[Dshield] DOS by Sorbs?

martin forest martin at forest.gen.nz
Wed Dec 21 23:58:02 GMT 2005

Greetings all

Are there many of you that have been "cornered" by Sorbs in Australia?
Suddenly, we started to receive complaints from users that we were on an  
RBL list. And when I looked at it, we have been listed by Sorbs as a spam  
site. After analysing the issue, it turns out that the complaint made to  
Sorbs is faked/false and no warning was given to us. Basically, I  
contacted the remote user (in Finland) that the complaint was referring to  
and he have never heard of it. I also contacted our user, who the email  
“was sent from”. As most of you probably is guessing by now, a classical  
spoofed email.

If we don't do “non delivery notifications”, we will break rfc's.
If we deliver non delivery notifications, we will most likely send crap to  
innocent users.
Our mail servers do strict mail filtering and do not relay. We have a  
commercial anti spam system for incoming email. Outgoing, incoming and   
internal email systems are separated with a lot of security checks.
What is the general feeling amongst you lot?

Is it reasonable to be listed on RBL lists for following rfc's?
Have many of you had problems with Sorbs?
In order for them to remove us from their black list, they want money. Is  
this blackmailing?
Is it normal custom to blacklist without warning?

Martin Forest
Security Manager
Victoria University of Wellington

More information about the list mailing list