Spam and Open Relay Blocking System

SORBS (Spam and Open Relay Blocking System) is a list of e-mail servers suspected of sending or relaying spam (a DNS blacklist). It has been augmented with complementary lists that include various other classes of hosts, allowing for customized email rejection by its users.

Contents

History

The SORBS DNSbl project was created November 2002. It was maintained as a private list until January 6, 2003 when DNSbl was officially launched to the public. The list consisted of 78,000 proxy relays and has grown to over 3,000,000 alleged compromised spam relays.[1]

In November 2009 SORBS was acquired by GFI Software, in an attempt to enhance their mail filtering solutions.[2]

In July 2011 SORBS was re-sold to Proofpoint, Inc. [3]

DUHL

SORBS adds IP ranges that belong to dialup modem pools, dynamically allocated wireless, and DSL connections as well as DHCP LAN ranges by using reverse DNS PTR records, WHOIS records, and sometimes by submission from the ISPs themselves. This is called the DUHL or Dynamic User and Host List.[4] SORBS does not automatically rescan DUHL listed hosts for updated rDNS so to remove an IP address from the DUHL the user or ISP has to request a delisting or rescan. If other blocks are scanned in the region of listings and the scan includes listed netspace, SORBS automatically removes the netspace marked as static.

Matthew Sullivan of SORBS proposed in an Internet Draft that generic reverse DNS addresses include purposing tokens such as static or dynamic, abbreviations thereof, and more.[5] That naming scheme would have allowed end users to classify IP addresses without the need to rely on third party lists, such as the SORBS DUHL. The Internet Draft has since expired. Generally it is considered more appropriate for ISPs to simply block outgoing traffic to port 25 if they wish to prevent users from sending email directly, rather than specifying it in the reverse DNS record for the IP.[6]

SORBS' dynamic IP list originally came from Dynablock but has been developed independently since Dynablock stopped updating in December 2003.[7]

Criticism

Aggressiveness

Spam Traps

IP addresses that send spam to SORBS spamtraps are added to their spam database automatically or manually. In order to prevent being blacklisted, major free email services such as Gmail, Yahoo, and Hotmail, as well as major ISPs now implement strong[says who?] outgoing anti-spam countermeasures. However, smaller networks may still unwittingly be blocked. Because spammers use viruses, malware, and rootkits to force compromised computers to send spam, SORBS lists the IP addresses of servers that the infected system uses to send its spam. Because of this, larger ISPs and corporate networks have started blocking port 25 in order to prevent these compromised computers from being able to send email except through designated email servers.[8]

Preemptive Listings

SORBS maintains a list of networks and addresses that it believes are assigned dynamically to end users/machines, it refers to this list as the DUHL (Dynamic User/Host List) [9] which includes wide networks of computers sharing the same IP address using network address translation which are also affected (If one computer behind the NAT is allowed to send spam, the whole network will be blacklisted if the NAT IP is ever blacklisted.) This is a common method of pre-emptive blocking as most legitimate mail servers are hosted in data centers designed and provisioned for such services, the legitimate mail servers that are affected by such listings are most commonly home hobbyists running their own mail servers.

Escalated Listings

SORBS has been accused of deliberately targeting innocent users through escalated listings. Its website describes the process as follows: "An escalated listing on the other hand is where a whole network of IP addresses is listed in SORBS and all hosts and IPs (whether assigned to a single customer or multiple) are listed and therefore blocked or result in spam folder issues. Why does SORBS create escalated listings? The simple answer is to stop spam. You ask, 'How does listing innocent IPs help stop spam?' Simple, some providers don’t care about spam."[10] There have been many heated discussions on this practice as often it would appear Email users caught in this trap have no resource, because the listing applies to a block of IP addresses, and they are unable to release their own IP address. For these reasons, many[who?] believe that blacklists should be used cautiously and if false positives are a concern, should only be included as one component in wider anti-spam measures, such as SpamAssassin.

Changes

Since the acquisition by Proofpoint, Inc. full time support staff have been employed to answer delisting queries, however the first round of answers to support requests are answered automatically by robot systems. Users rejected by the robots may respond to support tickets to speak with a human being, but as it is documented in the auto-response by the robot, and not on the SORBS website many have reported that it is impossible to get a human response to their issue(s).

See also

References

External links


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Open mail relay — Mail relay diagram An open mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to send e mail through it, not just mail destined to or originating from known users.[1][2] …   Wikipedia

  • Spam-Versender — Dieser Artikel befasst sich mit dem massenhaften unerwünschtem Versand von Nachrichten. Zum gleichnamigen Dosenfleisch der Firma Hormel Foods Inc. siehe Frühstücksfleisch. Ferner ist SPAM der Name der Satire Rubrik bei Spiegel Online. Als Spam… …   Deutsch Wikipedia

  • Spam (Blog) — Dieser Artikel befasst sich mit dem massenhaften unerwünschtem Versand von Nachrichten. Zum gleichnamigen Dosenfleisch der Firma Hormel Foods Inc. siehe Frühstücksfleisch. Ferner ist SPAM der Name der Satire Rubrik bei Spiegel Online. Als Spam… …   Deutsch Wikipedia

  • Spam Harvester — Dieser Artikel befasst sich mit dem massenhaften unerwünschtem Versand von Nachrichten. Zum gleichnamigen Dosenfleisch der Firma Hormel Foods Inc. siehe Frühstücksfleisch. Ferner ist SPAM der Name der Satire Rubrik bei Spiegel Online. Als Spam… …   Deutsch Wikipedia

  • Spam — Eine typische Spam Mail, scheinbar für ein Potenzmittel (2011) Als Spam [spæm] oder Junk (englisch für ‚Abfall‘ oder ‚Plunder‘) werden unerwünschte, in der Regel auf elektronischem Weg übertragene Nachrichten bezeichnet, die dem Empfänger… …   Deutsch Wikipedia

  • Computers and Information Systems — ▪ 2009 Introduction Smartphone: The New Computer.       The market for the smartphone in reality a handheld computer for Web browsing, e mail, music, and video that was integrated with a cellular telephone continued to grow in 2008. According to… …   Universalium

  • E-mail spam — E mail spam, also known as bulk e mail or junk e mail, is a subset of spam that involves nearly identical messages sent to numerous recipients by e mail. A common synonym for spam is unsolicited bulk e mail (UBE). Definitions of spam usually… …   Wikipedia

  • Anti-spam techniques (e-mail) — To prevent e mail spam, both end users and administrators of e mail systems use various anti spam techniques. Some of these techniques have been embedded in products, services and software to ease the burden on users and administrators. No one… …   Wikipedia

  • Anti-spam techniques — To prevent e mail spam (aka unsolicited bulk email), both end users and administrators of e mail systems use various anti spam techniques. Some of these techniques have been embedded in products, services and software to ease the burden on users… …   Wikipedia

  • Mail Abuse Prevention System — The Mail Abuse Prevention System (MAPS) is an organisation that provides anti spam support by maintaining a DNSBL. They provide five black lists, categorising why an address or an IP block is listed: Real time Blackhole List (RBL), the one for… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”