Spam blocklist SORBS closed by its owner, Proofpoint
- Reference: 1717741633
- News link: https://www.theregister.co.uk/2024/06/07/sorbs_closed/
- Source link:
SORBS provided free access to a DNS-based Block List (DNSBL) that lists over 12 million host servers known to disseminate spam, phishing attacks and other email nasties. The service states its list "typically includes email servers suspected of sending or relaying spam, servers that have been hacked and hijacked, and those with Trojan infestations."
Over 200,000 organizations use SORBS data, and the service is highly rated for its accuracy.
[1]
The service is over twenty years old and was created by Michelle Sullivan, who oversaw it as a Proofpoint employee working from Australia.
[2]
[3]
The Register inquired about the reasons for the service's end, and Proofpoint sent the following statement:
"The decision to sunset a product is never an easy one and was made after thorough consideration of various factors impacting the service's sustainability. We can confirm that SORBS was decommissioned on June 5, 2024, and the service no longer contains reputation data. Given the wide range of potential replacement solutions in the market, Proofpoint cannot make recommendations nor endorse any specific replacement product; this is dependent on an organization's needs."
Decommissioning SORBS saw its "Zones" – 18 lists, each devoted to a different class of spam-related server – emptied of information.
The Register understands restoring information to the Zones requires a trivial amount of work, and that the service's code base is intact. Restarting the service would therefore not be difficult.
We further understand that news of SORBS's demise has sparked conversation in the anti-spam community about a possible acquisition.
[4]Microsoft to tackle spam by restricting Exchange Online bulk email
[5]Outlook.com trips over Google's spam blocking rules
[6]Happy 20th birthday Gmail, you're mostly grown up – now fix the spam
[7]Spam crusade lands charity in hot water with data watchdog
SORBS has already existed in three different incarnations.
When Sullivan created the service, it was hosted it on infrastructure owned by the university she worked for at the time.
[8]
SORBS's impact on the uni grew to the point at which it was no longer welcome, leading software vendor GFI to [9]acquire the service . A couple of years later, GFI offloaded SORBS to Proofpoint, which has owned it and employed Sullivan ever since.
The Register has been informed the service's hosting and operating costs are at a level that make it infeasible for an individual to take over.
Sources tell The Register that offers to acquire SORBS are certain to arrive – from spammers who have over the years expressed an interest in controlling the service for their own nefarious ends.
[10]
The anti-spam community is understandably hopeful legitimate parties will commit to operating SORBS. While Proofpoint is correct in saying alternatives exist – SpamCop and Spamhaus are the most prominent – SORBS's transparent operating practices have earned it many plaudits over its lifetime.
Transparency in blocklist operations is paramount, because blocklist operators could with the stroke of a pen make life very hard for those who send email for a living. SORBS operated a support ticket system and staff who discussed listings, documented those discussions, and archived them. The service therefore had years' worth of records documenting its decisions and decision-making process – a body of work that proved SORBS was neither capricious nor vengeful. ®
Get our [11]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZmLaQjOIvytDemTeTcDIOAAAAIc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZmLaQjOIvytDemTeTcDIOAAAAIc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZmLaQjOIvytDemTeTcDIOAAAAIc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://www.theregister.com/2024/04/16/microsoft_external_recipient_limit/
[5] https://www.theregister.com/2024/04/03/outlookcom_blocked_by_gmail/
[6] https://www.theregister.com/2024/04/02/gmail_turns_20/
[7] https://www.theregister.com/2024/03/05/penny_appeal_ico_investigation/
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZmLaQjOIvytDemTeTcDIOAAAAIc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2009/11/06/sorbs_sold/
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZmLaQjOIvytDemTeTcDIOAAAAIc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[11] https://whitepapers.theregister.com/
FINALLY, that thing was a real pain in the arse, and stopped individuals from running their own SMTP server, due to classifying them all as SPAMMERS, and being totally un-contactable or responsive to requests to remove their erroneous flags.
Personally, I've never had a problem
Provided I either:
1) Use a static IP (not available from all domestic ISPs), and create rDNS, MX and SPF records for that IP; or
2) Use my ISP's mail service to send messages.
However, it is a world of pain to just set up a server using the IP assigned by the ISP - but I think that's fair, as that's how compromised PCs are used within spambot networks.
Never had a problem with any lists*, having set up dozens of mail servers over the years, in assorted ISPs' address space, including residential netblocks.
Of course, I actually go through all the settings before "letting the hounds loose," so to speak - as opposed to most first-time experimenters who just run with defaults, thereby creating an open relay and getting discovered by constantly-probing spammers within minutes (and getting listed by all manner of automated blacklists soon thereafter).
* With the exception of UCEPROTECT, but I treat those listings as a badge of honour.
I know right, I've been sitting on a warehouse full of CIALIS for decades. I can finally shift it.
So, another one bites the dust
A free service that was useful, accurate and regularly updated. And now it is shut down without so much as a warning.
Proofpoint may have managed its existence properly, but it botched its ending. You tell people you're going to shutter a service like that. You give them time to adapt. You don't just pull the plug and then say "Yeah, we can't be bothered no more".
Bad doggie. No cookie.
Re: So, another one bites the dust
Why don't you ask them for a refund or compensation on your previous subscription payments...?
Solutions?
Mozzila ?
EU supported service ?
Or both perhaps?
Good riddance to all the false positives
In my opinion, this is one of the worst blocklisting services ever.
Delisting or expiry? Forget it. Entries from 2004 hung around *forever*.
Accuracy? Don't make me laugh. The false positives abound.
A SORBS listing, if you could verify that it was recent, could have had some value as input in spam scoring, but has regrettably not been useful for making a direct yes-or-no decision.
For that purpose, I would rather have gone with Spamhaus' or Invaluement's free services, or paid for the services, combined with easy bypassing for the very few false positives.
I wonder if Proofpoint own (or are planning to launch) any mass emailing services?
Asking for a friend...
I wish UCEPROTECT would shut itself down instead. A total cowboy outfit.