Slashdot Mirror

This is a perfect example of why you should never just arbitrarily block email because it comes from an IP on a list. Instead, programs like SpamAssassin are useful because they use blocklists as a factor, one among many, in determining whether to treat a message as "spam".

The problem with just using SpamAssassin is that it's very CPU-intensive. And when the spam's already got onto your mailserver, has already cost you in storage space and bandwidth.

SpamAssassin is good as a second (or third) line of defense, but an RBL is much cheaper from the CPU/bandwidth/storage perspective - hence one or more RBLs is preferable as a first line of defense.

The cool thing about RBLs is the wide selection. Are you happy to block confirmed open relays? No worries. Do you want to block all of South Korea, as you never recieve legit mail from there? No worries. Do you want to block known and thoroughly reprehensible spam gangs that have been booted off three or more ISPs? No worries.

And of course there's a variety of other blocklists, all with their own published criteria and standards. No one says which ones you have to use. No one says you have to use any of them.

But the major point is, if you're a target of a blocklist, there's a reason for it (assuming the list admins didn't make a mistake, which does happen very occasionally). And there are always ways you can deal with the listing, ranging from ignoring it to smarthosting email to changing your mailserver IP.

SPEWS are absolutely consistent with their listing criteria, and always have been. If you're not a spammer and you've been included in a netblock listed by SPEWS in Level 1, it is always after your ISP has been repeatedly warned and they've done nothing about the problem spammer.

A SPEWS listing always starts with individual IPs. Beyond that point, it's the ISP's problem.

After reading all of this SPAM stuff, I went to go visit http://www.orbs.org/ only to find this:

Due to circumstances beyond our control, the ORBS website is no longer available.

Does anyone know what's up with that?

Try ORBS, the Open Relay Behavior-modification System. It is a cool service that looks for open relays on the Internet and adds them to a their database when found. This is far less political than MAPS, as it is automated and affects ANYONE who runs an open relay. It's easy to secure a mailserver appropriately, so anyone with an open relay is either ignorant, doesn't care or is simply unaware that their server is open. ORBS takes care of that one way or another.

My problem is that certain admins of companies I converse with are too f****** lazy to fix their servers (even though it would take 5 minutes) and are listed in ORBS. SO, I can't use it. :P

The mechanism is similar to MAPS, utilizing DNS, so if your software can be made to do hostname lookups, then you can use ORBS.

Realtime Blackhole Lists tell your MTA if the sender is acceptable based on a DNS-type query. The two that I know of are Mail-abuse.org's RBL and ORBS

There is some concern that things get denied accidentally...But at this point, I would rather risk losing 1 piece of mail every now and then than be bombarded with 20 spams a day.

Someone beat you to it.

Why not just pick up on where MAPS and ORBS left off. They give a pretty good (arguably, I know) service in marking open mail relays and email addresses used by spammers.

Why not use similar technologies for web sites? Just maintain a list of IPs, domains and specific URLs which should be filtered? What SHOULD happen, though, is some sort of categorization and rating system. In other words, under category "sex" you might have a rating of "1" for partially nude/suggestive pictures and "10" for explicit stuff. The service would have to provide guidelines as to how to rate the URLs.

Taking this example further, one would implement a Slashdot-like moderating system to give URLs "negative karma", where the administrators of the networks using the filtering system have the opportunity to place their votes on which stuff they want hidden most.

On the user's end, the network admins could have the ability to screen based on category and rating (like, filter category Sex with negative karma above 4), and the ability to override the rating of a particular site if they feel that it was marked unfairly (or get user complaints about a bad filter).

This system will obviously be very dependent on good guidelines and good participation on the part of the network admins. Obviously a free system wouldn't be able to afford to have full-time staff finding stuff to filter, but the good part about this is the list would be dynamic. Perhaps the database could be automagically downloaded weekly from a central repository in a cron job somewhere, giving the network the latest and greatest of the filters. Again, the overrides the admin put in place at the user's end would take effect, so any updates to the overridden site's rating will be ignored.

untestable-netblocks.orbs.org - netblocks known to contain open relays and which have been proven to be blocking the ORBS tester or who have demanded that ORBS not test. Returns 127.0.0.7. Updated: hourly

Come on, this is not called fine granularity.

Fine. That'll make it all the easier for groups like ORBS and MAPS to isolate spam-friendly IP blocks and mail servers from the rest of the Internet.

I can sacrifice the off chance of receiving something from someone I know from Switzerland if it eliminates all spam sent to my account. Sooner or later, the netizens of Switzerland will demand that their own government take action as well to end the Internet embargo.

