Home page logo

basics logo Security Basics mailing list archives

Re: Sorbs.net DNS Blacklist
From: John Mason Jr <john.mason.jr () cox net>
Date: Mon, 13 Mar 2006 12:58:39 -0500

Dan Denton wrote:
I've got some updated info since the original posting. I spoke by email
with a gent at payments () sorbs net, and was told that the reason we were
blacklisted was that a spammer sent a message from a forged username at
a particular domain. The email hit an address at our server that was no
longer in use, and of course a bounce message was sent back saying the
address doesn't exist.

The "proper" way to deal with this is to reject during the smtp conversation, that way your mailserver will not generate the bounce message and get stuck in a blacklist.


Evidently, this response is considered spam in and of itself by
sorbs.net, and that's what got us on the blacklist. Never mind that we
were the ones who got spammed in the first place, and our mail gateway
was only doing what it was supposed to do. I was told that if we ceased
such "harassment", then we would be removed from the blacklist.

Backscatter is bad, I hope you can find a way to fix your problem
The link explains it better than I can

Symantec, who makes our gateway, has it documented on their website that
this feature cannot be disabled, and that such responses are required by
RFC 821. I can see the point. If there's no response to the sender of an
email who accidentally puts a typo in the email address they're sending
to, how the heck would they know if their email reached the correct
party or not? They'd receive no response from a real user, and they'd
probably wonder why they're being ignored. In a business setting, that
behavior could lose you money real quick.

It is not about getting the NDR but which server should generate it.



The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]