Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NANOG: users

SORBS?!

 

 

First page Previous page 1 2 Next page Last page  View All NANOG users RSS feed   Index | Next | Previous | View Threaded


cconn at b2b2c

Apr 4, 2012, 12:53 PM

Post #1 of 44 (1968 views)
Permalink
SORBS?!

Hello,

Is anyone from SORBS still listening? We have a few IP addresses here
and there that are listed, one in particular that has been for a spam
incident from over a year ago. The "last spam" date is 03/05/2011
according to their lookup tools.

We don't have access to their Net Manager even if our ARIN POC
corresponds to the account on their system we opened a while ago. We
use their ISP feedback form and never get any responses back.

Is SORBS still relevant and functional?

Sincerely,

Chris Conn
B2B2C.ca


mjkelly at gmail

Apr 4, 2012, 1:06 PM

Post #2 of 44 (1998 views)
Permalink
Re: SORBS?! [In reply to]

Good luck. Last time we heard back from them they were trying to extort
us for $18,000 to have a huge block of Ips removed. They were listed from
the day we received them from arin. After that we gave up on SORBS.



On 4/4/12 3:53 PM, "Chris Conn" <cconn [at] b2b2c> wrote:

>Hello,
>
>Is anyone from SORBS still listening? We have a few IP addresses here
>and there that are listed, one in particular that has been for a spam
>incident from over a year ago. The "last spam" date is 03/05/2011
>according to their lookup tools.
>
>We don't have access to their Net Manager even if our ARIN POC
>corresponds to the account on their system we opened a while ago. We
>use their ISP feedback form and never get any responses back.
>
>Is SORBS still relevant and functional?
>
>Sincerely,
>
>Chris Conn
>B2B2C.ca
>


paul at paulgraydon

Apr 4, 2012, 1:08 PM

Post #3 of 44 (1934 views)
Permalink
Re: SORBS?! [In reply to]

They're still functional, still used by companies but I wouldn't make
any observation on them running 'well'. A friend's office IP range got
blocked and unblocked recently by them so they do seem to remove entries.

Beyond that on NANOG you're pretty much into "light blue touch paper and
retire to a safe distance" territory even mentioning them. There is a
good chance you might get a reply from Sorbs here, they almost always
seem to respond when things get raised on NANOG.

Paul

On 04/04/2012 09:53 AM, Chris Conn wrote:
> Hello,
>
> Is anyone from SORBS still listening? We have a few IP addresses
> here and there that are listed, one in particular that has been for a
> spam incident from over a year ago. The "last spam" date is
> 03/05/2011 according to their lookup tools.
>
> We don't have access to their Net Manager even if our ARIN POC
> corresponds to the account on their system we opened a while ago. We
> use their ISP feedback form and never get any responses back.
>
> Is SORBS still relevant and functional?
>
> Sincerely,
>
> Chris Conn
> B2B2C.ca
>


lstewart at superb

Apr 4, 2012, 1:55 PM

Post #4 of 44 (1924 views)
Permalink
Re: SORBS?! [In reply to]

On 4 April 2012 12:53, Chris Conn <cconn [at] b2b2c> wrote:

> Hello,
>
> Is anyone from SORBS still listening? We have a few IP addresses here
> and there that are listed, one in particular that has been for a spam
> incident from over a year ago. The "last spam" date is 03/05/2011
> according to their lookup tools.
>
> We don't have access to their Net Manager even if our ARIN POC corresponds
> to the account on their system we opened a while ago. We use their ISP
> feedback form and never get any responses back.
>
> Is SORBS still relevant and functional?
>

I've been trying to login to their 'support' interface for a while now.
Emails from them for creating a new account or trying to recover a
password for an existing account don't actually come to me. I actually
wrote Girish from the company that purchased SORBS (Proofpoint) about it
(also CC'd here) and I have had no reply whatsoever either.

I think we should all just NULL ROUTE all of their IP space on our borders
to get their attention.

Regards,
Landon


jeroen at mompl

Apr 4, 2012, 2:21 PM

Post #5 of 44 (1930 views)
Permalink
Re: SORBS?! [In reply to]

Landon Stewart wrote:
> I think we should all just NULL ROUTE all of their IP space on our borders
> to get their attention.

Yeah you're free to do that, as well as complain about it and SORBS in
turn is free to put whatever the hell they feel like on their block
lists and not remove it at all, ever, for whatever reason.

One common theme I did notice in the countless and, dare I say, tiresome
complaints about SORBS is that it hardly ever helps and may even make it
worse.

