Spam And Open Relay Blocking System
   HOME

TheInfoList



Click Here for Items Related To - Spam And Open Relay Blocking System
OR:
Spam And Open Relay Blocking System on:   [Wikipedia]   [Google]   [Amazon]

SORBS ("Spam and Open Relay Blocking System") is a list of e-mail servers suspected of sending or relaying spam (a DNS Blackhole List). It has been augmented with complementary lists that include various other classes of hosts, allowing for customized email rejection by its users.


History

The SORBS DNSbl project was created in November 2001. It was maintained as a private list until 6 January 2002 when the DNSbl was officially launched to the public. The list consisted of 78,000 proxy relays and rapidly grew to over 3,000,000 alleged compromised spam relays. In November 2009 SORBS was acquired by GFI Software, to enhance their mail filtering solutions. In July 2011 SORBS was re-sold to
Proofpoint, Inc. Proofpoint, Inc. is an American enterprise cybersecurity company based in Sunnyvale, California that provides software as a service and products for email security, identity threat defense, data loss prevention, electronic discovery, and email ...


DUHL

SORBS adds IP ranges that belong to dialup modem pools, dynamically allocated wireless, and DSL connections as well as DHCP LAN ranges by using
reverse DNS In computer networks, a reverse DNS lookup or reverse DNS resolution (rDNS) is the querying technique of the Domain Name System (DNS) to determine the domain name associated with an IP address – the reverse of the usual "forward" DNS lookup o ...
PTR records,
WHOIS WHOIS (pronounced as the phrase "who is") is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomou ...
records, and sometimes by submission from the ISPs themselves. This is called the DUHL or Dynamic User and Host List. SORBS does not automatically rescan DUHL listed hosts for updated rDNS so to remove an IP address from the DUHL the user or ISP has to request a delisting or rescan. If other blocks are scanned in the region of listings and the scan includes listed netspace, SORBS automatically removes the netspace marked as ''static''. Matthew Sullivan of SORBS proposed in an
Internet Draft An Internet Draft (I-D) is a document published by the Internet Engineering Task Force (IETF) containing preliminary technical specifications, results of networking-related research, or other technical information. Often, Internet Drafts are int ...
that generic reverse DNS addresses include purposing tokens such as ''static'' or ''dynamic'', abbreviations thereof, and more. That naming scheme would have allowed end users to classify IP addresses without the need to rely on third party lists, such as the SORBS DUHL. The Internet Draft has since expired. Generally it is considered more appropriate for ISPs to simply block outgoing traffic to port 25 if they wish to prevent users from sending email directly, rather than specifying it in the reverse DNS record for the IP. SORBS' dynamic IP list originally came from
Dynablock Easynet was a managed services provider and delivered integrated networks, hosting and unified communications services to organisations globally. The company was later renamed Easynet Global Services, and a sister company, Easynet Connect, was fo ...
but has been developed independently since Dynablock stopped updating in December 2003.


Spam traps

IP addresses that send
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...
to SORBS
spamtrap A spamtrap is a honeypot (computing), honeypot used to collect spam (electronic), spam. Spamtraps are usually e-mail addresses that are created not for communication, but rather to lure spam. In order to prevent legitimate email from being invited ...
s are added to their spam database automatically or manually. In order to prevent being blacklisted, major free email services such as
Gmail Gmail is a free email service provided by Google. As of 2019, it had 1.5 billion active users worldwide. A user typically accesses Gmail in a web browser or the official mobile app. Google also supports the use of email clients via the POP an ...
,
Yahoo Yahoo! (, styled yahoo''!'' in its logo) is an American web services provider. It is headquartered in Sunnyvale, California and operated by the namesake company Yahoo! Inc. (2017–present), Yahoo Inc., which is 90% owned by investment funds ma ...
, and
Hotmail Outlook.com is a webmail service that is part of the Microsoft 365 product family. It offers mail, Calendaring software, calendaring, Address book, contacts, and Task management, tasks services. Founded in 1996 by Sabeer Bhatia and Jack Smit ...
, as well as major
ISPs An Internet service provider (ISP) is an organization that provides services for accessing, using, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, non-profit, or otherwise private ...
now implement outgoing anti-spam countermeasures. Gmail, for example, continues to get listed and delisted because they refuse abuse reports. However, smaller networks may still be unwittingly blocked. Because spammers use viruses,
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
, and
rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...
s to force compromised computers to send spam, SORBS lists the IP addresses of servers that the infected system uses to send its spam. Because of this, larger ISPs and corporate networks have started blocking port 25 in order to prevent these compromised computers from being able to send email except through designated email servers.


