in message
When I send email the recipient gets the following message.
:
Permanent Failure:
550-5.2.1_Mailbox_unavailable._Your_IP_address_204.127.198.37_is_blacklisted_using_SORBS-ALL._Details:_Exploitable_Server_See:_
http://www.sorbs.net/lookup.shtml?204.127.198.37.
Delivery last attempted at Wed, 27 Feb 2008 00:08:32 -0000
I also cannot re-install Outlook or update??? Comcast is my isp
If you are blacklisted, the recipient does NOT get your e-mail. The
recipient did not get the above e-mail notification. It is YOU that
gets this NDR (non-delivery report). Go to the SORBS web site and
check on why they added you to their blacklist (
www.sorbs.net) -
assuming that SORBS is not yet again under some more maintainence that
renders their web site unusable. Enter your IP address. If you are
using a NAT router, enter the WAN-side IP address of your router.
Anyone using SORBS other than as a personal client-side filter and
only in a scoring system needs to have their head examined. SORBS
embraced and defended the philosophies of SPEWS (and its UCE-PROTECT
replacement when SPEWS died). SPEWS was not intended to identify
specific spam sources but instead rate the spamminess of a domain
based on a prolonged history and should only be used in a scoring
system (and also given low weighting for being listed in SPEWS).
SORBS is slow[er] to update their blacklist. There have been 3-month
old records which are severely out of date, have had no incidents in
that time to qualify why the record still exists, and where they have
to manually perform a purge task to do the cleanup because their
algorithms are flawed. SpamCop only keeps their records for up to 24
hours after the last complaint against the same previously reported
spam source; i.e., SpamCop is a perky or dynamic blacklist whereas
SORBS is a sloth. If it is a user employing some client-side
anti-spam filtering then tell them to use better blacklists, like
Spamhaus and SpamCop. If it is the recipient's e-mail service,
they're idiots and you cannot get around them remaining idiots
(unless, as mentioned, they include it under some weighting in a
scoring scheme but which usually means there are other headers added
to show that they used scoring). SORBS is not a good blacklist when
not using in a weighted scoring system (where different blacklists are
given different weights depending on reputation and accuracy and then
added as a partial value to an overall score against an e-mail but
which also includes other spam detection mechanisms in that score).
Dynamic IP addresses change, even for always-on broadband connections.
You *lease* a dynamic IP address. Few end users get static IP
addresses (and they pay for them). When the lease for your current IP
address expires, you are allocated another one. Although the lease
expires, you keep it until you close your network session, like when
you shutdown your OS (shutdown, restart, reboot, power down & power
up). So although your lease expired, you can continue using that IP
address. If you terminate your network session, you are *eligible* to
get a new IP address. For dial-up users, they usually get a new IP
address. For always-on users, they often get reassigned the same IP
address - but not always! That means if you get assigned a new IP
address that you might end up getting one that was abused (spam,
excessive e-mail volume, etc.) by the previous owner of that IP
address. So you get blacklisted when you get the new IP address
because the prior owner of that IP address was already blacklisted.
SORBS is slow to update their records. That is why getting
blacklisted with them after your IP changes occurs more often with
them than with more dynamic blacklists. If you send them a nicely
worded message and request to be removed then they might respond in a
day or two to follow up and get more information. If they see further
abuse on that same IP address after they were kind enough to remove
you, expect retaliation in them listing you for a lot longer than they
would have otherwise. They have delisting instructions on their web
site. When my cable broadband IP address changed to one that had been
abused and previously recorded at SORBS (3 months prior and no further
incidents since then), it was about 3 days overall to get me delisted.
You might also want to educate the recipient that they shouldn't use
SORBS unless their anti-spam program weights that blacklist and
includes the weighted value as a partial score in a scoring system.
They aren't good for detecting specific spam but more for how spammy
an e-mail is *likely* to be from that source based on a longer history
than is used by other blacklists. If it is their e-mail provider,
forget it as they really don't care in using an accurate spam filter.
Different blacklists have different criteria, different detection
mechanisms, and different goals in what they are trying to identify.
http://www.dnsbl.com/2007/07/sorbs-on-accuracy-rates-and-false.html
In my personal experience, and when using Spamhaus, SpamCop, and
SORBS, Spamhaus was more accurate at identifying spam, SpamCop was
only occasionally employed since the spam source identified by SpamCop
was already identified in Spamhaus, and SORBS never identified spam
not already identified by either Spamhaus or SpamCop but SORBS did
generate far more false positives.
Use Spamhaus and SpamCop. With Spamhaus, do not use their zen
blacklist unless you are sure that senders and recipients within the
same domain don't end up showing only internal hosts to deliver the
e-mail without any intervening mail host. Some ISPs will route
e-mails internally and the IP address shown in the Received header
will be for the sender's own host - and that will most likely be a
dynamic IP address. The zen blacklist was seeded using the old NJABL
DUL (dynamic user list) is covers the dynamic IP addresses of end user
hosts. So using zen can mean that you tag e-mails as spam because
they came from a dynamically IP addressed host but that was because no
mail host was involved and instead the message was relayed internally
between sender and recipient in the same domain. Instead I just use
their sbl+xbl blacklist so e-mails from other senders at my ISP don't
necessarily get tagged as spam because they have a dynamic IP address.
Of note is that SpamCop not only uses its own traps to detect spam but
is also a community driven scheme where users can vote on whether an
e-mail is spam or not by submitting abuse reports to SpamCop. This is
an attempt to capture extremely fresh spam that other blacklists
relying on traps won't find until an hour or so later. There are
flaws in any voting scheme. Users that want to report spam are not
always the best reporters. They lack the expertise to correctly
identify spam (versus what they simply don't want to receive) and
often cannot even understand the Received headers or identify when a
spammer inserted a bogus one or at what point where trust cannot be
maintain when tracing back through those headers. Hell, most don't
even enable the option to show the details when they submit a report
before they will click on the Submit report to complete that
submission. Other than for spam caught in their own traps, SpamCop
makes no determination of whether or not an e-mail spam when reported
by a user. It is the report's responsibility to decide if the e-mail
is spam or not. This can lead to knee-jerk and irresponsible
reporting. So SpamCop should be considered an *aggressive* blacklist
because some of its records are user reports and users can be
[deliberately] inaccurate; however, SpamCop does age their records
pretty darn fast (24 hours from the last tickle of a record) so the
impact from bad reporters is minimized, plus user reports get a much
lower weighting than does spam caught by traps. I can only relay my
personal history and note that Spamhaus works very well, if SpamCop
reports a spam match then it is very likely already identified by
Spamhaus, but there are extremely fresh spam that SpamCop might
identify for which Spamhaus has not yet had the time to detect (the
spam hasn't reached its honeypots yet). I can't ever remember getting
a false positive from SpamCop but then my e-mail volume is low for an
end user and nowhere near the high volume of an nation- or worldwide
e-mail service.
Don't bother using SORBS. Way too many false positives. Too slow to
update. Records that get stuck for months that take manual purging to
eliminate. But they were responsive when I complained to get me
removed.