It's best to not complain about it and just accept it as a fact of life
your IPs are listed on SORBS and move on. It's not the end of the world.

Greetings,
Jeroen

--
Earthquake Magnitude: 3.0
Date: Wednesday, April 4, 2012 20:59:13 UTC
Location: Baja California, Mexico
Latitude: 32.6142; Longitude: -115.8417
Depth: 2.90 km


mikea at mikea

Apr 4, 2012, 2:21 PM

Post #6 of 44 (1939 views)
Permalink
Re: SORBS?! [In reply to]

On Wed, Apr 04, 2012 at 01:55:46PM -0700, Landon Stewart wrote:
> On 4 April 2012 12:53, Chris Conn <cconn [at] b2b2c> wrote:
>
> > Hello,
> >
> > Is anyone from SORBS still listening? We have a few IP addresses here
> > and there that are listed, one in particular that has been for a spam
> > incident from over a year ago. The "last spam" date is 03/05/2011
> > according to their lookup tools.
> >
> > We don't have access to their Net Manager even if our ARIN POC corresponds
> > to the account on their system we opened a while ago. We use their ISP
> > feedback form and never get any responses back.
> >
> > Is SORBS still relevant and functional?
> >
>
> I've been trying to login to their 'support' interface for a while now.
> Emails from them for creating a new account or trying to recover a
> password for an existing account don't actually come to me. I actually
> wrote Girish from the company that purchased SORBS (Proofpoint) about it
> (also CC'd here) and I have had no reply whatsoever either.
>
> I think we should all just NULL ROUTE all of their IP space on our borders
> to get their attention.

By a happy coincidence, I got mail today from Scott Greco of Proofpoint,
asking if we could get together to discuss their products. I've replied
to that with a summary of this thread, and am Cc:ing him on this mail, as
well. Maybe we can get their attention, though past experience with SORBS
does not exactly imbue me with confidence.

--
Mike Andrews, W5EGO
mikea [at] mikea
Tired old sysadmin


ahebert at pubnix

Apr 4, 2012, 2:27 PM

Post #7 of 44 (1929 views)
Permalink
Re: SORBS?! [In reply to]

Hi,

We had an issue with one of our old subnets which was used as a
pool for dynamic dial-up in the past, which we now use for virtual hosting.

It took a few me a few hours but I was able to get it removed from
the DUHL list.
( And a few walk around the block to calm me down after dealing
with their robot =D ).

As for being removed from their SPAM RBL that might be another story..

Actually knowing Chris, and his outfit, that 18k request seems
unwarranted :(

As for SORBS, they have a ticket system at
http://support.sorbs.net/ which use the same username/password as
https://www.us.sorbs.net. You can follow up there with your ticket #,
if their robot is being a bit too fascist.
( ecarbonel was the guy that help us in our case )

PS: The ticketing system is not that fast, so be patient.

/wave Chris

-----
Alain Hebert ahebert [at] pubnix
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443


On 04/04/12 16:55, Landon Stewart wrote:
> On 4 April 2012 12:53, Chris Conn<cconn [at] b2b2c> wrote:
>
>> Hello,
>>
>> Is anyone from SORBS still listening? We have a few IP addresses here
>> and there that are listed, one in particular that has been for a spam
>> incident from over a year ago. The "last spam" date is 03/05/2011
>> according to their lookup tools.
>>
>> We don't have access to their Net Manager even if our ARIN POC corresponds
>> to the account on their system we opened a while ago. We use their ISP
>> feedback form and never get any responses back.
>>
>> Is SORBS still relevant and functional?
>>
> I've been trying to login to their 'support' interface for a while now.
> Emails from them for creating a new account or trying to recover a
> password for an existing account don't actually come to me. I actually
> wrote Girish from the company that purchased SORBS (Proofpoint) about it
> (also CC'd here) and I have had no reply whatsoever either.
>
> I think we should all just NULL ROUTE all of their IP space on our borders
> to get their attention.
>
> Regards,
> Landon
>


lstewart at superb

Apr 4, 2012, 2:36 PM

Post #8 of 44 (1926 views)
Permalink
Re: SORBS?! [In reply to]

On 4 April 2012 14:21, Jeroen van Aart <jeroen [at] mompl> wrote:

> Landon Stewart wrote:
>
>> I think we should all just NULL ROUTE all of their IP space on our borders
>> to get their attention.
>>
>
> Yeah you're free to do that, as well as complain about it and SORBS in
> turn is free to put whatever the hell they feel like on their block lists
> and not remove it at all, ever, for whatever reason.
>

The latter part of that sentence has already been confirmed for years now.


