Time for people to stop using SORBS

I like many others thought the DUL list sorbs keeps was a good idea, that is until today.

Today I noticed a lot of bounced emails (please note I’ve had servers in the colo working fine for the past 9 months and it’s never relayed spam or anything.) and realised they’d added a subnet block to their list I had so I go ahead and ask for it to be removed and they denied my application simply because the reverse lookup on the IP appears to be dynamically allocated.

So I appeal to everyone to tell them to knock off this ridiculous practise, especially when asked to remove IPs from the ranges.

Actually it’s getting to the point that RBL lists are uselessly populated with false positives, so really is there any point in using them any more?

8 thoughts on “Time for people to stop using SORBS

  1. carl.net

    So I to use the SORBS DUL as well as about 6 others. And I admit I get some bounces. But, I never use them on servers handling business e-mail as they had had false positives since their inception. So you are right they are broken but they have been broken since they came into being. If you would like to host a new DUL I am sure we could craft rules that might make the list a bit more robust and have fewer false positives…

  2. blatz

    I second that emotion. They listed a bunch of my ip space for no reason on May 12th. Now when I put in a request for delisting, they only delist the ip address that I entered to confirm I was listed. So now am I supposed to submit 6 class C’s of ip space, one ip at a time? Great!

  3. dwlinder

    I agree. We are seeing Blocks of address ranges Being BLACKListed by SORBS. They blocked all the 216.110.x.x from Time Warner …And now when we try to send to Microsoft.com or Accenture.com they can not receive our mail . I can not belive Microsoft is using SORBS.
    They should turn it off !!

  4. jumbo

    They clearly going mad at the moment! They got us too on Thu May 18th , because of our generic rDNS. I let our provider change that DNS records, i used their support system but the response up till today is ZERO….
    But, by the way, the Problem ist not SORBS at all, the worst problem are those who use it to completely block acces to their mailservers just based on SORBS.

  5. Eelco

    Welcome to the club. I have the same problem with the njabl database.
    They produce a list of supposedly dynamic addresses (and some idiots use that list as a blacklist). Same problem as above: this is based on the reverse lookup and thus contains a huge number of false positives. Contacting njabl is almost impossible because half of the email addresses they list for contacting are invalid and if you finally find an address that does work you don’t get a reply.
    Oh well. I have decided that it is the problem for the person who should have received the email.

  6. Mark

    Hey,

    for all the server administrators out there, here’s a cool hint:

    Deactivate ALL DNS-based Anti-Spam Services like SORBS (they are all crap), instead, search the web for implementing the free “relay-delay” Anti-Spam technology (uses a “greylisting” method). It works fine for me and my sendmail based mail server, works like charm and has filtered out about 99% of all spam messages with no false-positives.

    This is how it works:

    relay-delay keeps track of every incoming e-mail with the use of a small mySQL database in the background. It remembers the senders mail address, the target address and the source IP address of every e-mail.

    If new mail arrives, source address, target address and the IP address trying to submit the message are checked against the database.

    If no matching record is found, the mail is rejected with a “service temporarily unavailible” SMTP error code, which causes real mail servers to retry later (within 5 to 30 minutes depending on the mail server configuration). Stupid bulkmailers, as they are used by most spammers, don’t understand or interpret this SMTP error correctly. They either try a second time at once (which is rejected as well, as at least 5 minutes pause is neccessary) or give up. If however the SMTP error is understood and mail is correctly re-sent by the submitting mail server after 5 to 30 minutes, the mail is considered not to be from a bulk mailer and can pass through. This is then also recorded in the database, so the sender is considered OK for immediate delivery in the future.

    relay-delay comes with a small clean-up tool (to be inserted into the system’s crontab) that cleans the database from old and useless entries.

    Using phpMyAdmin, you can easily check the statistics of relay-delay.

    After just a few days, my system has rejected about 950 from 1000 mails and the remaining 50 mails have either been legitimate mail or spam sent using regular mail servers (be sure, not more than 2 of those 50 mails!).

    Even after months, I have never missed any regular mail from arriving in my mail box (at least in theory, there can’t be false-positives) and customer feedback was great – while maybe 5-10% of my customers have been complaining about the slightly decreased delivery speed (from new, unkown senders, known senders aren’t affected), the whole rest is happy to live without any noticable spam.

    Questions? Mail to support[a-t]mscs.net .
    Need help? Mail to sales[a-t]mscs.net (EU customers only)
    (contact me in english or german only, please)

    Please note, that I am neither the developer nor and official supporter for the relay-delay tool that can be found on the web. I merely like it much and would be happy to reduce the amount of successful delivered spam on the world wide web.

    Yours
    Mark

    ~~~
    “This is NOT spam” most surely indicates spam. 😉

  7. Nevering

    I got nailed by Sorbs for what they call a dynamic IP range. None of my domains use dynamic IP’s.

    I changed the TTL for all the records on my DNS server. Now they can’t find a reverse ptr record, but DnsStuff.com can.

    They are REALLY REALLY messed up… NEVER USE THEM.

Leave a Reply