Home page logo
/

basics logo Security Basics mailing list archives

Re: Sorbs.net DNS Blacklist
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Mon, 13 Mar 2006 23:53:21 +0530

On 09/03/06 15:54 -0600, Dan Denton wrote:
I've got some updated info since the original posting. I spoke by email
with a gent at payments () sorbs net, and was told that the reason we were
blacklisted was that a spammer sent a message from a forged username at
a particular domain. The email hit an address at our server that was no
longer in use, and of course a bounce message was sent back saying the
address doesn't exist. 

WTF are you bouncing email for non-existent users instead of rejecting
at SMTP time?


Evidently, this response is considered spam in and of itself by
sorbs.net, and that's what got us on the blacklist. Never mind that we

And by a few others as well. Google: bounce attack spam, outscatter,
backscatter.

This may not sound like much to you, but when you get a million bounces
(or two) because you got joe-jobbed and a bunch of bonehead admins decided 
to accept-then-bounce, it does becaome a serious issue.

were the ones who got spammed in the first place, and our mail gateway
was only doing what it was supposed to do. I was told that if we ceased
such "harassment", then we would be removed from the blacklist. 

Symantec, who makes our gateway, has it documented on their website that
this feature cannot be disabled, and that such responses are required by
RFC 821. I can see the point. If there's no response to the sender of an
email who accidentally puts a typo in the email address they're sending
to, how the heck would they know if their email reached the correct
party or not? They'd receive no response from a real user, and they'd
probably wonder why they're being ignored. In a business setting, that
behavior could lose you money real quick.

_REJECT_ not _BOUNCE_. A "550 No such user" message from your SMTP
gateway would work fine, let senders know that their mail has not
reached its intended recipients and would be less abusive on the
Internet infrastructure.

Devdas Bhagat

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]