I've disliked MAPS ever since hearing about their treatment of ORBS, and this just makes me dislike them even more.

The ends do not justify the means.

Teleglobe.net does:
traceroute to marketingmasters.com (209.211.253.74), 30 hops max, 40 byte packets
1 129.125.101.252 (129.125.101.252) 0.788 ms 0.618 ms 0.6 ms
2 AR1.Groningen.surf.net (145.41.81.133) 1.008 ms 2.312 ms 0.862 ms
3 BR2.Enschede.surf.net (145.41.7.241) 4.877 ms 3.87 ms 4.026 ms
4 BR7.Amsterdam.surf.net (145.41.7.169) 7.638 ms 7.382 ms 7.328 ms
5 BR2.NewYork.surf.net (145.41.0.90) 81.094 ms 82.464 ms 84.262 ms
6 if-1-9.core1.NewYork.Teleglobe.net (207.45.196.69) 81.191 ms 79.558 ms 80.556 ms
7 if-7-1.core1.Montreal.Teleglobe.net (64.86.80.29) 86.712 ms 87.256 ms 86.903 ms
8 if-1-0-0.bb1.Montreal.Teleglobe.net (207.45.221.163) 148.554 ms 96.395 ms 107.36 ms
9 * * *
10 * * *
snip: it goes on to 30 hops.

I am glad they do, it makes a big difference in the amount of spam. DUL, RSS and ORBS take care of the small spammers.

You shouldn't tar MAPS with the ORBS brush. For the last year or so, all of my mail gets extra headers added based on which of the lists (ORBS, MAPS RBL, MAPS RSS, MAPS DUL) it matches.

I frequently find that ORBS would block mail I'd like to receive, whereas the MAPS RBL and RSS never do, and the DUL would only rarely. For a normal ISP, I'd guess that ORBS would be a nightmare, but the RBL would be pretty much OK.

Of course, for me, I keep all my spam so I can feed it to SpamCop.

I run a mail server and employ the MAPS's RBL and ORBS's DULs to save me the headache of some spam. A while ago I was informed of ORBS's encounters with Above.net and Paulie Vix. I think Paul Vix is an incredible horrible person and his methods are evil (Above.net routers were advertising routes for ORBS, then dropping any packets they attracted according to the orbs site.)ORBS seems to have stopped proclaiming the evilness of MAPS openly, but you can still see many statements on the site leading to that assumption. So, this will not stop me from using RBL, it works for me, as my web traffic is not in any way related to my mail traffic or MAPS. I don't endorse Paul Vix or MAPS, but the level of spam I recieve is disgusting, anything I can do to cut down on it I will. As a matter of fact, I personally block any spamming servers (i.e. sprintmail.com) that the RBL's and DUL's refuse to block, yet it seems I get more and more SPAM every day. Perhaps we need more of those exocution-style killings of spammers like we had in MA a few years back.

This site uses some very tough filters:

• The MAPS RBL, which blocks notorius spammers and sometimes even puts their uplinks on the RBL.
• The Open Relay Behaviour Modification System which tests and lists open relays (This is the filter that blocks most of the SPAM for me)
• An ISP-"Scorelist", which means that email that comes from an ISP with a high score has to be confirmed again from the sender because SpamCop wants to see if the return address is forged.

The negative impact is that there is about one piece of mail per week SpamCop holds back. And people who send email to me are often people who cannot understand the confirmation request.

So I think that this war cannot be won. After my experiences with ORBS, MAPS and SpamCop, I must say that having a nearly spam-free mailbox has severe disadvantages, and I think that there are lots of people who will accept SPAM in the end; simply because it is too difficult to build filter software that filters most SPAM and is user-friendly at the same time.

#include <devils_advocate>

Before everyone goes off ranting and raving about censorship, I'd like to point out that the same argument that lets ORBS and the RBL off the hook applies here. We say that it's acceptable for ISPs to block known spammers because spam is a nuisance to the internet community, and because the ISP is a private business, and customers can always choose not to do business with them if they don't like their policies.

Well, in some ways, the same applies here. If kinky porn is offensive to the majority of the members of the community, the ISP may be right to block it. And again, those who don't like it, don't have to purchase Internet access from the ISP.

