LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   All,

I am writing this as both a warning about dnsbl's and also to vent somewhere.  I will let Logsat take this down if it ruffles too many feathers.

We are a small ISP in CT, USA and about a year ago we stopped using SORBS due to the excessive number of false positives reported by our users.  Now they have dinged us.  We have a reputable business customer that runs an opt-in/opt-out newsletter.  We have, and continue to verify that all their mailings are compliant and, in fact pass through our filters regularly.  However, over a 3 month period, 6 (yes that is SIX) complaints were sent to SORBS.  This, by the way, was 6 out of MILLIONS of newsletters sent during that period.  Now, here is the good part .... the actual mailings are not done on our network but through a 3rd party.  SORBS saw that the customer's WEB server is on our network and blocked an entire class C.  When we contacted them and explained exactly what the customer does, who their principals are, where they are located, how many people they employ and offered to look at the headers of the complaints so we could verify the sign up date, time and IP, they accused us of "lying as all spammers do" and told us that they will not take the block off unless we fire the customer ... which we are not going to do as they are a major customer running a legitimate business.

The IP block that they chose to block has NEVER been on any other lists and still is not.  Also, we have several customers such as a local newspaper, an entire town including their Police Department, A weather station ...etc.on that IP segment.  Their comment to this information was "Good ... then you will loose those customers too".

Bottom line ... the above is not a way to run a responsible black list that unsuspecting businesses use for email server security.  I had never, up to this point in my 55 years been treated with such arrogance, and flat out nastiness.  Not a service I want on my team.  Spamhaus, on the other hand, has always done a great job al leaving emotion out of the dnsbl world and has always responded in a timely and reasonable way to any blocks we felt needed removal.  Spamcop, well ... they have come a very long way and we also use them with great success along with njabl.org.   We have tried many others but eventually end up removing them due to high levels of "broad sweep" blocking tactics and stale info causing high false positives.

I really would enjoy any opinions ... as long as you aren't working for SORBS!

PS:  I just found this link and although it is an old one, it still applies!
 http://www.natesimpson.com/blog/archives/2004/10/07/sorbs-su cks/

Edited by Desperado

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Desperado Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 27 January 2005 Location: United States Status: Offline Points: 1143	Post Options Post Reply Quote Desperado Report Post Thanks(0) Quote Reply Topic: SORBS DNSBL Too Aggressive Posted: 16 May 2007 at 5:15pm
	All, I am writing this as both a warning about dnsbl's and also to vent somewhere. I will let Logsat take this down if it ruffles too many feathers. We are a small ISP in CT, USA and about a year ago we stopped using SORBS due to the excessive number of false positives reported by our users. Now they have dinged us. We have a reputable business customer that runs an opt-in/opt-out newsletter. We have, and continue to verify that all their mailings are compliant and, in fact pass through our filters regularly. However, over a 3 month period, 6 (yes that is SIX) complaints were sent to SORBS. This, by the way, was 6 out of MILLIONS of newsletters sent during that period. Now, here is the good part .... the actual mailings are not done on our network but through a 3rd party. SORBS saw that the customer's WEB server is on our network and blocked an entire class C. When we contacted them and explained exactly what the customer does, who their principals are, where they are located, how many people they employ and offered to look at the headers of the complaints so we could verify the sign up date, time and IP, they accused us of "lying as all spammers do" and told us that they will not take the block off unless we fire the customer ... which we are not going to do as they are a major customer running a legitimate business. The IP block that they chose to block has NEVER been on any other lists and still is not. Also, we have several customers such as a local newspaper, an entire town including their Police Department, A weather station ...etc.on that IP segment. Their comment to this information was "Good ... then you will loose those customers too". Bottom line ... the above is not a way to run a responsible black list that unsuspecting businesses use for email server security. I had never, up to this point in my 55 years been treated with such arrogance, and flat out nastiness. Not a service I want on my team. Spamhaus, on the other hand, has always done a great job al leaving emotion out of the dnsbl world and has always responded in a timely and reasonable way to any blocks we felt needed removal. Spamcop, well ... they have come a very long way and we also use them with great success along with njabl.org. We have tried many others but eventually end up removing them due to high levels of "broad sweep" blocking tactics and stale info causing high false positives. I really would enjoy any opinions ... as long as you aren't working for SORBS! PS: I just found this link and although it is an old one, it still applies! http://www.natesimpson.com/blog/archives/2004/10/07/sorbs-su cks/ Edited by Desperado
	The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com

WebGuyz Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 09 May 2005 Location: United States Status: Offline Points: 348	Post Options Post Reply Quote WebGuyz Report Post Thanks(0) Quote Reply Posted: 16 May 2007 at 8:54pm
	I feel you pain. Maybe you ought to put that one large customer on their own mailserver? We had a customers web site php form that got compromised and pumped out tons of spam out our main mail server and we were on everyones sh!t list. Luckily we had just gotten a new class C and were able to use one of the new IP's as our outgoing mail server. We now no longer let any of our web site customers use our primary web servers for web form data or sending emails from their website and have a dedicated IP & mail server on a different subnet than our main outgoing mail gateway server for that purpose.
	http://www.webguyz.net

Desperado Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 27 January 2005 Location: United States Status: Offline Points: 1143	Post Options Post Reply Quote Desperado Report Post Thanks(0) Quote Reply Posted: 16 May 2007 at 9:09pm
	WebGuyz, You have to understand that the mail server that does their large mailings is NOT on our network at all. Just their web server. AND, the IP that actually does the mailings .... is not on ANY Blacklist. At no time, did the block that SORBS listed EVER send mail out except for the other customers who mail a couple of hundred normal messages a day each. SORBS listed the /24 because the owner of the web server "Was the benefactor of the mailings" from totally different ISP's ... NOT US.
	The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com

WebGuyz Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 09 May 2005 Location: United States Status: Offline Points: 348	Post Options Post Reply Quote WebGuyz Report Post Thanks(0) Quote Reply Posted: 16 May 2007 at 9:48pm
	Ok, I guess I don't feel your pain, but it still sucks.
	http://www.webguyz.net

Desperado Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 27 January 2005 Location: United States Status: Offline Points: 1143	Post Options Post Reply Quote Desperado Report Post Thanks(0) Quote Reply Posted: 16 May 2007 at 10:01pm
	Yes ... it really does. We still have a few cards up our sleeves to get this cleared up but I am not holding my breath!
	The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com

sgeorge Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 23 August 2005 Status: Offline Points: 178	Post Options Post Reply Quote sgeorge Report Post Thanks(0) Quote Reply Posted: 16 May 2007 at 10:40pm
	Dan, that is completely ridiculous on the part of sorbs. It bothers me to no end to find when the people in charge of an external domain or blacklist would rather tease and dismiss me rather than listen to a brief explanation of what's transpired. And to see them take such a broad and aggressive stroke as to block your Web server's entire block C... that just takes the cake! I've NEVER heard of something so lazily and belligerent from a major blacklist. Glad to hear that you've got at least one more card up your sleeve. I hope that things work out and that your fair-playing customers see this disruption to service lift quickly. -Stephen

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

SORBS DNSBL Too Aggressive