Security Basics mailing list archives
Re: Sorbs.net DNS Blacklist
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Mon, 13 Mar 2006 23:53:21 +0530
On 09/03/06 15:54 -0600, Dan Denton wrote:
I've got some updated info since the original posting. I spoke by email with a gent at payments () sorbs net, and was told that the reason we were blacklisted was that a spammer sent a message from a forged username at a particular domain. The email hit an address at our server that was no longer in use, and of course a bounce message was sent back saying the address doesn't exist.
WTF are you bouncing email for non-existent users instead of rejecting at SMTP time?
Evidently, this response is considered spam in and of itself by sorbs.net, and that's what got us on the blacklist. Never mind that we
And by a few others as well. Google: bounce attack spam, outscatter, backscatter. This may not sound like much to you, but when you get a million bounces (or two) because you got joe-jobbed and a bunch of bonehead admins decided to accept-then-bounce, it does becaome a serious issue.
were the ones who got spammed in the first place, and our mail gateway was only doing what it was supposed to do. I was told that if we ceased such "harassment", then we would be removed from the blacklist. Symantec, who makes our gateway, has it documented on their website that this feature cannot be disabled, and that such responses are required by RFC 821. I can see the point. If there's no response to the sender of an email who accidentally puts a typo in the email address they're sending to, how the heck would they know if their email reached the correct party or not? They'd receive no response from a real user, and they'd probably wonder why they're being ignored. In a business setting, that behavior could lose you money real quick.
_REJECT_ not _BOUNCE_. A "550 No such user" message from your SMTP gateway would work fine, let senders know that their mail has not reached its intended recipients and would be less abusive on the Internet infrastructure. Devdas Bhagat --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: Sorbs.net DNS Blacklist, (continued)
- RE: Sorbs.net DNS Blacklist Kelly Winters (Mar 13)
- Re: Sorbs.net DNS Blacklist Daniel Gil (Mar 13)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 13)
- RE: Sorbs.net DNS Blacklist Dan Denton (Mar 10)
- Re: Sorbs.net DNS Blacklist Facekhan (Mar 13)
- RE: Sorbs.net DNS Blacklist Corey Watts-Jones (Mar 14)
- RE: Sorbs.net DNS Blacklist David Gillett (Mar 13)
- Re: Sorbs.net DNS Blacklist Dale Fay (Mar 13)
- RE: Sorbs.net DNS Blacklist Dan Tesch (Mar 13)
- Re: Sorbs.net DNS Blacklist John Mason Jr (Mar 13)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 13)
- Re: Sorbs.net DNS Blacklist Facekhan (Mar 13)
- Re: Sorbs.net DNS Blacklist jfvanmeter (Mar 10)
- RE: Sorbs.net DNS Blacklist Beilin Zhang (Mar 10)
- RE: Sorbs.net DNS Blacklist Joseph (Mar 13)
- RE: Sorbs.net DNS Blacklist Dan Denton (Mar 13)
- RE: Sorbs.net DNS Blacklist Jason Williams (Mar 14)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 15)
- Re: RE: Sorbs.net DNS Blacklist souldream (Mar 15)
- RE: Sorbs.net DNS Blacklist Brad Berson (Mar 16)
- Re: Sorbs.net DNS Blacklist Cloy Tobola (Mar 21)
- RE: Sorbs.net DNS Blacklist Jim Serino (Mar 21)
(Thread continues...)