--

I know for a fact that some of these groups do network scans (which they often claim they do not do); since they do most of the scans via private network accounts they don't get caught in log files. You're painting a mighty broad brush there. :)
The reference to "network scans" (in itself a subjective term) is referring to ORBS and, possibly, the now-defunct IMRSS. See my previous post for information on the differences between the various anti-spam IP lists. Neither of these lists has anything to do with MAPS. MAPS considers active networking scanning abusive. However, having received a spam, then testing to see if the offending machine is an open relay would not be considered a "network scan". Note: I am not an employee of MAPS. I do not speak for MAPS in any capacity. Rather, from a position of familiarity with their policies.

--

For instance, the way they blackhole anyone who runs an open SMTP server, even if it's not being used for spamming, or has spam filtering built in. You don't know what MAPS RBL does. You appear to be referring to ORBS.
Various blocklists... ORBS - Open Relay Behaviour-modification System
Open relay blocklist. Not affiliated in any way with MAPS. Blocks open SMTP relays. Does not require that the relay actually be used to send spam. MAPS RBL - Realtime Blackhole List
List of IP addresses of machines owned by providers who are know to be spam friendly. Manual submission. [Relatively] difficult to be placed on. This is as much admin behavior modification as spam blocking. To be used for blocking at SMTP level or BGP filtering (i.e. blackholing on the TCP/IP layer). MAPS RSS - Relay Spam Stopper
List of IP addresses of machines that contain open relays. Differs from ORBS because they don't actively scan for open relays and they require a sample of the spam before considering listing. To be used for blocking at SMTP level. MAPS DUL - Dial-up User List
List of IP addresses of dialup modem pools. To be used for SMTP blocking, but only blocking a "direct connection". Many believe that a dial-up user has no business attempting to pose as an SMTP server rather than an SMTP client. Spammers use direct-to-MX programs to bypass any sort of filtering/throttling their ISP might use on their dedicated SMTP servers. This prevents such spam from getting through. Please note that none of these lists block on content. They are all lists of IPs.

--

AFAIK, most of the users of the RBL are admins for corporations who are simply trying to reduce the noise level within their company's network. Most ISPs seem to have an open-door policy and/or offer their customers options for spam filtering.

Of course, there are other ways to fight back:

SpamCop
ORBS

I set up an address solely for anyone responding to my /. posts. I've never sent any mail from that address, but I've received spam on it. Ditto my address for Technocrat, which is different.

Some scum has the minimal smarts needed to scan weblogs for addresses. Ah, well, time for RBL/ORBS/whatever.

How's an admin s'posed to find out he's running broken code, if the one who finds it doesn't tell anybody? It's the same concept as the MAPS Realtime Blackhole List, and the list of open mail relays--refuse enough mail from an open mail server, and the mailserver admin will have to fix his relay. Make public the fact that version x of whatever software package has a security hole, and admins will either fix it or risk losing data. Plus, OTHER admins will have the opportunity to seek solutions as well...

No! I'm not advocating for big brother. Let me give a small example. Kuro5hin should have turned off (via firewall/packet filter) the abusers. The other people who used addresses in those same ranges would have the recourse of going to their ISP and getting the miscreants kicked off. Then, kuro5hin could turn the IPs back on. It's a "little brother" approach, the typical way social systems worked in the old days in small towns, where the vandal's mother generally knew about the vandalism before the perp got home.

It's a little bit the way ORBS works, and though they attract a lot of anger, it seems to work pretty well to me. If the trust network got ubiquitous enough, even large criminal conspiracies like Network Solutions could be brought under control.

I think it starts with ISPs cooperating in attacking abuse.

I am afraid an article posted on June 25 won't be relevant to the current situation. Unfortunately, both ORBS's homepage and the following quote from a recent article by Paul Vixie in news.admin.net-abuse.email show that the situation has not clarified.

Your continued defense of Alan's paranoid psychotic actions is just bizarre.

Please look closely at the headers before you assume that I was the "Anonymous" Coward to whom Paul responded.

(posted anonymously so I dont get fired)

All of ORB's networks have been null routed inside Above.Net, not just Manawatu Internet Services but all of the ORBS testers as well.

This has been done because ORBS violates Above.Net's AUP by sending email probes to any SMTP server they can find probing it for open relay, and also hosting a website that lists every single open relay server that they can find. In many people's book this a big no-no.

Alan Brown, of MIS, who is the perpetrator behind ORBS has turned his bitching and moaning in the direction of MAPS because it gives him the moral high-ground and because Paul Vixie, who runs MAPS is also the CEO of Above.Net.

THIS ISSUE HAS NOTHING TO DO WITH MAPS

This is not the first time that Alan has gotten himself in trouble and it wont be the last, however, In this case I do think that Above.Net have gone to far in blocking all transit through their network destined for ORBS. This is ofcourse their right however.

