= Critique = On four occassions in the past month I've sent email and had it bounce back due to DNS blacklists (most specifically SORBS) since I send email from a cable modem range. These four instances were: * A university in Greece, while sending email to a professor. * A university in the Czech Republic, another to a professor. * A smaller email service provider to another Source Mage developer. * A custom email service provider in Portland. I re-sent the email from another account, but received no reply as well. What particularly disturbs me is that these methods have not merely decided to block based on a series of factors, but on an entire class of users. The whole debate about a neutral net has broken down with the email system. Users who can administer their own boxes have no way out of the blacklist, even by request, from SORBS. SORBS, thus, exists only to serve corporate interests who want to Balkanize the web into classes of "pay extra" and "users who shall have no democratizing force". If a user wants to use a blacklist, that's fine. But most of these people having their email blacklisted have no idea what is going on. More thoughts on blacklists can be found here: http://www.faqs.org/ftp/internet-drafts/draft-church-dnsbl-harmful-01.txt = Example = In one case, I was attempting to notify the person of a security vulnerability in some of their code. Since the IT department of the university is responsible for this blacklisting and they are also directly responsible for the security of said network and I have no way to communicate with them, I will simply publish the results for all to see here: http://swoolley.org/man.cgi/man Read the first paragraph -- how it points out that arguments containing a / are interpreted as files. My manual page viewer does not have this problem because I knew man had this behavior. http://www.softlab.ntua.gr/cgi-bin/man-cgi?man Oddly, no mention is made in the above manual. = Exploit = http://www.softlab.ntua.gr/cgi-bin/man-cgi?/etc/passwd So we can do something like the above url -- since he had no idea it did that, despite this package being a rewrite. I sent the author an email notifying of this, but, SORBS blacklisted my email. Thanks to SORBS, you all have first-disclosure.