Loading ...
Sorry, an error occurred while loading the content.

SORBS and mailing lists

Expand Messages
  • Florian Effenberger
    Hello, sorry if this mail does not belong here, but maybe some other admins share the same burden. :-) Probably a never ending story, according to googling a
    Message 1 of 7 , May 31, 2011
    • 0 Attachment
      Hello,

      sorry if this mail does not belong here, but maybe some other admins
      share the same burden. :-)

      Probably a never ending story, according to googling a bit, but:
      Anyone has recent experience with SORBS? One of the servers I
      administer has been hitten several times by SORBS. The messages
      referred to are from a user mailing list with double opt-in,
      appropriate headers, a named human contact and subscription
      information in the footer, and the content has not been spam at all.
      So, the recipient must have subscribed himself, and subscription works
      the same way than subscribing. I cannot see any spam occurence in
      this.

      Explaining this to them in their ticket system is rather, well... tedious?

      Is it worth struggling with them, or shall I just ignore the listing
      (and the resulting bounces due to falsely configured mail servers
      using SORBS as stopper criteria)?

      Thanks,
      Florian
    • Stan Hoeppner
      ... Correct. This subject is totally off topic here. Asking for help configuring Postfix to use a DNSBL is on topic. Discussion WRT being listed by a DNSBL
      Message 2 of 7 , May 31, 2011
      • 0 Attachment
        On 5/31/2011 5:18 PM, Florian Effenberger wrote:
        > Hello,
        >
        > sorry if this mail does not belong here, but maybe some other admins
        > share the same burden. :-)

        Correct. This subject is totally off topic here. Asking for help
        configuring Postfix to use a DNSBL is on topic. Discussion WRT being
        listed by a DNSBL is totally inappropriate here.

        Try SDLU, NANOG, mailop, etc. Please don't pollute this list with such
        garbage.

        --
        Stan
      • lst_hoe02@kwsoft.de
        ... It is the duty of the *receiving* end to carefully choose which RBLs to use. If they choose to use a unreliable one, they got what they deserve. You might
        Message 3 of 7 , Jun 1, 2011
        • 0 Attachment
          Zitat von Florian Effenberger <floeff@...>:

          > Hello,
          >
          > sorry if this mail does not belong here, but maybe some other admins
          > share the same burden. :-)
          >
          > Probably a never ending story, according to googling a bit, but:
          > Anyone has recent experience with SORBS? One of the servers I
          > administer has been hitten several times by SORBS. The messages
          > referred to are from a user mailing list with double opt-in,
          > appropriate headers, a named human contact and subscription
          > information in the footer, and the content has not been spam at all.
          > So, the recipient must have subscribed himself, and subscription works
          > the same way than subscribing. I cannot see any spam occurence in
          > this.
          >
          > Explaining this to them in their ticket system is rather, well... tedious?
          >
          > Is it worth struggling with them, or shall I just ignore the listing
          > (and the resulting bounces due to falsely configured mail servers
          > using SORBS as stopper criteria)?

          It is the duty of the *receiving* end to carefully choose which RBLs
          to use. If they choose to use a unreliable one, they got what they
          deserve. You might check your listing here http://multirbl.valli.org/
          to see if others are also listing you.

          Regards

          Andreas
        • Florian Effenberger
          Hi, ... indeed, but still, there are many postmasters out there, solely relying on SORBS. ... We aren t, and we also have a whitelisting at DNSWL. Given what I
          Message 4 of 7 , Jun 1, 2011
          • 0 Attachment
            Hi,

            2011/6/1 <lst_hoe02@...>:

            > It is the duty of the *receiving* end to carefully choose which RBLs to use.
            > If they choose to use a unreliable one, they got what they deserve. You

            indeed, but still, there are many postmasters out there, solely
            relying on SORBS.

            > might check your listing here http://multirbl.valli.org/ to see if others
            > are also listing you.

            We aren't, and we also have a whitelisting at DNSWL. Given what I read
            about SORBS at Google, it seems not to be worth to struggle with them,
            as they seem to be at least slow in replying, and maybe not doing
            anything at all. Just wanted to hear if someone has a hands-on
            experience from recent months, if situation has changed and pursuing
            getting our ticket reply might be worth the efforts. ;-)

            However, if this is not appropriate for this list, I'm happy for
            offlist replies, of course.

