[R-390] QTH.NET and the sorbs conspiracy

w9ya at arrl.net w9ya at arrl.net
Wed Dec 7 17:59:13 EST 2005 

Hey Mike and the gang;

That is all well and good OM except for one thing: Your diagnosis and such
below ASSUMES that SORBS only blocks with care and with repeated offenses
and etc.

HOWEVER that is not the case. I run my own email, and some of which was
blocked not by ip address but by domain, which in one case I both owned
and was the ONLY email account that originated. I was NOT generating any
spam, viruses ladened email, etc. which was/is document-able. YET I was
STILL listed by SORBS. Their reasons were specious and the details of
which are convoluted and NOT worth discussing herein.

Nonetheless I was black-listed by SORBS and my ONLY choice was to pay them
large amounts of money to be unlisted. <- That was what the original email
on this thread was about and I agree with the author of that email: SORBS
is a rip-off.


Vy 73;

Bob
w9ya


> On Wed, Dec 07, 2005 at 08:01:51AM -0500, Jim M. wrote:
>> Apparently Tom Norris is using Google mail (gmail).  Google embeds
>> advertising to pay for the "free" service.  Does this advertising find
>> its  way into outgoing emails and get blocked by sorbs?  The sorbs
>> website is  http://www.us.sorbs.net/   maybe that can help.
>
> I do mail filtering and security for a living, as you might infer from
> my sig block. This is a subject which pays my salary and determines
> whether my annual evaluation will be good or bad. It's near and dear to
> my heart, and I've been doing it long enough (10 years now) to be able
> to speak abouot it with some credibility.
>
> As others have written earlier in this thread, SORBS distributes a list
> of  IP addresses and blocks from which spam is known to have come. SORBS
> does   not block anything; it provides a means for others to decide to
> block or    not (or, in my case, to add to a score or not) depending on
> whether or not  the sending IP address is listed in SORBS.
>
>
> Google Mail (gmail.com), as handy as it undoubtedly is, is a prolific
> source of spam, and so gmail.com's outbound mail servers are listed in
> SORBS. Google has been unresponsive to repeated complaints from *BIG*
> outfits, like AOL, Cox Cable, and Time-Warner, about the volume of spam
> coming from its IP space, and I suppose that the SORBS operators got
> enough valid reports of these spams to cause gmail to be listed. _I_ use
> gmail, and _I_ think it should be listed, because of all the spam I get
> from gmail.
>
> This is not vigilantes riding to Save The Internet. It's not people who
> want to hurt other people. It's _NOT_ a conspiracy, despite what the
> subject says. It's just people who run mailservers, trying to keep spam
> from consuming their bandwidth, disk storage, processor busy, and
> administrative resources. This is self-regulation at work. Absent a
> contract, we're not obliged to accept mail from anyone else, and even an
> ISP has the right under existing law to apply such filters as it sees
> fit to use.
>
> Here's what I've seen so far in December:
>          Mails   spamassassin   rejected      scanner       total mails
> Total   says 'spam'    by ruleset    says virus    undelivered
>  Dec   1 20051  6334 (31.59%) 4549 (22.69%) 1385 ( 6.91%) 12268 (61.18%)
> Dec   2 19744  6822 (34.55%) 4329 (21.93%) 1710 ( 8.66%) 12861 (65.14%)
> Dec   3 13282  5908 (44.48%) 3944 (29.69%) 1225 ( 9.22%) 11077 (83.40%)
> Dec   4 13394  5413 (40.41%) 3999 (29.86%) 1418 (10.59%) 10830 (80.86%)
> Dec   5 18456  6103 (33.07%) 5173 (28.03%) 1540 ( 8.34%) 12816 (69.44%)
> Dec   6 18769  6483 (34.54%) 4533 (24.15%) 1511 ( 8.05%) 12527 (66.74%)
>
> The "spamassassin says 'spam'" column is based on the total score of a
> piece of mail after SpamAssassin checks body and headers against some
> thousands of rules, specifically including SORBS. If the score is over a
> threshold that I set, the mail is marked as spam and not delivered.
>
> That's how things work here at ODOT and at other places which use
> MailScanner and SpamAssassin. Other places may just check the SORBS
> list and various other DNSBLs, and reject mail which comes from listed
> servers. We could do that, but it's a bit Draconian for my management
> right now.
>
> We just spent $20K on hardware to run the mailfilter software, and I
> get paid something like $40K per year. That last is public record, so I
> don't mind sending it to the list. That's a bunch to spend just to  get
> the spam down to a manageable level, but it's what it takes here.
>
> The problem is that spam makes up something like 60% to 90% of all the
> mail on the Internet, and it's only getting worse. I catch flak because
> I don't catch enough; that means I should screw down the filters, but
> doing that means that I'll plonk too much real business-related mail.
>
> Each ISP or other mailserver administrator has to make his own decisions
> on what to do, and it's damned hard.
>
> When I complain to ISPs about the spam they (or their subscribers) emit,
> I  usually include one or more of these as food for thought:
>
> o         End-to-end connectivity is the "coin of the realm" for
>           internet operations. Use it wisely. You only control
>           your end of it.
>
> o         ISPs sell connectivity to the world. They provide
>           connectivity to their own facilities. The "product"
>           they sell depends upon the forebearance of millions of
>           other systems whose cooperation is REQUIRED for them
>           to not be fraudulently selling something they cannot
>           provide.
>
> o         Being a "good net neighbor" isn't just some geeky hippy
>           touchy feely nor politically correct concept. It's the
>           core usability of the Internet, and inherent in its
>           technical designs. It's the way it works, and it isn't
>           going away.
>
> o         "You are a _guest_ here, and an uninvited one at that.
>           Stop behaving as if you were the landlord."
>
> o         Part of being a provider is taking responsibility for
>           what leaves your network. If every provider did this,
>           each provider would be spending most of their time
>           managing mail from ONE network, their own. Instead,
>           every provider has to manage the mail flow from every
>           other provider. Huge waste of resources. -- CM Borgia
>
> o         This is about doing the right thing, not about having
>           the contractual right to do a questionable thing.
>
> --
> Mike Andrews
> mikea at mikea.ath.cx, mandrews at odot.org
> Information Security
> Oklahoma Department of Transportation
> _____________________________________________________________
> R-390 mailing list
> Home: http://mailman.qth.net/mailman/listinfo/r-390
> Help: http://mailman.qth.net/faq.htm
> Post: mailto:R-390 at mailman.qth.net
> Unsubscribe: http://mailman.qth.net/mailman/options/r-390

More information about the R-390 mailing list