Blocked out: Antispam blocklist SORBS is switched off
With the DNS blocklist, founder Michelle Sullivan wanted to protect the Internet from spam since 2001. The reasons for the closure are vague, successors unclear.
(Image: Shutter z/Shutterstock.com)
The DNS-based blocklist SORBS (short for "Spam and Open Relay Blocking System") no longer exists. Since June 5, the SORBS servers have been shut down and no longer provide answers to DNS queries. The project's website still exists, but mail server admins will have to look for a replacement. The global mail community now fears that spammers could take over the project – they have been interested in it for years.
SORBS, founded in 2001 by Australian Michelle Sullivan, initially pursued only one goal: the list included so-called "open relays", i.e. mail servers that accepted emails from anyone and forwarded them to their recipients. These open relays were at times the largest source of spam until they were replaced by botnets and freemail providers with lax security practices. Later, administrators could also use queries to SORBS to determine the type of IP address and obtain further data on its reputation.
Efficient, but not infallible
SORBS was a DNS blocklist to be able to process many queries quickly and efficiently while integrating itself as seamlessly as possible into the workflows of a mail server. If a mail server wanted to find out more details about an IP address from which it was being offered mail, it sent a DNS query to the SORBS DNS server. This either replied with an error message if it did not know the address, or returned an IP address in the format 127.0.0.x. The last octet of this address told the person asking which sublist the requested IP address was on and could therefore be used as a reference for further filtering measures.
This did not always run smoothly: overblocking, i.e. the unjustified blocking of benign IP ranges, also took place with SORBS and the list was also under constant attack from spammers. Due to these difficulties, it changed hands several times, first to GFI and finally to Proofpoint.
They have now decided to end SORBS and shut down the DNS servers on June 5. Only the project's website, whose design has survived the decades, is still online. A Proofpoint spokesperson told The Register that the decision was made "after careful consideration of various factors relating to the sustainability of the service".
Buyout by spammers?
Economic reasons also appear to have played a role: Michelle Sullivan, the project founder and previous Proofpoint employee, is losing her job at the end of June. On the mailop list, mail administrators from large providers thank the Australian, whose future seems just as uncertain as that of the project. According to reports, spammers are trying to get hold of the remnants of the SORBS project, primarily the domain.
Admins using SORBS in their mail servers should remove all mentions of DNSBL to avoid disruptions or delays in mail delivery.
(cku)
