Sorbs.net

Sun Mar 27 22:57:13 UTC 2005

Hi folks. A few points about Sorbs (I've also started a web site
www.iadl.org to track abuse of the internet for defamation purposes. The
web site isn't finished, yet.)

1) Someone said Sorbs is just Matthew Sullivan.

Well, _Sullivan_ said it isn't just him. Yeah, sure, that has
credibilty...

However, my own experience with Sorbs has revealed that it is also Alan
Brown (formerly of ORBS) and Kai Schlicting. We all remember Alan from the 
ORBS shutdown, I hope. Alan was found by three courts in separate cases to 
be defaming people (two by using a blacklist). 

Well, Alan claimed our address space was hijacked and that the OSF didn't
exist anymore. This was picked up verbatim by Sorbs.  When I contacted
Sullivan to tell him this was false, Schlichting send an "anonymous"
message from abuse at conti.nu to The Open Group. (www.osf.org goes to
www.theopengroup.org).  After that, they dropped the part of OSF not
existing anymore.

[You all know the The Open Group (TOG): They do Motif, X Window System,
DCE, CDE (used on sun, hp, compaq, ibm, etc). They own the Unix trademark,
XPG4 suite, they do standards compliance testing, etc. They do lots of
things.]

The general counsel for TOG forwarded me the defamatory email from
Schlicting demanding that TOG explain why we provide them services and
why we are allowed to use 130.105/16 and other nonsense.  Here's just a
sample, indentation his:

		  however ARIN regulations
                  and their predecessor's (the
                  Internic: operations funded by
                  ARPANET)
                  regulations make it quite clear that
                  the resources allocated by these
                  registries are for the public
                  benefit, and are nothing short of a
                  government grant for use of a public,
                  shared resource. Government
                  grants are not transferable without
                  explicit and advance permission,
                  and their beneficial details and use
                  are open to the public for
                  inspection, and likely covered by the
                  FOIA.

Yeah, right.

The message was anonymous, from abuse at conti.nu, which I tracked back to
Schlichting.

After a complaint to their hosting provider, (at the time, XO), Sorbs was
apparently booted from XO for its defamatory statements in violation of
XO's AUP. Another Sullivan site that was threatening mailbombing was also
booted.  Interestingly, Sullivan tried to convince XO that Sorbs.net and
dnsbl.sorbs.net were different and that he wasn't responsible for
dnsbl.sorbs.net, and so XO shouldn't boot www.sorbs.net. XO didn't buy it,
I guess.  SORBS was then given hosting by ISC.ORG, which doesn't have an
AUP (interesting by itself), and apparently doesn't mind being associated
with court-proven liars and mailbombers.

Also interestingly, the Sorbs web site contains (or used to contain) a lot
of logos for vendors. At first glance, these seem to be endorsements or
support. But if you read the text, it just says not to complain to these
other companies about Sorbs. Sorbs did claim that Sun donated equipment. I
contacted Sun in Australia, and they had no record of donating anything to
Sorbs.  The most I have been able to find out about Sullivan is that he
is/was a student at the University of Queensland in Australia.  In his
email to me, he claimed that I should sue him because he has no assets.  

Well, indeed, we can sue him for defamation and expect the similar results
as in the 3 similar ORBS lawsuits. Brown/ORBS tried to say his false
claims were just opinion.  As did MAPS in Exactis V. MAPS.  
Interestingly, in his messages to me, Sullivan claimed that the (US) First
Amendment protects him. This has been refuted in US courts and is a
frivolous claim even in the US, but certainly it doesn't protect
Australians in Australia.  The court, in addressing ORBS's false claims,
noted they were basically a personal attack.

But, indeed, I have not so far located any substantial assets other than
Sorbs itself, which doesn't seem very substantial.  I'm still looking.  
Australian law gives us 5 years from the last false claim to file suit. So
we have (at least) until March 2010. If anyone has any more information
about Sullivan or his personal assets, please let me know.  I note that
Brown lost his ISP to pay for damages in his ORBS court cases. This was
followed by a strategy posted by Ron Guillmette for preventing assets from
being put at risk by abusive blacklists. Sullivan seems to be following
that strategy.  When Sullivan says "sue me I have no assets", he's telling
me that it is of little point to lay out $50K to sue someone who's
economic substance amounts to being barely above homeless and who almost
certainly can't pay the damages when they lose.