> It's best to not complain about it and just accept it as a fact of life
> your IPs are listed on SORBS and move on. It's not the end of the world.
>

It turns into a customer service issue for most service providers.


lstewart at superb

Apr 4, 2012, 2:39 PM

Post #9 of 44 (1921 views)
Permalink
Re: SORBS?! [In reply to]

On 4 April 2012 14:27, Alain Hebert <ahebert [at] pubnix> wrote:

> As for SORBS, they have a ticket system at http://support.sorbs.net/which use the same username/password as
> https://www.us.sorbs.net. You can follow up there with your ticket #, if
> their robot is being a bit too fascist. ( ecarbonel was the guy that help
> us in our case )
>

Yeah that's my main complaint right now is that we can't get into their
ticket system *or* register a new account for our AS. The new account
registration email never gets received for confirmation. The account we
used to use doesn't work despite it being somewhere around 7 years old.


> PS: The ticketing system is not that fast, so be patient.
>

It's better than it was a few months ago I must say. It was almost
absolutely unusably slow the last time I was in there probably late last
year some time.

---
Landon Stewart <lstewart [at] superb <mailto"LStewart [at] Superb>>
Sr. Administrator
Systems Engineering
Superb Internet Corp - 888-354-6128 x 4199
Web hosting and more "Ahead of the Rest": www.superb.net


cconn at b2b2c

Apr 4, 2012, 2:39 PM

Post #10 of 44 (1922 views)
Permalink
Re: SORBS?! [In reply to]

On 2012-04-04 17:33:
>
> Hi,
>
> Actually knowing Chris, and his outfit, that 18k request seems unwarranted :(
>
> As for SORBS, they have a ticket system at http://support.sorbs.net/ which use the same username/password as https://www.us.sorbs.net. You can follow up there with your ticket #, if their robot is being a bit too fascist.
> ( ecarbonel was the guy that help us in our case )
>
> PS: The ticketing system is not that fast, so be patient.
>
> /wave Chris
>

Hi Alain!

The 18K thing was another operator, but we have not had much luck. I
will give my attention to the ticket for now and wait until something
happens. Its not a crucial issue since from what I can tell its mostly
a cosmetic thing (and a bit of a managerial pain to have to explain the
implications to a customer).

I have no beef with SORBS, we even rsync their zone on our DNS servers
so we can provide faster access to it to our customers that might use
it. However recently, getting listing action seems to fall into a void.

Cheers,

Chris


sam.oduor at gmail

Apr 5, 2012, 4:55 AM

Post #11 of 44 (1914 views)
Permalink
Re: SORBS?! [In reply to]

Some of the IP's I manage got blacklisted and its true they were spamming
and Sorbs had a very valid reason for blacklisting them.

I got this response response from sorbs after resolving the problem
amicably. Sorbs responded well on time.

*Your request appear to have been resolved. If you have any
further questions or concerns, please respond to this message.

Please note:

If your IP address has been delisted (marked as 'Inactive'), it will
take up to 2 hours to get from the database to all the SORBS DNS
servers. Changes to the database are exported to the DNS zone files
periodically, not immediately after every change. Furthermore, after
the updated database contents have been exported to the DNS zone
files, it will then take up to 48 hours for the outdated DNS
information to be removed from DNS caches around the world - none
of these are in SORBS' control.

Please do not reply to this call with problems not related to
this ticket or your request will be ignored.



*
*On Wed, Apr 4, 2012 at 10:53 PM, Chris Conn <cconn [at] b2b2c> wrote:
*
>
> *Hello,
>
> Is anyone from SORBS still listening? We have a few IP addresses here
> and there that are listed, one in particular that has been for a spam
> incident from over a year ago. The "last spam" date is 03/05/2011
> according to their lookup tools.* *
>
> We don't have access to their Net Manager even if our ARIN POC corresponds
> to the account on their system we opened a while ago. We use their ISP
> feedback form and never get any responses back.* *
>
> Is SORBS still relevant and functional?* *
>
> Sincerely,*
>
> Chris Conn
> B2B2C.ca
>
>


--
Samson Oduor


drew.weaver at thenap

Apr 5, 2012, 8:56 AM

Post #12 of 44 (1909 views)
Permalink
RE: SORBS?! [In reply to]

Now, if we could only teach Senderbase that if their customers receive 'questionable' smtp traffic from 1 IP address in a /24 it doesn't mean that all IP addresses in that /24 are malicious we'd really be living it up in 2012.



