by
dane » Fri Oct 10, 2014 5:30 pm
bear wrote:I have been a Sonic.net customer for twenty years. But this is a complete betrayal of trust. This is not filtering, this is censorship. You guys never asked my permission or got my consent to do this. You never even admitted to me that you were doing it until I ****ing tracked the attack down MYSELF, and called you on it! And now with your crippled "opt-out" offer you're making DNSSEC unavailable to me unless I allow random internet trolls and scammers to censor the sites I'm allowed to read by reporting them as malware sites?
What the hell, dudes? Who are you and what have you done to the honorable people I used to deal with?
Hi there Bear, I am sorry we've left you feeling this way.
We work hard every day to deliver a reliable service and to protect our customers from a broad array of threats. We block millions of emails every day in our SpamAssassin service. We reject thousands of telemarketing spam calls to Fusion customers. And the firewalls deployed in every Sonic customer router and at our edge block tens of millions of direct attacks on our customer IPs every day. Finally, we DNS block phishing destinations and virus distribution sources, which present a threat to our customers, their privacy, their banking and other login credentials.
This DNS blocking is similar and complimentary to the blocking done today by most browsers, including both Chrome and Internet explorer.
But based upon the feedback here, we have now made changes to the "It's a trap!" page to make clearer WHO is doing the blocking. This is somewhat challenging because the Sonic infrastructure is utilized by about seventy ISPs, each of whom must support their customers, but we have now updated the page to make clear that the blocking is done for and by the ISP, and that the end-user can contact the ISP for opt-out information.
Additionally, based upon the input that the opt-out servers are inferior because they do not include DNSSEC, we will be enabling DNSSEC on that array early next week. Note that this may result in some challenges when a remote site makes a configuration error, which is why those servers didn't include DNSSEC, but we'll have to work around those issues as they occur concurrently on both platforms.
Finally, I'd like to acknowledge that the commercial blacklist service that we use for DNS filtering is not perfect. Like our anti-spam efforts, sometimes a target is wrongly listed and blocked. It happens to email (which ends up in Graymail), and to websites (which end up at the "It's a trap" page.) In both cases members can act to engage manual intervention and whitelisting. But, we will be looking at statistics for reported bad listing over the past few months to more closely analyse the scope of that issue and the quality of the blacklist, and we'll have more data to report on that next week.
I hope these changes and my response assists in your understanding of the position we are in: It is an arms race between spammers and those who seek to abuse and compromise our customers, and we work hard to deliver the best protection that we can to all of our customers.