On the alleged issue of Above.Net advertising null routes for ORB's networks to their peers, I can say that this is a complete lie. And I will prove it:

route-server.cerf.net>sh ip bgp 202.36.147.16
BGP routing table entry for 202.36.147.0/24, version 4651414
Paths: (4 available, best #1)
Not advertised to any peer
1740 1 4648 9325
134.24.88.55 (inaccessible) from 134.24.88.55 (134.24.127.27)
Origin IGP, metric 20, localpref 100, valid, external, best, ref 2
1740 1 4648 9325
192.157.69.5 (inaccessible) from 192.157.69.5 (134.24.127.201)
Origin IGP, metric 20, localpref 100, valid, external, ref 2
1740 1 4648 9325
192.41.177.69 (inaccessible) from 192.41.177.69 (134.24.127.131)
Origin IGP, metric 20, localpref 100, valid, external, ref 2
1740 1 4648 9325
198.32.176.25 from 198.32.176.25 (134.24.127.35)
Origin IGP, metric 20, localpref 100, valid, external, ref 2

So, in summary, ORBS has instituted a splatter campaign against MAPS due to the tenuous link of Paul Vixie to Above.Net, where in essence it has nothing to do with MAPS and everything to do with ORBS repeatedly violating Above.Net's AUP and after repeated warnings from Xtra (MIS's provider), NetGate (Xtra's provider) and Above.Net (NetGate's provider) he still continues to violate AUP's as if it were his sole right to do anything he wants to anyones network.

I have seen several comments blaming Telecom NZ (who own both NetGate and Xtra) for the blocks on ORBS, however it has nothing to do with them and they are simply stuck between a rock and a hardplace.

This post is too long. Sigh.

... because they publish dumps of their open relay lists here.. Whee, slurp in open relays and spam away!

Your Working Boy,

On the first link, yeah, ORBS is not saying it is in the Black Hole, but that above.net has been issuing router pollution all by itself to make orbs.org unreachable to chunks of the internet. See what ORBS themselves has to say. I don't think they're going to say this stuff unless they think it is true!

-Andy

chris.thompson@team.xtra.co.nz
dlr@bungi.com
vixie@redpaul.mibh.net
abuse@above.net
abuse@xtra.co.nz
noc@netgate.net.nz
kishor@netgate.net.nz

--

chris.thompson@team.xtra.co.nz
dlr@bungi.com
vixie@redpaul.mibh.net
abuse@above.net
abuse@xtra.co.nz
noc@netgate.net.nz
kishor@netgate.net.nz

--

I hope the publicity generated from this court case causes lots more mail servers to start using MAPS (and ORBS) to block spammers.

Since I switched to using their realtime blocking lists on my server my spam has dwindled to a tenth.

--

is there an alternative way to contact your domain, mr. net.nazi?

How about your users -

did you give them a say?

Regardless, the RBL focuses on open relays

Gee.... MAPS can't be any more hypocritical there. MAPS' whole reason to be is because they claim spammers are tresspassing on peoples' net connections. Yet, if you ban MAPS, no matter whether you have an open relay *OR NOT*, you are listed as being an open relay.

You seem to be confusing MAPS with ORBS. ORBS does testing for open ralays. MAPS works on the basis of actual SPAM received.
Anomalous: inconsistent with or deviating from what is usual, normal, or expected

MAPS, as well as orbs.org are really doing quite a service for the entire internet community.

After upgrading Exchange to sp6a (yes, 6, and yes, a. Ah, the life of an NT admin...), the server suddenly started relaying mail for outside machines, despite all of the changes I'd made to it pre-sp6a.

If I hadn't gotten the email, I wouldn't have known. MS never would have mentioned it, I had to dig for a day through their "KnowledgeBase" to find out what the problem was.

It's sad to see that companies are trying to stop these services from listing them.

Try joining the MAPS Realtime Blacklist of spammers.

Report the sites listed in the headers to ORBS. If they have open mail relays, ORBS will log them in its database and send a notification to the postmaster. Mail relays which support ORBS will not relay mail coming from unsecured hosts. If the sites are clean, no harm done, ORBS will not flag them.

Finally, you can always work up a procmail script to filter out most spam. Sure, it doesn't keep spammers from using your network resources, but if everyone did it, spamming would be a lot less profitable.

Hope this helps

Then there's the most annoying problem i faced, which is admins that either don't know how to prevent relaying, or don't care that they are being used as a relay.

