Topics

moderated SORBS Spam has groups.io blacklisted again #misc


Chris Jones
 

On Tue, Dec 15, 2020 at 04:59 PM, Mark Fletcher wrote:
Following up on this...
As a further follow - up can I flag up that after a look at "our" list of Bouncing members it has become clear that alice.it and tin.it have both blacklisted groups.io as a sender. Although in our case the number of persons affected is small, across all Groups.io Account holders the number is likely to be significant. This blacklisting does not appear to have been introduced recently; a cursory investigation would suggest sometime around March / April this year.

I will try some bounce probes later to see if anything happens.

Chris


 

Hi All,

Following up on this, as the SORBS site is finally back up and I was able to figure out what happened. The listing was the result of 3 groups moving from Yahoo to us. Two of the groups sent invites to email addresses that turned out to be SORBs honeypot addresses. The third group did a direct add of an SORBs honeypot address. In all cases, the email addresses had been members of their Yahoo groups. I don't know if the addresses were bouncing at Yahoo or not.

I've requested that SORBs delist us. I've also ensured that we will not send email to these addresses (and others like them) again.

Thanks,
Mark


Bruce Bowman
 

On Sun, Dec 13, 2020 at 07:37 PM, Mark Fletcher wrote:
It's my opinion that anyone that relies on SORBs will end up with a lot of false positives. 
The OP of this problem in GMF suggests that reducing the number of concurrent connections might fix it (ref: https://groups.io/g/GroupManagersForum/message/35540 and error code 1300). I don't enough about such things to argue the point one way or the other. :-)

Hope this helps,
Bruce


Laurence Marks
 

Good luck!
Site Down for Maintainance

The SORBS service is currently undergoing maintenance. During this time, web-site and web based IP reputation tools will be unavailable. DNS Query services will remain available during this time, however updates (new listings and delisting) will be delayed until maintenance is complete. Please check back with any inquiries as we are unable to process these during maintenance. We apologize for any inconvenience and appreciate your patience. This maintenance period is expected to last 12-24 hours.


Duane
 

On Sun, Dec 13, 2020 at 06:50 PM, Mark Fletcher wrote:
There are so many bad email services out there; I have often pondered launching my own (not free) service.
As soon as Groups.io is completed, we'll support you! ;>)

Duane


 

On Sun, Dec 13, 2020 at 4:42 PM Mike Capelle <mcap@...> wrote:

So, is it safe to use spectrum with groups.io, or stick with fast amil?



I don't have any data handy to tell you which way to go, but my gut says sticking with Fastmail is the way to go. In my experience, dedicated email services that you pay for are generally more reliable than the ones associated with cable companies. There are so many bad email services out there; I have often pondered launching my own (not free) service.


Mark 


Mike Capelle <mcap@...>
 

So, is it safe to use spectrum with groups.io, or stick with fast amil?

 

From: main@beta.groups.io <main@beta.groups.io> On Behalf Of Mark Fletcher
Sent: Sunday, December 13, 2020 6:37 PM
To: main@beta.groups.io
Subject: Re: [beta] SORBS Spam has groups.io blacklisted again #misc

 

On Sun, Dec 13, 2020 at 4:26 PM Bruce Bowman <bruce.bowman@...> wrote:

Mark -- They're at it again. See search below. I wasn't able to get the "details" without paying. This is affecting those on Charter/Spectrum/Roadrunner.

 

Sigh. That's for our second email server. Our original email server's been listed since last spring. Email delivery is split evenly between the two machines. 

 

I've tried to get our original email server delisted for many months now, with no luck. The SORBs site is down for maintenance right now, so I can't try to delist the other mail server. I will try to do so once they come back up.

 

I checked the logs on that machine, and email to Charter/Roadrunner is being successfully delivered (I didn't see any Spectrum activity from the logs I checked). We're not seeing an increase in delivery failures.

 

It's my opinion that anyone that relies on SORBs will end up with a lot of false positives. 

 

Thanks,

Mark


Mike Capelle <mcap@...>
 

Yes, when I retried spectrum, I had nothing but issues.

I am glad I went back to fastmail.

 

From: main@beta.groups.io <main@beta.groups.io> On Behalf Of Bruce Bowman
Sent: Sunday, December 13, 2020 5:46 PM
To: main@beta.groups.io
Subject: [beta] SORBS Spam has groups.io blacklisted again #misc

 

Mark -- They're at it again. See search below. I wasn't able to get the "details" without paying. This is affecting those on Charter/Spectrum/Roadrunner.

