Blocklist changes

Late last year we wrote about the many problems with SORBS. One of the results of that series of posts was a discussion between a lot of industry professionals and GFI executives. A number of problems were identified with SORBS, some that we didn’t mention on the blog. There was an open and free discussion about solutions.
A few months ago, there were a bunch of rumors that GFI had divested themselves from SORBS. There were also rumors that SORBS was purchased by Proofpoint. Based on publicly available information many of us suspected that GFI was no longer involved in SORBS. Yet other information suggested that Proofpoint may truly have been the purchaser.
This week those rumors were confirmed.

Proofpoint, Inc., the leading provider of cloud-based security and compliance solutions for enterprise messaging and collaboration, today announced it has acquired the assets of the SORBS (Spam and Open Relay Blocking System) service (http://www.sorbs.net). Approximately 200,000 organizations worldwide leverage the SORBS DNS-based Block List (DNSBL) to effectively block email from more than 12 million host servers known to disseminate spam, phishing attacks and other forms of malicious email.

I have to wonder how reflective of actual usage numbers the “200,000 organizations” is. I do suspect that many organizations are querying the list, but I don’t know how much it’s affecting delivery. Most spamassassin installations query SORBS DUL by default. However, being listed on SORBS DUL only counts for 0.001 points. Being queried doesn’t matter if those queries don’t really affect delivery.
We recently wrote about problems with the Trend/MAPS lists. Many people have contacted us about that and indicated they are no longer seeing any blocking at Comcast based on a MAPS listing. The Comcast postmaster page hasn’t been updated, but I haven’t heard of anyone having problems with listings at Comcast recently.
I’m hearing conflicting reports about the other major US Trend/MAPS user, RR.com. Some people are telling me they’re seeing inbox delivery for MAPS listed IPs. Other people are telling me they’re seeing deferrals for MAPS listed IPs.
In either case, it appears that the effect of a MAPS listing on delivering mail to US ISPs is less than it was a few months ago.
The decisions to make this information public  were not made lightly. On balance, blocklists are a valuable and important part of the email ecosystem. But they are a bit of a black box. Very few people who don’t run blocklists actually have insight into how they work and how they make decisions. There are good reasons the blocklists do this, but it does make them a bit of an unknown entity to many.
In response to the ongoing damage to the email ecosystem, we decided share this information publicly. Many people tried discussions with the list maintainers and their parent companies: by phone, by email and in person. These efforts were only partially effective at getting wanted mail delivered.
Because this problem was ongoing and because so many different people were attempting to resolve the problem unsuccessfully, we decided to make the information we knew public. While the listing policies don’t seem to have changed, the overall damage to the ecosystem seems to be lessening.
There are a lot of people who worked very hard to bring about these changes. Many of them cannot be named, for obvious reasons. But their contribution should not be overlooked. Our position in the industry means people share issues with us and that we can share information publicly. But just because we’re the public face doesn’t mean we’re the only actors.

Related Posts

GFI/SORBS considered harmful, part 2

Act 1Act 2IntermezzoAct 3Act 4Act 5
Management Summary, Redistributable Documents and Links
Yesterday I talked about GFI responsiveness to queries and delisting requests about SORBS listings. Today I’m going to look at data accuracy.
The two issues are tightly intertwined – a blacklist that isn’t responsive to reports of false positive listings will end up with a lot of stale or inaccurate data, and a blacklist that has many false positives will likely be overwhelmed with complaints and delisting requests, and won’t be able to respond to them – leading to a spiral of dissatisfaction and inaccurate data feeding off each other.

Read More

GFI/SORBS – I'm blacklisted, now what?

Act 1Act 2IntermezzoAct 3Act 4Act 5
Management Summary, Redistributable Documents and Links
In the past week we’ve demonstrated that the SORBS reputation data is riddled with mistakes, poor practices, security holes and operational problems, and that the quality of the end result is really too poor to be useful.
What does this mean to you though? There are really two aspects: 1. what to do if you’re blacklisted or blocked by GFI or based on GFI/SORBS data and 2. how this information should affect your choice of spam filtering technology. We’ll be looking at the first point today, and the second tomorrow.

Read More

GFI/SORBS considered harmful

Act 1Act 2IntermezzoAct 3Act 4Act 5
Management Summary, Redistributable Documents and Links
A little over a year ago the SORBS blacklist was purchased by GFI Software. I had fairly high hopes that it would improve significantly, start behaving with some level of professionalism and competence and become a useful data source, in much the same way that the SpamCop blacklist turned into an accurate, professionally run source of data after they transitioned from being a volunteer run blacklist to a service of IronPort.
GFI’s statement a year ago was:

Read More