Slashdot Mirror

Noxxus writes: "Wired is carrying this article about the shutdown of Alan Brown's Open Relay Behavior-Modification System, more commonly known as ORBS. Brown, of New Zealand, closed his operation after two local companies won legal injunctions against him for listing them." It seems the list of 94,000 open relays will be maintained by: "Open Relay Black List of Phoenix, AZ, Open Relay Block Zone (ORBZ), of Basingstoke, England, and the Open Relay Database (ORDB), of Aarhus, Denmark." We've gotten a zillion ORBS submissions since the day its website went down, but this is the first post-ORBS story with enough info to be worth a mention. Guess the dust just needed to settle.

We're obviously in the minority, but I think the EFF's John Gilmore has cut to the chase:

For Gilmore, spam blocking should occur at the recipient level, not at the level of self-appointed upstream censors.

"I noticed years ago that the community tends to go 'mob' and lose its morals and principles when it comes to spam," Gilmore says. "Free speech, interoperability, inclusiveness, tolerance, privacy, anonymity -- all go out the window when they get in the way of killing off those damn spammers."

I wonder if he'll get added to spam lists now, like I do every time I post a story critical of anti-spam activists. Yeah, subscribe me and Rob to more mailing lists under the handle "Spamlover." That's real mature.

John Bajana-Bacalle writes: "I noticed this morning that as of 2001/2/1 relays.orbs.org has been decommisioned, ORBS has announced. The announcement further mentions some serious new testing/checking/hostname additions, about a dozen of them, that will greatly increase the granularity of the ORBS results. A benefit seems to be the end user now has fine granularity in the results s/he will get back, obviating some of the bullshit griping that surrounds ORBS most often. More power to us and them. =)"

Well, we held or deleted the first few hundred submissions, because we were hoping the situation would clear up and we could figure out what was going on. But it hasn't cleared up, so we're posting it and hopefully there are some readers out there who know what's going on and can shed some light. It seems that the anti-spammers at MAPS and ORBS have gone from a cold war into a shooting one, with MAPS listing ORBS on their blackhole list. ORBS accuses MAPS of doing it for financial gain, MAPS accuses ORBS of attacking systems, Alan Cox gets peeved about spam, kuro5hin.org has the obligatory "Slashdot is censoring the story!" postings but has at least one seemingly clueful post, and the U.S. House passed an anti-spam bill yesterday - coincidence, or devious conspiracy?

Well, we held or deleted the first few hundred submissions, because we were hoping the situation would clear up and we could figure out what was going on. But it hasn't cleared up, so we're posting it and hopefully there are some readers out there who know what's going on and can shed some light. It seems that the anti-spammers at MAPS and ORBS have gone from a cold war into a shooting one, with MAPS listing ORBS on their blackhole list. ORBS accuses MAPS of doing it for financial gain, MAPS accuses ORBS of attacking systems, Alan Cox gets peeved about spam, kuro5hin.org has the obligatory "Slashdot is censoring the story!" postings but has at least one seemingly clueful post, and the U.S. House passed an anti-spam bill yesterday - coincidence, or devious conspiracy?

keytoe asks: "With all the recent discussion around here about spam relaying, black hole lists, spam police and so on I've decided to start taking part. According to the Securing and Testing page on ORBS, running sendmail with FEATURE(relay_local_from) enabled is Bad(tm) and the sendmail folk agree. How could one go about setting up selective relaying from remote dialup users without first knowing where they're coming from? Listing 'aol.com' and 'uswest.net' in '/etc/mail/relay-domains' simply subverts the original goal. I'm aware that authenticated SMTP will move toward this goal, but that needs to be supported on the client side - and it's not there yet for all platforms. Additionally, I've seen suggestions to use a POP-before-SMTP hack, but I'm not using the sendmail POP server. In short, I'm seeking a transparent (to the users) replacement for FEATURE(relay_local_from) that actually -will- pass the ORBS test and keep the nasty people out. Am I screwed?"

keytoe asks: "With all the recent discussion around here about spam relaying, black hole lists, spam police and so on I've decided to start taking part. According to the Securing and Testing page on ORBS, running sendmail with FEATURE(relay_local_from) enabled is Bad(tm) and the sendmail folk agree. How could one go about setting up selective relaying from remote dialup users without first knowing where they're coming from? Listing 'aol.com' and 'uswest.net' in '/etc/mail/relay-domains' simply subverts the original goal. I'm aware that authenticated SMTP will move toward this goal, but that needs to be supported on the client side - and it's not there yet for all platforms. Additionally, I've seen suggestions to use a POP-before-SMTP hack, but I'm not using the sendmail POP server. In short, I'm seeking a transparent (to the users) replacement for FEATURE(relay_local_from) that actually -will- pass the ORBS test and keep the nasty people out. Am I screwed?"

A couple of people have sent us the word that AOL has managed to get itself added into the ORBS list for having open mail relays. Let's hope this inclusion makes them clean it up a little bit more. You can check the full database to see other servers in there. I've talked with the folks at AOL - the two servers that were added were at their request, so that no one would take advantage of them. More info in a bit. Update: 03/29 03:20 by E : Read more below; we got E-mail from Scott Crain, AOL's 'Spamdinista.'

Scott Crain, AOL 'Spamdinista,' wrote in with an update, and to make what's going on crystal clear.

There are two machines that have been added to ORBS on AOL's networks, at my request. The two machines are a new system in place to allow us to keep spammers from using outbound SMTP connections to spam the rest of the net with junk. Alan Brown, the maintainer of ORBS and I correspond frequently on a couple mailing lists we both frequent, and he asked if it would be ok if I had him place these two machines in ORBS, to which I agreed.

Basically, the two machines that are there are the external gateway for a percentage of AOL members using their TCP connectivity to send mail out of AOL without using the AOL client. It's no different than blocking AOL's dialup IP's (*.ipt.aol.com) as the MAPS DUL does currently.

In other words, this is a good thing. I'm sure I'm not the only one who doesn't like spam from AOL, and this looks like a step in the right direction.

A couple of people have sent us the word that AOL has managed to get itself added into the ORBS list for having open mail relays. Let's hope this inclusion makes them clean it up a little bit more. You can check the full database to see other servers in there. I've talked with the folks at AOL - the two servers that were added were at their request, so that no one would take advantage of them. More info in a bit. Update: 03/29 03:20 by E : Read more below; we got E-mail from Scott Crain, AOL's 'Spamdinista.'

Scott Crain, AOL 'Spamdinista,' wrote in with an update, and to make what's going on crystal clear.

There are two machines that have been added to ORBS on AOL's networks, at my request. The two machines are a new system in place to allow us to keep spammers from using outbound SMTP connections to spam the rest of the net with junk. Alan Brown, the maintainer of ORBS and I correspond frequently on a couple mailing lists we both frequent, and he asked if it would be ok if I had him place these two machines in ORBS, to which I agreed.

Basically, the two machines that are there are the external gateway for a percentage of AOL members using their TCP connectivity to send mail out of AOL without using the AOL client. It's no different than blocking AOL's dialup IP's (*.ipt.aol.com) as the MAPS DUL does currently.

In other words, this is a good thing. I'm sure I'm not the only one who doesn't like spam from AOL, and this looks like a step in the right direction.