Re: The day SORBS goes away ...

[Valdis . Kletnieks]

On 13 Apr 2012 22:01:14 -, John Levine said:
   dnslists  = dialups.mail-abuse.org \
   : rbl-plus.mail-abuse.org \

 Are you paying Trend for access to these?  If not, you're not getting
 any answers from them and they're not blocking anything.

Do they return a canned answer that says don't block, or do you get
to wait for a DNS timeout?


pgp2Zxd1WYlnR.pgp
Description: PGP signature

Re: The day SORBS goes away ...

[John R. Levine]

 dnslists  = dialups.mail-abuse.org \
 : rbl-plus.mail-abuse.org \


Are you paying Trend for access to these?


yes, i have an arrangement


I used to pay (not very much) but realized several years ago that after 
using the Spamhaus lists, MAPS didn't catch anything useful.


Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly

Re: The day SORBS goes away ...

[Randy Bush]

i have not tested to see who catches what.  not really into spam
research.  just trying to reduce it for a server.

randy

Re: The day SORBS goes away ...

[John Levine]

 Are you paying Trend for access to these?  If not, you're not getting
 any answers from them and they're not blocking anything.

Do they return a canned answer that says don't block, or do you get
to wait for a DNS timeout?

Is there some reason you're asking random people rather than spending
the 30 seconds needed to find out for yourself?

R's,
John

Re: The day SORBS goes away ...

[John Levine]

  dnslists  = dialups.mail-abuse.org \
  : rbl-plus.mail-abuse.org \

Are you paying Trend for access to these?  If not, you're not getting
any answers from them and they're not blocking anything.

R's,
John

Re: The day SORBS goes away ...

[Randy Bush]

  dnslists  = dialups.mail-abuse.org \
  : rbl-plus.mail-abuse.org \
 
 Are you paying Trend for access to these?

yes, i have an arrangement

randy

Re: The day SORBS goes away ...

[Brian Keefer]

On Apr 7, 2012, at 4:41 PM, TR Shaw wrote:
 
 As for SORBS, most competent mail admins dropped its use a long time ago. I 
 thought when Proofpoint took it over things would change (I actually thought 
 they would dump the SORBS name because of bad karma) but it hasn't happened.

Out of curiosity, has anyone other than the OP and one other gentlemen on the 
4th had a serious issue? Do we know whether the issues from the 4th have been 
resolved? I'm wondering whether this is a chronic issue, or if folks are just 
extrapolating from one complaint.

I looked back through the archives for the last year and the only other SORBS 
mentions were in July and August of last year.


--
chort

Re: The day SORBS goes away ...

[Ray Van Dolson]

On Mon, Apr 09, 2012 at 09:50:00AM -0700, Brian Keefer wrote:
 
 
 On Apr 7, 2012, at 4:41 PM, TR Shaw wrote:
  
  As for SORBS, most competent mail admins dropped its use a long
  time ago. I thought when Proofpoint took it over things would
  change (I actually thought they would dump the SORBS name because
  of bad karma) but it hasn't happened.
 
 Out of curiosity, has anyone other than the OP and one other
 gentlemen on the 4th had a serious issue? Do we know whether the
 issues from the 4th have been resolved? I'm wondering whether this is
 a chronic issue, or if folks are just extrapolating from one
 complaint.
 
 I looked back through the archives for the last year and the only
 other SORBS mentions were in July and August of last year.

I last worked at an ISP back in 2006, so this may not be relevant
today.  I do remember however relying pretty much exclusively on
Spamhaus.  Originally used SORBS too but found they were overly
aggressive on what they'd add to their RBL.  Maybe great if you're an
individual user, but not so great to be blocking all of yahoo/gmail,
etc as an ISP.

Don't think they were as frustrating to deal with as Spamcop though :)

Ray

Re: The day SORBS goes away ...

[Patrick W. Gilmore]

On Apr 7, 2012, at 19:41 , TR Shaw wrote:

 As for Yahoo, the problem will probably go away on its own over time. The 
 problem with companies that are in questionable/bad financial shape is that 
 they defund many activities that do not seem important but actually are. 
 These, such as abuse handling, will actually cause them to increase their 
 spiral down by causing more customers away.

