Security Basics mailing list archives
Re: Sorbs.net DNS Blacklist
From: John Mason Jr <john.mason.jr () cox net>
Date: Mon, 13 Mar 2006 12:58:39 -0500
Dan Denton wrote:
I've got some updated info since the original posting. I spoke by email with a gent at payments () sorbs net, and was told that the reason we were blacklisted was that a spammer sent a message from a forged username at a particular domain. The email hit an address at our server that was no longer in use, and of course a bounce message was sent back saying theaddress doesn't exist.
The "proper" way to deal with this is to reject during the smtp conversation, that way your mailserver will not generate the bounce message and get stuck in a blacklist.
<http://spamlinks.net/prevent-secure-backscatter.htm>
Evidently, this response is considered spam in and of itself by sorbs.net, and that's what got us on the blacklist. Never mind that we were the ones who got spammed in the first place, and our mail gateway was only doing what it was supposed to do. I was told that if we ceasedsuch "harassment", then we would be removed from the blacklist.
Backscatter is bad, I hope you can find a way to fix your problem The link explains it better than I can
Symantec, who makes our gateway, has it documented on their website that this feature cannot be disabled, and that such responses are required by RFC 821. I can see the point. If there's no response to the sender of an email who accidentally puts a typo in the email address they're sending to, how the heck would they know if their email reached the correct party or not? They'd receive no response from a real user, and they'd probably wonder why they're being ignored. In a business setting, that behavior could lose you money real quick.
It is not about getting the NDR but which server should generate it. John <snip> --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Sorbs.net DNS Blacklist, (continued)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 13)
- RE: Sorbs.net DNS Blacklist Kelly Winters (Mar 13)
- Re: Sorbs.net DNS Blacklist Daniel Gil (Mar 13)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 13)
- RE: Sorbs.net DNS Blacklist Dan Denton (Mar 10)
- Re: Sorbs.net DNS Blacklist Facekhan (Mar 13)
- RE: Sorbs.net DNS Blacklist Corey Watts-Jones (Mar 14)
- RE: Sorbs.net DNS Blacklist David Gillett (Mar 13)
- Re: Sorbs.net DNS Blacklist Dale Fay (Mar 13)
- RE: Sorbs.net DNS Blacklist Dan Tesch (Mar 13)
- Re: Sorbs.net DNS Blacklist John Mason Jr (Mar 13)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 13)
- Re: Sorbs.net DNS Blacklist Facekhan (Mar 13)
- Re: Sorbs.net DNS Blacklist jfvanmeter (Mar 10)
- RE: Sorbs.net DNS Blacklist Beilin Zhang (Mar 10)
- RE: Sorbs.net DNS Blacklist Joseph (Mar 13)
- RE: Sorbs.net DNS Blacklist Dan Denton (Mar 13)
- RE: Sorbs.net DNS Blacklist Jason Williams (Mar 14)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 15)
- Re: RE: Sorbs.net DNS Blacklist souldream (Mar 15)
- RE: Sorbs.net DNS Blacklist Brad Berson (Mar 16)
- Re: Sorbs.net DNS Blacklist Cloy Tobola (Mar 21)
(Thread continues...)