Mark Foster wrote:
I'd encourage ISPs security guys to proactively attempt to contact SORBS and establish a dialogue that isnt necessarily tied to a 'we're blocked and not happy!' message. Its less antagonising for a start.
This is the best advice in the thread. Arrogant SORBS answers are mainly in response to four reasons: demands for anything, bad attitudes, mentioning legal action of any type, and misunderstandings of the English language. Of course there are exceptions and I am always open to complaints about attitude, they can be addressed directly to me. As for the latter issue, the volunteers come from many countries of the world and their understanding of the English language occasionally results in a response which others feel offends (eg. most Europeans will be blunt and to the point - this offends most Aussies)
The listings are set up in the DNS with a 48hr TTL and the zone is not refreshed unless another offense occurrs. (So if you're clean for 48 hours the entry gets purged.)
Actually this is not right. Listings are created on the reception of spam, they have a 48 hour DNS TTL in most cases. Spam database entries are not automatically delisted for a very long time unless the responsible party for the address contacts SORBS and requests a delisting. SORBS is a volunteer organisation with no contracts to support persons listed so whilst we aim to answer people within 48 hours (and currently the spam DB entries are getting answered within 6 hours) it can take a long time to answer - in the past it has taken as long as 6 weeks (particularly with respect to the DUHL), and it has been as short at 7 minutes. - if anyone wants a support contract of course they can contact us and pay for one, that will guarantee answers and support within what ever SLA is agreed upon.
If Paradise are listed it means one of their clients sent something which got listed in SORBS, and theres a complaint in the system younger than 48hours. In theory. They wont 'unlist' you by request.
If OTOH you happen to get assigned a netblock that was in their Dynamic IP list and start using it for systems that handle mail, thats another story...
...and there are 2 ways to get delisted from the DUHL: 1/ take our advice on PTR setup, which is described in a document that I will be submitting as an RFC as soon as I get around to finishing the last changes ( here if interested: http://www.au.sorbs.net/~matthew/dns-naming-rfc-draft.txt ) - of course this doesn't mean you have to follow it, but it will help you and the rest of the world in determining whether to accept your email (and other) traffic or not. 2/ Have the person who is the RIR PoC contact SORBS with a list of dynamic and static allocations. There will be a conversation by email so if you are not the holder of the email address in the PoC you will not be able to delist. Any organisation coming to SORBS and indicating that a particular netblock is not dynamic and not giving any other information will be viewed initially with suspicion - this is particularly the case when the PoC is a main stream ISP and makes statements like 'we don't have any dynamic allocations'. Further, to the above, we do checkup and any deliberate misinformation will result in SORBS taking a 'best guess' as to the nature of the netblock(s) (as British Telecom found out before Christmas). Check ups include monitoring addresses for connected machines and the OSs and services they run. Obtaining local accounts from said ISP. Monitoring virus and email emanations from each address over period such as a month (statics have the same virus and mail from the same hosts, dynamics tend to wander through most of the netblock)...etc...
I do agree that Companies and others for whom email delivery is important, should not be using systems such as SORBS. I personally run their Dynamic IP Blacklist but nothing else.... frankly someone on a Dynamic IP should be relaying through their ISP and not direct to me.
There are a lot of large organisations using the SORBS DUHL as it is the most researched on data.
I do provide a webform on my site that can be used for people to contact me should there be an accidental blacklisting, of course. And if I start seeing collateral damage, i'll stop using SORBS. So far however it hasnt been an issue, _for me personally_.
..yet more very good advice - and it doesn't just apply to SORBS listings - it applies to all RBL services (including Spamhaus).. At my $dayjob this is one of the first things I put up. Regards, Matthew @ SORBS PS: Delisting requests directly to me and not via the SORBS Support system will generally be ignored - that is not arrogance, that is pure a need to ensure everything is documented in the correct place.