|
The Spam and Open Relay Blocking System (SORBS) was conceived as an anti-spam project
where a daemon would check "on-the-fly", all servers from which it received email to
determine if that email was sent via various types of proxy and open-relay servers. The daemon
was not particularly well written and served as a lesson in programming for its original
author, Michelle Sullivan.
The daemon still exists and works, though with the latest computer piracy by spammers being
hijacking by way of Trojan, there are not many servers stopped. If you are interested in
the daemon it is available for download and use at:
http://www.au.sorbs.net/sorbs/. During November 2001, the daemon was deployed alongside
a number of prominent mail servers that received around 1 million emails per day. The result
was a database of approximately 78,000 proxy servers collected over a 2 month period.
The SORBS DNSbl was born November 2002. It was felt that by publicizing a list of compromised
hosts, the ever-increasing flow of spam through those hosts could be stopped.
On the 6th January 2003 the SORBS DNSbl was officially launched to the public.
Since those initial 78,000 proxies the SORBS DNSbl has grown to an astounding 30 million listed
hosts (more statistics at: http://www.sorbs.net/home/stats.shtml.
SORBS has expanded over the years to include, hacked and hijacked servers,
formmail scripts, Trojan infestations (particularly those with backdoors), and more recently
made the move to pre-emptively list all dynamically allocated IP address space.
Other SORBS innovations are the SORBS spam firewall, which has in testingu proved to be better than
99.96% accurate at differenciating spam from real email at ISP input speeds.
SORBS provides its lists free for access to the world, and hopes to continue to do so whilst spam is
still a significant problem. SORBS itself is just a name and as such hides many organisations'
contributions to the world in the fight against Internet abuse, some of the primary data sources
for SORBS also feed data to projects such as Team Cyrmu's
DarkNet Project with a view to either listing or shutting down as many infected/Trojaned
machines as possible. SORBS also provides data feeds to Government organisations such as the
Australian Communications and Media Authority, the
Australian Federal Police and America's
Federal Trade Commission.
If anyone would like to contribute to SORBS or has any suggestions for new detection routines,
and/or hosts to be listed, the SORBS team would love to hear from you. Please use the
Mail/Contact Form to get in touch and discuss your thoughts.
|