Rich Kulawiec mused:
>On Tue, Mar 15, 2005 at 05:44:41PM -0500, Paul G wrote:
>> unfortunately, that *still* didn't stop people from using it, which
>> translated into an unresolvable headache for me as a sp. 
>
>Then gripe at the people who chose to use it: it was *their*
>decision, and if it was a poor one, then they are the people
>who need to be held accountable for it.

I haven't found it to be too much of a headache, so far. After almost 2
years of listing by SORBS, its little more than annoying. I suppose that
could change if someone really starts promoting SORBS and ignoring its
history.  When we come across someone using Sorbs (a couple times a month,
though I had three in the last week--though they were all university
student run servers), I just call them up and point them to information
about Sorbs, and our listing.  That's usually enough for them to quit
using SORBS.

A good link is http://www.pathname.com/~corpus/NET.age

It shows that SORBS isn't blocking anything. To get into double digits, 
you have to use the SORBS DUL list, which is copied from elsewhere. Nearly 
all of the rest is under half a percent.

But I usually compare the SORBS ZOMBIE(hijacked) list with more reputable
hijacked lists:

OVERALL%   SPAM%     HAM%     S/O    RANK   SCORE  NAME:0-1
OVERALL%   SPAM%     HAM%     S/O    RANK   SCORE  NAME:1-3
OVERALL%   SPAM%     HAM%     S/O    RANK   SCORE  NAME:3-6

  0.089   0.1046   0.0054    0.951   0.42    0.82  RCVD_IN_SORBS_ZOMBIE:0-1
  0.035   0.0365   0.0312    0.539   0.43    0.82  RCVD_IN_SORBS_ZOMBIE:1-3
  0.094   0.1095   0.0000    1.000   0.46    0.82  RCVD_IN_SORBS_ZOMBIE:3-6

  0.015   0.0179   0.0000    1.000   0.36    1.00  RCVD_IN_WHOIS_HIJACKED:0-1
  0.007   0.0088   0.0000    1.000   0.43    1.00  RCVD_IN_WHOIS_HIJACKED:1-3
  0.081   0.0946   0.0000    1.000   0.45    1.00  RCVD_IN_WHOIS_HIJACKED:3-6

I note that SORBS blocks _ham_ as hijacked, while more reputable lists
block no ham as hijacked.  Apparently it isn't just Av8 they are lying
about.

And in the very few cases where we've run into SORBS supporters, our
lawyers have noted that such blacklisting is itself defamation, unlawful
participation in a group boycott, tortious interference in a contract and
other things. That takes care of that.  But that's been pretty rare.  
Nearly all users of SORBS are of the misled variety.  And even the
supporters seem to have trouble with it.  I noted recently that even ISC
no longer uses SORBS for mail filtering.

>Look, if I want to publish a blocklist of all domains with the
>string "er" in them and all IP addresses ending in .7, that would be
>a silly thing to do: but after all, it's just a list.  

There are consequences, of course, to doing irresponsible things, and to
misleading your subscribers, and to blocking email that your subscribers
didn't authorized you to block.  And even if legal consequences aren't
pursued, there are still consequences to being a liar, and consequences to
associating with liars and disreputable people.  The first consequence is
that people will point out one's associations/false statements/etc. These
things indicate the character of a person.  Sometimes there are
requirements of good character necessary to, say, hold public offices,
hold certain licenses, etc.  For example, this is why former New York
mayor Rudi Guiliani found it necessary to dissolve his business
partnership with Bernie Kerik after Kerik was found associated with the
Mafia.  In other cases, its just embarrasing to be found associated with
such people.  But there are always consquences of some sort or other.  No 
bad deed goes unpunished. Its just a matter of time.

		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   