Preemptive listings

SORBS Sorbs ( hsb, Serbja, dsb, Serby, german: Sorben; also known as Lusatians, Lusatian Serbs and Wends) are a indigenous West Slavic ethnic group predominantly inhabiting the parts of Lusatia located in the German states of Saxony and Brandenbu ...
maintains a list of networks and addresses that it believes are assigned dynamically to end users/machines, it refers to this list as the DUHL (Dynamic User/Host List). The list includes wide networks of computers sharing the same IP address using network address translation which are also affected (If one computer behind the NAT is allowed to send spam, the whole network will be blacklisted if the NAT IP is ever blacklisted.) This is a common method of pre-emptive blocking as most legitimate mail servers are hosted in data centers designed and provisioned for such services, the legitimate mail servers that are affected by such listings are most commonly home hobbyists running their own mail servers. The
Spamhaus The Spamhaus Project is an international organisation based in the Principality of Andorra, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name ''spamhaus'', a pseudo-German expression, was coined by Linf ...
Policy Block List (PBL) is another such pre-emptive list which does not just list dynamic hosts, but also blocks hosts it believes should not be sending email directly to third-party servers.
SORBS Sorbs ( hsb, Serbja, dsb, Serby, german: Sorben; also known as Lusatians, Lusatian Serbs and Wends) are a indigenous West Slavic ethnic group predominantly inhabiting the parts of Lusatia located in the German states of Saxony and Brandenbu ...
also operate another list which is similar to the Spamhaus PBL called the NoServers list, which is wholly maintained by the network administrators of the respective networks and is therefore theoretically False Positive free.


Escalated listings

SORBS has been accused of deliberately targeting innocent users through escalated listings. Its website describes the process as follows: "An escalated listing on the other hand is where a whole network of IP addresses is listed in SORBS and all hosts and IPs (whether assigned to a single customer or multiple) are listed and therefore blocked or result in spam folder issues. Why does SORBS create escalated listings? The simple answer is to stop spam. You ask, 'How does listing innocent IPs help stop spam?' Simple, some providers don’t care about spam."talkback.sorbs.net
talkback.sorbs.net (21 June 2010). Retrieved on 28 November 2011. There have been many heated discussions on this practice as often it would appear that email users who are caught in this trap have no recourse, because the listing applies to a block of IP addresses, and they are unable to release their own IP address.


False positives

Due to the automation of SORBS listings it is possible for the addresses of legitimate mail servers to be listed from time to time. Therefore, users of the SORBS Spam list in particular should consider carefully any such implications and may wish to use the service as part of a larger spam blocking system. The SORBS 'No Servers' list is reported to be wholly administered by the network administrators of the networks concerned therefore it should be false positive free.


Statistics

SORBS produces and publishes daily statistics about its list to the otherwise defunct
usenet Usenet () is a worldwide distributed discussion system available on computers. It was developed from the general-purpose Unix-to-Unix Copy (UUCP) dial-up network architecture. Tom Truscott and Jim Ellis conceived the idea in 1979, and it was ...
newsgroup news.admin.net-abuse.bulletins (NANAB). As of 7 April 2021 statistics published show the following listing totals: 
Unique IPs in Proxy entries:             613259
Unique IPs in Relay entries:             7824
Unique IPs in Spam entries:              48515896
Unique IPs in Hacked entries:            7337019
Unique IPs in DUHL entries:              381194921
Unique IPs in exDUHL entries:            1072776
Unique IPs in Cable entries:             3877257
Unique IPs in Zombie entries:            1772805
Unique IPs in AdminRequested entries:    1
Unique IPs in UnAllocated entries:       139101
Unique IPs in CoLo entries:              136259
Unique IPs in MailServer entries:        31
Unique IPs in Spammer entries:           1
Unique IPs in Escalated entries:         2305
Unique IPs in Phishing entries:          110995
Unique IPs in Virus entries:             5630114
Unique IPs in BackScatter entries:       36
Unique IPs in Business entries:          5693190
Unique IPs in Static entries:            8906441
Unique IPs in WhiteHat entries:          1
Unique IPs in NoServers entries:         46844194
Unique IPs in CoreNetwork entries:       42588
Unique IPs in InstantReport entries:     31
Unique IPs in EmailReport entries:       1
Unique IPs in Permission entries:        81
Unique IPs in Botnet entries:            379527
Total IPs listed in the database         512276654


See also

*
Comparison of DNS blacklists __NOTOC__ The following table lists technical information for assumed reputable DNS blacklists used for blocking spam. Notes "Collateral listings"—Deliberately listing non-offending IP addresses, in order to coerce ISPs to take action agains ...


References


External links

*
Open Relay Online Tester
{{spamming Email Spamming