blacklisting by SORBS

Paul Howarth paul at city-fan.org
Tue Aug 16 16:07:32 UTC 2005


Scot L. Harris wrote:
> On Tue, 2005-08-16 at 10:36, Thomas Cameron wrote:
> 
>>>This is not strictly a Fedora question, but I would like to query the list
>>>on
>>>this since it's such a large user base. Recently, our ISP has been added
>>>to
>>>the SORBS blacklist as a source of spam. We're being told that SORBS is
>>>demanding money from our ISP to remove them from the list. I can't speak
>>>to
>>>whether the ISP is or is not a source of large amounts of spam, though it
>>>seems unlikely, since they are in the Washington, DC area, and have many
>>>government agencies as clients. Two questions: Is anyone else having
>>>questionable issues with SORBS? Does it sound like extortion for such a
>>>service to be asking for money from an ISP to remove them from such a
>>>list?
>>
>>I call bull on that.  That type of crap is what makes spam-fighters look
>>like jerks.  The whole "you happen to be on the same ISP as a spammer so
>>you're being punished" argument is pure, unadulterated fertilizer.  That's
>>like saying "well, your little girl was in the same city as the bad guys,
>>so it's just too bad that she got her legs blown off in the cross-fire."
>>
>>According to the SORBS web site (http://www.us.sorbs.net/overview.shtml)
>>they are looking for a $50 "donation" - what a load of crap.
>>
>>If there is someone spamming at a certain address, I say absolutely
>>blocklist the heck out of them.  But if that ip address is not being used
>>to spam any more, then demanding money to delist the address is extortion.
>>
>>Thomas
> 
> 
> This is why blacklisting has a bad reputation and why admins should not
> use third party blacklists.  There are many examples of blacklist
> maintainers becoming over zealous in listing address ranges and stunts
> like the OP related.  Locally administered blacklists can be effective
> but it never made much sense to me to turn over control of any of my
> critical email services to a third party. 

On the other hand locally-administered blacklists tend to be "file and 
forget" - once an IP gets in there it's very unlikely to get out. The 
big advantage of a centrally managed list is that once you're out of it, 
you're out of it everywhere that list is used. Getting out of a 
multitude of local lists could be well-nigh impossible.

Anyone refusing mail based on a third-party list should be very familiar 
with the listing and de-listing policies of that list, and also whether 
or not those policies are followed (a "reputation" issue). Without that 
knowledge, use of such a list for outright blocking does indeed make 
little sense (FWIW, I'm perfectly happy rejecting mail from IPs listed 
by list.dsbl.org or sbl.spamhaus.org).

> The vast bulk of spam can be blocked using a combination of greylisting
> and spamassassin.  These are not controlled by any central authority so
> there is no chance of a central authority causing problems.

SpamAssassin does of course use third-party lists in its scoring though, 
but a listing in just one list is unlikely to cause a rejection.

Paul.




More information about the fedora-list mailing list