• Most shipping mail packages include relay protection, many by default, so newly installed servers generally aren't vulnerable.
• Old machines are constantly being taken out of service, reducing relay supply.
• Organizations like MAPS and ORBS put pressure on open relays to close.
• as the number of open relays decrease, spammers will hit the remaining ones harder and harder.

I'm pretty gung-ho about private solutions to technical problems. I'm far more confident in my abilities, and those of my technical compatriots, than I am in the ability of our government to enforce a law appropriately.

So I'm generally a firm believer in my ability to take care of things on my own. ORBS and The RBL have certainly been shown to be an extremely successful method of filtering out spam. Since I got my mail server set up with MAPS and ORBS, I get about 2 pieces of spam a week. That's pretty managable. (And good, because I'm the kind of guy that gets spam and calls the company to bitch. Total waste of time.)

However, I don't run an ISP. I worked at one, as all good geeks must, back in '95. Spam wasn't a problem then -- I shutter to think what it must be like these days. Spam is obviously a huge loss to these people, MAPS or no MAPS. Because of the direct financial losses that result from the actions of spammers, I can't help but, although reluctantly, support federal legislation to limit UCE. It seems like the only method of stopping it.

God help us all...I'm in favor of a law. :)

-Waldo

> I don't use ORBS, since I find it too aggressive.

My ISP found ORBS to be very aggressive. I spoke with them to find out why they are on the ORBS list of
Netblock Entries (aka "the Bozos List") .

The fact is that my ISP protested the unsolicited scanning of their networks from an outside source, white hat or not. And the scan was also hitting customer dialups. My ISP secured their sendmails, and told ORBS to kiss off and stop probing their networks.

I really don't blame them. A "white hat" service should not be as intrusive as ORBS.

ORBS is NOT a "black hole" - we do not disseminate routing information causing included hosts to be
unreachable from portions of the Internet. Running an open relay is usually accidental and those admins who
continue to run open relays after being warned about it by ORBS and/or other entities will eventually find
themselves in the MAPS RBL - which is a "black hole" and is used by at least 40% of the mail servers on the
Internet.

ORBS tracks these systems so that people operating mailservers subscribed to our database can block
e-mail coming from open relays until such time as they are fixed to no longer permit third-party SMTP relay.

Admins may alternatively set their systems up to tag messages delivered from open servers as "possibly
spam", or just log the connections. What any admin does is entirely up to that admin. If you've been blocked
from delivering mail and given a pointer to this site please note: It is the decision of the administrator of the site
which blocked you to disallow mail from open relays. Those open relays must comply with that admin's rules
(not ours) in order to deliver mail to that site - we're just verifying to the admin whether a host is an open relay
or not.

Don't get me wrong, it's a good effort, but Paul Vixie himself believes it to be a crude and poor solution for the problem, and a temporary hack at best.

In order to get on the MAPS RBL, you not only have to be running an open relay (or third-party relay), you have to be widely abused to send junkmail (let's not call it spam, please -- that's a USENET term), and you have to be openly and patently unwilling or unable to configure your mail server to close the open/third-party relay hole, or you are an active junkmailer yourself.

In order to get off the MAPS RBL, you just need to demonstrate that you're willing to operate in good faith and start work to close your open/third-party relay hole, or stop your junkmail activities.

The MAPS RSS (Realtime Spam-Stopper) list is a little less difficult to get onto -- you just have to actually be abused to send out junkmail. The ORBS (Open Relay Blocking System) is even easier to get onto -- you just have to have a machine that appears to be an open/third-party relay, or hosted on a network that blocks access to the ORBS relay tester (e.g., all AboveNet customers).

Of course, there's also the MAPS DUL (Dial-Up List), which gives you the netblocks of the dial-up networks for most of the large providers around the world, because as ISPs shut down their open/third-party relays, their customers are taking to trying to send junkmail directly from their dial-up account to other open/third-party relay servers around the world.

If you want to properly understand all this, I suggest you visit http://maps.vix.com/ and http://www.orbs.org/.

ORBS is an automated service. If your server is an open relay (the tests ORBS employs are the best around), you will be put into the list automatically. Yes, you will be notified about this. But there is no way to stop or delay this block, unless you fix your servers.

On the Bugtraq issue, read this page

http://www.orbs.org/bugtraq.html

Bugtraq and a few other domains are living in the netblock of a supplier who would rather try and hide their open relays than actually fix them and is prepared to block the tester to do so.

