Mark Foster wrote:
I'd encourage ISPs security guys to proactively
attempt to contact SORBS
and establish a dialogue that isnt necessarily tied to a 'we're blocked
and not happy!' message. Its less antagonising for a start.
This is the best advice in the thread. Arrogant SORBS answers are
mainly in response to four reasons: demands for anything, bad attitudes,
mentioning legal action of any type, and misunderstandings of the
English language. Of course there are exceptions and I am always open
to complaints about attitude, they can be addressed directly to me. As
for the latter issue, the volunteers come from many countries of the
world and their understanding of the English language occasionally
results in a response which others feel offends (eg. most Europeans will
be blunt and to the point - this offends most Aussies)
The listings are set up in the DNS with a 48hr TTL and
the zone is not
refreshed unless another offense occurrs. (So if you're clean for 48 hours
the entry gets purged.)
Actually this is not right. Listings are created on the reception of
spam, they have a 48 hour DNS TTL in most cases. Spam database entries
are not automatically delisted for a very long time unless the
responsible party for the address contacts SORBS and requests a delisting.
SORBS is a volunteer organisation with no contracts to support persons
listed so whilst we aim to answer people within 48 hours (and currently
the spam DB entries are getting answered within 6 hours) it can take a
long time to answer - in the past it has taken as long as 6 weeks
(particularly with respect to the DUHL), and it has been as short at 7
minutes. - if anyone wants a support contract of course they can contact
us and pay for one, that will guarantee answers and support within what
ever SLA is agreed upon.
If Paradise are listed it means one of their clients
sent something which
got listed in SORBS, and theres a complaint in the system younger than
48hours. In theory. They wont 'unlist' you by request.
If OTOH you happen to get assigned a netblock that was in their Dynamic IP
list and start using it for systems that handle mail, thats another
...and there are 2 ways to get delisted from the DUHL:
1/ take our advice on PTR setup, which is described in a document that I
will be submitting as an RFC as soon as I get around to finishing the
last changes ( here if interested:
) - of course
this doesn't mean you have to follow it, but it will help you and the
rest of the world in determining whether to accept your email (and
other) traffic or not.
2/ Have the person who is the RIR PoC contact SORBS with a list of
dynamic and static allocations. There will be a conversation by email
so if you are not the holder of the email address in the PoC you will
not be able to delist. Any organisation coming to SORBS and indicating
that a particular netblock is not dynamic and not giving any other
information will be viewed initially with suspicion - this is
particularly the case when the PoC is a main stream ISP and makes
statements like 'we don't have any dynamic allocations'.
Further, to the above, we do checkup and any deliberate misinformation
will result in SORBS taking a 'best guess' as to the nature of the
netblock(s) (as British Telecom found out before Christmas). Check ups
include monitoring addresses for connected machines and the OSs and
services they run. Obtaining local accounts from said ISP. Monitoring
virus and email emanations from each address over period such as a
month (statics have the same virus and mail from the same hosts,
dynamics tend to wander through most of the netblock)...etc...
I do agree that Companies and others for whom email
delivery is important,
should not be using systems such as SORBS.
I personally run their Dynamic IP Blacklist but nothing else.... frankly
someone on a Dynamic IP should be relaying through their ISP and not
direct to me.
There are a lot of large organisations using the SORBS DUHL as it is the
most researched on data.
I do provide a webform on my site that can be used for
people to contact
me should there be an accidental blacklisting, of course.
And if I start seeing collateral damage, i'll stop using SORBS. So far
however it hasnt been an issue, _for me personally_.
..yet more very good advice - and it doesn't just apply to SORBS
listings - it applies to all RBL services (including Spamhaus).. At my
$dayjob this is one of the first things I put up.
Matthew @ SORBS
PS: Delisting requests directly to me and not via the SORBS Support
system will generally be ignored - that is not arrogance, that is pure a
need to ensure everything is documented in the correct place.