Proofpoint Purchases SORBS Anti-Spam Service Assets SUNNYVALE, Calif. – August 16, 2011 – Proofpoint, Inc., the leading provider of cloud-based security and compliance solutions for enterprise messaging and collaboration, today announced it has acquired the assets of the SORBS (Spam and Open Relay Blocking System) service (http://www.sorbs.net). Approximately 200,000 organizations worldwide leverage the SORBS DNS-based Block List (DNSBL) to effectively block email from more than 12 million host servers known to disseminate spam, phishing attacks and other forms of malicious email. The purchase enables Proofpoint to develop enhanced real-time detection capabilities and intelligence about email-borne threats for its enterprise customers, based on the service’s extensive visibility into email traffic patterns and trends. Proofpoint is devoting additional development and support resources to SORBS to improve both the accuracy of the service and the timeliness of response to support and dispute inquiries. “By processing billions of requests for hundreds of thousands of organizations worldwide, SORBS offers the internet community a much-needed service and provides Proofpoint with unique visibility into global traffic trends,†said Gary Steele, CEO of Proofpoint. “This acquisition will help us continue to deliver the industry’s most innovative and effective anti-spam solutions while giving SORBS the resources it needs to be more responsive to its extensive user base and to the online community at large.†The acquisition was completed in July 2011 for an undisclosed amount. SORBS is owned and operated by a Maltese subsidiary of Proofpoint, Inc., and continues to be available as a free, standalone service. Support and service inquiries related to SORBS continue to be handled through the SORBS website at http://www.sorbs.net. Since its launch in 2003, the SORBS DNSBL has grown from a list of 78,000 to more than 12 million host servers known to disseminate spam and now processes tens of billions of requests per day. The list typically includes hosts designed specifically for spreading spam, hacked and hijacked servers, and those with Trojan infestations. In an attempt to provide preemptive protection, SORBS also lists servers with dynamically allocated IP addresses. Proofpoint is known for developing innovative and highly-effective approaches to spam detection, leveraging machine-learning techniques to accurately identify spam based on a variety of factors including message content, structure and sender reputation. Proofpoint’s commercial email security and compliance solutions are used by thousands of organizations worldwide to block spam and viruses, safeguard privacy, encrypt sensitive information, and archive messages for easier management and discovery. About Proofpoint, Inc. Proofpoint focuses exclusively on the art and science of cloud-based email security, eDiscovery and compliance solutions. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against spam and viruses, safeguard privacy, encrypt sensitive information, and archive messages for easier management and discovery. Proofpoint’s enterprise email solutions mitigate the challenges and amplify the benefits of enterprise messaging. Learn more at www.proofpoint.com. Source: http://www.proofpoint.com/news-and-...t-purchases-assets-of-SORBS-anti-spam-service A good addendum from http://blog.wordtothewise.com/ I have to wonder how reflective of actual usage numbers the “200,000 organizations†is. I do suspect that many organizations are querying the list, but I don’t know how much it’s affecting delivery. Most spamassassin installations query SORBS DUL by default. However, being listed on SORBS DUL only counts for 0.001 points. Being queried doesn’t matter if those queries don’t really affect delivery. We recently wrote about problems with the Trend/MAPS lists. Many people have contacted us about that and indicated they are no longer seeing any blocking at Comcast based on a MAPS listing. The Comcast postmaster page hasn’t been updated, but I haven’t heard of anyone having problems with listings at Comcast recently. I’m hearing conflicting reports about the other major US Trend/MAPS user, RR.com. Some people are telling me they’re seeing inbox delivery for MAPS listed IPs. Other people are telling me they’re seeing deferrals for MAPS listed IPs. In either case, it appears that the effect of a MAPS listing on delivering mail to US ISPs is less than it was a few months ago. The decisions to make this information public were not made lightly. On balance, blocklists are a valuable and important part of the email ecosystem. But they are a bit of a black box. Very few people who don’t run blocklists actually have insight into how they work and how they make decisions. There are good reasons the blocklists do this, but it does make them a bit of an unknown entity to many. In response to the ongoing damage to the email ecosystem, we decided share this information publicly. Many people tried discussions with the list maintainers and their parent companies: by phone, by email and in person. These efforts were only partially effective at getting wanted mail delivered. Because this problem was ongoing and because so many different people were attempting to resolve the problem unsuccessfully, we decided to make the information we knew public. While the listing policies don’t seem to have changed, the overall damage to the ecosystem seems to be lessening. There are a lot of people who worked very hard to bring about these changes. Many of them cannot be named, for obvious reasons. But their contribution should not be overlooked. Our position in the industry means people share issues with us and that we can share information publicly. But just because we’re the public face doesn’t mean we’re the only actors.
Now that it is owned by a company that has reputation to protect they should soon see how messed up SORBS is. Maybe they'll finally allow manual self-delisting like Barracuda.
I believe their delisting is a lot like with Spamhaus. You have to be the abuse contact for IPs and convince them why you deserve to be delisted.
Actually no. The only thing is that you have to be registered on their site. Then you look up the IP address, confirm it is listed and open a support request. If this is a first time listing, they process the request automatically within minutes. If they saw a lot of spam from that IP address you have to tell them that the spam run has been stopped. Usually works. Their support is quite sane and easy to talk with.
i cant imagine what value sorbs has, they are known for being the most aggressive and most obstinate blacklist there is, who also blocks the smallest % of email.
Good catch. I've never tried to register but read their FAQ and was kind put off by what it said. I believe it did say you have to be in full control of the IPs. Is it no longer the case?
They don't check it. Or maybe I was lucky I used my GMail address to register in their site and they did not ask me to confirm the ownership of the IP addresses. If you qualify for automatic delisting, then "Son of Robbie the Robot" (bot) will delist the IP address and you won't have to talk to their support personnel. If automatic delisting is unavailable, you will have to explain the reason (e.g., I bought a new server and its IPs were blacklisted - telling them that I am the new owner of the IP range was enough). They provide evidence for trap hits - something like this (IP was taken from http://multirbl.valli.org/detail/problems.dnsbl.sorbs.net.html): Seen/Created Time Host/Netblock Short Description/Identifier 18:35:10 20 Jul 2011 GMT+10 65.98.250.238 201107********************[email protected] "201107********************[email protected]" is a Message-ID of the email and if you log them somewhere you should be able to find out the spamtrap. "Seen/Created Time" is usually incorrect - I have seen the lags for ~5 days. If you tell them what the spamtrap was and that the list with that trap was killed, they are likely to delist you without any further questions.
I think this discussion should be moved to PH Do you have these traps identified? SORBS keeps popping up even after IW cleaning.