-----Original Message-----
From: Sam Oduor [mailto:sam.oduor [at] gmail]
Sent: Thursday, April 05, 2012 7:56 AM
To: Chris Conn
Cc: nanog [at] nanog
Subject: Re: SORBS?!

Some of the IP's I manage got blacklisted and its true they were spamming and Sorbs had a very valid reason for blacklisting them.

I got this response response from sorbs after resolving the problem amicably. Sorbs responded well on time.

*Your request appear to have been resolved. If you have any further questions or concerns, please respond to this message.

Please note:

If your IP address has been delisted (marked as 'Inactive'), it will take up to 2 hours to get from the database to all the SORBS DNS servers. Changes to the database are exported to the DNS zone files periodically, not immediately after every change. Furthermore, after the updated database contents have been exported to the DNS zone files, it will then take up to 48 hours for the outdated DNS information to be removed from DNS caches around the world - none of these are in SORBS' control.

Please do not reply to this call with problems not related to this ticket or your request will be ignored.



*
*On Wed, Apr 4, 2012 at 10:53 PM, Chris Conn <cconn [at] b2b2c> wrote:
*
>
> *Hello,
>
> Is anyone from SORBS still listening? We have a few IP addresses here
> and there that are listed, one in particular that has been for a spam
> incident from over a year ago. The "last spam" date is 03/05/2011
> according to their lookup tools.* *
>
> We don't have access to their Net Manager even if our ARIN POC
> corresponds to the account on their system we opened a while ago. We
> use their ISP feedback form and never get any responses back.* *
>
> Is SORBS still relevant and functional?* *
>
> Sincerely,*
>
> Chris Conn
> B2B2C.ca
>
>


--
Samson Oduor


goemon at anime

Apr 5, 2012, 9:48 AM

Post #13 of 44 (1912 views)
Permalink
RE: SORBS?! [In reply to]

This is often the only way to get peoples attention and get action.


Providers dont care about individual /32's and will let them sit around
and spew nigerian scams and pill spams without any consequences.

But they will care about a /24.

-Dan

On Thu, 5 Apr 2012, Drew Weaver wrote:

> Now, if we could only teach Senderbase that if their customers receive 'questionable' smtp traffic from 1 IP address in a /24 it doesn't mean that all IP addresses in that /24 are malicious we'd really be living it up in 2012.
>
>
>
> -----Original Message-----
> From: Sam Oduor [mailto:sam.oduor [at] gmail]
> Sent: Thursday, April 05, 2012 7:56 AM
> To: Chris Conn
> Cc: nanog [at] nanog
> Subject: Re: SORBS?!
>
> Some of the IP's I manage got blacklisted and its true they were spamming and Sorbs had a very valid reason for blacklisting them.
>
> I got this response response from sorbs after resolving the problem amicably. Sorbs responded well on time.
>
> *Your request appear to have been resolved. If you have any further questions or concerns, please respond to this message.
>
> Please note:
>
> If your IP address has been delisted (marked as 'Inactive'), it will take up to 2 hours to get from the database to all the SORBS DNS servers. Changes to the database are exported to the DNS zone files periodically, not immediately after every change. Furthermore, after the updated database contents have been exported to the DNS zone files, it will then take up to 48 hours for the outdated DNS information to be removed from DNS caches around the world - none of these are in SORBS' control.
>
> Please do not reply to this call with problems not related to this ticket or your request will be ignored.
>
>
>
> *
> *On Wed, Apr 4, 2012 at 10:53 PM, Chris Conn <cconn [at] b2b2c> wrote:
> *
>>
>> *Hello,
>>
>> Is anyone from SORBS still listening? We have a few IP addresses here
>> and there that are listed, one in particular that has been for a spam
>> incident from over a year ago. The "last spam" date is 03/05/2011
>> according to their lookup tools.* *
>>
>> We don't have access to their Net Manager even if our ARIN POC
>> corresponds to the account on their system we opened a while ago. We
>> use their ISP feedback form and never get any responses back.* *
>>
>> Is SORBS still relevant and functional?* *
>>
>> Sincerely,*
>>
>> Chris Conn
>> B2B2C.ca
>>
>>
>
>
> --
> Samson Oduor
>
>


lstewart at superb

Apr 5, 2012, 10:06 AM

Post #14 of 44 (1917 views)
Permalink
Re: SORBS?! [In reply to]

