I’ve been told not to use SORBS as it is not a legitimate list.

Jun 17 2010

It has come to SORBS’ attention that some providers of mail services are sending out messages similar to MessageLab’s message:

Thank you for contacting SHS Global Client Support regarding blocks
   on our email infrastructure.
There are many organisations/authorities around the world that offer
    a means of blocking email based on list entries that their users
    can subscribe to.  Whilst many are entirely legitimate and
    beneficial, some authorities have aggressive listing policies or
    lists that are almost impossible to be removed from.  As a result,
    SHS do not recognise these authorities as legitimate.
Some of the block list providers will charge listed parties to
    become removed from the list.  Once the fee has been paid and the
    IP delisted, the owner of the IP may find that they have become
    listed again a very short time later.  Lists like this aren’t
    providing a beneficial service and their use can cause mails not to
    be delivered even if the mails/sender are legitimate.
Other block list providers that we do not recognise as legitimate
    may look at the way email is handled.  Some block lists will spot
    the way our service relays mail from client to recipient and from
    sender to client.  Our relay-based service means that our
    infrastructure can become blocked causing unnecessary mail
In instances where SHS have become blocked by what we consider to be
    “unhelpful” block list providers, we are unable to request de-
    listing of our IP addresses.  In these instances, we ask the client
    in question if they would kindly notify the intended recipient that
    they are using a block list that causes large amounts of false
    positives and that email from yourselves has been stopped.  The
    intended recipient should be discouraged from using such lists in
    favour of more legitimate lists available on the internet.
We are currently aware of some block list providers that can cause
    problems with SHS email routing and that we are unable to resolve
    by becoming de-listed.  These lists are known as:
 -          SORBS (www.sorbs.net)
 -          BACKSCATTERER (www.backscatterer.org)
 -          SPEWS (APEWS)
 SORBS will list very aggressively and often without consideration to
    the services we are offering our clients.  To become removed from
    the SORBS list, they charge a fee which will often be only a
    temporary de-listing before we get placed back on the list.  We
    have tried to work with SORBS but they are less than happy to co-
    operate with us despite our efforts against the constant threat of
    email borne malware and spam.  As a result we do not recognise them
    as a legitimate list provider and request any clients experiencing
    issues contact their intended recipients to advise of the problems
    caused by using the list.
BACKSCATTERER is a list that almost always contains SHS IP
    addresses.  As stated on the backscatterer.org website, their list
    is not one that contains spam preventing listings but instead
    sender callout abusers or users that send backscatter.  They advise
    on the site that many big email providers/ISP’s will send NDR
    (bounce messages) because the systems they use incorporate
    relaying.  Backscatter, is the process of sending NDRs to non-local
    users. Because of the way the SHS system operates, we have the need
    to deliver NDRs outside of our own network, or our clients would
    never be aware of messages that we were unable to deliver.  This
    puts us at odds with backscatterer.org.  If you are having an issue
    delivering to a third party who is using backscatterer as a spam
    list, the third party should be educated and instructed to further
    investigate the http://www.backscatterer.org/
    website to familiarize themselve
    s with the concept of the list. Backscatter's policy is that they
    maintain their own list for specific purposes and as such will not
    delist anyone, unless a fee is paid. Notably, they also recommend
    that their list is not used as a basis for rejecting mail.
SPEWS (APEWS) is a list that is no longer maintained.  It was once
    responsible for blocking large areas of “netspace” and only dealing
    with ISP’s.  Because the list is no longer in service, there may be
    DNS records that refer to an old database.  For this reason this
    list should not be used and de-listing is not a possibility.
There are also likely to be other organisations that operate in
    similar ways.  At present we have not discovered these lists but
    this response could stand for lists not named above.
Due to the reasons above, we are unable to become de-listed and as
    such unable to affect the course of any email destined to
    recipients using these lists.  Whilst we applaud third parties
    willingness to prevent spam and utilise such lists, there are many
    other more legitimate lists that can be utilised.  SHS work closely
    with those offering legitimate lists to ensure our infrastructure
    isn’t impacted should somebody abuse/compromise our system or one
    of our clients systems.
Please feel free to respond with any questions or comments regarding
    the above.  Alternatively if you wish to check the status of an
    IP/block list, please do not hesitate to contact us.
Once again, please accept our sincerest apologies for not being able
    to offer more assistance on this matter.
Kind Regards
*** *******
Support Centre Analyst
Symantec Hosted Services
   24x7 Global Client Support Centre:
US/Canada: +1 (866) 807 ****
EMEA: +44 (0) 870 850 ****
Australia: 1 (800) ******
Hong Kong: 1 (800) ******
Asia Pacific: +852 6902 ****

One should note the immediate and glaring accuracy issue SPEWS isn’t, never was and never will be associated with APEWS (or ASPEWS – another replacement for SPEWS).

Now on to the message, the email is quite patently designed to mis-lead users of SORBS into believing that MessageLabs are the good guys and SORBS are the scum of the earth. The reality of the fact is that MessageLabs have refused to officially enter into negotiations with SORBS on any level on multiple occasions. They log support requests to ‘get delisted’ and sometimes are refused based on recent examples of spam or the sheer volume requiring a donation to a charity because of the spam volume, MessageLabs rarely (if ever) reply to our messages to continue negotiation. The SORBS support system is there to provide a recorded two way communication path, some, such as MessageLabs use it as a write only path. They write their messages and ignore any replies.

SORBS lists spamming IP addresses (sources of spam) that may be used for blocking of spam into the mail system that is utilising SORBS as a blocklist. MessageLabs have never paid for delisting from SORBS despite multiple removals from the SORBS spam database (please do read the article about the fine, SORBS only places the fine on sources of spam that keep spamming, and only for those sources that spam SORBS directly.) SORBS consists of multiple databases and does not charge for delisting from majority of the databases.

MessageLabs keep getting relisted in the SORBS database because they are contracted by their customers to deliver all messages they send. This appears to be the basis of their ‘right’ to send spam. SORBS disagrees, spam is spam, and if you as a provider do not implement effective outgoing spam filtering, you will be restricted on delivery options at some time.

SORBS is considered to be an aggressive blocklist but considering that SORBS receives more than 30 billion lookups per day by tens of thousands of users it is patently obvious that SORBS is a legitimate list regardless of MessageLabs (or any other company’s) claims.

The facts are simple, if you deliver spam to our servers you will be listed sooner or later. If you do not deliver spam to our servers you should never be listed. MessageLabs despite their claims to the contrary deliver spams to our servers on a regular and ongoing basis, and as such they are listed in our database of deliverers of spam (the SORBS Spam DB.)

UPDATE [24/Aug/2010]: SORBS has spoken to MessageLabs and the message being sent is now being changed, and we are discussing issues.  This page is being left as an example only as we see other messages similar to this from time to time from other providers.  Kudos to the admin @ MessageLabs that enacted the change and a discussion.

Comments Off

Comments are closed at this time.