Bugtraq's admin has his own agenda in this and has refused to post any ORBS-related material for the last year, including multiple announcements of sightings of new spammer tricks as they have been surfacing.

As for Bugtraq's claim about ORBS not replying to his email - their upstream is blocking our packets, so we are unable to.

This is the current listing of open relays in above.net space known to ORBS. There are probably more, as we only discovered the block after several people faxed in, complaining that they could no longer submit open relay reports via email. Claims that above.net made any requests to ORBS to stop testing are untrue.

As the ORBS tester is also gatewaying to several south pacific countries, Above.net have cut off access to those countries for their clients. We suggest that the best thing any above.net client can do is change their supplier as they appear to be rogue.

The referenced article is dated December 1, 1998, and is out of date; ORBS has since found a new home. You might want to check here if you're not sure.

Actually, as someone pointed out, it has already been done. Although the mailserver admin must add a few things to his setup in the config file, things such as

http://www.orbs.org (and)
http://maps.vix.com/rbl/

already implement this.
I work at an ISP, and we co-locate hundreds of boxes for customers. ORBS is quite effective, and so is MAPS.

I remember a while back, a customer was completely clueless on how to setup a mailserver. Rather than ASK how to do it (we would have setup his sendmail, it doesn't take long), he instead set up his mailserver as an open relay, no restrictions, and forwarded all mail onto the main server. Since he was "inside" our company network, as he was colocated, our mailserver accepted his mail. (this oversight has since been corrected. ;)

Therefore, as they always do, spammers located his box quite quickly and spam mail poured through his server. The traffic load was caught by one of the admins within an hour or so, and the IP of his box was blocked from our mailserver, but it was too late and the damage had already been done.

Since the colocated customer was relaying into our main mail server, ORBS placed our primary mail server on their list. A good percent of our mail (I'd say about 40% or so) was returned to us by ISP's subscribing to the (free) ORBS database, with a nice note stating that our mailserver was on the ORBS spam list and therefore the messages could not be delivered. heh.

One of our admins completed the process with ORBS to remove our server from their list, and after they verified there were indeed no possibilities of relay, they promptly removed us from their list.

ORBS did indeed adjust their records quickly, and our mail returned to normal status the next day, with no blocking.

So ORBS and the MAPS RBL do indeed work quite well. I'm glad they're there, and that they do indeed function. We had a lot of headaches from customer calls, etc asking what the HELL was wrong with our mail servers, but in the end, it served its purpose and we corrected our customers mistake. :)

Click here to get info on signing up for MAPS RBL, and/or here to get info on signing up for ORBS.

Funny that they will be so uptight about this, but go to great lengths to protect their open servers and promote spam: http://www.orbs.org/DAT/manual

smtp.innova.net is 208.211.173.3 Check it out on ORBS - it's already been abused by spammers.

If it's someone outside of their network relaying off of them, it should probably not have happened in the first place.

Exactly. If you intentionally run an open relay, you are implictly authorizing access to everyone.

There's very little in the way of excuses for running an open mail relay any more

Also true. I doubt this ISP was intentionally running an open relay. They probably got hit with the quoting exploit that's in a lot of pre-8.9 sendmails (or could be any number of other sendmail exploits). ORBS has a good list of them.

Don't forget ORBS. Check www.orbs.org.

Once upon a time I would notify relay postmasters that their relays were open and that they should fix them. That became impractical, so now I'm taking another approach: If I get a double bounced spam that has come from a host listed on ORBS, RRSS, or IMRSS, I have a script that automagically sends it back to the relay's postmaster. This doesn't always work; some of those hosts don't have a postmaster address, or won't accept mail for their own IP. Most of the time it works. This tends to magically break language barriers and soon thereafter the relays seem to close up, or at least I stop getting spam from them.

So, if you have the bandwidth to pull this off, make your postmaster policy "return to sender": Send undeliverable spam back to the relay. And report open relays to one or more of the above lists. I report 30-70 relays a DAY, which probably makes it relatively expensive to spam us. Who are we? HA! Keep guessing, spammers...

No, we don't need no stinking laws. The internet can heal itself without involving the slow creaky wheels of justice. If they keep it up, the pipe dumping raw noise into the internet will be simply cut off and blackballed. Things like that happen if you have a mail relay and allow abuse.

Here are a few great antispam links:

http://maps.vix.com/
http://www.orbs.org/
http://spam.abuse.net/

If every admin would utilize the MAPS, the ORBS database, and participate in these UDPs, the world would be a remarkably spam-free place.