When the cure is worse than the disease

Internet spam email is a big problem, there is no denying. There are many approaches to identifying and blocking spam, and none of them are foolproof. But there is also a clear difference between techniques – some are less reliable than others. Much less.

An outfit known as SORBS (www.sorbs.net) provides some useful spam-filtering services, some of which we use. They maintain several lists, but the most useful one is a list of “dynamic IP addresses”. Generally users on these IPs should be using their ISP’s email server. This is reasonable, and there are easy ways around it in cases where it’s a problem.

But SORBS also maintains a list of “known spam sources”. We do not use this one, because in our experience this list results in many false positives.

Indeed – we now find ourselves on this SORBS blacklist, all over a total of three (3!!) emails received by them over the past year. Near the end of January 2009, one of our customer email accounts was compromised because it had a weak password, and a lot of spam was sent from it. We fixed the problem pretty quickly, and were able to be removed from most blacklists very quickly. Most administrators are reasonable, and understand that things like this happen.

Not so SORBS. SORBS apparently is run by a cadre of irrational fanatics. Again, over three emails, they refuse to remove us from their list unless we 1) filter outgoing emails by content, or 2) pay them a fine.

A fine? What? $550 is the price they’re asking to be removed from their list. This is apparently quite a revenue source for them. In some countries, it would be called extortion, or racketeering.

They further refuse to provide any help to us whatever, in identifying spam, in letting us know before we are blocked that there is a problem. Their philosophy is “block immediately, provide no information that could help you stop the spam, and pay us to get off the list.”

This is patently irrational and unproductive. All other major spam blocking efforts provide feedback mechanisms, so that email providers like foreThought.net can be proactive in eliminating spam from compromised customers. SORBS refusal to help in any way does not help stop spam – all it does it is make them feel powerful and cause a lot of people a lot of headaches.

We refuse to abide by either of their criteria for being removed from their list. First off, we refuse to filter outbound email by content. Content filtering, for example dropping emails that have the words “bank manager” in them, is extremely unreliable and causes many false positives. Were we to implement even the best of these approaches, our customers would have great ongoing difficulties sending emails, you would have to constantly be on guard not to put key words in your emails.

Second, we’re not going to pay any money whatever to a group of anonymous and unaccountable people who for all we know, are simply lying about having received spam from us. How can we know? They won’t share any information with us.

As a long-time member of the Internet community, I highly recommend that noone use the SORBS “known spam sources” list. SORBS attitude, arrogance and unwillingless to be partners in fighting spam make this list extremely unreliable.