Chris-Linfoot.net

Notes:

1. But will occasionally block Gmail unless Gmail is whitelisted.
   
   
2. High risk unless balanced by a well maintained whitelist. Consider SORBS subzones (e.g. dul.dnsbl.sorbs.net) if the composite zone is too strong, you have no whitelist or don't care to maintain one. SORBS is simply too good not to use at least partially.
   
   
3. Will occasionally list a "benign" mail host when it has inadvertently been left open to third party relay by its administrator. This is a good thing in my opinion as it raises awareness among lazy or inexperienced administrators of the importance of being a good netizen.
   
   
4. The ORDB supplements the far more extensive reach of the DSBL and lists only simple relays which are nowadays fairly few. You could consider omitting this DNSBL though you would miss a small number of open relays that way.
   
   
5. Update: ORDB is now dead. Don't attempt to use it. References to it have been kept above to preserve history.

In addition to these, you could consider using country specific DNSBL zones if, for example, you have a significant spam problem from China but expect no legitimate email from there. Here, we use subzones of countries.nerd.dk to refuse email from a small number of countries. blackholes.us offers similar functionality and I can commend either of these services to you.

Category: DNSBLs
Technorati: DNSBLs

1. Gregg Eldred09/01/2006 19:02:54
Homepage: http://www.ns-tech.com/blog/geldred.nsf

I use a few of these Blacklists. However, the most hits I get are from using sbl-xbl.spamhaus.org. I mean by factors of 100. Some of these get no hits, and I am not sure why. I use sh stat smtp to provide me with that statistic. Overall, I am happy with the results, but I could be blocking more.

2. Matthew Sullivan (SORBS)09/02/2006 22:26:50
Homepage: http://www.sorbs.net/

dnsbl.sorbs.net does not include any of the SPEWS zones.

The SPEWS zones have to be queried seperately by using:

l1.spews.dnsbl.sorbs.net (SPEWS Level 1 listings)
l2.spews.dnsbl.sorbs.net (SPEWS Level 2 listings)

Regards,

Mat

3. Chris Linfoot13/02/2006 22:17:27

Thanks for clarification Matthew. Didn't know that. Do now.

4. Martijn de Jong05/03/2006 14:04:55

I have about the same DNSBLs in my configuration document, but have quite different experiences with their efficacy. My present statistics show:
SMTP.DNSBL.cbl.abuseat.org.Hits = 7
SMTP.DNSBL.list.dsbl.org.Hits = 4
SMTP.DNSBL.sbl-xbl.spamhaus.org.Hits = 884
SMTP.DNSBL.TotalHits = 895

Zero hits for bl.spamcop.net which is also configured as a DNSBL.

5. Martijn de Jong06/03/2006 21:32:42

I have to rectify my last comment. I discovered why bl.spamcop.net did not have any hits. Behind the line in my configuration document was a single space. Apparently Domino is sensitive to that. Without the space, bl.spamcop.net took 2nd position with 9 hits. Far behind spamhaus still though which already has 951.

6. Chris Linfoot06/03/2006 22:27:19

The order in which you query DNSBLs has a material impact on their relative positioning in terms of number of hits. It doesn't really matter whether Spamcop or SORBS stops a spam host from connecting, does it? The outcome is worthwhile in either case.

7. Franky04/09/2006 13:47:17

I don't recommend sorbs, because if you are on a list of sorbs with more then one ip, you would be only remove if you pay a few of 50 us$.. we have a customer and the provider of the customer is on the list of sorbs. He is on now other list, also his servers are not used from spammers etc..
His provider didn't know why he is on the list, he try to contact sorbs but get every time only the message he should pay then he would be remove

------------------------

Delisting. If the size of the listing is anything more than a single IP address, delisting can only take place when the spammer is no longer using the address space, in which case the size of the listing will be reduced down to the originally spamming IP addresses free of charge. The affected IPs (the ones used to send the spam) will only be delisted when US$50 is donated to a SORBS nominated charity or good cause. The charities and good causes SORBS approves will not have any connection with any member of the SORBS administrators, either past or present.
------------------------

Maybe sorbs is highly effective but if you can not be removed without paying, and in this case it is so, the list is not usefull because this is like a extortion.

8. Chris Linfoot04/09/2006 15:10:14

Franky, I disagree.

1) SORBS is not extortion. The $50 fine is an incentive to administer your SMTP competently.

2) I don't want email from anyone not able to administer an SMTP competently.

9. Murray Mintz06/01/2007 15:28:34
Homepage: http://www.belugadesign.com

Yesterday I found that a personal url of mine, used mostly for mail, and that of a client are on the sorbs list. We run legitimate companies and never have done any spamming. I immediately went to the sorbs site and found it to be impossible to find a way to delete our dns from the dnsbl. There is no real way to contact them with any immediacy and the faq tells you that to get off the list you must correct the problem which put you on the list. This is insane, and paying a fine, whether to a charity or not, still amounts to blackmail or extortion. As someone who wastes an inordinate amount of time daily dealing with spam, I can understand working to stop it and commend anyone who can help stop it, but sorbs is preventing people from contacting me and my client, which is worse than dealing with the spam itself. It makes me very angry,

10. Chris Linfoot06/01/2007 17:59:48

You'll get no sympathy here until you learn a little more about the technology you are using and how DNSBLs work.

SORBS is not listing your personal URL. It is not listing any URL.

It is listing IP addresses in various different categories including that of dynamic/cable. Is your IP dynamic, perchance? If so then that is why SORBS lists it and why it will not be delisted.

Two further points:

1 - Why wory? No-one uses SORBS to block anyway (unless counterbalanced by a whitelist). Most users just use it as part of a spam weighting system - and yes, this could mean that your email is more likely to be classed as spam, BUT

2 - Why not route outbound email via your ISP's mail core? This is a requirement in most ISPs' terms of use/acceptable use policies nowadays anyway.

11. Mark04/02/2007 05:58:34

The SORBS DNS delisting scheme is nothing less than extortion. Who gives these folks the right to charge $50 per message for delisting when an ISP has corrected any problems it may have had.

The people who run it ought to be prosecuted. They are just as bad as the spammers.

12. Nick20/04/2007 03:15:51

DO NOT use anything with SPEWS in it. The people who run SPEWS are highly regarded as either incompetent or just simply vindictive. SPEWS blocks TIER 1 ISP blocks (i.e ip ranges from the ISPs that control most of the internet's lines) simply because spammers exist within certain ranges. I have seen them block up to a million ip's in one swift ban. That is ridiculous by any means. This is very irresponsible, as they aren't simply identifying spammers... but also legitimate businesses (not just a handful either - hundreds of thousands of valid non-spamming ip's).

If you see anyone using SPEWS, please encourage them to remove that RBL. It does more harm them good.

13. Jeremy10/07/2007 00:21:32

This article should maybe be updated to remove ORDB, as they've been offline for some time now. Otherwise, thanks for the help!

14. Chris Linfoot10/07/2007 08:17:23

Good call. Thanks Jeremy.

15. John Willemse14/12/2007 20:45:30
Homepage: http://www.badkey.com

Chris what can I do when the Domino ND7 is behind a Mail relay from the provider ? If I use the build in 'junk' filter it only checks the connecting server which is in my case the provider and he is not in in,
sbl-xbl.spamhaus.org
relays.ordb.org
dnsbl.sorbs.net
list.dsbl.org
multihop.dsbl.org
unconfirmed.dsbl.org
virbl.dnsbl.bit.nl
bl.spamcop.net

I have an agent who checks all routed IP's and the I get it working, only the agent works on a client, I want to have a Domino Server solution and not a 3rd party solution.

Thanks.

John

16. Chris Linfoot14/12/2007 20:59:34

Let me see if I understand you. You want to be able to check the IP address in a received header prior to the one(s) inserted by your (MX) provider?

The built in DNSBL lookup will not help you as it doesn't look at RFC2822 headers. It looks at the connecting IP only and that will never change, being that of your provider.

However, if you have an agent that works client side, there's no reason to suppose it would not work server side (before new mail is delivered).

Also, most people who outsource MX do so because the outsourcer (e.g. Messagelabs) gets rid of spam for them.

If your provider doesn't filter spam effectively, why are you using them? Surely you'd be better off controlling your own MX? Plenty of tips here on how to make that work really well. And it's free.

17. Robert Mason09/04/2008 19:53:57

"1) SORBS is not extortion. The $50 fine is an incentive to administer your SMTP competently.

2) I don't want email from anyone not able to administer an SMTP competently."

SORBS lists Yahoo, Hotmail, Gmail, and thousands of other SMTP servers run by *VERY* competent mail admins. Blocking entire /16s is just irresponsible and stupid. Their little $50 per-IP unblock scheme is nothing but extortion.

We stopped using SORBS a while back and don't miss it one bit. The dnsbl lists from uribl.com have been far far more effective anyway.

18. John Willemse24/05/2008 10:14:36
Homepage: http://www.badkey.com

Chris,

Thanks for all the support. Now I have a new provider and I can use ND7 to block spam/junk e-mail.

http://www.badkey.com/db/blogsphere.nsf/d6plinks/JWIE-7EWW3G

Regards,
John

Unable to post a comment? Please read this for a possible explanation...