Re: The day SORBS goes away ...
On 13 Apr 2012 22:01:14 -, John Levine said: dnslists = dialups.mail-abuse.org \ : rbl-plus.mail-abuse.org \ Are you paying Trend for access to these? If not, you're not getting any answers from them and they're not blocking anything. Do they return a canned answer that says don't block, or do you get to wait for a DNS timeout? pgp2Zxd1WYlnR.pgp Description: PGP signature
Re: The day SORBS goes away ...
dnslists = dialups.mail-abuse.org \ : rbl-plus.mail-abuse.org \ Are you paying Trend for access to these? yes, i have an arrangement I used to pay (not very much) but realized several years ago that after using the Spamhaus lists, MAPS didn't catch anything useful. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Please consider the environment before reading this e-mail. http://jl.ly
Re: The day SORBS goes away ...
i have not tested to see who catches what. not really into spam research. just trying to reduce it for a server. randy
Re: The day SORBS goes away ...
Are you paying Trend for access to these? If not, you're not getting any answers from them and they're not blocking anything. Do they return a canned answer that says don't block, or do you get to wait for a DNS timeout? Is there some reason you're asking random people rather than spending the 30 seconds needed to find out for yourself? R's, John
Re: The day SORBS goes away ...
dnslists = dialups.mail-abuse.org \ : rbl-plus.mail-abuse.org \ Are you paying Trend for access to these? If not, you're not getting any answers from them and they're not blocking anything. R's, John
Re: The day SORBS goes away ...
dnslists = dialups.mail-abuse.org \ : rbl-plus.mail-abuse.org \ Are you paying Trend for access to these? yes, i have an arrangement randy
Re: The day SORBS goes away ...
On Apr 7, 2012, at 4:41 PM, TR Shaw wrote: As for SORBS, most competent mail admins dropped its use a long time ago. I thought when Proofpoint took it over things would change (I actually thought they would dump the SORBS name because of bad karma) but it hasn't happened. Out of curiosity, has anyone other than the OP and one other gentlemen on the 4th had a serious issue? Do we know whether the issues from the 4th have been resolved? I'm wondering whether this is a chronic issue, or if folks are just extrapolating from one complaint. I looked back through the archives for the last year and the only other SORBS mentions were in July and August of last year. -- chort
Re: The day SORBS goes away ...
On Mon, Apr 09, 2012 at 09:50:00AM -0700, Brian Keefer wrote: On Apr 7, 2012, at 4:41 PM, TR Shaw wrote: As for SORBS, most competent mail admins dropped its use a long time ago. I thought when Proofpoint took it over things would change (I actually thought they would dump the SORBS name because of bad karma) but it hasn't happened. Out of curiosity, has anyone other than the OP and one other gentlemen on the 4th had a serious issue? Do we know whether the issues from the 4th have been resolved? I'm wondering whether this is a chronic issue, or if folks are just extrapolating from one complaint. I looked back through the archives for the last year and the only other SORBS mentions were in July and August of last year. I last worked at an ISP back in 2006, so this may not be relevant today. I do remember however relying pretty much exclusively on Spamhaus. Originally used SORBS too but found they were overly aggressive on what they'd add to their RBL. Maybe great if you're an individual user, but not so great to be blocking all of yahoo/gmail, etc as an ISP. Don't think they were as frustrating to deal with as Spamcop though :) Ray
Re: The day SORBS goes away ...
On Apr 7, 2012, at 19:41 , TR Shaw wrote: As for Yahoo, the problem will probably go away on its own over time. The problem with companies that are in questionable/bad financial shape is that they defund many activities that do not seem important but actually are. These, such as abuse handling, will actually cause them to increase their spiral down by causing more customers away. For the 3 months ending 2011-12-31 (last quarter available), Yahoo!'s revenue was US$1.3B, with a net income of nearly US$300M - for the _quarter_. I wish I were in such questionable/bad financial shape. Before anyone pounces, yes, I know they're not growing. The results above up slightly from Q3 2011, although down slightly (~5%) from Q4 2010. But they still make more revenue profit than 99.mumble% of the companies represented on this list. And they have more than enough to do abuse correctly. Perhaps more importantly, I seriously doubt Yahoo! mail is going away any time soon. -- TTFN, patrick
Re: The day SORBS goes away ...
On 04/09/12 09:50 -0700, Brian Keefer wrote: On Apr 7, 2012, at 4:41 PM, TR Shaw wrote: As for SORBS, most competent mail admins dropped its use a long time ago. I thought when Proofpoint took it over things would change (I actually thought they would dump the SORBS name because of bad karma) but it hasn't happened. Out of curiosity, has anyone other than the OP and one other gentlemen on the 4th had a serious issue? Do we know whether the issues from the 4th have been resolved? I'm wondering whether this is a chronic issue, or if folks are just extrapolating from one complaint. I looked back through the archives for the last year and the only other SORBS mentions were in July and August of last year. I've had nothing but sore issues with SORBS and getting removed from whatever black list was getting us blocked by participating mail systems. Our ARIN allocation is: 67.217.144.0/20 and SORBS had us listed within a larger black listed range, like the containing /12. It took us weeks to be removed from that range (or to have an exception added). This was probably a couple of years ago, or early last year. -- Dan White
Re: The day SORBS goes away ...
