Re: OT: sorbs blacklisting scam
On Mon, 2006-05-01 at 04:49 +0300, Juha-Matti Tapio wrote:
> The only excuse for "no such user"-bounces is short term configuration
> mishap. It would be a bad idea to block hosts due to mailing list
> confirmations or some other necessary and non-frequent automatic messages,
> but if I recall the example presented in this thread mentioned a forged
> sender causing the bounce. For that case, there is no excuse (not even if
> Sorbs does it themselves aswell).
The discussion is not limited to "no such user" bounces.
We're informing our colleagues that SORBS adds an IP to
its RBL based on a single instance of backscatter caused
by SORBS' failure to discontinue its own honeypot addresses.
Let's take a real-life example that came in a couple of
minutes ago. SPAMMER sent an email to USER@FOO with my
address forged as sender. USER was clueless but not
malicious and replied asking to be "removed".
An annoyance but understandable.
However, had SPAMMER forged a SORBS honeypot as sender
instead of me, ISP FOO would now be SORBS-listed. Even
if FOO had a simple and perfect config with absolutely
no backscatter.
Avoid SORBS. Minimize backscatter. Use several good RBLs.
Next topic please!
--Mike Bird
Reply to: