Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - SORBS DNSBL Too Aggressive
  FAQ FAQ  Forum Search   Register Register  Login Login

SORBS DNSBL Too Aggressive

 Post Reply Post Reply
Author
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Topic: SORBS DNSBL Too Aggressive
    Posted: 16 May 2007 at 5:15pm
All,
 
I am writing this as both a warning about dnsbl's and also to vent somewhere.  I will let Logsat take this down if it ruffles too many feathers.
 
We are a small ISP in CT, USA and about a year ago we stopped using SORBS due to the excessive number of false positives reported by our users.  Now they have dinged us.  We have a reputable business customer that runs an opt-in/opt-out newsletter.  We have, and continue to verify that all their mailings are compliant and, in fact pass through our filters regularly.  However, over a 3 month period, 6 (yes that is SIX) complaints were sent to SORBS.  This, by the way, was 6 out of MILLIONS of newsletters sent during that period.  Now, here is the good part .... the actual mailings are not done on our network but through a 3rd party.  SORBS saw that the customer's WEB server is on our network and blocked an entire class C.  When we contacted them and explained exactly what the customer does, who their principals are, where they are located, how many people they employ and offered to look at the headers of the complaints so we could verify the sign up date, time and IP, they accused us of "lying as all spammers do" and told us that they will not take the block off unless we fire the customer ... which we are not going to do as they are a major customer running a legitimate business.
 
The IP block that they chose to block has NEVER been on any other lists and still is not.  Also, we have several customers such as a local newspaper, an entire town including their Police Department, A weather station ...etc.on that IP segment.  Their comment to this information was "Good ... then you will loose those customers too".
 
Bottom line ... the above is not a way to run a responsible black list that unsuspecting businesses use for email server security.  I had never, up to this point in my 55 years been treated with such arrogance, and flat out nastiness.  Not a service I want on my team.  Spamhaus, on the other hand, has always done a great job al leaving emotion out of the dnsbl world and has always responded in a timely and reasonable way to any blocks we felt needed removal.  Spamcop, well ... they have come a very long way and we also use them with great success along with njabl.org.   We have tried many others but eventually end up removing them due to high levels of "broad sweep" blocking tactics and stale info causing high false positives.
 
I really would enjoy any opinions ... as long as you aren't working for SORBS!
 
PS:  I just found this link and although it is an old one, it still applies!


Edited by Desperado
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 16 May 2007 at 8:54pm

I feel you pain. Maybe you ought to put that one large customer on their own mailserver?

We had a  customers web site php form that got compromised and pumped out tons of spam out our main mail server and we were on everyones sh!t list. Luckily we had just gotten a new class C and were able to use one of the new IP's as our outgoing mail server. We now no longer let any of our web site customers use our primary web servers for web form data or sending emails from their website and have a dedicated IP & mail server on a different subnet than our main outgoing mail gateway server for that purpose.

http://www.webguyz.net
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 16 May 2007 at 9:09pm

WebGuyz,

You have to understand that the mail server that does their large mailings is NOT on our network at all.  Just their web server.  AND, the IP that actually does the mailings .... is not on ANY Blacklist.  At no time, did the block that SORBS listed EVER send mail out except for the other customers who mail a couple of hundred normal messages a day each.  SORBS listed the /24 because the owner of the web server "Was the benefactor of the mailings" from totally different ISP's ... NOT US.

The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 16 May 2007 at 9:48pm
Ok, I guess I don't feel your pain, but it still sucks.
http://www.webguyz.net
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 16 May 2007 at 10:01pm
Yes ... it really does.  We still have a few cards up our sleeves to get this cleared up but I am not holding my breath!
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
sgeorge View Drop Down
Senior Member
Senior Member


Joined: 23 August 2005
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote sgeorge Quote  Post ReplyReply Direct Link To This Post Posted: 16 May 2007 at 10:40pm
Dan, that is completely ridiculous on the part of sorbs.  It bothers me to no end to find when the people in charge of an external domain or blacklist would rather tease and dismiss me rather than listen to a brief explanation of what's transpired.

And to see them take such a broad and aggressive stroke as to block your Web server's entire block C... that just takes the cake!  I've NEVER heard of something so lazily and belligerent from a major blacklist.

Glad to hear that you've got at least one more card up your sleeve.  I hope that things work out and that your fair-playing customers see this disruption to service lift quickly.

-Stephen
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.078 seconds.