For the 3 months ending 2011-12-31 (last quarter available), Yahoo!'s revenue 
was US$1.3B, with a net income of nearly US$300M - for the _quarter_.

I wish I were in such questionable/bad financial shape.

Before anyone pounces, yes, I know they're not growing.  The results above up 
slightly from Q3 2011, although down slightly (~5%) from Q4 2010.  But they 
still make more revenue  profit than 99.mumble% of the companies represented 
on this list.  And they have more than enough to do abuse correctly.  Perhaps 
more importantly, I seriously doubt Yahoo! mail is going away any time soon.

-- 
TTFN,
patrick

Re: The day SORBS goes away ...

[Dan White]

On 04/09/12 09:50 -0700, Brian Keefer wrote:



On Apr 7, 2012, at 4:41 PM, TR Shaw wrote:


As for SORBS, most competent mail admins dropped its use a long time
ago. I thought when Proofpoint took it over things would change (I
actually thought they would dump the SORBS name because of bad karma)
but it hasn't happened.


Out of curiosity, has anyone other than the OP and one other gentlemen on
the 4th had a serious issue? Do we know whether the issues from the 4th
have been resolved? I'm wondering whether this is a chronic issue, or if
folks are just extrapolating from one complaint.

I looked back through the archives for the last year and the only other
SORBS mentions were in July and August of last year.


I've had nothing but sore issues with SORBS and getting removed from
whatever black list was getting us blocked by participating mail systems.

Our ARIN allocation is:

67.217.144.0/20

and SORBS had us listed within a larger black listed range, like the
containing /12. It took us weeks to be removed from that range (or to have
an exception added). This was probably a couple of years ago, or early last
year.

--
Dan White

Re: The day SORBS goes away ...

[Blake Dunlap]

Generally when faced with SORBS related blocking, I have found it far more
effective to contact the receiving side and show them the ample Google
history about SORBS and the effect it has on their ability to receive email
their customers/employees have requested, and have them either change their
email policies, or their executives change their email admins.

I'm honestly amazed these days every time I run into someone still blocking
based on SORBS, or even giving a non insignificant point score as such.

-Blake

Re: The day SORBS goes away ...

[Randy Bush]

  dropcondition = ${if isip4{$sender_host_address}}
  message   = blocked because $sender_host_address is \
  in  blacklist at $dnslist_domain: $dnslist_text
  !dnslists = list.dnswl.org
  dnslists  = dialups.mail-abuse.org \
  : rbl-plus.mail-abuse.org \
  : dnsbl.sorbs.net \
  : zen.spamhaus.org
  logwrite  = REJECT because $sender_host_address listed in 
$dnslist_domain

works pretty well for me.  looking forward to a bit of ipv6 prophylaxis

randy

Re: The day SORBS goes away ...

[Jon Lewis]

On Tue, 10 Apr 2012, Randy Bush wrote:


 dropcondition = ${if isip4{$sender_host_address}}
 message   = blocked because $sender_host_address is \
 in  blacklist at $dnslist_domain: $dnslist_text
 !dnslists = list.dnswl.org
 dnslists  = dialups.mail-abuse.org \
 : rbl-plus.mail-abuse.org \
 : dnsbl.sorbs.net \
 : zen.spamhaus.org
 logwrite  = REJECT because $sender_host_address listed in 
$dnslist_domain

works pretty well for me.  looking forward to a bit of ipv6 prophylaxis


If you were to move dialups.mail-abuse.org below zen.spamhaus.org 
(assuming these are checked in the order they're entered in the config), 
I'm curious if dialups.mail-abuse.org would block anything.  If it did, 
I'd be curious if those were FPs.  :)


--
 Jon Lewis, MCP :)   |  I route
 Senior Network Engineer |  therefore you are
 Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: The day SORBS goes away ...

[Rich Kulawiec]

Yahoo's personnel have long since demonstrated that (a) they couldn't
possibly care less about the spam, phishing, and other forms of abuse
that they're emanating, supporting or hosting on a systemic and chronic
basis (b) they are incapable of recognizing their own users, hosts,
and networks even when same are explicitly pointed out to them (c) under
no circumstances will they take any prompt or effective action -- they
will, however, repeatedly lie about it and/or pass on complainers' personal
information to the abusers so that they can retaliate.

