November 30, 2010
SORBS DUHL DNS Block List Causing Widespread Email Deliverability Issues Once Again
[Update Aug. 16, 2011: In what may seem like a surprising turn of events, today Proofpoint announced that it had purchased the assets of the SORBS DNSBL service (see, "Proofpoint Purchases SORBS Anti-Spam Service Assets").
The net-net of that announcement is that (1) the SORBS service will continue to be available as a free, standalone service (2) Proofpoint is devoting additional development and support resources to SORBS to improve both the accuracy of the service and the timeliness of response to support and dispute inquiries and (3) data from SORBS provides Proofpoint with enhanced intelligence about email-borne threats.
Note that all service and support inquiries related to SORBS continue to be handled exclusively through the SORBS website at http://www.sorbs.net.]
[Update Dec. 9, 2010: Visitors coming here from the otherwise excellent post on SORBS at the "Word to the Wise" blog should note that Proofpoint does not rely on the SORBS DUHL for analyzing inbound email - we have our own reputation system. Our comments here are about deliverability problems our SaaS customers were experiencing with their outbound (sent) email being blocked by recipients that *do*use SORBS.]
[Update as of Nov. 30, 2010 5:00 p.m. PT: Proofpoint support reports that SORBS tells them they have resolved the issue that was causing problems for Proofpoint SaaS customers, but notes that it may take several hours for SORBS changes to propagate across the SORBS user base.]
Several weeks ago, I had reported on widespread email deliverability issues caused by a possible denial-of-service attack against email blocklist service SORBS (Spam and Open Relay Blocking System).
This week, the SORBS DUHL (Dynamic User and Host List) seems to be incorrectly listing—and hence, causing email deliverability problems—for a wide swath of IP addresses. This service, which is supposed to list blocks of IP addresses that are assigned dynamically, is currently misclassifying at least one network range and rejecting mail from any IP address in that space.
This misclassification has caused email deliverability problems for some users of Proofpoint's SaaS email security solutions, and many other valid mail senders as well. We're seeing quite a few tweets about issues with SORBS today and message threads (such as this one at ietf.org) regarding SORBS DUHL incorrect listings.
Proofpoint's support department is aware of this issue and has been working to resolve the problem with SORBS technical support (which has thus far been unresponsive to repeated inquiriesthis issue now seems to be resolved per my update at the beginning of this post). Unlike the problems experienced in October, we haven't seen any public response from SORBS about what might be going on with their service.
As I mentioned in my October post on SORBS issues, false positives can happen with any blocklist service and Proofpoint advises email administrators that relying on just a single RBL service for vetting inbound email can be extremely problematic. In the case of SORBS, this is (at least) the second major misclassification issue we've observed in the last 90 days. Email administrators who currently rely on SORBS should be aware of these issues and take action as necessary.
For customers of Proofpoint's SaaS solutions who may be concerned about this problem, Proofpoint support has posted a news alert in our CTS online support system with more details about the issue. (Note: Your CTS login is required to access this site.)
Sorbs is the worst. I dont understand how they can continue to be an uncontrolled service. False positives are a regular thing with them. They still continue to disrupt business with no accountability. The crazy thing is the guy who runs it will actually demand money to de-list you. I look it as a scam and have never understood how they can disrupt busines like they do and not be held accountable. I had one company that the only way to get around the problem was to role out a new address space for mail. It can take weeks for them to address your issue. Anyone who has been affected by their lame system knows what I mean. Good Luck if they have you hostage.
Posted by: Rich | December 01, 2010 at 12:12 PM
I wonder how did you get in touch with SORBS? We have a similar issue and they appear to be just ignoring our messages.
Posted by: Vlad | December 03, 2010 at 03:55 AM
We have seen some of our customers blocked in the last couple of weeks because our static mail server IP, which has been the same for 5 years and is registered at ARIN to us, was included in SORBS DUHL. The real problem is mail server admins that use SORBS DUHL to block rather than weight email. Any mail server admin that uses a single SORBS list to block email rather than weight email should retire.
Posted by: David Blizzard | December 06, 2010 at 10:19 AM
We have been on the list for a week now with no assistance or response from them.. Repeated attempts to have them correct the issue of our IP address on the DUL list has gone unresponded.
Our ISP and us have both attempted to make contact. They accidently blocked an entire /17 for our ISP. Unbelievable that they will not even responded.
THe most unprofessional Spamlist I have ever seen!
Posted by: Ryan Harrelson | December 06, 2010 at 11:07 AM