SORBS Contact
Matthew Sullivan
matthew at sorbs.net
Wed Aug 9 22:51:01 UTC 2006
Steve Sobol wrote:
> On Wed, 9 Aug 2006, Matthew Sullivan wrote:
>
>
>> Sad state of affairs when ISPs are still taking money from spammers and
>> providing transit to known criminal organisations.
>>
>
> Hey Mat.
>
> You aren't wrong, but that doesn't absolve you of the responsibility to
> de-list in an efficient manner when you have made a mistake, or if the
> listing is no longer accurate (i.e. if all the spammers have been kicked
> off the netblock in question.)
>
If you checked with the original complainant you would find that both
the zombie and DUHL listings are cleared. If you knew the ticket
numbers and where they sit in the SORBS RT Support system you would know
that there were multiple tickets logged the oldest now being 10 days,
the most recent being 5 days - and under published policy the earliest
was pushed into the more recent. You'll also note that the original
complaint was about a single IP address as part of a /27 within a /19
listing.
> $DAYJOB lists spam filtering amongst the services we offer to our
> clients. I know we're using you to block IPs at the firewall, and we're
> probably also doing so at the server level. I am going to talk to my boss
> and co-workers about the impact of removing SORBS from our DNSBL list,
> because your replies lately have been snarky and completely
> unprofessional, including the reply quoted above. (Yes. It sucks that
> spammers are still spamming. So what?)
>
The quoted text above is intended for a few that might still be on this
list, non of which posted to this thread. The fact remains some ISPs
provide transit to known criminal organisations for hijacked netblocks
which are used for nothing but abuse (hosting trojans and viruses).
Money talks.
> I don't know what your problem is, but you're not making things any better
> by refusing to fix listings that aren't incorrect or, in some cases, never
> were.
>
Where do you get that from...? We fix incorrect listings as soon as
notified and with no deliberate delay. If you are refering to listings
like Dean Anderson's stolen netblock these are not delisted until such
time as proof is obtained that our information is incorrect.
We have been informed that Dean picked up that portable /16 (and 2 other
networks - one of which was a non-portable UUNET block) when he parted
company with OSF in 1998. I have been contacted on a few occasions by
Dean demanding delisting, each time I have asked for proof that he did
not steal the netblock from the OSFs creditors (taking without
permission even from a company folding is still stealing) - his response
was a lot of bluster followed by the creation of the IADL.org site. A
few people (including myself) have attempted to contact 'The Open Group'
who are the new owners of the old OSF organisation. I am not aware of a
reply that has been received from anyone other than Dean indicating that
Dean is the legitimate owner of the said netblock. You will also note
that at least one of the netblocks that Dean has indicated that he was a
legitimate owner of have been taken back and are reallocated. To date
no-one has backed Dean up in his assertion that he did not steal the
netblock, all that we have seen is a short time after the listing
suddenly Dean started providing services to 'opengroup.org' and cited
that as proof he owns the block - considering the OpenGroup is in the UK
now and are now unlikely to be able to prove to a court that they are
the legitimate owners of the netblock I don't see that as reason to
consider Dean the legitimate owner. A verifiable document from the
OSF/OpenGroup indicating that Dean Anderson is the legitimate owner of
their /16 and it was transfered to him with their knowledge and
permission is all that is required for delisting... however it seems
Dean cannot obtain that adding weight to the view that he did indeed
steal the netblocks.
Something to consider before replying: is this on or off topic for
NANOG? (personally I think part of this is on topic, other parts of the
thread are definitely off topic)
Regards,
Mat
More information about the NANOG
mailing list