Print Friendly, PDF & Email
Why SORBS Sucks

Now 7 days after the event, and SORBS is still listing our affected server.

Why do SORBS Suck? More to the point, why am I writing this negative blog post? I’m writing it because SORBS has demonstrated itself to be wholly unprofessional, slow, and inaccurate, and are causing real problems for genuine ISPs, and countless people.

7 days ago the hosting company I work for found a client who’s site had been hacked. It was quite nasty, and a perl script was pumping out spam at a pace. Within an hour or so, we had tracked it down and got it shut down. Too late. We had appeared on a couple of blacklists, including spamhause and spamcop, and SORBS (just 46 hits).

Within a few hours, the world recognised that we had stemmed the problem, and all was fine again… or was it…

SORBS still listed us. We tried to remove ourselves. SORBS  has to be THE worst system I’ve ever used, ever. And I’ve used some pretty bad systems. If you’re going to allow companies to use your data to make decisions about whether or not to deliver email you at least owe it to run a service that isn’t completely broken. 

Let me give you concrete examples:

We couldn’t remember the password on an old account. Our fault, but not an uncommon issue, a quick password reset should do it right? The system wouldn’t let us reset it.

So, we created a new account. The confirmation email never arrived, I don’t think it was dispatched.

We attempted on 5 different occasions over a 3 day period to request a reset.

The system would take ages to deliver a message of the format;

“Confirmation email resent to: <BLANKNESS>”

Notice the blankness, it’s like the DB had timed out and it hadn’t got the value, or didn’t know it?!

o.k, this is ridiculous, I need support. But wait! You need an account! How delightful! I’m stuck in a catch 22.

We tried the “Talkback to SORBS” – but this throws a database correction error, and has done for the last week. Why bother having the link there if you’re not going to run it?

In the end we managed to find our old username/password otherwise we would have had to have waited however many days for the old account that you couldn’t confirm to drop off the system so that we could try again, naturally with little chance it’d actually work.

We loogged in, started the delisting process to be told I don’t have access to perform a delisting?! Having jumped through all these hoops, the SSL crap, the gammy signup, the slowness/timeouts, the broken links, now having authenticated with this steaming POS we don’t have the authority?!

It’s not like we are a tinpot organisation, RIPE can verify that a pretty sizeable IP block belongs to us.

Tags: ,

5 Responses to “SORBS SUCKS”

  1. Liam October 11, 2013 at 7:31 am #

    Agree with you here. Their site has been down for at least 3 days now. The estimated recovery date keeps changing. Currently saying it will be fixed an hour and a half ago. I have 3 of my domains getting blacklisted by them and can’t delist because they give no helpful time for the actual resolution for this. Feels so unprofessional.

  2. Greg May 29, 2013 at 4:04 pm #

    Thanks for this Blog I was about to create a blog like this myself when I came across this one. I’m having a very similar issue. My ISP has recently decided to change our static IP address because of “upgrades.” Soon after I realize that the IP that it’s been changed to is blocked by SORBS.
    3 days later, SORBS e-mail server is still down, I can’t even create a ticket to have the IP removed from their block list, and I can’t even communicate to this “Wonderful” company.
    My ISP has submitted a request, and I’ve also contacted Proofpoint, Inc. directly. No response.
    This company is a JOKE. And a company like this is capable of shutting down companies because of blocked e-mails? With this kind of professionalism and No service what-so-ever?
    If anyone is thinking of using SORBS – Please take the time to find a real, professional company other than SORBS.

  3. vicente February 13, 2013 at 10:54 pm #

    I had a similar experience a few years ago. My server was hacked and misbehaved for about one day. My server was blacklisted by SORBS and others. I cleared my server from all other lists within a few days. But SORBS required me to wait several weeks unless I wanted quick service and was willing to pay $500. I will let you guess what my reaction to that was. Two years later and I could still not clear my server from SORBS list. Eventually I contacted my ISP who apparently has more influence on SORBS than I do because they managed to clear my server within one week!

    • Steve February 28, 2013 at 3:47 pm #

      Wow, I’d love to know who your ISP was and what they did? I suspect they threw money at SORBS!

  4. Chadbag May 16, 2012 at 6:45 am #

    I could have told you this and saved you the trouble…

Leave a Reply

Bot test * Time limit is exhausted. Please reload the CAPTCHA.