>
> On Thu, 5 Apr 2012, Drew Weaver wrote:
>
> Now, if we could only teach Senderbase that if their customers receive
>> 'questionable' smtp traffic from 1 IP address in a /24 it doesn't mean that
>> all IP addresses in that /24 are malicious we'd really be living it up in
>> 2012.
>>
>>
On 5 April 2012 09:48, <goemon [at] anime> wrote:

> This is often the only way to get peoples attention and get action.
>
> Providers dont care about individual /32's and will let them sit around
> and spew nigerian scams and pill spams without any consequences.
>
> But they will care about a /24.
>
> -Dan
>

If the purpose of blacklist is to block spam for recipients using that
blacklist then a /32 works. If the purpose of a blacklist is to annoy
providers then a /24 works. The most reputable and useful blacklists IMHO
are Spamhaus and Spamcop - they don't block /24s. Spamhaus sometimes does
if your rwhois shows that a large amount of the /24 is owned by the
offending party but generally they don't. In my opinion a blacklist is
useful when it notifies a provider of a listing, provides the reason for
the listing and gives you a way to remove the listing.

Spamhaus encourages companies to resolve all the issues while only blocking
/32s by showing all the listings under your responsibility and making nice
to see that list empty. Pretty simple. Incidentally SORBS usually blocks
/24s and, as far as I know, provides no way for you to lookup all listings
under a providers responsibility (by AS or otherwise).

Incidentally, I have yet to see anything from Proofpoint, SORBS or their
support system regarding the access issues we are having to their system.
If anyone has another contact at Proofpoint other than Girish I'd
appreciate knowing what it is.

---
Landon Stewart <lstewart [at] superb <mailto"LStewart [at] Superb>>
Sr. Administrator
Systems Engineering
Superb Internet Corp - 888-354-6128 x 4199
Web hosting and more "Ahead of the Rest": www.superb.net


nick at foobar

Apr 5, 2012, 10:45 AM

Post #15 of 44 (1902 views)
Permalink
Re: SORBS?! [In reply to]

On 05/04/2012 17:48, goemon [at] anime wrote:
> But they will care about a /24.

I'm curious as to why they would want to stop at /24. If you're going to
take the shotgun approach, why not blacklist the entire ASN?

Nick


paul4004 at gmail

Apr 5, 2012, 11:01 AM

Post #16 of 44 (1906 views)
Permalink
Re: SORBS?! [In reply to]

That's probably a better idea.

I moved "into" a /24 ip block that was SWIPed to me that they reported was
"dynamic cable/DSL users" (no spam history, mind you). Didn't matter, I
couldn't send e-mail.

When trying to get it delisted I had a TTL on the zone that was
"incompatible" with their standards (for DR failover purposes) and was
unwilling to maintain a TTL of how many ever hours they wanted as it didn't
fit the company's requirements.

I ended up just getting a new IP block from the ISP as they gave up on
resolving it too. Kind of a waste, but it worked. I relocated to there
instead.

1 year later they updated my ticket and delisted it.



On Thu, Apr 5, 2012 at 11:45 AM, Nick Hilliard <nick [at] foobar> wrote:

> On 05/04/2012 17:48, goemon [at] anime wrote:
> > But they will care about a /24.
>
> I'm curious as to why they would want to stop at /24. If you're going to
> take the shotgun approach, why not blacklist the entire ASN?
>
> Nick
>
>


drew.weaver at thenap

Apr 6, 2012, 4:31 AM

Post #17 of 44 (1928 views)
Permalink
RE: SORBS?! [In reply to]

That's just not true, we would much rather be notified of something that a reputation list finds objectionable and take it down ourselves than have Senderbase set a poor reputation on dozens of IaaS customers.

-Drew

-----Original Message-----
From: goemon [at] anime [mailto:goemon [at] anime]
Sent: Thursday, April 05, 2012 12:48 PM
To: Drew Weaver
Cc: 'Sam Oduor'; Chris Conn; nanog [at] nanog
Subject: RE: SORBS?!

This is often the only way to get peoples attention and get action.


Providers dont care about individual /32's and will let them sit around and spew nigerian scams and pill spams without any consequences.

But they will care about a /24.

