Loading ...
Sorry, an error occurred while loading the content.

Re: SORBS and mailing lists

Expand Messages
  • lst_hoe02@kwsoft.de
    ... It is the duty of the *receiving* end to carefully choose which RBLs to use. If they choose to use a unreliable one, they got what they deserve. You might
    Message 1 of 7 , Jun 1 12:54 AM
    • 0 Attachment
      Zitat von Florian Effenberger <floeff@...>:

      > Hello,
      >
      > sorry if this mail does not belong here, but maybe some other admins
      > share the same burden. :-)
      >
      > Probably a never ending story, according to googling a bit, but:
      > Anyone has recent experience with SORBS? One of the servers I
      > administer has been hitten several times by SORBS. The messages
      > referred to are from a user mailing list with double opt-in,
      > appropriate headers, a named human contact and subscription
      > information in the footer, and the content has not been spam at all.
      > So, the recipient must have subscribed himself, and subscription works
      > the same way than subscribing. I cannot see any spam occurence in
      > this.
      >
      > Explaining this to them in their ticket system is rather, well... tedious?
      >
      > Is it worth struggling with them, or shall I just ignore the listing
      > (and the resulting bounces due to falsely configured mail servers
      > using SORBS as stopper criteria)?

      It is the duty of the *receiving* end to carefully choose which RBLs
      to use. If they choose to use a unreliable one, they got what they
      deserve. You might check your listing here http://multirbl.valli.org/
      to see if others are also listing you.

      Regards

      Andreas
    • Florian Effenberger
      Hi, ... indeed, but still, there are many postmasters out there, solely relying on SORBS. ... We aren t, and we also have a whitelisting at DNSWL. Given what I
      Message 2 of 7 , Jun 1 1:28 AM
      • 0 Attachment
        Hi,

        2011/6/1 <lst_hoe02@...>:

        > It is the duty of the *receiving* end to carefully choose which RBLs to use.
        > If they choose to use a unreliable one, they got what they deserve. You

        indeed, but still, there are many postmasters out there, solely
        relying on SORBS.

        > might check your listing here http://multirbl.valli.org/ to see if others
        > are also listing you.

        We aren't, and we also have a whitelisting at DNSWL. Given what I read
        about SORBS at Google, it seems not to be worth to struggle with them,
        as they seem to be at least slow in replying, and maybe not doing
        anything at all. Just wanted to hear if someone has a hands-on
        experience from recent months, if situation has changed and pursuing
        getting our ticket reply might be worth the efforts. ;-)

        However, if this is not appropriate for this list, I'm happy for
        offlist replies, of course.

        Florian
      • Florian Effenberger
        Hello, thanks for the fast replies. For me, the problem has been solved in the meantime. SORBS indeed reacted quite fast (thanks again!). What I am missing,
        Message 3 of 7 , Jun 2 4:23 AM
        • 0 Attachment
          Hello,

          thanks for the fast replies. For me, the problem has been solved in
          the meantime. SORBS indeed reacted quite fast (thanks again!). What I
          am missing, though, is how to avoid that in the future. It is most
          likely to happen that from time to time someone doesn't manage how to
          get from the mailing lists they've subscribred to, and then sends a
          spam complaint, rather than contacting
          us.

          So, we can do as much as we can on our side, but if users make errors,
          and miss talking to us, it will be hard to avoid it in total, so if
          there is any best practice on this, that would be indeed helpful.

          But this, as far as I understood, is off-topic, so I'll discuss offlist. :)

          Thanks,
          Florian
        • /dev/rob0
          ... Good! ... DNSBLs such as SORBS are generally driven by spamtrap addresses, not complaints from humans. They have never-used email addresses, which when hit
          Message 4 of 7 , Jun 2 9:24 AM
          • 0 Attachment
            On Thu, Jun 02, 2011 at 01:23:11PM +0200, Florian Effenberger wrote:
            > thanks for the fast replies. For me, the problem has been solved in
            > the meantime. SORBS indeed reacted quite fast (thanks again!). What

            Good!

            > I am missing, though, is how to avoid that in the future. It is
            > most likely to happen that from time to time someone doesn't
            > manage how to get from the mailing lists they've subscribred to,
            > and then sends a spam complaint, rather than contacting us.

            DNSBLs such as SORBS are generally driven by spamtrap addresses, not
            complaints from humans. They have never-used email addresses, which
            when hit once or twice should not trigger a listing, but when the
            sending continues, listing occurs.

            The rationale behind that is that a spammer bot might have entered
            the trap address into a web form, and it's proper for that web form
            to send one confirmation mail. That's what NON-spammy bulk mailers
            do. Spammers just continue to send without the confirmation.

            You need to understand that anyone can decide to publish a DNSBL,
            listing on any arbitrary basis they might choose. And any mail
            operator can decide to use that DNSBL, then publishing his config in
            a HOWTO blog for the next hapless/clueless Googler. Of course it is
            quite possible for some DNSBLs to be trigger-happy: listing on a
            single spamtrap hit. Lists like that will list many legitimate list
            servers. If a receiver is foolish enough to rely on unreliable
            DNSBLs, there is nothing you can do about it.

            Email is a mess.

            > So, we can do as much as we can on our side, but if users make
            > errors, and miss talking to us, it will be hard to avoid it in
            > total, so if there is any best practice on this, that would be
            > indeed helpful.

            Best practice is to do what Mailman and majordomo and just about
            every known legitimate list server does: confirm addresses before
            adding the subscription.

            There's nothing more you can do beyond doing the right thing. My
            personal opinion is that it's wrong to work around the mistakes of
            incompetent mail admins. Those mistakes are exacerbating the spam
            problem.

            > But this, as far as I understood, is off-topic, so I'll discuss
            > offlist. :)

            As Stan mentioned (thanks Stan), this would be welcome on SDLU:
            http://spammers.dontlike.us/
            --
            Offlist mail to this address is discarded unless
            "/dev/rob0" or "not-spam" is in Subject: header
          • Jozsef Kadlecsik
            ... Unfortunately current stable Mailman 2.1.x can easily be abused by spammers. See my bugreport https://bugs.launchpad.net/mailman/+bug/410236 Best regards,
            Message 5 of 7 , Jun 2 11:47 AM
            • 0 Attachment
              On Thu, 2 Jun 2011, /dev/rob0 wrote:

              > > So, we can do as much as we can on our side, but if users make
              > > errors, and miss talking to us, it will be hard to avoid it in
              > > total, so if there is any best practice on this, that would be
              > > indeed helpful.
              >
              > Best practice is to do what Mailman and majordomo and just about
              > every known legitimate list server does: confirm addresses before
              > adding the subscription.

              Unfortunately current stable Mailman 2.1.x can easily be abused by
              spammers. See my bugreport https://bugs.launchpad.net/mailman/+bug/410236

              Best regards,
              Jozsef
              -
              E-mail : kadlec@..., kadlec@...
              PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
              Address : KFKI Research Institute for Particle and Nuclear Physics
              H-1525 Budapest 114, POB. 49, Hungary
            Your message has been successfully submitted and would be delivered to recipients shortly.