blacklisting by SORBS
paul at city-fan.org
Tue Aug 16 16:07:32 UTC 2005
Scot L. Harris wrote:
> On Tue, 2005-08-16 at 10:36, Thomas Cameron wrote:
>>>This is not strictly a Fedora question, but I would like to query the list
>>>this since it's such a large user base. Recently, our ISP has been added
>>>the SORBS blacklist as a source of spam. We're being told that SORBS is
>>>demanding money from our ISP to remove them from the list. I can't speak
>>>whether the ISP is or is not a source of large amounts of spam, though it
>>>seems unlikely, since they are in the Washington, DC area, and have many
>>>government agencies as clients. Two questions: Is anyone else having
>>>questionable issues with SORBS? Does it sound like extortion for such a
>>>service to be asking for money from an ISP to remove them from such a
>>I call bull on that. That type of crap is what makes spam-fighters look
>>like jerks. The whole "you happen to be on the same ISP as a spammer so
>>you're being punished" argument is pure, unadulterated fertilizer. That's
>>like saying "well, your little girl was in the same city as the bad guys,
>>so it's just too bad that she got her legs blown off in the cross-fire."
>>According to the SORBS web site (http://www.us.sorbs.net/overview.shtml)
>>they are looking for a $50 "donation" - what a load of crap.
>>If there is someone spamming at a certain address, I say absolutely
>>blocklist the heck out of them. But if that ip address is not being used
>>to spam any more, then demanding money to delist the address is extortion.
> This is why blacklisting has a bad reputation and why admins should not
> use third party blacklists. There are many examples of blacklist
> maintainers becoming over zealous in listing address ranges and stunts
> like the OP related. Locally administered blacklists can be effective
> but it never made much sense to me to turn over control of any of my
> critical email services to a third party.
On the other hand locally-administered blacklists tend to be "file and
forget" - once an IP gets in there it's very unlikely to get out. The
big advantage of a centrally managed list is that once you're out of it,
you're out of it everywhere that list is used. Getting out of a
multitude of local lists could be well-nigh impossible.
Anyone refusing mail based on a third-party list should be very familiar
with the listing and de-listing policies of that list, and also whether
or not those policies are followed (a "reputation" issue). Without that
knowledge, use of such a list for outright blocking does indeed make
little sense (FWIW, I'm perfectly happy rejecting mail from IPs listed
by list.dsbl.org or sbl.spamhaus.org).
> The vast bulk of spam can be blocked using a combination of greylisting
> and spamassassin. These are not controlled by any central authority so
> there is no chance of a central authority causing problems.
SpamAssassin does of course use third-party lists in its scoring though,
but a listing in just one list is unlikely to cause a rejection.
More information about the users