Recent Posts

The future never gets old.

Latest Topics

Where our attentions lie today.

Recent Authors

Eager beavers.

Archives

The past, in blog form.

Why You Should NOT Use the SORBS Blacklist

posted by Nick Bonadies
Nick Bonadies
Nick Bonadies

Senior Systems Administrator : Boston

topics: Software, Games, Alcoholic Beverages, Barbarian, and Rock and Roll

on December 07, 2010 at 09:56 AM
filed under: Developers and Internet Culture
http://tbg.cm/gSfur7
SORBS has, for the second time in this year, blacklisted much of the internet, TBG included. It has affected people all over, here’s one: http://blog.proofpoint.com/2010/11/sorbs-duhl-dns-block-list-causing-widspread-email-deliverability-issues-once-again.html
Not only that but the support staff has been completely unresponsive to support requests, probably because everyone is bothering them, but still. So far, this has been my experience:
I went to their site and signed up for an account. You need an account to submit support requests, which is fine, I get that. So I waited and waited for the email to confirm my account. Never came. So I tried to sign into the site, it told me, “You haven’t confirmed your email address! Resend confirmation?” I thought, yeah must have been a mess up in the site, send again. Waited… Nothing.
Ok I thought, I’ll check our SMTP filter and see if our mail filter was blocking it as spam. And guess what! It was! Apparently email sent from SORBS fails a BATV test, from Wikipedia: In computing, Bounce Address Tag Validation (BATV) is a method, defined in an Internet Draft, for determining whether the bounce address specified in an E-mail message is valid. It is designed to reject backscatter, that is, bounce messages to forged return addresses. (source 12/1/2010: http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation)
Currently a draft, many modern mail servers support BATV, but apparently not SORBS. So I add a skip rule for SORBS.
So now I had an email confirmation, oh hey, the date on their mailserver is set to 1970, so not only is it incompatible with modern spam fighting technology, it is incorrectly configured. For all their posturing about configuring DNS (http://www.sorbs.net/faq/dns_primer.shtml) you’d think they’d configure their software correctly.
So now I try to confirm my account, and login, oh but hey, that fails too. The software that runs the site has a bug in it that doesn’t properly validate my country. Great. Logout, log back in, ok finally I’m in.
So now I’ll go and see about de-listing our IP. Nope, TTL isn’t high enough. Fine, I’ll raise our TTL, ok TTL passes on the MX record, but fails on the machine record, ok I’ll go raise the TTL of the machine record. Try the form again and…. hey wait a minute! It fails at checking the TTL of the MX record! That is a whole step earlier than before. How did that happen? Oh it happened because it caches the TTL and then counts down from that time. So now I have to wait twelve hours to try the form again.
Awesome. Great. Not to mention in this time we’re unable to email some of our clients.
I wonder if we have a legal case against SORBS for lost business?
Update: So the number in the comments works, but please don’t call it. I worry that will only make the the situation worse. Seems like that one guy is the only guy working on all their problems. But again, this probably proves my point that the internet is better if it doesn’t rely on SOBRS.

10 comments

On December 01, 2010 at 05:02 PM, Chris Smith wrote:
In the same boat with you.. the exact same boat. Here's to hoping my ISP can convince SORBS to relist the /13 subnet as static. I'm not holding my breath.
Don't forget that they require the TTLs on our MX and mailserver A records to be TWELVE HOURS, which interferes with our ability to maintain uptime on if one of our links goes down in the office where we host our mail server.

In short: SORBS is bad for businesses and bad for the Internet.
SORBS is a useless "service" whos time expired a long time ago. Real Time blacklists like SURBL are far far far more useful. Their answers, especially the smart ass "we're better than everyone, we're right and you're wrong" comments on the wikipedia talk page say it all.

These are the same thugs that quickly reverted a criticism I posted a while back and flagged my wiki talk page for vandalism as retaliation.

NO mail server should be using SORBS anymore. It really is bad for the internet.
We are having similar issues, except I already had an account with SORBS from the last time they screwed up. They are blocking long-standing servers with dedicated IPs in a major data center, with proper reverse DNS, claiming they are "Dialup/Dynamic IPs" -- ridiculous.

After opening a ticket with them, I received an auto-reply that there were "3,657 tickets" ahead of mine!

Somehow we need to get the word out to mail server administrators that SORBS cannot be trusted to be a part of their RBLs any longer.

- Scott
thanks for these comments, we are experiencing the EXACT same things with them. Keep em coming.
On December 01, 2010 at 08:32 PM, M.-A. L wrote:
Same boat. I'm approx ~3500 in the ticket list. Part of the 67.210.171.0/18 IP block in the DUHL. Their exclusion tool won't even recognise that I've increased my TTL from what it was before to 12 hours either.

Fun fast, SORBS is now owned by GFI Software. I've contacted their support and they claim that SORBS is another business units but if enough people call up angry, there might be some influence.
On December 02, 2010 at 05:00 PM, Anthony Concepcion wrote:
We spoke with someone for 20 minutes who has access to their ticketing system. They are in Austrailia. This is SORBS, not GFI.

+61.280046200

Give them a piece. They have an entire class B blocked that includes one of our supernets.
On December 03, 2010 at 07:17 PM, LoveMyBarracuda wrote:
Same boat, however we are not getting affected by this crapper as much. So far I had opened a ticket with useless-sorbs. Just as hectic to log in as everyone else has already commented. However I also ran into an SSL cert issue to top things off. All in all it took about 30 - 40 minutes from the point I attempted creating account to the point until I was actually been able to login. Oh yeah, tag on about hour and a half to the 40 minutes as their site was down and I couldn't access it. It`s like adding insult to injury! My ISP stated that their entire Class B is blocked. I e-mailed my account executive`s manager and requested that they contact somebody at the top of the food chain in GFI to raise the stink.
I'm sorry, this thing about GFI not having anything to do with it, is just Bogus!!!! GFI owns this company, therefore the own this problem. Oh, here is the kick in the @ss. I was putting together a proposal to approve puchasing a couple of products from GFI. I just finished writing it up and was about to send it over to the execitives for approval and then thins happened... So, if you think about it, now this DUAHHHH thingy actually cost GFI losing a customer. I will find anotehr place to spend me money.
Good luck to everyone here, but please come back here and leave a comment. Hopefully Sorbs will stop takiong stupid pills one day. This is not the first time it happened this year alone. Somethinh should definetely be done about it.
Any ideas ?
On December 04, 2010 at 11:10 PM, LoveMyBarracuda wrote:
Well, finally we are off the damn Black List. Considering that this was not the first time that Sorbes F-ed Up and taking in mind that GFI did nothing about it.... I'm done with GFI. That nice chunk of change that GFI would have made... well let`s just say that I will spend my money with the vendors that have some sort of accountability for their actions....
Well the number 61.280046200 is correct - the feller who answered says "yes we know we have problems the site is under DOS attack but this is the wrong time to call me as I am off to the airport". When asked about the effects on my customers he hung up - now that is what I call customer service

Paul