RE: Sorbs.net DNS Blacklist



There is an awful lot of virus/spam traffic that deliberately
disguises itself as RFC821 bounce messages.

However, since bounce messages *are* required by RFC821, it
seems to me that outfits like sorbs.net need to therefore
cultivate some expertise in differentiating faked bounces
from the real thing. I suspect that sending a message to
the allegedly bouncing address and examining the response,
if any, would be pretty conclusive.

If they can't be bothered to do that, they're members of
the problem set rather than the solution set.

David Gillett


-----Original Message-----
From: Dan Denton [mailto:ddenton@xxxxxxxxxxxxxxxxx]
Sent: Thursday, March 09, 2006 1:55 PM
To: Dan Denton; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Sorbs.net DNS Blacklist

I've got some updated info since the original posting. I
spoke by email with a gent at payments@xxxxxxxxx, and was
told that the reason we were blacklisted was that a spammer
sent a message from a forged username at a particular domain.
The email hit an address at our server that was no longer in
use, and of course a bounce message was sent back saying the
address doesn't exist.

Evidently, this response is considered spam in and of itself
by sorbs.net, and that's what got us on the blacklist. Never
mind that we were the ones who got spammed in the first
place, and our mail gateway was only doing what it was
supposed to do. I was told that if we ceased such
"harassment", then we would be removed from the blacklist.

Symantec, who makes our gateway, has it documented on their
website that this feature cannot be disabled, and that such
responses are required by RFC 821. I can see the point. If
there's no response to the sender of an email who
accidentally puts a typo in the email address they're sending
to, how the heck would they know if their email reached the
correct party or not? They'd receive no response from a real
user, and they'd probably wonder why they're being ignored.
In a business setting, that behavior could lose you money real quick.

Can anyone please let me know if I'm the one being over-the-top here?
I'd also still like to hear other people's input or
experience with these folks.

-----Original Message-----
From: Dan Denton
Sent: Thursday, March 09, 2006 9:31 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Sorbs.net DNS Blacklist


Does anyone on the list have any prior experience with the folks at
sorbs.net? For the past few weeks a customer who uses a blacklist
supplied by them has had our emails blocked. Previous to this the
company had no problem getting our emails. People at said company want
to receive our emails and are frustrated that they can't receive them
(important stuff like invoices and statements), but their IT
admin says
he has no control over the list itself.

I went to sorbs.net, checked our status using one of their utilities,
and the IP of our mail server shows up on their list. I've
even sent in
a request to be removed from the list and have received a
ticket number.
In their procedures for delisting, they claim that you must
"donate" $50
per email they supposedly received in their spam traps, and the
donations are to be made to 2 charities of their choice. I
for one think
this is extortion, regardless of whether the intention is to stop
spammers.

Any background or experience you can share would be
appreciated. Thanks
in advance...

Dan Denton

--------------------------------------------------------------
----------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
----------
---


--------------------------------------------------------------
-------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business
Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
-------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



Relevant Pages

  • RE: Windows Log
    ... > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... > The Norwich University program offers unparalleled Infosec management ... > education and the case study affords you unmatched consulting experience. ... > Computer Emergency Response Teams, ...
    (Security-Basics)
  • RE: Re: University Degree or CISSP
    ... Subject: Re: Re: University Degree or CISSP ... > And a college education will benefit you until the day you die. ... >> Planning, Computer Emergency Response Teams, and Digital Investigations. ... >> The Norwich University program offers unparalleled Infosec management ...
    (Security-Basics)
  • Re: Securing Blackberries
    ... > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... > The Norwich University program offers unparalleled Infosec management ... > Tailor your education to your own professional goals with degree ... > Computer Emergency Response Teams, ...
    (Security-Basics)
  • Re: Windows Log
    ... >> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... >> The Norwich University program offers unparalleled Infosec management ... >> education and the case study affords you unmatched consulting experience. ... >> Computer Emergency Response Teams, ...
    (Security-Basics)
  • Re: Securing Blackberries
    ... > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... > The Norwich University program offers unparalleled Infosec management ... > Tailor your education to your own professional goals with degree ... > Computer Emergency Response Teams, ...
    (Security-Basics)