Ask Al: Help! I'm Blacklisted!

Akhter writes, "Our company IP address X.X.X.X is on the dnsbl.sorbs.net blacklist. We have tried many ways of contacting the SORBS company but we have received no response from them. Is there a way to get delisted from their database?"   

Akhter, you're hardly the first person to complain about non-response from SORBS, or issues with trying to get de-listed. I think the short answer is, no, you're not likely to get any traction beyond your previous attempts. As long as you submitted any requests to SORBS via the methodology they've requested, there's not much else you can do there, and the people behind SORBS can get quite angry if you keep trying to talk to them.

Okay, so let's set that aside, because you're not going to resolve the issue that way. What else can you do here?

First, make sure that your email messages are really blocked from sending to somewhere that really matters. The details of your listing show that you've been listed since October, 2008. What is making you have concerns about this now, nearly a year after the listing went into place? Often people don't really have any spam blocking issues, but they plug their IP address into an online lookup form and see the blacklisting and then that makes them freak out. Make sure you're really having issues where you are unable to mail some site due to spam blocking. If you're not, then let it go. Ignore it. It sucks to be blacklisted, but if it's not really impacting your mail, then there's simply no impact and it's not worth worrying about.

And if you do see some blocking, make sure it's really related to SORBS. SORBS is not widely used in the US (where I have the most experience), so it may be the case where you are, too. Just because somebody blocks some message of yours as spam, doesn't mean that they use SORBS. Unless you are seeing messages bounce back with errors that that explicitly mention SORBS, I wouldn't assume that SORBS is to blame.

If SORBS really is the reason for the blocking, there are two things you need to do. First, make sure you're not letting your server be used to send spam. Do you run mailing lists? Is everybody clearly and explicitly signing up for those lists? Make assumptions, or deviate from permission, and you're going to be legitimately blocked as a spammer. Don't be a spammer. After you're sure you don't have a spam issue you have to address, contact the site blocking your mail. Use another email address, or call them on the phone. Explain to them that SORBS doesn't seem willing to delist you. Explain that you're not a spammer, explain exactly why people at their site want your mail and can't receive it, then ask them to whitelist you, or that they consider ceasing their use of the SORBS blacklist.

Don't rant. Don't scream. Don't fight. Just be your own reasonable self. Explain the issues as you see them, and let the system administrator of the other side make up their own mind, based on the merits of the situation as they see it. This is often successful. And being a jerk rarely is, so don't be a jerk about it.

2 comments:

  1. Al, I would love to continue to ignore SORBS as I have for the past few years based on your excellent analysis of them published here. However I have just discovered that Return Path's SSC program actually takes SORBS seriously and has delisted one of our certified IPs because of a bogus false positive that's been in place since, coincidentally, October 2008. SORBS claims it's a compromised zombie server and it most certainly is NOT. Any advice you can offer for dealing with SSC on this? As you suggest it's highly unlikely that I will be able to get SORBS to delist this IP.

    ReplyDelete
  2. Our decision to use or not use any of the DNSBLs we reference was made based upon the footprint of the DNSBL, difficulty in becoming listed and facility in being removed.

    We took a long list of DNSBLs, and put them up for rating based on these criteria, by numerous industry experts. The senior technical advisers from MAAWG were involved in the blind-vote survey, as we several DNSBL operators; the two chairs of the MAAWG Senders' Subcommittee, and of course our team at Return Path.

    We ultimately weighted DNSBLs as critical (one listing suspends an IP), Significant (requires an IP to be listed at two DNSBLs to be suspended), and 'informational, the latter upon which no compliance action is taken.

    SORBS falls into the 'Significant' level, and whatever IP Mr. Patti is referring to is on both SORBS and another DNSBL, thus resulting in a suspension, until such time as one, or the other (or hopefully both) can be dealt with.

    --
    Neil Schwartzman
    Director, Certification Security & Standards
    Return Path Inc.
    0142002038

    ReplyDelete

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.