-Dan

On Thu, 5 Apr 2012, Drew Weaver wrote:

> Now, if we could only teach Senderbase that if their customers receive 'questionable' smtp traffic from 1 IP address in a /24 it doesn't mean that all IP addresses in that /24 are malicious we'd really be living it up in 2012.
>
>
>
> -----Original Message-----
> From: Sam Oduor [mailto:sam.oduor [at] gmail]
> Sent: Thursday, April 05, 2012 7:56 AM
> To: Chris Conn
> Cc: nanog [at] nanog
> Subject: Re: SORBS?!
>
> Some of the IP's I manage got blacklisted and its true they were spamming and Sorbs had a very valid reason for blacklisting them.
>
> I got this response response from sorbs after resolving the problem amicably. Sorbs responded well on time.
>
> *Your request appear to have been resolved. If you have any further questions or concerns, please respond to this message.
>
> Please note:
>
> If your IP address has been delisted (marked as 'Inactive'), it will take up to 2 hours to get from the database to all the SORBS DNS servers. Changes to the database are exported to the DNS zone files periodically, not immediately after every change. Furthermore, after the updated database contents have been exported to the DNS zone files, it will then take up to 48 hours for the outdated DNS information to be removed from DNS caches around the world - none of these are in SORBS' control.
>
> Please do not reply to this call with problems not related to this ticket or your request will be ignored.
>
>
>
> *
> *On Wed, Apr 4, 2012 at 10:53 PM, Chris Conn <cconn [at] b2b2c> wrote:
> *
>>
>> *Hello,
>>
>> Is anyone from SORBS still listening? We have a few IP addresses here
>> and there that are listed, one in particular that has been for a spam
>> incident from over a year ago. The "last spam" date is 03/05/2011
>> according to their lookup tools.* *
>>
>> We don't have access to their Net Manager even if our ARIN POC
>> corresponds to the account on their system we opened a while ago. We
>> use their ISP feedback form and never get any responses back.* *
>>
>> Is SORBS still relevant and functional?* *
>>
>> Sincerely,*
>>
>> Chris Conn
>> B2B2C.ca
>>
>>
>
>
> --
> Samson Oduor
>
>


Valdis.Kletnieks at vt

Apr 6, 2012, 6:48 AM

Post #18 of 44 (1893 views)
Permalink
Re: SORBS?! [In reply to]

On Fri, 06 Apr 2012 07:31:47 -0400, Drew Weaver said:
> That's just not true, we would much rather be notified of something that a
> reputation list finds objectionable and take it down ourselves than have
> Senderbase set a poor reputation on dozens of IaaS customers.

If it was industry-wide standard practice that just notifying a provider resulted
in something being done, we'd not need things like Senderbase, which is after
all basically a list of people who don't take action when notified...


drew.weaver at thenap

Apr 6, 2012, 6:55 AM

Post #19 of 44 (1898 views)
Permalink
RE: SORBS?! [In reply to]

That is again, not true.

Senderbase's listings don't correlate to any public information so it's pretty much impossible to pro-actively protect ourselves from having our IPs set to poor.

I.e. when Senderbase assigns IPs to poor, those same IPs aren't listed on any RBLs or anything.

They operate in a vacuum where there is no visibility into why they do anything. Unlike organizations like Spamhaus where you know exactly why IPs are listed.

Thanks,
-Drew



-----Original Message-----
From: Valdis.Kletnieks [at] vt [mailto:Valdis.Kletnieks [at] vt]
Sent: Friday, April 06, 2012 9:48 AM
To: Drew Weaver
Cc: 'goemon [at] anime'; nanog [at] nanog
Subject: Re: SORBS?!

On Fri, 06 Apr 2012 07:31:47 -0400, Drew Weaver said:
> That's just not true, we would much rather be notified of something
> that a reputation list finds objectionable and take it down ourselves
> than have Senderbase set a poor reputation on dozens of IaaS customers.

If it was industry-wide standard practice that just notifying a provider resulted in something being done, we'd not need things like Senderbase, which is after all basically a list of people who don't take action when notified...


bruns at 2mbit

Apr 6, 2012, 7:54 AM

Post #20 of 44 (1900 views)
Permalink
Re: SORBS?! [In reply to]

On 4/4/12 3:36 PM, Landon Stewart wrote:

>> > It's best to not complain about it and just accept it as a fact of life
>> > your IPs are listed on SORBS and move on. It's not the end of the world.
>> >
> It turns into a customer service issue for most service providers.

Eh, guess they'll just have to absorb the cost of that, like its
expected that the recipients of spam have to absorb the cost of ISPs not
disconnecting infected/spamming customers...

And like how I have to absorb the costs of spending my time during the
day answering removal requests from people who lie to me constantly and
hope that I don't notice their little games.

Ever wonder why it takes time for DNSbl's to process removals, sometimes
very long periods? Well, someone's gotta pay for that time the removal
person does it (and I have yet to see a dime of compensation for the
time I spend).



