SORBS - Is There a Better Spam Blacklist?

rootnl asks: "Recently I decided to upgrade my email server with better spam detection and decided to use the SORBS blacklist. It is a very aggressive blacklist and could be deemed quite effective. However, I discovered two totally legal servers currently being blocked by their Spam 'o Matic service: a Google Gmail server (64.233.182.185), and another server belonging to an ISP called Orange (193.252.22.249). Now, normally one would think these providers would probably get themselves de-listed, but the process provided revolves around donating money. As I just happen to have a friend that is using the said ISP, I have to seriously reconsider using SORBS. What is your experience with SORBS? If you have alternatives, what would you suggest as a better blacklist service?"

Never ever...

[cyberrobo]

...use RBLs at SMTP-Level without any kind of scoring algorithm (only block when $x out of $y RBLs have the IP listed) unless you don't care about your mails. There have been major fuckups with single RBLs in the past and there will be such in the future. Especially with SORBS. See http://www.google.com/search?q=sorbs+sucks [google.com].

I thought that'd be common knowledge by now, but apparently I'm mistaken.

Re:Dunno about better

[Brightest Light]

What exactly is an RBL operator supposed to do about large server parks that simply do not give a shit about the spammers residing on their network? What do you do about networks that actively aid spammers by moving them around and around to clean IP space as they're blacklisted? Playing IP whack-a-spammer went out of fashion years ago, and obviously asking politely doesn't work. Yeah, finding your ISP listed on SPEWS sucks, because there's no real way to contact them; though you can beg in NANAE and NANABL for the entertainment of the wannabe 'spam-fighters' till you're blue in the face -- but if your ISP does not care about the fact that one of their customers is stealing bandwidth, CPU cycles, and time from other people and their ISPs, what else can SPEWS do about it? My understanding of the SPEWS escalation process is that they notify the ISP about the spammer on their network, and then if nothing is done, they list the surrounding IP blocks in an ever-increasing fashion. Meaning if the ISP simply does not care that there's a spammer on their network, they are made to care by virtue of their entire netspace being (eventually) listed. What else *can* an RBL operator do when the ISP does not listen or care? I ask this as a serious question. IANASFBFNANAE (I am not a SPEWS fan boy from NANAE) - in fact, I don't directly use RBLs any longer.

it's not the providers job to delist themself

[tolonuga]

if you run a anti spam filter, it is your job to make sure your data is accurate.
but if you think your users would pressure some admin so they get back to you,
that is keeping mails hostage and not an acceptable practice.

if you do that, it is not part of the solution, it is part of the problem.

Use spam assassin with more that one RBL

[simm1701]

I prefer to use spam assassin and use a couple of RBLs with various weightings on each.

I keep the weightings quite low since I find most of the RBLs too agressive - added to the bayes and other checks however it is quite good at pushing spam into the right destination (and for the very spammy thats /dev/null)

True this means I actually have to receive and process the mail rather than just arbitarily ignoring connections, but my mail server doesn't really get that much traffic as its only personal use.

Re:SORBS should be shut down.

[finchwizard]

All 30 IP's I rent are Static, and that has never changed over the years I've owned them, my servers are also running Linux and are very secure with both Spamassassin and ClamAV scanning, as well as blocking certain mimetypes. So don't give me dynamic IP range stuff, I was lucky that my ISP managed to straighten them out, but I've had friends that aren't as lucky. Of course SORBS is going to block a high rate of spam, it's also blocking a lot of legitimate people, and the fact they are extorting people to get off the list is ludacris.

SORBS?

[sigmoid_balance]

Orange is not just an ISP. It's a multinational mobile telecom company. http://en.wikipedia.org/wiki/Orange_SA [wikipedia.org]. As far as I know, after they were bought by France Telecom, they moved many their servers to a unique class B adress space. Maybe that address you found is from the old ones, which is not used anymore for mail, so unblocking it doesn't interest them.

On the other hand, getting a blacklist like this, doesn't seem to solve your problem: getting less SPAM. Do you think spammers don't have enough money to get themselves out of blacklists? Do you think that every individual legit(not SPAM) business or server checks all, of the many, blacklists to see if he's on one of them? And if they do, how many will pay the fee to get themselves of that list?

Re:Dunno about better

[meringuoid]

The error in your reasoning starts when you assume that self-appointed do-gooders have the right to infringe the rights of third parties.

Is it the right of the owner of a mail server freely to accept or refuse messages at will? Is it his right to define whatever rules he wishes for the acceptance or rejection of email? Is there anybody in the world who has the right to order him to do otherwise?

If the answers are 'yes', 'yes' and 'no' respectively, I submit to you that it is those who would silence SORBS, SPEWS and the like who are infringing the rights of third parties, by ordering mail admins to only use means of filtering email of which they personally approve.

Re:I can't resist

[sauge]

There are a large crowd of email maintainers who believe anonymous email is important for political reasons.

I think your right on the mark though with the pharmacy analogy. We were able to implement SMTP to ESMTP quite easily so it shows people can definitely implement changes in protocols.

I also vote with people who think black hole lists are pretty much useless these days because they swallow up so many innocent people/organizations.

It would be nice to have an open source barracuda ( http://www.barracudanetworks.com/ns/?L=en [barracudanetworks.com] ) like box - these things really work well.

Wrong Layer

[jofny]

The idea of identifying/tracking/blocking content/activity/people at the IP level was always a hack at best and has long since become a complete haphazard solution. Black Lists are a bad idea that's gone on to far. Instead of putting all of that energy into building, maintaining, and implementing those lists on networks, spend some time fixing it at an app protocol or content (auth) level. Yeah, initially a lot of legit mail won't get through - but that's true of black lists as well. I know there are a lot of reasons people still do this at an IP level, but why engage in a never ending battle using methods that you -know ahead of time- will -never- solve the problem?