The real difference here is that SpamCop (ie, Cisco) and SpamHaus are commercial entities, with at least a percentage of customers paying (directly or indirectly) for the services they provide.<br><br>With SORBS now being owned by GFI it'll be interesting to see what they do with it - but given that it's almost a year since they took it over I don't hold much hope for it becoming a worthwhile service as a result.<br>
<br> Scott.<br><br><br><br><div class="gmail_quote">On Tue, Oct 12, 2010 at 7:47 PM, Sean K. Finn <span dir="ltr"><<a href="mailto:sean.finn@ozservers.com.au">sean.finn@ozservers.com.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
SpamHaus and SPAMCOP regularly send us information from our netblocks, allowing us, and our customers to deal with the spam instead of just nuking their IP.<br>
<br>
This inclues the quantity of matches per time period, and, they send us the offending spam email so that we can try to track it down.<br>
<br>
This is a genuine effort by SpamCOP to help operators identify attack vectors, and having the offending emails usually helps incredibly.<br>
<br>
Hiding in the shadows however with no transparency is wearing itself thin.<br>
<br>
Perhaps if the individual that runs SORBS allowed ISP's (OWNERS of netblocks) to list contact details and delist themselves, while forwarding the offending emails, this may at least help us understand why we get listed, and give us tools to deal with the attack vector.<br>
<br>
At present the only answer to sorbs is to not use sorbs. There aren't any other reliable options.<br>
<br>
RBL's do cut out tremendous amounts of spam for us, to the point that we mirror credible RBL's in-house, amalgamate some of them and allow our customers to query a local RBL mirror for processing speed.<br>
<br>
SORBS did not make the shortlist, although we did our homework.<br>
<font color="#888888"><br>
S<br>
</font><div><div></div><div class="h5"><br>
-----Original Message-----<br>
From: <a href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a> [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a>] On Behalf Of Cole, Patrick<br>
Sent: Wednesday, 13 October 2010 11:44 AM<br>
To: Nick Brown; <a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a><br>
Subject: Re: [AusNOG] Network Operators Unite Against SORBS<br>
<br>
Nick,<br>
<br>
Regarding your last comment; Spamhaus has a great ISP area that allows network operators to ensure their superblocks are excluded from being listing and also in my experience delisting is a painless process unlike SORBS where you are lucky if you get to see the robot who decides your fate based entirely on the format of your reverse/forward DNS formatting and TTL of the records.<br>
<br>
Barracuda is also a corporate body and again delisting is a painless process in my experience.<br>
<br>
I am not suggesting that there is zero value, however, I think that RBLs that take the same approach as SORBS do more harm than good.<br>
<br>
Regards,<br>
<br>
Patrick<br>
<br>
________________________________________<br>
From: <a href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a> [<a href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a>] On Behalf Of Nick Brown [<a href="mailto:nick@inticon.net.au">nick@inticon.net.au</a>]<br>
Sent: Wednesday, October 13, 2010 11:58 AM<br>
To: <a href="mailto:Cole@ausnog.net">Cole@ausnog.net</a>; <a href="mailto:Patrick@ausnog.net">Patrick@ausnog.net</a>; <a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a><br>
Subject: Re: [AusNOG] Network Operators Unite Against SORBS<br>
<br>
On 13/10/10 10:59 AM, Cole, Patrick wrote:<br>
<br>
Personally, I'm sick of SORBS wasting my time with their DUHL listings on IP address space that has been re-purposed from dynamic to static. After six months of logging tickets I finally got all our static blocks delisted a few months ago, and now just in the last week suddenly the whole lot have been listed again, and their website was also broken at the time making delisting impossible. A week later, customers are still complaining.<br>
<br>
The problem is as a network operator the customer feels it is our responsibility to ensure that any IP assignments are free from blacklist tyranny. It's difficult to do that without any corporate body to apply pressure to.<br>
<br>
<br>
Agreed, this especially is the case where a end user is not directly responsible for the IP such as in a shared hosting environment. Operators who continue to use realtime blackmail lists such as SORBS don't understand the impact they have on other operators because their customers are blissfully unaware they are not receiving legitimate mail.<br>
<br>
Nor do I see any amount of customer education ever changing this.<br>
<br>
<br>
<br>
It's one of the most frustrating things IMO, I would definitely recommend any network operators stop using their service on general principle. These days I believe spam may have reached the point where things like SORBS have a negligible effect anyway..<br>
<br>
<br>
This I disagree with, we save a tremendous amount of processing power on our mail gateways by not having to scan junk that is picked up during SMTP time by Spamhaus / Barracuda RBL.<br>
<br>
<br>
<br>
<br>
<br>
Regards,<br>
<br>
Patrick<br>
<br>
<br>
Nick.<br>
<br>
************************************************************************<br>
*PLEASE NOTE* This email and any attachments may<br>
be confidential. If received in error, please delete all<br>
copies and advise the sender. The reproduction or<br>
dissemination of this email or its attachments is<br>
prohibited without the consent of the sender.<br>
<br>
WARNING RE VIRUSES: Our computer systems sweep<br>
outgoing email to guard against viruses, but no warranty<br>
is given that this email or its attachments are virus free.<br>
Before opening or using attachments, please check for<br>
viruses. Our liability is limited to the re-supply of any<br>
affected attachments.<br>
<br>
Any views expressed in this message are those of the<br>
individual sender, except where the sender expressly,<br>
and with authority, states them to be the views of the<br>
organisation.<br>
************************************************************************<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</div></div></blockquote></div><br>