News: 1717741633

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Spam blocklist SORBS closed by its owner, Proofpoint

(2024/06/07)


Exclusive The Spam and Open Relay Blocking System (SORBS) – a longstanding source of info on known sources of spam widely used to create blocklists – has been shuttered by its owner, cyber security software vendor Proofpoint.

SORBS provided free access to a DNS-based Block List (DNSBL) that lists over 12 million host servers known to disseminate spam, phishing attacks and other email nasties. The service states its list "typically includes email servers suspected of sending or relaying spam, servers that have been hacked and hijacked, and those with Trojan infestations."

Over 200,000 organizations use SORBS data, and the service is highly rated for its accuracy.

[1]

The service is over twenty years old and was created by Michelle Sullivan, who oversaw it as a Proofpoint employee working from Australia.

[2]

[3]

The Register inquired about the reasons for the service's end, and Proofpoint sent the following statement:

"The decision to sunset a product is never an easy one and was made after thorough consideration of various factors impacting the service's sustainability. We can confirm that SORBS was decommissioned on June 5, 2024, and the service no longer contains reputation data. Given the wide range of potential replacement solutions in the market, Proofpoint cannot make recommendations nor endorse any specific replacement product; this is dependent on an organization's needs."

Decommissioning SORBS saw its "Zones" – 18 lists, each devoted to a different class of spam-related server – emptied of information.

The Register understands restoring information to the Zones requires a trivial amount of work, and that the service's code base is intact. Restarting the service would therefore not be difficult.

We further understand that news of SORBS's demise has sparked conversation in the anti-spam community about a possible acquisition.

[4]Microsoft to tackle spam by restricting Exchange Online bulk email

[5]Outlook.com trips over Google's spam blocking rules

[6]Happy 20th birthday Gmail, you're mostly grown up – now fix the spam

[7]Spam crusade lands charity in hot water with data watchdog

SORBS has already existed in three different incarnations.

When Sullivan created the service, it was hosted it on infrastructure owned by the university she worked for at the time.

[8]

SORBS's impact on the uni grew to the point at which it was no longer welcome, leading software vendor GFI to [9]acquire the service . A couple of years later, GFI offloaded SORBS to Proofpoint, which has owned it and employed Sullivan ever since.

The Register has been informed the service's hosting and operating costs are at a level that make it infeasible for an individual to take over.

Sources tell The Register that offers to acquire SORBS are certain to arrive – from spammers who have over the years expressed an interest in controlling the service for their own nefarious ends.

[10]

The anti-spam community is understandably hopeful legitimate parties will commit to operating SORBS. While Proofpoint is correct in saying alternatives exist – SpamCop and Spamhaus are the most prominent – SORBS's transparent operating practices have earned it many plaudits over its lifetime.

Transparency in blocklist operations is paramount, because blocklist operators could with the stroke of a pen make life very hard for those who send email for a living. SORBS operated a support ticket system and staff who discussed listings, documented those discussions, and archived them. The service therefore had years' worth of records documenting its decisions and decision-making process – a body of work that proved SORBS was neither capricious nor vengeful. ®

Get our [11]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZmLaQjOIvytDemTeTcDIOAAAAIc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZmLaQjOIvytDemTeTcDIOAAAAIc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZmLaQjOIvytDemTeTcDIOAAAAIc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[4] https://www.theregister.com/2024/04/16/microsoft_external_recipient_limit/

[5] https://www.theregister.com/2024/04/03/outlookcom_blocked_by_gmail/

[6] https://www.theregister.com/2024/04/02/gmail_turns_20/

[7] https://www.theregister.com/2024/03/05/penny_appeal_ico_investigation/

[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZmLaQjOIvytDemTeTcDIOAAAAIc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[9] https://www.theregister.com/2009/11/06/sorbs_sold/

[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZmLaQjOIvytDemTeTcDIOAAAAIc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[11] https://whitepapers.theregister.com/



wolfetone

I wish UCEPROTECT would shut itself down instead. A total cowboy outfit.

Anonymous Coward

FINALLY, that thing was a real pain in the arse, and stopped individuals from running their own SMTP server, due to classifying them all as SPAMMERS, and being totally un-contactable or responsive to requests to remove their erroneous flags.

Personally, I've never had a problem

Mishak

Provided I either:

1) Use a static IP (not available from all domestic ISPs), and create rDNS, MX and SPF records for that IP; or

2) Use my ISP's mail service to send messages.

However, it is a world of pain to just set up a server using the IP assigned by the ISP - but I think that's fair, as that's how compromised PCs are used within spambot networks.

Yorick Hunt

Never had a problem with any lists*, having set up dozens of mail servers over the years, in assorted ISPs' address space, including residential netblocks.

Of course, I actually go through all the settings before "letting the hounds loose," so to speak - as opposed to most first-time experimenters who just run with defaults, thereby creating an open relay and getting discovered by constantly-probing spammers within minutes (and getting listed by all manner of automated blacklists soon thereafter).

* With the exception of UCEPROTECT, but I treat those listings as a badge of honour.

Anonymous Coward

I know right, I've been sitting on a warehouse full of CIALIS for decades. I can finally shift it.

So, another one bites the dust

Pascal Monett

A free service that was useful, accurate and regularly updated. And now it is shut down without so much as a warning.

Proofpoint may have managed its existence properly, but it botched its ending. You tell people you're going to shutter a service like that. You give them time to adapt. You don't just pull the plug and then say "Yeah, we can't be bothered no more".

Bad doggie. No cookie.

Re: So, another one bites the dust

A Non e-mouse

Why don't you ask them for a refund or compensation on your previous subscription payments...?

Solutions?

The man with a spanner

Mozzila ?

EU supported service ?

Or both perhaps?

Good riddance to all the false positives

Jan Ingvoldstad

In my opinion, this is one of the worst blocklisting services ever.

Delisting or expiry? Forget it. Entries from 2004 hung around *forever*.

Accuracy? Don't make me laugh. The false positives abound.

A SORBS listing, if you could verify that it was recent, could have had some value as input in spam scoring, but has regrettably not been useful for making a direct yes-or-no decision.

For that purpose, I would rather have gone with Spamhaus' or Invaluement's free services, or paid for the services, combined with easy bypassing for the very few false positives.

Zippy´s Sausage Factory

I wonder if Proofpoint own (or are planning to launch) any mass emailing services?

Asking for a friend...

Humor in the Court:
Q: Did you tell your lawyer that your husband had offered you indignities?
A: He didn't offer me nothing; he just said I could have the furniture.