GFI/SORBS considered harmful

Act 1Act 2IntermezzoAct 3Act 4Act 5
Management Summary, Redistributable Documents and Links
A little over a year ago the SORBS blacklist was purchased by GFI Software. I had fairly high hopes that it would improve significantly, start behaving with some level of professionalism and competence and become a useful data source, in much the same way that the SpamCop blacklist turned into an accurate, professionally run source of data after they transitioned from being a volunteer run blacklist to a service of IronPort.
GFI’s statement a year ago was:

GFI is now actively developing plans for the future of SORBS, including SORBS 2.0 and methods to improve SORBS data and responsiveness.

They’ve had a year to do that, so how have they done? Yesterday, my good friend Delivery Kitty reminded me to take a look at GFI/SORBS. Today responsiveness. Tomorrow, data quality.
Responsiveness
I don’t send any email other than personal email myself, and I don’t represent large email senders in any professional capacity, so I don’t have much personal experience to go on (edit, well until I tried to use the GFI/SORBS website to research tomorrow’s post, anyway). So I did some informal polling, looking on twitter, and asking some friends in the industry.
The much-repeated story is that there’s been no real improvement in responsiveness – tickets are routinely ignored, or not responded to for months, and when they are responded to the responses are anything but helpful. Also, any mistake or problem tends to be blamed on “a DDoS”, even those issues that are obviously human error, poor database design or other systemic issues.
One senior sysadmin on GFI/SORBS’ handling of their recent batch of false positives:

There’s a huge screwup that has been visible in their public-facing production systems for 3 days, doing harm to their users’ mail flows.  The visible evidence says to me that someone at SORBS knows there’s a problem, and has known for at least a couple of days. And still, there has been no action to really repair the damage or even acknowledge it. SORBS is publishing lies in its zones, and while I can tolerate the occasional little “oops” that is handled swiftly and maturely, this is not such an incident.

Random tweet:

Finally got SORBS to delist my IP addresses…only took three months!!

Abuse specialist from a large mailing list operator:

Rather than operating on “Internet time,” SORBS seems to work on “Redneck time,” that is, they’ll get around to it when they get a round tuit.

Senior Security Engineer at a major regional US broadband provider:

SORBS uses bellicose, immature, and incompetent volunteers who are more interested in arguing the 1996 view that all spam is the senders fault regardless than in delisting ip addresses that were wrongly listed.

And a final quote that, I think, shows that frustration with SORBS responsiveness has gone from actual concern into black humor:

Imagine SORBS responses in Dalek voice:
DNS TTL not high enough!  Exterminate!
Didn’t fill out the form!  Exterminate!
Dynamic IP according to our records!  Exterminate!
We’re humble volunteers!  EXTERMINATE!!!!!!!!!

(Several of the people who gave me those quotes asked me explicitly not to mention them, or their employers, by name due to a history of harassment-by-false-blacklisting of people who speak publicly about GFI/SORBS practices. So I’ve tried to remove all the identifying information from all the quotes.)
Digging into the data quality issues takes a little longer, so that’s for tomorrow.

