SORBS Revisited
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6128
Printed Date: 02 April 2025 at 12:42am
Topic: SORBS Revisited
Posted By: Desperado
Subject: SORBS Revisited
Date Posted: 29 June 2007 at 12:40pm
Anyone have any thoughts on how to somehow discredit SORBS? I posted earlier about how they use extortion and very questionable criteria in adding IP's .... Well, they decided to expand an already bogus IP block range to include our primary mail server because we refused to pay the extortion for the incorrect blocking. The original "Spam" (a DOUBLE OPT IN/ OPT OUT Newsletter), did not even originate from our network. SORBS has gone too far and no ISP should use them unless they want a huge number of false positives.
-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com
|
Replies:
Posted By: jerbo128
Date Posted: 29 June 2007 at 11:38pm
|
I personally did not know SORBS was such a DIC*.
Can I ask what MAPS servers some of you are using. Currently we are using the following. Not for any reason, but simply because we don't know of any others:
sbl-xbl.spamhaus.org, true
bl.spamcop.net, true
combined.njabl.org, true
We were also using SORBS, but ended that today.
Anyone care to comment on what works for them?
JP
|
Posted By: mbrusl
Date Posted: 30 June 2007 at 5:10pm
Personally I put all the spammer domain names in the keywords blacklist and that has been helping alot
Michael
|
Posted By: Desperado
Date Posted: 02 July 2007 at 11:25am
|
jerbo128,
I use:
zen.spamhaus.org
bl.spamcop.net
combined.njabl.org
For SURBL:
black.uribl.com
multi.surbl.org
The 2nd one may, in fact, not be required as it seems to be included in surbl.org.
-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com
|
Posted By: IKILLSPAM1
Date Posted: 02 July 2007 at 2:13pm
|
jerbo you will need to remove sbl-xbl as zen is replacing it and sbl-xbl will no longer work. Tried to get on spamhaus website but it appears to be down. Take my word tho.
I use
MAPS - (alittle excessive but has worked fine for me)
zen.spamhaus.org, true
dnsbl-2.uceprotect.net, true
dnsbl.sorbs.net, true
dnsbl.tqmcube.com, true
SURBL
multi.surbl.org
multi.uribl.com
|
Posted By: IKILLSPAM1
Date Posted: 02 July 2007 at 2:19pm
|
Oh and I was using combined and spamcop but didnt appear to be getting many, if any hits. spamhaus seems to grab most of them. figured removing 2 addtional DNSBL's would lessen DNS requests etc.. so it wasnt worth it to leave them in.
My top blacklists stat wise are:
Country Blacklists - 20,000
MAPS - 15,000
SFDB - 10,000
IP Blocked by honeypot - 3,500
Keywords - 2,500
PTR - 1,500
Bayesian - 1,500
Invalid MX - 1,500
Out of 430,000 attempts, 330,000 blocked. Sickening actually
|
Posted By: Daspanka
Date Posted: 09 July 2007 at 11:08pm
Another SORBS victim here. I actually just waited until the weekend and
switched IP's for my mailserver with another in my pool. I think Mathew
Sullivan and SORBS are on borrowed time.
Several years ago, Spamcop tried their hand at Extortion as well. They
would send out emails to postmasters of domains at random, claiming
that spam had been reported from the domain, and if you didn't sign up
with them for $30, they would blacklist you. When confronted, they
would deny that they sent the message. I reported them to the
Department of Justice (back before the Internet Crimes task force) and
sent them a link to the page I used to turn them in, along with all the
domains they had threatened me on (I'm a third party support company).
I never heard from them again.
Advice. Loose Spamcop. Also njabl.org (Not Just Another Bogus List)
behaves like a bunch of 8 year olds. As far as I'm concerned Spamhaus
and SURBL are the only lists not run by extortionists, 19-year old
geeks on a power trip, or 40 year olds whom still live in their parents
basement. I nixed them all except spamhaus.org and Multi-surbl.org. My
false positives are all but gone, and it had almost no negative impact
on the spam.
If you guys haven't seen it, here's some interesting reading on SORBS, check the ALan Brown part of the story:
http://www.iadl.org/sorbs/sorbs-story.html
And an interesting perspective on MAPS and Paul Vixie: http://www.dotcomeon.com/
Just my .02
|
Posted By: Desperado
Date Posted: 10 July 2007 at 9:31am
|
Daspanka,
My response to your comments (which for the most part seem to reflect my feelings): I have found that SpamCop, since being bought up by Iron Port, really seems much better than their horrible past. At least their list has an auto time out. We actually get daily reports from them and have found them useful in identifying customers that have compromised systems. However, Since I use Spamhaus *first* in my list, SpamCop has very limited value. Now, njabl ... I have not experienced any negative issues with them *YET* but again, little value except to catch some of the stuff the sneaks past the SpamHaus list.
Your comment "extortionists, 19-year old geeks on a power trip, or 40 year olds whom still live in their parents basement." .... well put and way more polite than I would have been! BTW, there is a registered domain "sorbs-sucks.com" that has yet to put anything up that will help but I have contacted the registrant to see if he need help getting rolling. For really interesting reading, go to Google and search for "sorbs sucks". There are some VERY angry people out there.
Thanks for your comments and links!
-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com
|
|