Post by kas on Dec 7, 2010 2:38:11 GMT -5
I depend highly on Blacklists to sort out who are known spammers or email harvesters and who are normal human beings who just want to register and partake in the conversations here.
However I have seen blacklists receive a lot of flack. The more I read people's responses on many site regarding this the more I realize why.
Let's take Sorbs for example. Sorbs stands for "SPAM and Open Relay Blocking System" but many people have ended up on the SORBS list without even sending spam due to inclusion through ranges submitted by their ISP who use the SORBS system to detect spammers without any consideration to hijacked computers via trojans and IP's becoming clean later on when the computer is cleaned. Spammers tend to not use the same IP for very long because they get banned from where they are spamming. They tend to like to used what are called "Zombie Computers" so that they don't get caught but innocent computer users take the fall. Sometimes even spam fighters get falsely caught (false positives) and usually there is a way to white list your IP or contact someone to prove you are human. It is normal that if your IP is flagged again within a certain amount of time that you won't be able to get whitelisted again but Sorbs does not offer any way to white list your IP even though they say you can delist.
Take this example of this run around of someone trying to delist as they are listed for only ONE activity while their computer was being used by a "net-noob" family member and then got redone and cleaned of any trojans / virile files.
They found it to be such a run around and then found out that they didn't send out any spam at all (they thought that they might have and assumed the family member had infected their computer even though they never found any trojan but redid the computer anyway) but that their ISP had added their whole IP range to SORBS!
Now as a spam fighter who has tried to educate people whose computers have sent spam -- or easier to prove, email accounts have sent spam -- and I can understand how people could just say they haven't sent out spam and just not realize that it doesn't mean that their computer never has. However I have seen numerous complaints by spam fighters and well educated techs complaining about Sorbs and how there is no info on what the spam was or where it came from or a non-error way to delist. Sorbs seems set up more as just a way to annoy spammers but what about real people? Even honeypots still have room for if you are a real person to leave before just tagging you as a spammer. You have to actually spam. But for Sorbs to have IP ranges listed that never spammed (just because 100 IP's out of 255 might spam, does not mean that all 255 belong to spammers) and even if your computer used to send spam but was eventually cleaned, there is no way to get off the list.
ISP's and webhosts just look at every anti-spam site as a good way to go but don't actually look closely at it. I have compared many and have my favorites for many various reasons and for different things. I also am aware of the pros and cons of each and know there is no one perfect system. However Sorbs seems to think they are perfect.
Read more here on a thread where people talk about the issues with Sorbs and even the owner of Sorbs (named Sorbs on there) posts!:
forums.whirlpool.net.au/forum-replies.cfm?t=1227139
Also it seems that sorbs has also blocked some sites that there are no problems with. au.sorbs.net went down so I checked it with:
www.websitedown.info/sorbs.net
but it says:
However when I typed in www.sorbs.net instead of au.sorbs.net in the address bar .. it worked and I could even log in!!
I had tried to see if it was down because I got an error and tried to contact Sorbs about it at the email address on the error page. However even the email bounced. Turns out they are still up but I guess their subdomain over at au no longer works... They now moved to the us subdomain it seems??
Also this site said it is down as well, showing an page not found error page:
www.domaincrawler.com/domains/view/sorbs.net
However I have seen blacklists receive a lot of flack. The more I read people's responses on many site regarding this the more I realize why.
Let's take Sorbs for example. Sorbs stands for "SPAM and Open Relay Blocking System" but many people have ended up on the SORBS list without even sending spam due to inclusion through ranges submitted by their ISP who use the SORBS system to detect spammers without any consideration to hijacked computers via trojans and IP's becoming clean later on when the computer is cleaned. Spammers tend to not use the same IP for very long because they get banned from where they are spamming. They tend to like to used what are called "Zombie Computers" so that they don't get caught but innocent computer users take the fall. Sometimes even spam fighters get falsely caught (false positives) and usually there is a way to white list your IP or contact someone to prove you are human. It is normal that if your IP is flagged again within a certain amount of time that you won't be able to get whitelisted again but Sorbs does not offer any way to white list your IP even though they say you can delist.
Take this example of this run around of someone trying to delist as they are listed for only ONE activity while their computer was being used by a "net-noob" family member and then got redone and cleaned of any trojans / virile files.
They found it to be such a run around and then found out that they didn't send out any spam at all (they thought that they might have and assumed the family member had infected their computer even though they never found any trojan but redid the computer anyway) but that their ISP had added their whole IP range to SORBS!
Now as a spam fighter who has tried to educate people whose computers have sent spam -- or easier to prove, email accounts have sent spam -- and I can understand how people could just say they haven't sent out spam and just not realize that it doesn't mean that their computer never has. However I have seen numerous complaints by spam fighters and well educated techs complaining about Sorbs and how there is no info on what the spam was or where it came from or a non-error way to delist. Sorbs seems set up more as just a way to annoy spammers but what about real people? Even honeypots still have room for if you are a real person to leave before just tagging you as a spammer. You have to actually spam. But for Sorbs to have IP ranges listed that never spammed (just because 100 IP's out of 255 might spam, does not mean that all 255 belong to spammers) and even if your computer used to send spam but was eventually cleaned, there is no way to get off the list.
ISP's and webhosts just look at every anti-spam site as a good way to go but don't actually look closely at it. I have compared many and have my favorites for many various reasons and for different things. I also am aware of the pros and cons of each and know there is no one perfect system. However Sorbs seems to think they are perfect.
Read more here on a thread where people talk about the issues with Sorbs and even the owner of Sorbs (named Sorbs on there) posts!:
forums.whirlpool.net.au/forum-replies.cfm?t=1227139
Also it seems that sorbs has also blocked some sites that there are no problems with. au.sorbs.net went down so I checked it with:
www.websitedown.info/sorbs.net
but it says:
Website is down for everyone. This site is currently unavailable. It's not just you!
12/06/2010 23:17:58
sorbs.net is down
Is sorbs.net down? Yes!
Our site checker did not receive any HTTP response status code for your query.
This site is unavailable for everybody not just you or you have misstyped the domain name!
Possibly the sorbs.net web server is down, overloaded, unreachable (some network related problem) or a website maintenance is in progress.
Also this could be a DNS (Domain Name System) lookup problem like incorrect settings and / or configuration of the DNS servers.
12/06/2010 23:17:58
sorbs.net is down
Is sorbs.net down? Yes!
Our site checker did not receive any HTTP response status code for your query.
This site is unavailable for everybody not just you or you have misstyped the domain name!
Possibly the sorbs.net web server is down, overloaded, unreachable (some network related problem) or a website maintenance is in progress.
Also this could be a DNS (Domain Name System) lookup problem like incorrect settings and / or configuration of the DNS servers.
However when I typed in www.sorbs.net instead of au.sorbs.net in the address bar .. it worked and I could even log in!!
I had tried to see if it was down because I got an error and tried to contact Sorbs about it at the email address on the error page. However even the email bounced. Turns out they are still up but I guess their subdomain over at au no longer works... They now moved to the us subdomain it seems??
Also this site said it is down as well, showing an page not found error page:
www.domaincrawler.com/domains/view/sorbs.net