SORBS vs Tor and the world

Nick Mathewson nickm at
Mon Jan 7 21:40:15 UTC 2008

On Mon, Jan 07, 2008 at 09:33:50AM -0500, Michael Holstein wrote:
> >and no involvement with SORBS idiots is required.
> If you don't like SORBS, don't use them.
> TOR doesn't try to be invisible .. if a site admin wants to block 
> anonymous ($whatever) .. they're free to do so, and SORBS just makes it 
> easier (the TOR dnsbl).
> Statistically speaking, the volume of non-legitimate email coming from 
> anonymous routers makes TOR a pretty easy target.

We've been through this before, and so far as I know, the problems
with the SORBS Tor DNSBL remain more or less as they were before.

(I don't want to single out SORBS here; other dnsbl services for Tor
nodes have taken the same approach.)

I support everybody's right to reject anonymous email; I support
everybody's right to reject email based on any criteria they like.
It's your server.  But the last time I looked, the SORBS Tor list
tried to include _all_ Tor servers, not just the ones that are
configured to relay SMTP.

In other words, the effect of these lists is not only to block
anonymous SMTP via Tor, but also to block email from people who run
middleman Tor servers that don't deliver anonymous email at all.  That
seems pointlessly coarse-grained to me.

Now, if somebody wants to block anonymous email, and they don't mind
blocking all non-anonymous email from people running Tor servers that
don't even support anonymous email, then these dnsbls meets their
needs just fine.

On the other hand, if your only goal is to block anonymous SMTP, and
you agree that blocking all Tor servers is very overreaching, you
might instead try looking at the more targetted DNSEL service
available at
It lets you block _exactly_ those servers that relay traffic on given
ports to your address.  For a more thorough rationale, and a fairly
detailed spec of how to make a compatible implementation, see

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <>

More information about the tor-talk mailing list