Jump to content

SORBS DNSbl has way too many false positives!


Recommended Posts

Your whitelisting capabilities should help.

Also, there's a reason Amazon has been called Spamazon.

In addition, I've moved this Topic from SpamCop Help to SpamCop Email because it has to do with the SpamCop Email System.

Link to comment
Share on other sites

SORBS is a collection of different zones, some of them are known to agressively list spam sources.

These zones are coded in their response, and they also have a mirror of SPEWS.

Their spamtrap zone will list any mail server that sends e-mail to one of their spamtraps. I do not know if they make exceptions for viruses hitting them.

According to the SORBS FAQ, the spamtrap listing will stay until a donation is made to a mutually agreable charity.

Using the spamtrap zone for rejecting mail is likely to cause collateral damage.

Other zones are less agressive. Check the SORBS charter.

Research is needed before deploying any DNSbl in a production environment.

The operators of SORBS have recently been posting in the news.admin.net-abuse.email and .blocklisting about their backlog in keeping the DUL list up to date.

Some DNSbls are suitable for rejecting mail, others are more suitable for scoring potential spam.

-John

Personal Opinion Only

Link to comment
Share on other sites

According to the SORBS FAQ, the spamtrap listing will stay until a donation is made to a mutually agreable charity.

Using the spamtrap zone for rejecting mail is likely to cause collateral damage.

Other zones are less agressive.  Check the SORBS charter.

Our backbone ISP's SMTP server is listed in the SORBS BL because of a spamtrap message. I gather that the source of the infection has long since been resolved since it was a customer with an infected PC from one the many virus/trojan/worm infections last year.

Getting the IP de-listed has proved less than easy. The problem with the SORBS approach is that a large ISP can easily have a number of customers with infected machines and despite being exceedingly effective in educating these customers and helping them clean up their act (I can't say wether our ISP is effective - just a for instance) once listed you remain listed until the money is paid.

Unsurprisingly large ISPs have few mechanisms for making the charitable donations that SORBS demands.

So we avoid spam filtering decisions based on SORBS alone. As noted, SORBS is likely to cause collateral damage if used alone.

Andrew

Link to comment
Share on other sites

It took me a couple of weeks to spot this, but SORBS DNSbl has way too many false positives.

I may have shared your original opinions on this....

When I first added the list, I too, had a lot of 'false positives' even from lists with 'draconian' opt-in policies, one of which I believed involved a 'snail-mailed' key!

However working with the 3 blacklists I am using and reviewing/reporiting held mail daily and whitelisting where needed (yes I now have a LOONG whitelist), has now reduced my help mail list to drugs, money schemes and body part 'enhancers'.

I encourage you to work with the whitelisting capabilities and the additional list and it pays off dramatically!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...