Re: Sorbs.net DNS Blacklist

[Devdas Bhagat <devdas () dvb homelinux org>]

On 20/03/06 19:55 -0600, Cloy Tobola wrote:
> On Mon, 13 Mar 2006 at 23:48, Devdas Bhagat  
> <devdas_at_dvb.homelinux.org>
>
> > SORBS itself does not block you.
>
> Uh, if they are sharing blacklists that include a particular IP  
> address... I would say that they are definitely blocking something.
They are publishing a list of IP addresses. The _only_ people who are
blocking anything are the administrators/owners of the recipient's mail
servers. SORBS does not control the remote mailservers. If the recipient
MTAs admins choose to trust the list SORBS gives them, it is their
responsibility.

Without a contract guaranteeing delivery, senders have no choice about
it. "My servers, my rules" applies.

> > They do not charge you money for delisting.
>
> Really? Then why is this an issue? The fact that they don't pocket  
> the money is beside the point.
It isn't. OP brought it up.

> > Their argument is "You have done damage to the Internet
> > commons. If you want to be a good citizen, please undo the damage by
> > donating $ to <random charity>. Alternatively, wait for 90 days to be
> > delisted automatically."
>
> And what about the fact that they block IP ranges?

What about it? SORBS advertises a policy. They run their BL according to
that policy. If I agree with it, I will use it. If not, I won't.

> And what about the people that got listed because spam with faked  
> email addresses that were bounced?

Uh? Bring that to the notice of the SORBS admins. AFAIK, SORBS blocks
based on the client IP address, not the sender email.

> And what about those people on shared servers who end up blocked by  
> association?
Sucks to be them? The point of an IP based blocklist is to be able to
say "I do not want any mail from this host. I don't care who you are,
you do not have consent to send mail to my servers."

Spam is about consent, not content. I can choose not to consent to
getting mail from a netblock, a single IP, a domain, a particular email
address, anything. You do not have _any_ say in how I run my server(s).
Feel free to offer significant money for deliverability.

Devdas Bhagat

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------