Posted by: Anthony Drewery | December 13, 2005

Real-time Black Lists

It’s official, I hate RBLs. For sometime I’ve tolerated and indeed used well run and respected lists like SURBL but then SURBL works differently to the rest. SURBL does not block listed hosts but rather allows you to block messages based on the URIs that they contain. It works well in conjunction with our MailSweeper servers.

The main problem with these types of service is that no one governs them. I could set one up tomorrow and list whoever I liked. Of course, you’d have to chose to use my list with your systems.

Most of these services make it fairly painless to be removed so although inconvenient it’s not the end of the world if you are listed in error, and indeed if you are an open relay then it can be a justified kick up the backside. However, there are some real cowboys out there.

Today we’ve found one of our gateways listed with such a cowboy http://www.us.sorbs.net/. I’ve scanned the box for Trojans and viruses with 2 different products and have thrown every relay test I know against it. Nada. So how did it get listed? SORBS claim that our box sent an email (not a spam, just a regular email) to one of its honey trap addresses. That’s just plain crazy. It could have been an NDR or virus notification in response to a message that spoofed the SORBS address. To make things worse SORBS want a fine to have our box de-listed. This fine is in the form of a donation which I guess gets them round any extortion charges. What a joke.

I’m even more shocked to find a company like Vodafone uses this list as part of their anti-spam measures. Their admins should be shot.

That’s my rant over for now. I need to get back to getting de-listed.


Responses

  1. Do you remember our earlier conversations where I said I despised RBL’s, period, now? This is very much part of the reason why. I’ll have a few more comments later today or tomorrow after I’ve looked in to some other aspects of this.

    Gary


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: