SORBS Spam Blacklist Issue Results in Undelivered Emails Worldwide

Data corruption, which occurred during a database migration operation of the SORBS spam blocking system, has resulted in millions of legitimate emails being returned to sender around the world.

SORBS (Spam and Open Relay Blocking System) was created in 2002 to maintain a list of open-relay proxy servers abused by spammers to send junk emails.

However, it has since evolved into a fully-blown anti-spam project, which maintains several blacklists allowing for customized filtering. The project was acquired by GFI Software in November last year.

The Register reports that a lot of email servers, which use SORBS were unable to receive many legitimate emails on Wednesday and Thursday, because their originating IPs were improperly tagged as spam sources.

The problem was related to a data corruption incident, which occurred while migrating the blocklist database to a new version of the SORBS system.

The affected table stored entries for the project's dynamic user and host list (DUHL), which contains entire netblocks of dynamic IP addresses.

SORBS founder and manager Michelle Sullivan, said that over 79,000 entries were corrupted and they amount to millions of hosts.

Restoring the entries and pushing the database changes to email servers around the world could take up to 24 hours, which led to the decision to temporarily disable DUHL entirely.

While this will stop servers from filtering spam based on DUHL listings, it's better than blocking legitimate and potentially important emails.

"During our Migration from SORBS1 to SORBS v2.0 the historical DUHL listings were migrated and the historical flag as not set at the same time," Sullivan wrote in response to reports about the problems.

"Net result is 400k netblocks were inserted as 'current' where only 300k were live listings, the remainder (in some cases sizable ones) were relisted when the netblocks themselves had been repurposed as 'static'," she explained.

Sullivan also said that a Distributed Denial of Service (DDoS) attack against the project's website, which occurred around the same time, was mitigated, but is unrelated to the SORBS database problems.