--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org


patrick at ianai

Apr 6, 2012, 8:02 AM

Post #21 of 44 (1908 views)
Permalink
Re: SORBS?! [In reply to]

On Apr 6, 2012, at 10:54 , Brielle Bruns wrote:
> On 4/4/12 3:36 PM, Landon Stewart wrote:
>
>>>> It's best to not complain about it and just accept it as a fact of life
>>>> your IPs are listed on SORBS and move on. It's not the end of the world.
>>>>
>> It turns into a customer service issue for most service providers.
>
> Eh, guess they'll just have to absorb the cost of that, like its expected that the recipients of spam have to absorb the cost of ISPs not disconnecting infected/spamming customers...
>
> And like how I have to absorb the costs of spending my time during the day answering removal requests from people who lie to me constantly and hope that I don't notice their little games.
>
> Ever wonder why it takes time for DNSbl's to process removals, sometimes very long periods? Well, someone's gotta pay for that time the removal person does it (and I have yet to see a dime of compensation for the time I spend).

No, they don't. Many DNSBLs use self-service tools. Someone has to write the tool, but the rest is automated. Total cost is power & space, which is frequently donated (I have personally donated some myself to DNSBLs I thought were well run).

Besides, anyone who knowingly causes harm to a third party and claims "it is a cost of doing business" or "mostly people like it" or "our $FOO is targeted and almost always correct, you must be an outlier and that's why it costs you" sound -exactly- like spammers to me.

Spammer who are up-front about it I can deal with. Don't agree with or even like them, but at least we understand each other. Hypocrisy is a different story.

--
TTFN,
patrick


patrick at ianai

Apr 6, 2012, 8:02 AM

Post #22 of 44 (1890 views)
Permalink
Re: SORBS?! [In reply to]

On Apr 6, 2012, at 10:54 , Brielle Bruns wrote:
> On 4/4/12 3:36 PM, Landon Stewart wrote:
>
>>>> It's best to not complain about it and just accept it as a fact of life
>>>> your IPs are listed on SORBS and move on. It's not the end of the world.
>>>>
>> It turns into a customer service issue for most service providers.
>
> Eh, guess they'll just have to absorb the cost of that, like its expected that the recipients of spam have to absorb the cost of ISPs not disconnecting infected/spamming customers...
>
> And like how I have to absorb the costs of spending my time during the day answering removal requests from people who lie to me constantly and hope that I don't notice their little games.
>
> Ever wonder why it takes time for DNSbl's to process removals, sometimes very long periods? Well, someone's gotta pay for that time the removal person does it (and I have yet to see a dime of compensation for the time I spend).

No, they don't. Many DNSBLs use self-service tools. Someone has to write the tool, but the rest is automated. Total cost is power & space, which is frequently donated (I have personally donated some myself to DNSBLs I thought were well run).

Besides, anyone who knowingly causes harm to a third party and claims "it is a cost of doing business" or "mostly people like it" or "our $FOO is targeted and almost always correct, you must be an outlier and that's why it costs you" sound -exactly- like spammers to me.

Spammer who are up-front about it I can deal with. Don't agree with or even like them, but at least we understand each other. Hypocrisy is a different story.

--
TTFN,
patrick


bruns at 2mbit

Apr 6, 2012, 8:37 AM

Post #23 of 44 (1896 views)
Permalink
Re: SORBS?! [In reply to]

On 4/6/12 9:02 AM, Patrick W. Gilmore wrote:
> No, they don't. Many DNSBLs use self-service tools. Someone has to
> write the tool, but the rest is automated. Total cost is power&
> space, which is frequently donated (I have personally donated some
> myself to DNSBLs I thought were well run).


Proxy removals and automated additions are self service removals. I
don't trust automated removal for stuff that we add by hand. Too many
variables, too much in the way of games...

If I were to let the people in spam-sources request removal and handle
removal entirely on their own without one of us reviewing it by hand,
there'd be no entries left in my database.

>
> Besides, anyone who knowingly causes harm to a third party and claims
> "it is a cost of doing business" or "mostly people like it" or "our
> $FOO is targeted and almost always correct, you must be an outlier
> and that's why it costs you" sound -exactly- like spammers to me.


I was more pointing out to people that you expect someone else, who
you've got no contractual obligation with, or relationship with, to make
time and effort to handle a request you made.

All I hear these days from people is that I have no right to tell them
who they can have as customers, or how to run their business.

Well, the reverse applies as well. I take great offense to people
telling me how to run my own service, that I provide free at no charge
with no obligations.

