Security Basics mailing list archives

Re: Sorbs.net DNS Blacklist

From: John Mason Jr <john.mason.jr () cox net>
Date: Mon, 13 Mar 2006 12:58:39 -0500

Dan Denton wrote:

I've got some updated info since the original posting. I spoke by email
with a gent at payments () sorbs net, and was told that the reason we were
blacklisted was that a spammer sent a message from a forged username at
a particular domain. The email hit an address at our server that was no
longer in use, and of course a bounce message was sent back saying the

address doesn't exist.

The "proper" way to deal with this is to reject during the smtpconversation, that way your mailserver will not generate the bouncemessage and get stuck in a blacklist.


<http://spamlinks.net/prevent-secure-backscatter.htm>


Evidently, this response is considered spam in and of itself by
sorbs.net, and that's what got us on the blacklist. Never mind that we
were the ones who got spammed in the first place, and our mail gateway
was only doing what it was supposed to do. I was told that if we ceased

such "harassment", then we would be removed from the blacklist.



Backscatter is bad, I hope you can find a way to fix your problem
The link explains it better than I can


Symantec, who makes our gateway, has it documented on their website that
this feature cannot be disabled, and that such responses are required by
RFC 821. I can see the point. If there's no response to the sender of an
email who accidentally puts a typo in the email address they're sending
to, how the heck would they know if their email reached the correct
party or not? They'd receive no response from a real user, and they'd
probably wonder why they're being ignored. In a business setting, that
behavior could lose you money real quick.


It is not about getting the NDR but which server should generate it.



John

<snip>


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE

The Norwich University program offers unparalleled Infosec managementeducation and the case study affords you unmatched consulting experience.Tailor your education to your own professional goals with degreecustomizations including Emergency Management, Business Continuity Planning,Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: Sorbs.net DNS Blacklist, (continued)
- - Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 13)
- RE: Sorbs.net DNS Blacklist Kelly Winters (Mar 13)
- Re: Sorbs.net DNS Blacklist Daniel Gil (Mar 13)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 13)
- RE: Sorbs.net DNS Blacklist Dan Denton (Mar 10)
  - Re: Sorbs.net DNS Blacklist Facekhan (Mar 13)
    - RE: Sorbs.net DNS Blacklist Corey Watts-Jones (Mar 14)
  - RE: Sorbs.net DNS Blacklist David Gillett (Mar 13)
    - Re: Sorbs.net DNS Blacklist Dale Fay (Mar 13)
  - RE: Sorbs.net DNS Blacklist Dan Tesch (Mar 13)
  - Re: Sorbs.net DNS Blacklist John Mason Jr (Mar 13)
  - Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 13)
- Re: Sorbs.net DNS Blacklist jfvanmeter (Mar 10)
- RE: Sorbs.net DNS Blacklist Beilin Zhang (Mar 10)
  - RE: Sorbs.net DNS Blacklist Joseph (Mar 13)
- RE: Sorbs.net DNS Blacklist Dan Denton (Mar 13)
- RE: Sorbs.net DNS Blacklist Jason Williams (Mar 14)
  - Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 15)
- Re: RE: Sorbs.net DNS Blacklist souldream (Mar 15)
- RE: Sorbs.net DNS Blacklist Brad Berson (Mar 16)
- Re: Sorbs.net DNS Blacklist Cloy Tobola (Mar 21)

(Thread continues...)