            Florian
          • Florian Effenberger
            Hello, thanks for the fast replies. For me, the problem has been solved in the meantime. SORBS indeed reacted quite fast (thanks again!). What I am missing,
            Message 5 of 7 , Jun 2, 2011
            • 0 Attachment
              Hello,

              thanks for the fast replies. For me, the problem has been solved in
              the meantime. SORBS indeed reacted quite fast (thanks again!). What I
              am missing, though, is how to avoid that in the future. It is most
              likely to happen that from time to time someone doesn't manage how to
              get from the mailing lists they've subscribred to, and then sends a
              spam complaint, rather than contacting
              us.

              So, we can do as much as we can on our side, but if users make errors,
              and miss talking to us, it will be hard to avoid it in total, so if
              there is any best practice on this, that would be indeed helpful.

              But this, as far as I understood, is off-topic, so I'll discuss offlist. :)

              Thanks,
              Florian
            • /dev/rob0
              ... Good! ... DNSBLs such as SORBS are generally driven by spamtrap addresses, not complaints from humans. They have never-used email addresses, which when hit
              Message 6 of 7 , Jun 2, 2011
              • 0 Attachment
                On Thu, Jun 02, 2011 at 01:23:11PM +0200, Florian Effenberger wrote:
                > thanks for the fast replies. For me, the problem has been solved in
                > the meantime. SORBS indeed reacted quite fast (thanks again!). What

                Good!

                > I am missing, though, is how to avoid that in the future. It is
                > most likely to happen that from time to time someone doesn't
                > manage how to get from the mailing lists they've subscribred to,
                > and then sends a spam complaint, rather than contacting us.

                DNSBLs such as SORBS are generally driven by spamtrap addresses, not
                complaints from humans. They have never-used email addresses, which
                when hit once or twice should not trigger a listing, but when the
                sending continues, listing occurs.

                The rationale behind that is that a spammer bot might have entered
                the trap address into a web form, and it's proper for that web form
                to send one confirmation mail. That's what NON-spammy bulk mailers
                do. Spammers just continue to send without the confirmation.

                You need to understand that anyone can decide to publish a DNSBL,
                listing on any arbitrary basis they might choose. And any mail
                operator can decide to use that DNSBL, then publishing his config in
                a HOWTO blog for the next hapless/clueless Googler. Of course it is
                quite possible for some DNSBLs to be trigger-happy: listing on a
                single spamtrap hit. Lists like that will list many legitimate list
                servers. If a receiver is foolish enough to rely on unreliable
                DNSBLs, there is nothing you can do about it.

                Email is a mess.

                > So, we can do as much as we can on our side, but if users make
                > errors, and miss talking to us, it will be hard to avoid it in
                > total, so if there is any best practice on this, that would be
                > indeed helpful.

                Best practice is to do what Mailman and majordomo and just about
                every known legitimate list server does: confirm addresses before
                adding the subscription.

                There's nothing more you can do beyond doing the right thing. My
                personal opinion is that it's wrong to work around the mistakes of
                incompetent mail admins. Those mistakes are exacerbating the spam
                problem.

                > But this, as far as I understood, is off-topic, so I'll discuss
                > offlist. :)

                As Stan mentioned (thanks Stan), this would be welcome on SDLU:
                http://spammers.dontlike.us/
                --
                Offlist mail to this address is discarded unless
                "/dev/rob0" or "not-spam" is in Subject: header
              • Jozsef Kadlecsik
                ... Unfortunately current stable Mailman 2.1.x can easily be abused by spammers. See my bugreport https://bugs.launchpad.net/mailman/+bug/410236 Best regards,
                Message 7 of 7 , Jun 2, 2011
                • 0 Attachment
                  On Thu, 2 Jun 2011, /dev/rob0 wrote:

                  > > So, we can do as much as we can on our side, but if users make
                  > > errors, and miss talking to us, it will be hard to avoid it in
                  > > total, so if there is any best practice on this, that would be
                  > > indeed helpful.
                  >
                  > Best practice is to do what Mailman and majordomo and just about
                  > every known legitimate list server does: confirm addresses before
                  > adding the subscription.

                  Unfortunately current stable Mailman 2.1.x can easily be abused by
                  spammers. See my bugreport https://bugs.launchpad.net/mailman/+bug/410236

                  Best regards,
                  Jozsef
                  -
                  E-mail : kadlec@..., kadlec@...
                  PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
                  Address : KFKI Research Institute for Particle and Nuclear Physics
                  H-1525 Budapest 114, POB. 49, Hungary
                Your message has been successfully submitted and would be delivered to recipients shortly.