[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: sorbs blacklisting scam

On Mon, 2006-05-01 at 04:49 +0300, Juha-Matti Tapio wrote:
> The only excuse for "no such user"-bounces is short term configuration
> mishap. It would be a bad idea to block hosts due to mailing list
> confirmations or some other necessary and non-frequent automatic messages,
> but if I recall the example presented in this thread mentioned a forged
> sender causing the bounce. For that case, there is no excuse (not even if
> Sorbs does it themselves aswell).

The discussion is not limited to "no such user" bounces.
We're informing our colleagues that SORBS adds an IP to
its RBL based on a single instance of backscatter caused
by SORBS' failure to discontinue its own honeypot addresses.

Let's take a real-life example that came in a couple of
minutes ago.  SPAMMER sent an email to USER@FOO with my
address forged as sender.  USER was clueless but not
malicious and replied asking to be "removed".

An annoyance but understandable.

However, had SPAMMER forged a SORBS honeypot as sender
instead of me, ISP FOO would now be SORBS-listed.  Even
if FOO had a simple and perfect config with absolutely
no backscatter.

Avoid SORBS.  Minimize backscatter.  Use several good RBLs.

Next topic please!

--Mike Bird

Reply to: