Orcon on SORBS DUHL Blacklist - what does this mean?

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › Orcon on SORBS DUHL Blacklist - what does this mean?

Rikkitic

Awrrr
19065 posts

Uber Geek
+1 received by user: 16305

Lifetime subscriber

#249251 2-May-2019 16:39

I was playing around on MXtoolbox.com and was surprised to discover that Orcon is on a SORBS DUHL blacklist. I actually have no idea what this means. Long ago I was on Orcon and I kept the email account for some things when I left. I checked my other account domains and they all came up clean. I'm not bothered by this, just curious. Can anyone tell me what it means to be on this blacklist?

Plesse igmore amd axxept applogies in adbance fir anu typos

Linux

12182 posts

Uber Geek
+1 received by user: 8475

Trusted

Lifetime subscriber

#2229559 2-May-2019 16:49

Another 1 worded thread title

Damn annoying!

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#2229563 2-May-2019 16:51

this is all @sounddude's fault! :P

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Rikkitic

Awrrr
19065 posts

Uber Geek
+1 received by user: 16305

Lifetime subscriber

#2229564 2-May-2019 16:54

Linux: Another 1 worded thread title

Damn annoying!

Sorry, I didn't realise. Not sure what else to call it. I will try to add some detail if I can edit.

Plesse igmore amd axxept applogies in adbance fir anu typos

Oblivian

7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

#2229565 2-May-2019 16:55

Rikkitic:

Linux: Another 1 worded thread title

Damn annoying!

Sorry, I didn't realise. Not sure what else to call it. I will try to add some detail if I can edit.

"Orcon email server listed on SORBS blacklist - concern?"

That easy.

Anyone not on orcon viewing the forum updates tree can slide by. Anyone with a technical concern can decide to look into it.

Call it, GZs own clickbait when it's not informative.

Rikkitic

Awrrr
19065 posts

Uber Geek
+1 received by user: 16305

Lifetime subscriber

#2229571 2-May-2019 17:01

Oblivian:

Anyone not on orcon viewing the forum updates tree can slide by. Anyone with a technical concern can decide to look into it.

Call it, GZs own clickbait when it's not informative.

Not obvious to me and I have to think about it. I come from a journalism background and was taught to think in short, snappy headlines. Not clickbait but not wordy either. Sometimes old habits die hard. I'm not going out of my way to annoy people.

Plesse igmore amd axxept applogies in adbance fir anu typos

MichaelNZ

1594 posts

Uber Geek
+1 received by user: 485

Trusted

Net Trust Ltd

#2229650 2-May-2019 18:37

Rikkitic:

I was playing around on MXtoolbox.com and was surprised to discover that Orcon is on a SORBS DUHL blacklist.

[.....]

I'm not bothered by this, just curious. Can anyone tell me what it means to be on this blacklist?

It means one or more of their clients has been compromised by a spammer and/or used their mail server for spamming. This happens to most ISP's so it's not an Orcon specific issue.

It means email you send through them will likely end up in the recipient's spam/junk folder.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers | ZL2NET

AliExpress

Shop now on AliExpress (affiliate link).

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#2229658 2-May-2019 18:39

MichaelNZ:

Rikkitic:

I was playing around on MXtoolbox.com and was surprised to discover that Orcon is on a SORBS DUHL blacklist.

[.....]

I'm not bothered by this, just curious. Can anyone tell me what it means to be on this blacklist?

It means one or more of their clients has been compromised by a spammer and/or used their mail server for spamming. This happens to most ISP's so it's not an Orcon specific issue.

It means email you send will likely end up in the recipient's spam/junk folder.

if your the one hosting the mail server.

It doesnt mean any email you send from your connection will be spam (your reply is right just reads in a way that will be taken otherwise)

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Sounddude

I fix stuff!
1935 posts

Uber Geek
+1 received by user: 640

Trusted

2degrees

Lifetime subscriber

#2229682 2-May-2019 19:24

SORBS DUHL is a list of ISP Dynamic IP's.

So yea, I would expect all our (and other ISP's IP) dynamics to be in that list if Sorbs are doing their job correctly.

I don't recommend running mail servers on residential connections with dynamic IP's. Alot of mail servers will downgrade the reputation of the email based on the DUHL list so more likley to trigger the spam scripts and get dropped.

tdgeek

30048 posts

Uber Geek
+1 received by user: 9455

Trusted

Lifetime subscriber

#2229685 2-May-2019 19:36

Sounddude:

SORBS DUHL is a list of ISP Dynamic IP's.

So yea, I would expect all our (and other ISP's IP) dynamics to be in that list if Sorbs are doing their job correctly.

I don't recommend running mail servers on residential connections with dynamic IP's. Alot of mail servers will downgrade the reputation of the email based on the DUHL list so more likley to trigger the spam scripts and get dropped.

How does it know that the ISP IP is a dynamic? I come across Trend Micro saying the IP is not a Static IP, (it is) and they require a rDNS to confirm it is static. So TM has no idea, they base an IP on their rule, not on reality

MichaelNZ

1594 posts

Uber Geek
+1 received by user: 485

Trusted

Net Trust Ltd

#2229722 2-May-2019 19:59

tdgeek:

How does it know that the ISP IP is a dynamic? I come across Trend Micro saying the IP is not a Static IP, (it is) and they require a rDNS to confirm it is static. So TM has no idea, they base an IP on their rule, not on reality

Checking for the existance of an rDNS makes a lot of sense as a signal. If the IP address has no rDNS set then one can read that it's not mission critical.

On that topic it's pretty much universal to have to set a mail server IP rDNS equal to the hostname to not get mail spam binned.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers | ZL2NET

Sounddude

I fix stuff!
1935 posts

Uber Geek
+1 received by user: 640

Trusted

2degrees

Lifetime subscriber

#2229732 2-May-2019 20:08

tdgeek:

How does it know that the ISP IP is a dynamic? I come across Trend Micro saying the IP is not a Static IP, (it is) and they require a rDNS to confirm it is static. So TM has no idea, they base an IP on their rule, not on reality

Not sure. Magic smoke and mirrors! Probably a mixture of rDNS and underpant gnomes.

I don't know many ISP's who trust the SORBS DUHL list for that reason. There are many other checks which are far better.

Geekzone

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).

tdgeek

30048 posts

Uber Geek
+1 received by user: 9455

Trusted

Lifetime subscriber

#2229734 2-May-2019 20:09

MichaelNZ:

tdgeek:

How does it know that the ISP IP is a dynamic? I come across Trend Micro saying the IP is not a Static IP, (it is) and they require a rDNS to confirm it is static. So TM has no idea, they base an IP on their rule, not on reality

Checking for the existance of an rDNS makes a lot of sense as a signal. If the IP address has no rDNS set then one can read that it's not mission critical.

On that topic it's pretty much universal to have to set a mail server IP rDNS equal to the hostname to not get mail spam binned.

Yes, its not mission critical but its still an ISP Static IP that is taken as dynamic. AFAIK its when users use TM for spam management.

MichaelNZ

1594 posts

Uber Geek
+1 received by user: 485

Trusted

Net Trust Ltd

#2229735 2-May-2019 20:10

Sounddude:

I don't know many ISP's who trust the SORBS DUHL list for that reason. There are many other checks which are far better.

Nobody soley "trusts SORBS DUHL". It's just one of many cumulative-scoring checks.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers | ZL2NET

MichaelNZ

1594 posts

Uber Geek
+1 received by user: 485

Trusted

Net Trust Ltd

#2229743 2-May-2019 20:17

tdgeek:

Yes, its not mission critical but its still an ISP Static IP that is taken as dynamic. AFAIK its when users use TM for spam management.

I suggest a wider view on this. The internet is hieratical and home users with on-demand connections which they just use for surfing at are the bottom of the pyramid.

Put another way, even if an ISP calls it a "static IP" all they mean is their radius issues the same IP each time to a given user. Correctly speaking real "static IP addressing" lacks any such dynamic or on demand features. This is how the NOC at an ISP functions.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers | ZL2NET