---rsk

Re: The day SORBS goes away ...

[Hank Nussbacher]

On Sat, 7 Apr 2012, Rich Kulawiec wrote:

I recently had a similar run-in with another ISP unrelated to Yahoo.  It 
involved a phishing site on one of their customers.  Countless emails to 
their abuse@ email went unanswered.  Then one day I bumped into their VP 
who was trying to sell me something.  I asked him about why they apppear 
so high on Ironport Senderbase with a huge spam pool as well as phishing 
sites that are not taken down.


His answer, which might mirror Yahoo's (or not), was that at a corporate 
level they decided to only handle issues like this via a court order. 
They did not think it appropriate to interfere with their customers data 
in any sort of way unless a court order told them to make it stop.


Clearly, this is idiotic reasoning and only when others start blocking 
their IP ranges and DNS servers will they ever wake up.  But when the ISP 
is big enough, they think no one will block them and if they do it will 
just be small cases and nothing massive that would make them into a 2nd 
league ISP.  This therefore becomes a cost savings area since you no 
longer need any abuse staff to handle your customers.  You just ignore it 
all.


-Hank



Yahoo's personnel have long since demonstrated that (a) they couldn't
possibly care less about the spam, phishing, and other forms of abuse
that they're emanating, supporting or hosting on a systemic and chronic
basis (b) they are incapable of recognizing their own users, hosts,
and networks even when same are explicitly pointed out to them (c) under
no circumstances will they take any prompt or effective action -- they
will, however, repeatedly lie about it and/or pass on complainers' personal
information to the abusers so that they can retaliate.

---rsk

Re: The day SORBS goes away ...

[Matthew Palmer]

On Sat, Apr 07, 2012 at 08:33:10PM +0300, Hank Nussbacher wrote:
 On Sat, 7 Apr 2012, Rich Kulawiec wrote:
 Clearly, this is idiotic reasoning and only when others start
 blocking their IP ranges and DNS servers will they ever wake up.

But how idiotic is it?  Do you have all Yahoo IP space and domains blocked
on your mail server?  How many mailboxes does that cover?  What percentage
of Yahoo's daily e-mail volume are you blocking, and how much of a rat's
arse do you think Yahoo cares?

I think you can see where I'm going with this.  It's only idiotic
reasoning if it doesn't work, and so far as I can see, it's working just
great -- there are effectively service providers who are too big to
fai^Wblock, and so they get away with things that everyone else would only
dream of.

They do care about the almighty buck more than the 'net, but I'd say that
almost all of us do, because almost none of us are willing to take the
plunge and block Yahoo and other giant providers of spam and other abuse. 
(For the record, I'm in this camp, too -- I'm not willing to lose my job --
my almighty buck -- for taking the step of blocking Yahoo, so I'm not any
sort of trailblazer along this path).

To anyone out there who is blocking Yahoo, and is big enough for them to
take notice, bravo to you!  Speak up, tell the world what you're doing, and
it might give the rest of us the courage and the precedent to do the same.

- Matt

-- 
A friend is someone you can call to help you move. A best friend is someone
you can call to help you move a body.

Re: The day SORBS goes away ...

[Barry Shein]

Something I'm considering is just limiting the max size of an email
from Yahoo severely, enough to say I've changed my address from yahoo
to ___.

We get pounded day and night with multimegabyte (per each) spam emails
from them.

Yahoo isn't the only one but the most frequent.

-- 
-Barry Shein

The World  | b...@theworld.com   | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada
Software Tool  Die| Public Access Internet | SINCE 1989 *oo*

Re: The day SORBS goes away ...

[TR Shaw]

On Apr 7, 2012, at 6:35 PM, Barry Shein wrote:

 
 Something I'm considering is just limiting the max size of an email
 from Yahoo severely, enough to say I've changed my address from yahoo
 to ___.
 
 We get pounded day and night with multimegabyte (per each) spam emails
 from them.
 
 Yahoo isn't the only one but the most frequent.

