Spam and Open Relay Blocking System
| This article relies largely or entirely upon a single source. Please help improve this article by introducing appropriate citations of additional sources. (January 2009) |
SORBS (Spam and Open Relay Blocking System) is a list of e-mail servers suspected of sending or relaying spam (a DNS blacklist). It has been augmented with complementary lists that include various other classes of hosts, allowing for customized email rejection by its users.
History
The SORBS DNSbl project was created November 2002. It was maintained as a private list until January 6, 2003 when DNSbl was officially launched to the public. The list consisted of 78,000 proxy relays and has grown to over 3,000,000 alleged compromised spam relays.[1]
In November 2009 SORBS has been acquired by GFI Software, in an attempt to enhance their mail filtering solutions.[2]
DUHL
SORBS adds IP ranges that belong to dialup modem pools, dynamically allocated wireless, and DSL connections as well as DHCP LAN ranges by using reverse DNS PTR records, WHOIS records, and sometimes by submission from the ISPs themselves. This is called the DUHL or Dynamic User and Host List.[3]. SORBS does not automatically rescan DUHL listed hosts for updated rDNS so to remove an IP address from the DUHL the user or ISP has to request a delisting or rescan. If other blocks are scanned in the region of listings and the scan includes listed netspace, SORBS automatically removes the netspace marked as static.
Matthew Sullivan of SORBS proposed in an Internet Draft that generic reverse DNS addresses include purposing tokens such as static or dynamic, abbreviations thereof, and more. That naming scheme would have allowed end users to classify IP addresses without the need to rely on third party lists, such as the SORBS DUHL. The Internet Draft has since expired. Generally it is considered more appropriate for ISPs to simply block outgoing traffic to port 25 if they wish to prevent users from sending email directly, rather than specifying it in the reverse DNS record for the IP.[4]
SORBS' dynamic IP list originally came from Dynablock but has been developed independently since Dynablock stopped updating in December 2003.[5]
Criticism
Spam database removal procedure
In order for IP addresses that have spammed in the past to be removed from the spam database, SORBS requires what it calls a "fine"[6] in the form of a US$50 donation to a registered charity, or to a SORBS approved good cause like the Joey McNicol Legal Defense Fund. This donation is only required for deletions from the spam database that have not expired automatically, and it is waived both for IP addresses that have been reallocated elsewhere or if the ISP implements outbound content-based spam countermeasures.[7][8] However, because of these requirements, SORBS's removal procedure has been compared to extortion, but SORBS says it is not.[9]
The Joey McNicol case was won on October 20, 2002,[10][11] and the fund is now used to defend other actions brought by spammers against people who fight spam.[10]
Aggressiveness
IP addresses that send spam to SORBS spamtraps are added to their spam database manually. In order to prevent being blacklisted, major free email services such as Gmail, Yahoo, and Hotmail, as well as major ISPs now implement strong outgoing anti-spam countermeasures. However, smaller networks may still unwittingly be blocked. Because spammers use viruses, malware, and rootkits to force compromised computers to send spam, SORBS might list the mail servers that the infected IP uses to send its spam. Because of this, larger ISPs and corporate networks have started blocking port 25 in order to prevent these compromised computers from being able to send email except through designated servers.[12]
Wide networks of computers sharing the same IP address using network address translation may also be affected. If one computer behind the NAT is allowed to send spam, the whole network will be blacklisted if the NAT IP is ever blacklisted. For these reasons, many[who?] believe that blacklists should be used cautiously and if false positives are a concern, should only be included as one component in wider anti-spam measures, such as SpamAssassin.
See also
References
- ↑ "Introduction and a bit of history". SORBS. June 2004. http://www.au.sorbs.net/. Retrieved 27 June 2009.
- ↑ John Leyden (2009-11-06). "Controversial email blocklist SORBS sold". http://www.theregister.co.uk/2009/11/06/sorbs_sold/. Retrieved 2009-12-05.
- ↑ "SORBS Dyname User/Host List FAQ". http://www.sorbs.net/faq/dul.shtml.
- ↑ "MAAWG". http://www.maawg.org/port25/MAAWG_Port25rec0511.pdf.
- ↑ "news.admin.net-abuse.email". http://groups.google.com/group/news.admin.net-abuse.email/browse_frm/thread/4921eaa7cdd28277/cb684dd70a502d46?lnk=st&q=dynablock+matthew+sullivan&rnum=8#cb684dd70a502d46.
- ↑ "What's all this 'fine' stuff...?". http://www.au.sorbs.net/faq/spamdb.shtml#3.
- ↑ "SORBS - Listing and Delisting Overview". http://www.dnsbl.au.sorbs.net/overview.shtml.
- ↑ "SORBS Spam Database FAQ". http://www.sorbs.net/faq/spamdb.shtml.
- ↑ "So who gets the money from this 'fine'...?". http://www.au.sorbs.net/faq/spamdb.shtml#5.
- ↑ 10.0 10.1 "T3 Direct v McNicol". http://t3-v-mcnicol.org/.
- ↑ "Favreau.info". http://www.favreau.info/display.php?page=archives2002.
- ↑ "Port 25 (Sonic.net)". http://sonic.net/support/faq/advanced/port_25.shtml.
External links
| |||||||||||||||||||
If you like SEOmastering Site, you can support it by - BTC: bc1qppjcl3c2cyjazy6lepmrv3fh6ke9mxs7zpfky0 , TRC20 and more...
- Pages using duplicate arguments in template calls
- Pages with broken file links
- Articles lacking reliable references from January 2009
- Articles with invalid date parameter in template
- All articles lacking sources
- All articles with specifically-marked weasel-worded phrases
- Articles with specifically-marked weasel-worded phrases from January 2009
- Spamming