Preferences pages
GFI/SORBS considered harmful, part 2

Related Posts

Guide to resolving ISP issues

I often get a chuckle out of watching some people, who are normally on the blocking end of the delivery equation, struggle through their own blocking issues. A recent situation came up on a mailing list where someone who has very vehement opinions about how to approach her particular blocklist for delisting and that the lists policies are immutable. The company she works for is having some delivery issues and she’s looking for a contact to resolve the issues.
While digging through my blog posts to see if there was any help I could provide, I realized I don’t have a guide to resolving blocking issues at ISPs. Much of the troubleshooting can be done without ever contacting the ISPs or the blocklists.
Identify the issue.
There are a number of techniques that ISPs use to protect their users from malicious or problematic mail, from rate-liming incoming mail, putting mail in the bulk folder, or blocking specific IP addresses. Step one to resolving any delivery problem is to identify what is happening to the mail. In order to resolve the issue, you have to know what the issue is.
All too often, the description of a delivery problem is: My mail isn’t getting delivered. But that isn’t very clear as to what the actual problem is. Are you being temp failed? Is mail being blocked? Is mail going to the bulk folder? Is this something affecting just you or is it a widespread problem?
Troubleshoot your side.
Collect as much data about the problem as you can. Dig through logs and get copies of any rejection messages. Follow any URLs that are present in the bounce messages. Try sending a bare bones email to yourself at that ISP with just URLs, is it still blocked? What if you send from a different IP, does the same thing happen?
There is a lot of troubleshooting a sender can do without having to contact an ISP, and the information can lead to resolution that doesn’t involve having to contact the ISP. Also, many current ISP blocks are dynamic, they come up and go down without any human intervention. Those blocks that require contact to get them resolved have clear instructions in the bounce message.
Fix your stuff.
Whether it’s a reputation issue or a minor technical issue, fix the problem on your end. Just moving IP addresses or changing a URL isn’t a sustainable fix. There is a reason mail is being blocked or filtered and if you don’t fix that issue, the blocks are just going to come back. After you do fix your stuff, expect to see changes in a few days or a week. The ISP filters are generally quite responsive to sender improvements so if you’ve fixed the stuff you should see changes pretty quickly. Expect unblocking or filtering to take a little longer than the block was in place.
If you can’t figure out what the problem is, hire a consultant. Here at Word to the Wise we can often quickly identify a problem and provide a path to resolution. Sometimes the problem isn’t even the ISPs, we’ve had multiple cases where our clients were using custom software and their software wasn’t SMTP compliant and we were able to identify the problem and get their mail working again. There are a host of other independent consultants out there that can also help you identify and resolve blocking problems.
Contact the ISPs.
If there is a hard block or after fixing what you think the underlying problem is, you’ll have to contact the ISP. Many ISPs provide self service websites and contact forms to facilitate this process. Generally, though, most issues aren’t going to require contact.

Read More

We're gonna party like it's 1996!

Over on deliverability.com Dela Quist has a long blog post up talking about how changes to Hotmail and Gmail’s priority inbox are a class action suit waiting to happen.
All I can say is that it’s all been tried before. Cyberpromotions v. AOL started the ball rolling when they tried to use the First Amendment to force AOL to accept their unsolicited email. The courts said No.
Time goes on and things change. No one argues Sanford wasn’t spamming, he even admitted as much in his court documents. He was attempting to force AOL to accept his unsolicited commercial email for their users. Dela’s arguments center around solicited mail, though.
Do I really think that minor difference in terminology going to change things?
No.
First off “solicited” has a very squishy meaning when looking at any company, particularly large national brands. “We bought a list” and “This person made a purchase from us” are more common than any email marketer wants to admit to. Buying, selling and assuming permission are par for the course in the “legitimate” email marketing world. Just because the marketer tells me that I solicited their email does not actually mean I solicited their email.
Secondly, email marketers don’t get to dictate what recipients do and do not want. Do ISPs occasionally make boneheaded filtering decisions? I’d be a fool to say no. But more often than not when an ISP blocks your mail or filters it into the bulk folder they are doing it because the recipients don’t want that mail and don’t care that it’s in the bulk folder. Sorry, much of the incredibly important marketing mail isn’t actually that important to the recipient.
Dela mentions things like bank statements and bills. Does he really think that recipients are too stupid to add the from address to their address books? Or create specific filters so they can get the mail they want? People do this regularly and if they really want mail they have the tools, provided by the ISP, to make the mail they want get to where they want it.
Finally, there is this little law that protects ISPs. 47 USC 230 states:

Read More

I'm on a blocklist! HELP!

Recently, an abuse desk rep asked what to do when customers were complaining about being assigned an IP address located on a blocklist. Because not every blocklist actually affects mail delivery it’s helpful to identify if the listing is causing a problem before diving in and trying to resolve the issue.

Read More