FYI,
Bruce

  We notice you are on a blacklist.  Click here for some suggestions

Checking 66.175.222.108 against 86 known blacklists...
Listed 1 times with 0 timeouts

 

Blacklist

Reason

TTL

ResponseTime

 

 LISTED

SORBS SPAM

66.175.222.108 was listed  Detail

3600

2

Ignore

 OK

0SPAM

 

 

2

 

 OK

Abuse.ro

 

 

146

 

 OK

Abusix Mail Intelligence Blacklist

 

 

1

 

 OK

Abusix Mail Intelligence Domain Blacklist

 

 

1

 

 OK

Abusix Mail Intelligence Exploit list

 

 

1

 

 OK

Anonmails DNSBL

 

 

2

 

 OK

BACKSCATTERER

 

 

1

 

 OK

BARRACUDA

 

 

1

 

 OK

BLOCKLIST.DE

 

 

1

 

 OK

CALIVENT

 

 

2

 

 OK

CASA CBL

 

 

1

 

 OK

CBL

 

 

1

 

 OK

CYMRU BOGONS

 

 

2

 

 OK

DAN TOR

 

 

1

 

 OK

DAN TOREXIT

 

 

1

 

 OK

DNS SERVICIOS

 

 

2

 

 OK

DRMX

 

 

1

 

 OK

DRONE BL

 

 

2

 

 OK

FABELSOURCES

 

 

1

 

 OK

HIL

 

 

1

 

 OK

HIL2

 

 

1

 

 OK

Hostkarma Black

 

1959

1

 

 OK

IBM DNS Blacklist

 

 

2

 

 OK

ICMFORBIDDEN

 

 

1

 

 OK

IMP SPAM

 

 

1

 

 OK

IMP WORM

 

 

0

 

 OK

INTERSERVER

 

 

8

 

 OK

ivmSIP

 

 

1

 

 OK

ivmSIP24

 

 

0

 

 OK

JIPPG

 

 

1

 

 OK

KEMPTBL

 

 

1

 

 OK

KISA

 

 

193

 

 OK

Konstant

 

 

1

 

 OK

LASHBACK

 

 

1

 

 OK

LNSGBLOCK

 

 

1

 

 OK

LNSGBULK

 

 

1

 

 OK

LNSGMULTI

 

 

1

 

 OK

LNSGOR

 

 

1

 

 OK

LNSGSRC

 

 

1

 

 OK

MADAVI

 

 

1

 

 OK

MailBlacklist

 

 

1

 

 OK

MAILSPIKE BL

 

 

68

 

 OK

MAILSPIKE Z

 

 

69

 

 OK

MSRBL Phishing

 

 

1

 

 OK

MSRBL Spam

 

 

1

 

 OK

NETHERRELAYS

 

 

2

 

 OK

NETHERUNSURE

 

 

1

 

 OK

NIXSPAM

 

 

1

 

 OK

Nordspam BL

 

 

2

 

 OK

Nordspam DBL

 

 

1

 

 OK

NoSolicitado

 

 

1

 

 OK

ORVEDB

 

 

1

 

 OK

PSBL

 

 

1

 

 OK

RATS Dyna

 

 

18

 

 OK

RATS NoPtr

 

 

17

 

 OK

RATS Spam

 

 

17

 

 OK

RBL JP

 

 

1

 

 OK

RSBL

 

 

1

 

 OK

SCHULTE

 

 

1

 

 OK

SEM BACKSCATTER

 

 

1

 

 OK

SEM BLACK

 

 

1

 

 OK

Sender Score Reputation Network

 

 

1

 

 OK

SERVICESNET

 

 

1

 

 OK

SORBS BLOCK

 

 

1

 

 OK

SORBS DUHL

 

 

1

 

 OK

SORBS HTTP

 

 

1

 

 OK

SORBS MISC

 

 

1

 

 OK

SORBS NEW

 

 

1

 

 OK

SORBS SMTP

 

 

1

 

 OK

SORBS SOCKS

 

 

0

 

 OK

SORBS WEB

 

 

1

 

 OK

SORBS ZOMBIE

 

 

1

 

 OK

SPAMCOP

 

 

1

 

 OK

Spamhaus ZEN

 

 

1

 

 OK

SPFBL DNSBL

 

259059

2

 

 OK

Suomispam Reputation

 

 

1

 

 OK

SWINOG

 

 

0

 

 OK

TRIUMF

 

 

1

 

 OK

TRUNCATE

 

 

2

 

 OK

UCEPROTECTL1

 

 

1

 

 OK

UCEPROTECTL2

 

 

1

 

 OK

UCEPROTECTL3

 

 

1

 

 OK

Woodys SMTP Blacklist

 

 

1

 

 OK

WPBL

 

 

1

 

 OK

ZapBL

 

 

1

 

reverse lookup

smtp diag

subnet tool

Reported by mxtoolbox.com on 12/13/2020 at 5:43:10 PM, just for you.  Transcript


 

On Sun, Dec 13, 2020 at 4:26 PM Bruce Bowman <bruce.bowman@...> wrote:
Mark -- They're at it again. See search below. I wasn't able to get the "details" without paying. This is affecting those on Charter/Spectrum/Roadrunner.


