BLOG

Blocklist changes

Late last year we wrote about the many problems with SORBS. One of the results of that series of posts was a discussion between a lot of industry professionals and GFI executives. A number of problems were identified with SORBS, some that we didn’t mention on the blog. There was an open and free discussion about solutions.
A few months ago, there were a bunch of rumors that GFI had divested themselves from SORBS. There were also rumors that SORBS was purchased by Proofpoint. Based on publicly available information many of us suspected that GFI was no longer involved in SORBS. Yet other information suggested that Proofpoint may truly have been the purchaser.
This week those rumors were confirmed.

Proofpoint, Inc., the leading provider of cloud-based security and compliance solutions for enterprise messaging and collaboration, today announced it has acquired the assets of the SORBS (Spam and Open Relay Blocking System) service (http://www.sorbs.net). Approximately 200,000 organizations worldwide leverage the SORBS DNS-based Block List (DNSBL) to effectively block email from more than 12 million host servers known to disseminate spam, phishing attacks and other forms of malicious email.

I have to wonder how reflective of actual usage numbers the “200,000 organizations” is. I do suspect that many organizations are querying the list, but I don’t know how much it’s affecting delivery. Most spamassassin installations query SORBS DUL by default. However, being listed on SORBS DUL only counts for 0.001 points. Being queried doesn’t matter if those queries don’t really affect delivery.
We recently wrote about problems with the Trend/MAPS lists. Many people have contacted us about that and indicated they are no longer seeing any blocking at Comcast based on a MAPS listing. The Comcast postmaster page hasn’t been updated, but I haven’t heard of anyone having problems with listings at Comcast recently.
I’m hearing conflicting reports about the other major US Trend/MAPS user, RR.com. Some people are telling me they’re seeing inbox delivery for MAPS listed IPs. Other people are telling me they’re seeing deferrals for MAPS listed IPs.
In either case, it appears that the effect of a MAPS listing on delivering mail to US ISPs is less than it was a few months ago.
The decisions to make this information public  were not made lightly. On balance, blocklists are a valuable and important part of the email ecosystem. But they are a bit of a black box. Very few people who don’t run blocklists actually have insight into how they work and how they make decisions. There are good reasons the blocklists do this, but it does make them a bit of an unknown entity to many.
In response to the ongoing damage to the email ecosystem, we decided share this information publicly. Many people tried discussions with the list maintainers and their parent companies: by phone, by email and in person. These efforts were only partially effective at getting wanted mail delivered.
Because this problem was ongoing and because so many different people were attempting to resolve the problem unsuccessfully, we decided to make the information we knew public. While the listing policies don’t seem to have changed, the overall damage to the ecosystem seems to be lessening.
There are a lot of people who worked very hard to bring about these changes. Many of them cannot be named, for obvious reasons. But their contribution should not be overlooked. Our position in the industry means people share issues with us and that we can share information publicly. But just because we’re the public face doesn’t mean we’re the only actors.

Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.