Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

MessageLabs and SORBS Butt Heads Over Spam Blocking

Finding a technical solution to the problem of spam has plagued Information Security specialists since spam was first identified. Along the way there have been a number of different approaches taken, of varying effectiveness. One of the more reliable, if a little imprecise, methods has been the use of block lists, managed through either companies or interested groups.

Amongst the well known block lists, SORBS (Spam and Open Relay Blocking System), a free service that lists known or suspected compromised mail hosts, has been around since late 2001 and has been through a variety of iterations since then. Mail server operators can then apply the SORBS block list to silently drop / bounce / ignore messages from servers on the list and hope that they end up blocking nothing more than spam until the spamming servers are brought back under control.

In reality, this isn't always the case. What can happen is that the blocking of legitimate email (or even the silent disappearance of it) can be the first sign that something is amiss with a mail server. It doesn't take anything more than a single compromised virtual host in a shared hosting setup for all the other virtual hosts sharing the same physical server to be tarred with the same brush of being spammers.

If the offending (or suspected offending) mail server operators don't take action to address the concerns raised by the block list maintainers, then they will languish on the block list until the spammers move on or their clients do. This brings to light the biggest problem associated with spam block lists, they are a very coarse tool and the amount of effort to remove an incorrectly identified server from the list is significant. Compounded with the uncertainty and arbitrariness of being blocked, it can be a very disturbing thing for an administrator to have to face, especially if it can't be quickly resolved (the updates can take days to roll out across the systems relying upon the block lists).

One such problem came to light recently when MessageLabs customers were faced with significant email issues after their email servers ended up on the SORBS block list. According to SORBS, the blacklisting was a result of various MessageLabs servers being used to send multiple spam messages. While it is claimed that MessageLabs acted to block further spam messages, it wasn't quick enough to avoid being placed on the SORBS block list.

This isn't the first time that SORBS and MessageLabs have clashed heads over whether or not MessageLabs systems should be blocked.

Because such block lists tend to be an aggressive, coarse tool, the recommendation to mail administrators is to use them as part of a combined, blended solution, where the presence of a server on a block list is not the be all and end all of determining if incoming mail is spam or not.

15 November 2010

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.