be listed as spam
regardless of content unless the SORBS admin has subscribed to the
mailing list - proof may required... This means opt-out mailing lists
are a target... on that note, any SORBS admin being found to sign
themselves up or a colleague up for opt-out mailing lists will not be
permitted access to any SORBS facilities from the time it is proven.
We will not list backscatter formatted (according to the RFCs) without
inclusion of the original spam deliberately (mistakes do occasionally
happen as the SORBS Admins Inbox's are the most used spamtraps - someone
else commented that the author of some CRM114 software found the
software was more accurate than himself).
Mail from confirmed opt-in mailing lists will not be listed - except by
accident (which has happened).
Spam from anyone will cause a listing - even Microsoft found this out -
however unlike you Mike, they logged a ticket, got on the phone to me,
got the information as to why they were listed, fixed the issue and got
delisted - all within 6 hours of listing.
Regards,
Matthew
Reply to: