Last week, I wrote about blacklist services (the article is at the URL below), and I received some responses that I'll share with you this week.
http://www.windowsitpro.com/Article/ArticleID/49553
One reader wrote to say that, lately, Spam and Open Relay Blocking System (SORBS) "is blocking almost all email from Yahoo, Hotmail, and some other large ISPs." He has quit using SORBS because it caused problems for a few clients.
Another reader also wrote about his problem with SORBS. He said that "one of our main mail servers received a piece of spam with a forged From address that went to one of \[SORBS's\] honeypots. We received an email to a nonexistent \[email address\] and sent a nondelivery response to the forged address at the honeypot. The result of a single email sent last November was that any \[host on the Internet\] using SORBS regarded our email server as a spam sender. The email had originated in Brazil and our email server was just the last link in the chain." He then described his ordeal in trying to get his server removed from SORBS's database.
At the SORBS site (URL below), you'll read that "affected IPs \[of the mail server which sent spam\] will only be delisted when US$50 is donated to a SORBS nominated charity or good cause. The charities and good causes SORBS approves will not have any connection with any member of the SORBS administrators, either past or present." I have no problem with donating to charity, but trying to force that on people is unprofessional and unreasonable. The reader found an alternative way to have his IP address removed from the SORBS database, but SORBS doesn't make the alternative clear on its Web site.
http://www.au.sorbs.net/overview.shtml
In my tests, the SORBS blacklist service was only marginally better than the service provided by dnsbl.net.au (DNS server: t1.dnsbl.net.au), so I might not continue using SORBS in light of what the two readers have revealed.
A third reader wrote to "strongly disagree with your recommendation to use blacklists, even though they are effective. My opinion is based on the fact that it is very easy to get blacklisted even without reason and very difficult to get out of the blacklist. This can cause long delays with email delivery and sometimes businesses depend on it--even though they shouldn't. I also don't like the attitude of some of the service providers for blacklisting, it is very frustrating to contact them."
What I recommend is that you do what works for your particular networks. If you find that blacklists work and aren't much of a management problem, then use them--they can be very effective. On the other hand, if you experience trouble with an entity such as SORBS, it might be best to drop that service in favor of another.
Some readers also offered comments about filtering particular languages. I think that some readers took offense to such filtering. I truly meant no offense. My point is simply that if no one in your organization reads a particular language, then any inbound mail in that language can be dropped. For example, approximately 48 percent of the email received by the mail servers I tested appears to be written in Asian languages--in particular, Japanese, Korean, and Taiwanese. None of the people that those mail servers support read any Asian languages, so we set the filters to drop all Asian language mail. As a result, processing overhead is reduced.