When a provider actually works with me to resolve an issue, I bend over
backwards to help them. Unfortunately, those kinds of providers are few
and far in between.

>
> Spammer who are up-front about it I can deal with. Don't agree with
> or even like them, but at least we understand each other. Hypocrisy
> is a different story.


Unfortunately, the apathy of providers, backbones, and network operators
in general have created an environment that the almighty buck rules
everything.

Yeah, I've had offers for financial support of the AHBL. Turned them
down every time, even though it would give me a chance to hire actual
people to run it. But, then, I'd have someone hanging over my
shoulder, pulling strings and interfering with my project. My
independence goes out the window, and I can't truly say I have no
financial interest in the listings.


So, forgive me if my independence as a non-commercial DNSbl makes me
somewhat jaded towards people who expect me to prioritize their demands
over what pays the bills.

--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org


george.herbert at gmail

Apr 6, 2012, 8:49 AM

Post #24 of 44 (1894 views)
Permalink
Re: SORBS?! [In reply to]

This seems like a very 1999 anti-spam attitude.

I have been doing anti-spam a long long time - literally since before Canter and Siegel (who I had as customers...) and before jj [at] cup

It's not 1999 anymore. Patrick is not the enemy. Your attitude is worrying. The "I am not responsible for who uses the blacklist or what that means" isn't good enough anymore.


George William Herbert
Sent from my iPhone

On Apr 6, 2012, at 8:37, Brielle Bruns <bruns [at] 2mbit> wrote:

> On 4/6/12 9:02 AM, Patrick W. Gilmore wrote:
>> No, they don't. Many DNSBLs use self-service tools. Someone has to
>> write the tool, but the rest is automated. Total cost is power&
>> space, which is frequently donated (I have personally donated some
>> myself to DNSBLs I thought were well run).
>
>
> Proxy removals and automated additions are self service removals. I don't trust automated removal for stuff that we add by hand. Too many variables, too much in the way of games...
>
> If I were to let the people in spam-sources request removal and handle removal entirely on their own without one of us reviewing it by hand, there'd be no entries left in my database.
>
>>
>> Besides, anyone who knowingly causes harm to a third party and claims
>> "it is a cost of doing business" or "mostly people like it" or "our
>> $FOO is targeted and almost always correct, you must be an outlier
>> and that's why it costs you" sound -exactly- like spammers to me.
>
>
> I was more pointing out to people that you expect someone else, who you've got no contractual obligation with, or relationship with, to make time and effort to handle a request you made.
>
> All I hear these days from people is that I have no right to tell them who they can have as customers, or how to run their business.
>
> Well, the reverse applies as well. I take great offense to people telling me how to run my own service, that I provide free at no charge with no obligations.
>
> When a provider actually works with me to resolve an issue, I bend over backwards to help them. Unfortunately, those kinds of providers are few and far in between.
>
>>
>> Spammer who are up-front about it I can deal with. Don't agree with
>> or even like them, but at least we understand each other. Hypocrisy
>> is a different story.
>
>
> Unfortunately, the apathy of providers, backbones, and network operators in general have created an environment that the almighty buck rules everything.
>
> Yeah, I've had offers for financial support of the AHBL. Turned them down every time, even though it would give me a chance to hire actual people to run it. But, then, I'd have someone hanging over my shoulder, pulling strings and interfering with my project. My independence goes out the window, and I can't truly say I have no financial interest in the listings.
>
>
> So, forgive me if my independence as a non-commercial DNSbl makes me somewhat jaded towards people who expect me to prioritize their demands over what pays the bills.
>
> --
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org / http://www.ahbl.org
>


mike at mtcc

Apr 6, 2012, 9:02 AM

Post #25 of 44 (1896 views)
Permalink
Re: SORBS?! [In reply to]

On 04/06/2012 08:49 AM, George Herbert wrote:
> This seems like a very 1999 anti-spam attitude.
>
> I have been doing anti-spam a long long time - literally since before Canter and Siegel (who I had as customers...) and before jj [at] cup
>
> It's not 1999 anymore. Patrick is not the enemy. Your attitude is worrying. The "I am not responsible for who uses the blacklist or what that means" isn't good enough anymore.

I wonder how long a popularish blacklist operator would last if they,
oh say, blacklisted all of google or microsoft before they got some
very threatening letters from their legal staff. An hour? A day? A week?

You may have the right to list them and change your mind in your own
good time, but they also have the right to defend their reputation civilly
too. With great power comes great responsibility and all that.

Mike

First page Previous page 1 2 Next page Last page  View All NANOG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.