[Dshield] DOS by Sorbs?

Chris Brenton cbrenton at chrisbrenton.org
Fri Dec 23 12:02:12 GMT 2005

On Thu, 2005-12-22 at 22:08 -0500, David Cary Hart wrote:
> EVERY reject gets a bounce message referring them back to the RBL.  And, yes,
> there are false positives. However, an RBL that has excessive FPs simply won't
> be used.

I hate to say it, but this comment really bugs me. It implies that there
there is some level of acceptable false positives. It translates to
"sure we're blocking some amount of legitimate mail, but that's an
acceptable losses for the purpose of the greater good". Excuse me but
when did this site agree to fall on their sword? 

> It's unreasonable to expect to be warned when an IP is added. Who
> should SORBS advise (and how should they do it) at
> "host-69-95-5-4.syr.choiceone.net?"

So let me get this straight, its "reasonable" to screw with this sites
ability to transmit SMTP even though there is no evidence of them
transmitted SPAM, but its "unreasonable" to expect an RBL to check their
facts before doing so or give the target a courtesy of a heads up??? 

Would the above be a pain to track down? Probably, but better the RBL do
the work than a site that has done nothing wrong.

> FWIW, Matthew Sullivan is a very decent guy. If you have a legitimate gripe,
> he'll fix it.

So the burden of proof is on the site being targeted??? This sounds a
bit backwards to me. Perhaps if this level of burden was placed on
getting listed in the first place, there would be fewer issues. 

>  However, if you want your email to be broadly accepted you'll
> need to establish that you have a static IP with unique rDNS.

Again with the burden being placed on the site being DoSed. Geesh. You
do realize that many ISP's *will not* do this or if they do charge an
additional monthly fee? 

Personally, I find the lack of rDNS to be a feature. I like having my
rDNS resolve to my upstream because it makes finding the extent of my
address space that much harder. If I have my upstream delegate my
address space to me, a purp can send a single Internic query and find
the full range of my address space. If it all looks like part of my
upstream's network, its a hit or miss process except for the hosts I
choose to list as A records.


More information about the list mailing list