Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


Return to article

Blacklists Aren't for Everyone
A Web Exclusive from Windows IT Pro
March 08, 2006
Mark Joseph Edwards
In Focus
InstantDoc #49630
Windows IT Pro
 

Last week, I wrote about blacklist services (the article is at the URL below), and I received some responses that I'll share with you this week.

http://www.windowsitpro.com/Article/ArticleID/49553

One reader wrote to say that, lately, Spam and Open Relay Blocking System (SORBS) "is blocking almost all email from Yahoo, Hotmail, and some other large ISPs." He has quit using SORBS because it caused problems for a few clients.

Another reader also wrote about his problem with SORBS. He said that "one of our main mail servers received a piece of spam with a forged From address that went to one of [SORBS's] honeypots. We received an email to a nonexistent [email address] and sent a nondelivery response to the forged address at the honeypot. The result of a single email sent last November was that any [host on the Internet] using SORBS regarded our email server as a spam sender. The email had originated in Brazil and our email server was just the last link in the chain." He then described his ordeal in trying to get his server removed from SORBS's database.

At the SORBS site (URL below), you'll read that "affected IPs [of the mail server which sent spam] will only be delisted when US$50 is donated to a SORBS nominated charity or good cause. The charities and good causes SORBS approves will not have any connection with any member of the SORBS administrators, either past or present." I have no problem with donating to charity, but trying to force that on people is unprofessional and unreasonable. The reader found an alternative way to have his IP address removed from the SORBS database, but SORBS doesn't make the alternative clear on its Web site.

http://www.au.sorbs.net/overview.shtml

In my tests, the SORBS blacklist service was only marginally better than the service provided by dnsbl.net.au (DNS server: t1.dnsbl.net.au), so I might not continue using SORBS in light of what the two readers have revealed.

A third reader wrote to "strongly disagree with your recommendation to use blacklists, even though they are effective. My opinion is based on the fact that it is very easy to get blacklisted even without reason and very difficult to get out of the blacklist. This can cause long delays with email delivery and sometimes businesses depend on it--even though they shouldn't. I also don't like the attitude of some of the service providers for blacklisting, it is very frustrating to contact them."

What I recommend is that you do what works for your particular networks. If you find that blacklists work and aren't much of a management problem, then use them--they can be very effective. On the other hand, if you experience trouble with an entity such as SORBS, it might be best to drop that service in favor of another.

Some readers also offered comments about filtering particular languages. I think that some readers took offense to such filtering. I truly meant no offense. My point is simply that if no one in your organization reads a particular language, then any inbound mail in that language can be dropped. For example, approximately 48 percent of the email received by the mail servers I tested appears to be written in Asian languages--in particular, Japanese, Korean, and Taiwanese. None of the people that those mail servers support read any Asian languages, so we set the filters to drop all Asian language mail. As a result, processing overhead is reduced.







Reader Comments

Our company recently had a similar problem with MAPS (now TrendMicro) and their RBL blacklist. The problems with getting de-listed were: 1. we couldn't send them an e-mail because they use their blacklist. 2. Our ISP couldn't send them an e-mail, for the same reason. 3. Their (MAPS)hotline is only manned from 9am-6pm PST and we operate out of Germany (9am PST = 6pm for us). After three days of escalation between our company, our ISP and TrendMicro, they finally took us off their blacklist. We still haven't received a complete valid reason for the listing, after 4 weeks, or how we can stay off their list. They have admitted, in a roundabout way, that they made a mistake with our IP-address. In any case, the experience was very frustrating. On the good side, MAPS plans on initiating a 24x7 hotline. When? However, the fact that only the Initiator can delist is very weak. Last but not least, I think the companies which "provide" blacklists are starting to wake up to the fact that their blacklists are used on a global basis and therefore they have to start thinking globally, meaning various languages and time zones.

steven.mrus@ops.de -March 13, 2006

DNS black list issues can be monitored by using BL-Monitor, a free and useful tool from CMS - http://www.cmsconnect.com/blm/blmonitor.htm Primarily used to measure the blacklists' effectiveness and responsiveness, this tool can also monitor if your own mail server has been blacklisted, up to 6 times daily. Other useful features include watching for odd blacklist behavior, including the catastrophic blacklisting of the entire Internet, something has happened a few times over the past 5 years.

LTWong -March 13, 2006

ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Collaborate with Confidence
Accelerate deployment and simplify Microsoft SharePoint management with EMC solutions and services.

Calculate your savings now
See how SAN is 57% cheaper than DAS over three years

Announcing Symantec Backup Exec 2010
With integrated deduplication and unified archiving technology.
Feb 25 - Are your IT Systems distributed? Or Convoluted?
Find out why integrated management solutions are more important than ever in today's IT environments and what criteria to consider when evaluating those solutions.

Virtualization Faceoff – Join the Discussion
Blogs, free poster, videos, community commentary – IT experts and peers face off on VMware & Microsoft virtualization solutions.

Should Your Email Live in the Cloud?
This Forrester report shows how-to calculate your on-premise email costs and compare with cloud-based alternatives and offers best practices for reducing email costs.

Exchange Server 2010: Deploying Unified Communications
register for this free virtual event and build your Unified Communications future on a strong Exchange Server 2010 foundation

New from Left-Brain.com - Manage VMware with PowerShell
Learn how to perform everything from simple ad-hoc reporting at the command-line to complex scripts that automate a massive deployment of hundreds of virtual machines.  Solve your old problems using less code than you thought possible!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2010 Penton Media, Inc. Terms of Use | Privacy Statement