Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Sorbs.net DNS Blacklist

from [Devdas Bhagat] Network Security [Permanent Link]
Subject: Re: Sorbs.net DNS Blacklist
Date: Thu, 23 Mar 2006 04:03:53 +0530 
On 20/03/06 19:55 -0600, Cloy Tobola wrote:

On Mon, 13 Mar 2006 at 23:48, Devdas Bhagat  
<devdas_at_dvb.homelinux.org>


SORBS itself does not block you.


Uh, if they are sharing blacklists that include a particular IP  
address... I would say that they are definitely blocking something.


They are publishing a list of IP addresses. The _only_ people who are
blocking anything are the administrators/owners of the recipient's mail
servers. SORBS does not control the remote mailservers. If the recipient
MTAs admins choose to trust the list SORBS gives them, it is their
responsibility.

Without a contract guaranteeing delivery, senders have no choice about
it. "My servers, my rules" applies.


They do not charge you money for delisting.


Really? Then why is this an issue? The fact that they don't pocket  
the money is beside the point.


It isn't. OP brought it up.


Their argument is "You have done damage to the Internet
commons. If you want to be a good citizen, please undo the damage by
donating $ to <random charity>. Alternatively, wait for 90 days to be
delisted automatically."


And what about the fact that they block IP ranges?


What about it? SORBS advertises a policy. They run their BL according to
that policy. If I agree with it, I will use it. If not, I won't.


And what about the people that got listed because spam with faked  
email addresses that were bounced?


Uh? Bring that to the notice of the SORBS admins. AFAIK, SORBS blocks
based on the client IP address, not the sender email.


And what about those people on shared servers who end up blocked by  
association?


Sucks to be them? The point of an IP based blocklist is to be able to
say "I do not want any mail from this host. I don't care who you are,
you do not have consent to send mail to my servers."

Spam is about consent, not content. I can choose not to consent to
getting mail from a netblock, a single IP, a domain, a particular email
address, anything. You do not have _any_ say in how I run my server(s).
Feel free to offer significant money for deliverability.

Devdas Bhagat

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  User ID composition, jaboltz
Next by Date:  Vulnerability of VMWare Virtual Machine?, Chavoux Luyt
Previous by Thread:  RE: Sorbs.net DNS Blacklist, Jim Serino
Next by Thread:  System 32 folder opens during start up, DMORROW5
Indexes:  [Date] [Thread] [Top] [All Lists]