Sigh. That's for our second email server. Our original email server's been listed since last spring. Email delivery is split evenly between the two machines. 

I've tried to get our original email server delisted for many months now, with no luck. The SORBs site is down for maintenance right now, so I can't try to delist the other mail server. I will try to do so once they come back up.

I checked the logs on that machine, and email to Charter/Roadrunner is being successfully delivered (I didn't see any Spectrum activity from the logs I checked). We're not seeing an increase in delivery failures.

It's my opinion that anyone that relies on SORBs will end up with a lot of false positives. 

Thanks,
Mark


Bruce Bowman
 

Mark -- They're at it again. See search below. I wasn't able to get the "details" without paying. This is affecting those on Charter/Spectrum/Roadrunner.

FYI,
Bruce

  We notice you are on a blacklist.  Click here for some suggestions
Checking 66.175.222.108 against 86 known blacklists...
Listed 1 times with 0 timeouts

  Blacklist Reason TTL ResponseTime  
 LISTED SORBS SPAM 66.175.222.108 was listed  Detail 3600 2 Ignore
 OK 0SPAM     2  
 OK Abuse.ro     146  
 OK Abusix Mail Intelligence Blacklist     1  
 OK Abusix Mail Intelligence Domain Blacklist     1  
 OK Abusix Mail Intelligence Exploit list     1  
 OK Anonmails DNSBL     2  
 OK BACKSCATTERER     1  
 OK BARRACUDA     1  
 OK BLOCKLIST.DE     1  
 OK CALIVENT     2  
 OK CASA CBL     1  
 OK CBL     1  
 OK CYMRU BOGONS     2  
 OK DAN TOR     1  
 OK DAN TOREXIT     1  
 OK DNS SERVICIOS     2  
 OK DRMX     1  
 OK DRONE BL     2  
 OK FABELSOURCES     1  
 OK HIL     1  
 OK HIL2     1  
 OK Hostkarma Black   1959 1  
 OK IBM DNS Blacklist     2  
 OK ICMFORBIDDEN     1  
 OK IMP SPAM     1  
 OK IMP WORM     0  
 OK INTERSERVER     8  
 OK ivmSIP     1  
 OK ivmSIP24     0  
 OK JIPPG     1  
 OK KEMPTBL     1  
 OK KISA     193  
 OK Konstant     1  
 OK LASHBACK     1  
 OK LNSGBLOCK     1  
 OK LNSGBULK     1  
 OK LNSGMULTI     1  
 OK LNSGOR     1  
 OK LNSGSRC     1  
 OK MADAVI     1  
 OK MailBlacklist     1  
 OK MAILSPIKE BL     68  
 OK MAILSPIKE Z     69  
 OK MSRBL Phishing     1  
 OK MSRBL Spam     1  
 OK NETHERRELAYS     2  
 OK NETHERUNSURE     1  
 OK NIXSPAM     1  
 OK Nordspam BL     2  
 OK Nordspam DBL     1  
 OK NoSolicitado     1  
 OK ORVEDB     1  
 OK PSBL     1  
 OK RATS Dyna     18  
 OK RATS NoPtr     17  
 OK RATS Spam     17  
 OK RBL JP     1  
 OK RSBL     1  
 OK SCHULTE     1  
 OK SEM BACKSCATTER     1  
 OK SEM BLACK     1  
 OK Sender Score Reputation Network     1  
 OK SERVICESNET     1  
 OK SORBS BLOCK     1  
 OK SORBS DUHL     1  
 OK SORBS HTTP     1  
 OK SORBS MISC     1  
 OK SORBS NEW     1  
 OK SORBS SMTP     1  
 OK SORBS SOCKS     0  
 OK SORBS WEB     1  
 OK SORBS ZOMBIE     1  
 OK SPAMCOP     1  
 OK Spamhaus ZEN     1  
 OK SPFBL DNSBL   259059 2  
 OK Suomispam Reputation     1  
 OK SWINOG     0  
 OK TRIUMF     1  
 OK TRUNCATE     2  
 OK UCEPROTECTL1     1  
 OK UCEPROTECTL2     1  
 OK UCEPROTECTL3     1  
 OK Woodys SMTP Blacklist     1  
 OK WPBL     1  
 OK ZapBL     1  
reverse lookup smtp diag subnet tool
Reported by mxtoolbox.com on 12/13/2020 at 5:43:10 PMjust for you.  Transcript