Security Basics mailing list archives
RE: Sorbs.net DNS Blacklist
From: "Corey Watts-Jones" <cwattsjones () rogers com>
Date: Tue, 14 Mar 2006 11:43:38 -0500
extortion n 1: an exorbitant charge 2: unjust exaction (as by the misuse of authority); "the extortion by dishonest officials of fees for performing their sworn duty" 3: the felonious act of extorting money (as by threats of violence) Though the money isn't going to them, denying you service that could cause the loss of money for your business and asking that funds be sent *anywhere*, not just to them, counts as unjust exaction and enters into a really sticky legal realm. Really though, I just have lots of dirty words to say about anyone that is that holier-than-thou about anything. :) Corey -----Original Message----- From: Facekhan [mailto:facekhan () gmail com] Sent: Friday, March 10, 2006 4:16 PM To: Dan Denton; security-basics () securityfocus com Subject: Re: Sorbs.net DNS Blacklist I am fairly sure the receiving server does not need to send a bounce message out to the sender, just an smtp error code. I think it is either a error 553 or 550 to the other mail server. It is the originating mail server's job to produce a bounce message for the sender when it receives an error code. Standard or not, I think even that functionality is often recommended to be disabled so that spammers can't use dictionary attacks looking for live addresses and the resulting bounce messages produced are more trouble than they are worth for large email systems. Never used sorbs, but my experience is that roving black list operators take an extreme stance towards getting off the list although asking for money is a new one on me. You might just try telling them (think of it as social engineering) that you disabled the functionality and see if they will take you off the list. Don't pay them, that is clearly extortion IMHO. If they won't take you off, you might want to contact the other Admin and point out that Sorbs is blocking you for a spurious reason and is shaking you down and they may want to cease using that blocklist or otherwise whitelist you to continue doing business. Jason Dan Denton wrote:
I've got some updated info since the original posting. I spoke by email with a gent at payments () sorbs net, and was told that the reason we were blacklisted was that a spammer sent a message from a forged username at a particular domain. The email hit an address at our server that was no longer in use, and of course a bounce message was sent back saying the address doesn't exist. Evidently, this response is considered spam in and of itself by sorbs.net, and that's what got us on the blacklist. Never mind that we were the ones who got spammed in the first place, and our mail gateway was only doing what it was supposed to do. I was told that if we ceased such "harassment", then we would be removed from the blacklist. Symantec, who makes our gateway, has it documented on their website that this feature cannot be disabled, and that such responses are required by RFC 821. I can see the point. If there's no response to the sender of an email who accidentally puts a typo in the email address they're sending to, how the heck would they know if their email reached the correct party or not? They'd receive no response from a real user, and they'd probably wonder why they're being ignored. In a business setting, that behavior could lose you money real quick. Can anyone please let me know if I'm the one being over-the-top here? I'd also still like to hear other people's input or experience with these folks. -----Original Message----- From: Dan Denton Sent: Thursday, March 09, 2006 9:31 AM To: security-basics () securityfocus com Subject: Sorbs.net DNS Blacklist Does anyone on the list have any prior experience with the folks at sorbs.net? For the past few weeks a customer who uses a blacklist supplied by them has had our emails blocked. Previous to this the company had no problem getting our emails. People at said company want to receive our emails and are frustrated that they can't receive them (important stuff like invoices and statements), but their IT admin says he has no control over the list itself. I went to sorbs.net, checked our status using one of their utilities, and the IP of our mail server shows up on their list. I've even sent in a request to be removed from the list and have received a ticket number. In their procedures for delisting, they claim that you must "donate" $50 per email they supposedly received in their spam traps, and the donations are to be made to 2 charities of their choice. I for one think this is extortion, regardless of whether the intention is to stop spammers. Any background or experience you can share would be appreciated. Thanks in advance... Dan Denton ------------------------------------------------------------------------ --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity
Planning,
Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Sorbs.net DNS Blacklist Dan Denton (Mar 09)
- Re: Sorbs.net DNS Blacklist Javier Larrea Jaspe (Mar 10)
- Re: Sorbs.net DNS Blacklist Greg Armer (Mar 10)
- Re: Sorbs.net DNS Blacklist Alvin Oga (Mar 10)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 13)
- RE: Sorbs.net DNS Blacklist Kelly Winters (Mar 13)
- Re: Sorbs.net DNS Blacklist Daniel Gil (Mar 13)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 13)
- <Possible follow-ups>
- RE: Sorbs.net DNS Blacklist Dan Denton (Mar 10)
- Re: Sorbs.net DNS Blacklist Facekhan (Mar 13)
- RE: Sorbs.net DNS Blacklist Corey Watts-Jones (Mar 14)
- RE: Sorbs.net DNS Blacklist David Gillett (Mar 13)
- Re: Sorbs.net DNS Blacklist Dale Fay (Mar 13)
- RE: Sorbs.net DNS Blacklist Dan Tesch (Mar 13)
- Re: Sorbs.net DNS Blacklist John Mason Jr (Mar 13)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 13)
- Re: Sorbs.net DNS Blacklist Facekhan (Mar 13)
- Re: Sorbs.net DNS Blacklist jfvanmeter (Mar 10)
- RE: Sorbs.net DNS Blacklist Beilin Zhang (Mar 10)
- RE: Sorbs.net DNS Blacklist Joseph (Mar 13)
- RE: Sorbs.net DNS Blacklist Dan Denton (Mar 13)
- RE: Sorbs.net DNS Blacklist Jason Williams (Mar 14)
(Thread continues...)