Generally when faced with SORBS related blocking, I have found it far more effective to contact the receiving side and show them the ample Google history about SORBS and the effect it has on their ability to receive email their customers/employees have requested, and have them either change their email policies, or their executives change their email admins. I'm honestly amazed these days every time I run into someone still blocking based on SORBS, or even giving a non insignificant point score as such. -Blake
Re: The day SORBS goes away ...
dropcondition = ${if isip4{$sender_host_address}} message = blocked because $sender_host_address is \ in blacklist at $dnslist_domain: $dnslist_text !dnslists = list.dnswl.org dnslists = dialups.mail-abuse.org \ : rbl-plus.mail-abuse.org \ : dnsbl.sorbs.net \ : zen.spamhaus.org logwrite = REJECT because $sender_host_address listed in $dnslist_domain works pretty well for me. looking forward to a bit of ipv6 prophylaxis randy
Re: The day SORBS goes away ...
On Tue, 10 Apr 2012, Randy Bush wrote: dropcondition = ${if isip4{$sender_host_address}} message = blocked because $sender_host_address is \ in blacklist at $dnslist_domain: $dnslist_text !dnslists = list.dnswl.org dnslists = dialups.mail-abuse.org \ : rbl-plus.mail-abuse.org \ : dnsbl.sorbs.net \ : zen.spamhaus.org logwrite = REJECT because $sender_host_address listed in $dnslist_domain works pretty well for me. looking forward to a bit of ipv6 prophylaxis If you were to move dialups.mail-abuse.org below zen.spamhaus.org (assuming these are checked in the order they're entered in the config), I'm curious if dialups.mail-abuse.org would block anything. If it did, I'd be curious if those were FPs. :) -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: The day SORBS goes away ...
Yahoo's personnel have long since demonstrated that (a) they couldn't possibly care less about the spam, phishing, and other forms of abuse that they're emanating, supporting or hosting on a systemic and chronic basis (b) they are incapable of recognizing their own users, hosts, and networks even when same are explicitly pointed out to them (c) under no circumstances will they take any prompt or effective action -- they will, however, repeatedly lie about it and/or pass on complainers' personal information to the abusers so that they can retaliate. ---rsk
Re: The day SORBS goes away ...
On Sat, 7 Apr 2012, Rich Kulawiec wrote: I recently had a similar run-in with another ISP unrelated to Yahoo. It involved a phishing site on one of their customers. Countless emails to their abuse@ email went unanswered. Then one day I bumped into their VP who was trying to sell me something. I asked him about why they apppear so high on Ironport Senderbase with a huge spam pool as well as phishing sites that are not taken down. His answer, which might mirror Yahoo's (or not), was that at a corporate level they decided to only handle issues like this via a court order. They did not think it appropriate to interfere with their customers data in any sort of way unless a court order told them to make it stop. Clearly, this is idiotic reasoning and only when others start blocking their IP ranges and DNS servers will they ever wake up. But when the ISP is big enough, they think no one will block them and if they do it will just be small cases and nothing massive that would make them into a 2nd league ISP. This therefore becomes a cost savings area since you no longer need any abuse staff to handle your customers. You just ignore it all. -Hank Yahoo's personnel have long since demonstrated that (a) they couldn't possibly care less about the spam, phishing, and other forms of abuse that they're emanating, supporting or hosting on a systemic and chronic basis (b) they are incapable of recognizing their own users, hosts, and networks even when same are explicitly pointed out to them (c) under no circumstances will they take any prompt or effective action -- they will, however, repeatedly lie about it and/or pass on complainers' personal information to the abusers so that they can retaliate. ---rsk
Re: The day SORBS goes away ...
On Sat, Apr 07, 2012 at 08:33:10PM +0300, Hank Nussbacher wrote: On Sat, 7 Apr 2012, Rich Kulawiec wrote: Clearly, this is idiotic reasoning and only when others start blocking their IP ranges and DNS servers will they ever wake up. But how idiotic is it? Do you have all Yahoo IP space and domains blocked on your mail server? How many mailboxes does that cover? What percentage of Yahoo's daily e-mail volume are you blocking, and how much of a rat's arse do you think Yahoo cares? I think you can see where I'm going with this. It's only idiotic reasoning if it doesn't work, and so far as I can see, it's working just great -- there are effectively service providers who are too big to fai^Wblock, and so they get away with things that everyone else would only dream of. They do care about the almighty buck more than the 'net, but I'd say that almost all of us do, because almost none of us are willing to take the plunge and block Yahoo and other giant providers of spam and other abuse. (For the record, I'm in this camp, too -- I'm not willing to lose my job -- my almighty buck -- for taking the step of blocking Yahoo, so I'm not any sort of trailblazer along this path). To anyone out there who is blocking Yahoo, and is big enough for them to take notice, bravo to you! Speak up, tell the world what you're doing, and it might give the rest of us the courage and the precedent to do the same. - Matt -- A friend is someone you can call to help you move. A best friend is someone you can call to help you move a body.
