RE: Sorbs.net DNS Blacklist

["Kelly Winters" <kelly.winters () verizon net>]

Hello Dan,
I work for an isp and we deal with these self-proclaimed guardians of the
internet daily. Some of the lists are impossible to get off, like Spews.org.
(Check out their FAQ, they even tell you that there is no support, no
guarantee, nothing.)

All you can do is try to "educate" the people who have chosen to use one of
these extremely unreliable methods of filtering their email. It is
ultimately their choice. The services are mostly free, and you really do get
what you pay for.

Another option is to see if your ISP will give you a new block if IP's that
have been "scrubbed" to make sure you aren't inheriting another blacklisted
block.

There are much more reliable and configurable options out there for those
wishing to blacklist (or whitelist) email senders.

Good luck,
kw

-----Original Message-----
From: Dan Denton [mailto:ddenton () PAYLESSOFFICE com] 
Sent: Thursday, March 09, 2006 9:31 AM
To: security-basics () securityfocus com
Subject: Sorbs.net DNS Blacklist

Does anyone on the list have any prior experience with the folks at
sorbs.net? For the past few weeks a customer who uses a blacklist supplied
by them has had our emails blocked. Previous to this the company had no
problem getting our emails. People at said company want to receive our
emails and are frustrated that they can't receive them (important stuff like
invoices and statements), but their IT admin says he has no control over the
list itself. 

I went to sorbs.net, checked our status using one of their utilities, and
the IP of our mail server shows up on their list. I've even sent in a
request to be removed from the list and have received a ticket number.
In their procedures for delisting, they claim that you must "donate" $50 per
email they supposedly received in their spam traps, and the donations are to
be made to 2 charities of their choice. I for one think this is extortion,
regardless of whether the intention is to stop spammers.

Any background or experience you can share would be appreciated. Thanks in
advance...

Dan Denton

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management education and the
case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------