As for Yahoo, the problem will probably go away on its own over time. The 
problem with companies that are in questionable/bad financial shape is that 
they defund many activities that do not seem important but actually are. These, 
such as abuse handling, will actually cause them to increase their spiral down 
by causing more customers away.

Another item of interest is that Yahoo says they will only accept ARF 
(RFC-5965) reports to abuse@  However, they reject all ARF abuse reports just 
like the plain text ones. So much for standards support

As an aside, one can not/will not/may not block all their mailservers but I 
would suggest blocking all mail that contains their shortener, y.ahoo.it.  It 
is highly abused and they don't respond to abuse reports on it either.

Its a real shame that the original high quality search engine/company that 
everyone aspired to be on has fallen so far both financially and in quality.

As for SORBS, most competent mail admins dropped its use a long time ago. I 
thought when Proofpoint took it over things would change (I actually thought 
they would dump the SORBS name because of bad karma) but it hasn't happened.

The day SORBS goes away ...

[goemon]

The day SORBS goes away is the day ab...@yahoo.com starts functioning 
properly and yahoo starts booting spammers.


The day SORBS goes away is the day BS like this stops happening:

  - The following addresses had permanent fatal errors -
ab...@noc.privatedns.com
   (reason: 554 rejected due to spam content)

-Dan

Re: The day SORBS goes away ...

[Suresh Ramasubramanian]

err, i dont know but yahoo hasnt yet acquired this random webhost whose
abuse you're trying to mail

On Friday, April 6, 2012, goe...@anime.net wrote:

 The day SORBS goes away is the day ab...@yahoo.com starts functioning
 properly and yahoo starts booting spammers.

 The day SORBS goes away is the day BS like this stops happening:

  - The following addresses had permanent fatal errors -
 ab...@noc.privatedns.com
   (reason: 554 rejected due to spam content)

 -Dan



-- 
Suresh Ramasubramanian (ops.li...@gmail.com)

Re: The day SORBS goes away ...

[Valdis . Kletnieks]

On Sat, 07 Apr 2012 07:00:52 +0530, Suresh Ramasubramanian said:
 err, i dont know but yahoo hasnt yet acquired this random webhost whose
 abuse you're trying to mail

   - The following addresses had permanent fatal errors -
  ab...@noc.privatedns.com
(reason: 554 rejected due to spam content)

Right - that one is doing stupid stuff like filtering out spam reports sent
to abuse@ because they contain spam all by itself, without Yahoo's assistance.

Yahoo is only a hegemony among spam havens, not a monopoly.  There's still
freelance havens out there, and they'll go away when SORBS does.

I'm not so sanguine about Yahoo's chances of lasting till then though...


pgpIDBfnDaSRJ.pgp
Description: PGP signature

Re: The day SORBS goes away ...

[goemon]

the yahoo item was a point all its own, unrelated to iweb's idiocy.

yahoo no longer care to receive abuse reports from anyone at all.

-Dan

On Sat, 7 Apr 2012, Suresh Ramasubramanian wrote:


err, i dont know but yahoo hasnt yet acquired this random webhost whose
abuse you're trying to mail

On Friday, April 6, 2012, goe...@anime.net wrote:


The day SORBS goes away is the day ab...@yahoo.com starts functioning
properly and yahoo starts booting spammers.

The day SORBS goes away is the day BS like this stops happening:

 - The following addresses had permanent fatal errors -
ab...@noc.privatedns.com
  (reason: 554 rejected due to spam content)

-Dan




--
Suresh Ramasubramanian (ops.li...@gmail.com)

Re: The day SORBS goes away ...

[Suresh Ramasubramanian]

On Sat, Apr 7, 2012 at 7:25 AM,  valdis.kletni...@vt.edu wrote:
 Yahoo is only a hegemony among spam havens, not a monopoly.  There's still
 freelance havens out there, and they'll go away when SORBS does.

Sorbs did have a decent set of traps - and did catch a lot of spam.
The problem was atrociously poor maintenance - stale entries, entries
that'd reappear due to db issues, people skills of the volunteers
handling the queue ..

I'd have thought there'd be some improvement with their being
acquired.  Got to see.

-- 
Suresh Ramasubramanian (ops.li...@gmail.com)