Re: The day SORBS goes away ...
Something I'm considering is just limiting the max size of an email from Yahoo severely, enough to say I've changed my address from yahoo to ___. We get pounded day and night with multimegabyte (per each) spam emails from them. Yahoo isn't the only one but the most frequent. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: The day SORBS goes away ...
On Apr 7, 2012, at 6:35 PM, Barry Shein wrote: Something I'm considering is just limiting the max size of an email from Yahoo severely, enough to say I've changed my address from yahoo to ___. We get pounded day and night with multimegabyte (per each) spam emails from them. Yahoo isn't the only one but the most frequent. As for Yahoo, the problem will probably go away on its own over time. The problem with companies that are in questionable/bad financial shape is that they defund many activities that do not seem important but actually are. These, such as abuse handling, will actually cause them to increase their spiral down by causing more customers away. Another item of interest is that Yahoo says they will only accept ARF (RFC-5965) reports to abuse@ However, they reject all ARF abuse reports just like the plain text ones. So much for standards support As an aside, one can not/will not/may not block all their mailservers but I would suggest blocking all mail that contains their shortener, y.ahoo.it. It is highly abused and they don't respond to abuse reports on it either. Its a real shame that the original high quality search engine/company that everyone aspired to be on has fallen so far both financially and in quality. As for SORBS, most competent mail admins dropped its use a long time ago. I thought when Proofpoint took it over things would change (I actually thought they would dump the SORBS name because of bad karma) but it hasn't happened.
The day SORBS goes away ...
The day SORBS goes away is the day ab...@yahoo.com starts functioning properly and yahoo starts booting spammers. The day SORBS goes away is the day BS like this stops happening: - The following addresses had permanent fatal errors - ab...@noc.privatedns.com (reason: 554 rejected due to spam content) -Dan
Re: The day SORBS goes away ...
err, i dont know but yahoo hasnt yet acquired this random webhost whose abuse you're trying to mail On Friday, April 6, 2012, goe...@anime.net wrote: The day SORBS goes away is the day ab...@yahoo.com starts functioning properly and yahoo starts booting spammers. The day SORBS goes away is the day BS like this stops happening: - The following addresses had permanent fatal errors - ab...@noc.privatedns.com (reason: 554 rejected due to spam content) -Dan -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: The day SORBS goes away ...
On Sat, 07 Apr 2012 07:00:52 +0530, Suresh Ramasubramanian said: err, i dont know but yahoo hasnt yet acquired this random webhost whose abuse you're trying to mail - The following addresses had permanent fatal errors - ab...@noc.privatedns.com (reason: 554 rejected due to spam content) Right - that one is doing stupid stuff like filtering out spam reports sent to abuse@ because they contain spam all by itself, without Yahoo's assistance. Yahoo is only a hegemony among spam havens, not a monopoly. There's still freelance havens out there, and they'll go away when SORBS does. I'm not so sanguine about Yahoo's chances of lasting till then though... pgpIDBfnDaSRJ.pgp Description: PGP signature
Re: The day SORBS goes away ...
the yahoo item was a point all its own, unrelated to iweb's idiocy. yahoo no longer care to receive abuse reports from anyone at all. -Dan On Sat, 7 Apr 2012, Suresh Ramasubramanian wrote: err, i dont know but yahoo hasnt yet acquired this random webhost whose abuse you're trying to mail On Friday, April 6, 2012, goe...@anime.net wrote: The day SORBS goes away is the day ab...@yahoo.com starts functioning properly and yahoo starts booting spammers. The day SORBS goes away is the day BS like this stops happening: - The following addresses had permanent fatal errors - ab...@noc.privatedns.com (reason: 554 rejected due to spam content) -Dan -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: The day SORBS goes away ...
On Sat, Apr 7, 2012 at 7:25 AM, valdis.kletni...@vt.edu wrote: Yahoo is only a hegemony among spam havens, not a monopoly. There's still freelance havens out there, and they'll go away when SORBS does. Sorbs did have a decent set of traps - and did catch a lot of spam. The problem was atrociously poor maintenance - stale entries, entries that'd reappear due to db issues, people skills of the volunteers handling the queue .. I'd have thought there'd be some improvement with their being acquired. Got to see. -- Suresh Ramasubramanian (ops.li...@gmail.com)