[AusNOG] Network Operators Unite Against SORBS

Sean K. Finn sean.finn at ozservers.com.au
Wed Oct 13 14:20:34 EST 2010


GFI ?

From: Scott Howard [mailto:scott at doc.net.au]
Sent: Wednesday, 13 October 2010 1:10 PM
To: Sean K. Finn
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Network Operators Unite Against SORBS

The real difference here is that SpamCop (ie, Cisco) and SpamHaus are commercial entities, with at least a percentage of customers paying  (directly or indirectly) for the services they provide.

With SORBS now being owned by GFI it'll be interesting to see what they do with it - but given that it's almost a year since they took it over I don't hold much hope for it becoming a worthwhile service as a result.

  Scott.


On Tue, Oct 12, 2010 at 7:47 PM, Sean K. Finn <sean.finn at ozservers.com.au<mailto:sean.finn at ozservers.com.au>> wrote:
SpamHaus and SPAMCOP regularly send us information from our netblocks, allowing us, and our customers to deal with the spam instead of just nuking their IP.

This inclues the quantity of matches per time period, and, they send us the offending spam email so that we can try to track it down.

This is a genuine effort by SpamCOP to help operators identify attack vectors, and having the offending emails usually helps incredibly.

Hiding in the shadows however with no transparency is wearing itself thin.

Perhaps if the individual that runs SORBS allowed ISP's (OWNERS of netblocks) to list contact details and delist themselves, while forwarding the offending emails, this may at least help us understand why we get listed, and give us tools to deal with the attack vector.

At present the only answer to sorbs is to not use sorbs. There aren't any other reliable options.

RBL's do cut out tremendous amounts of spam for us, to the point that we mirror credible RBL's in-house, amalgamate some of them and allow our customers to query a local RBL mirror for processing speed.

SORBS did not make the shortlist, although we did our homework.

S

-----Original Message-----
From: ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net> [mailto:ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net>] On Behalf Of Cole, Patrick
Sent: Wednesday, 13 October 2010 11:44 AM
To: Nick Brown; ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Network Operators Unite Against SORBS

Nick,

Regarding your last comment; Spamhaus has a great ISP area that allows network operators to ensure their superblocks are excluded from being listing and also in my experience delisting is a painless process unlike SORBS where you are lucky if you get to see the robot who decides your fate based entirely on the format of your reverse/forward DNS formatting and TTL of the records.

Barracuda is also a corporate body and again delisting is a painless process in my experience.

I am not suggesting that there is zero value, however, I think that RBLs that take the same approach as SORBS do more harm than good.

Regards,

Patrick

________________________________________
From: ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net> [ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net>] On Behalf Of Nick Brown [nick at inticon.net.au<mailto:nick at inticon.net.au>]
Sent: Wednesday, October 13, 2010 11:58 AM
To: Cole at ausnog.net<mailto:Cole at ausnog.net>; Patrick at ausnog.net<mailto:Patrick at ausnog.net>; ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Network Operators Unite Against SORBS

On 13/10/10 10:59 AM, Cole, Patrick wrote:

Personally,  I'm sick of SORBS wasting my time with their DUHL listings on IP address space that has been re-purposed from dynamic to static.   After six months of logging tickets I finally got all our static blocks delisted a few months ago, and now just in the last week suddenly the whole lot have been listed again, and their website was also broken at the time making delisting impossible.    A week later, customers are still complaining.

The problem is as a network operator the customer feels it is our responsibility to ensure that any IP assignments are free from blacklist tyranny.  It's difficult to do that without any corporate body to apply pressure to.


Agreed, this especially is the case where a end user is not directly responsible for the IP such as in a shared hosting environment. Operators who continue to use realtime blackmail lists such as SORBS don't understand the impact they have on other operators because their customers are blissfully unaware they are not receiving legitimate mail.

Nor do I see any amount of customer education ever changing this.



It's one of the most frustrating things IMO, I would definitely recommend any network operators stop using their service on general principle.  These days I believe spam may have reached the point where things like SORBS have a negligible effect anyway..


This I disagree with, we save a tremendous amount of processing power on our mail gateways by not having to scan junk that is picked up during SMTP time by Spamhaus / Barracuda RBL.





Regards,

Patrick


Nick.

************************************************************************
*PLEASE NOTE* This email and any attachments may
be confidential. If received in error, please delete all
copies and advise the sender. The reproduction or
dissemination of this email or its attachments is
prohibited without the consent of the sender.

WARNING RE VIRUSES: Our computer systems sweep
outgoing email to guard against viruses, but no warranty
is given that this email or its attachments are virus free.
Before opening or using attachments, please check for
viruses. Our liability is limited to the re-supply of any
affected attachments.

Any views expressed in this message are those of the
individual sender, except where the sender expressly,
and with authority, states them to be the views of the
organisation.
************************************************************************
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20101013/0b849a30/attachment.html>


More information about the AusNOG mailing list