Slashdot Mirror
ORBS Lookup Entries Undergo Major Revamping
John Bajana-Bacalle writes: "I noticed this morning that as of 2001/2/1 relays.orbs.org has been decommisioned, ORBS has announced. The announcement further mentions some serious new testing/checking/hostname additions, about a dozen of them, that will greatly increase the granularity of the ORBS results. A benefit seems to be the end user now has fine granularity in the results s/he will get back, obviating some of the bullshit griping that surrounds ORBS most often. More power to us and them. =)"
I would tend to agree that Spam is little more than an inconvienience -- in the US. The problem is that there are many places in the world where Internet access is still per-minute charged. By having 10 pieces of spam in your inbox to sift through, it will take an extra minute - that may only be $0.02, but it's still money.
Now consider someone who is fairly active online - I have Spam-proofed all but one account which I need for business (and thus I can't risk not relaying legit mail by using ORBS, MAPS, or RBL). This address recieves approximately 150 UCE's per day! Granted, I do filter them quickly, and it's more annoying than anything. However, for many it would be a significant cost.
That is why I fight against Spam.
--
We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
I've been trying this (have the same thing my .cf), and I can't get any of it to work right. The test mail from crynwyr or however its spelled gets through, and nslookup d.c.b.a.inputs.orbs.org on the test IP fail, although the web page at ORBS claims it is in the database. Direct nslookups from the inputs.orbs.org nameservers fail as well on the test IP.
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
FEATURE(dnsbl,`relays.orbs.org',` open relay $&{client_addr}; see: http://www.orbs.org')
I'd also include the corresponding excerpt from sendmail.cf, but Slashdot's lameness filter thinks sendmail.cf is crap.
If I simply replace relays.orbs.org with inputs.orbs.org, it looks like that will ONLY block real open relays. I do want to block open relay servers, but I don't want to block legitimate servers that have stupid Exchange servers on their networks happily forwarding mail, and I don't want to block legitimate servers like Earthlink's that happen to have sent out spam before but are widely used by a lot of people. Previously, I had to explicitly allow relaying from certain hosts; otherwise I was losing legitimate mail. Hopefully I won't have to do that anymore.
Does this look good? Is there anything else I should be doing? I do also use the MAPS RBL, btw.
--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Having worked for years in IT at MIT and Harvard, I've had my share of run-ins with ORBS.
.edu "security," you should know that edus are notoriously understaffed (both quality and quantity-wise) in IT. People putting new (insecure) boxes on the network is a constant occurrance, and very difficult to control.
.edus, "services" like ORBS take IT ppl's time away from dealing with many more pressing security problems. It also often undermines users' confidence in their IT staff, and can thus compound the problem of .edus not allocating enough of their budgets for IT.
The ugly scene unfolds: A professor or grad student slaps her new linux box on the net, sendmail running, third-party relay enabled, and WHAM! Eighty angry faculty and staff come crashing into your office demanding to know why their government/private/overseas collaborators can no longer receive mail from them. ORBS rears its fugly head. And the underpaid, underappreciated, overworked IT person gets the blame.
Before you get your panties in a bunch over crappy
At least when it comes to
-my02.
it's not like this stops them from doing anything legitimate.
You're wrong.
Perhaps that's the case for Microsoft users who have little option but to deliver all their mail to a smarthost, but it's certainly not the case for Unix/Linux/BSD users. The norm there is for their MTAs to manage their own queues and to deliver direct to the destination mail exchangers in accordance with DNS/MX, not only because that is the default for Unix machines out of the box, but also because that's the normal method of delivery for MTAs on the Internet, as opposed to those on internal networks.
They are paying to be on the Internet, so blocking their MTAs from delivering outbound traffic in the normal way for Internet machinery is definitely stopping totally legitimate activity.
Fighting spam is important, but if you do so by blocking ports then you're on the slippery slope from being a supplier of Internet connectivity to running a closed and restricted environment like MSN or the old Compuserve. If that's the business you want to be in, fine, but then don't call your business an ISP, or at least be honest and advertise your connectivity as restricted.
Just because some people are criminals, you don't put everyone in jail on the offchance that they might commit a crime.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
"And theft is OK as long as you don't steal more than $5 from any one person. That way it's 'hardly a major inconvenience.'"
Never take moderation advice from sigs, including this one.
"I don't call 30 spams a day a minor inconience SPAM is not free speach these people are abusing resources"
So you run your own mail server? Let's assume the average spam is 2k in size and you receive 30/day. It will take less than 15 seconds to pull these through a 56k line. That's assuming you *don't* have any server side blocking software installed, which, if you hate spam as much as you claim, would be a prudent choice. I would say ~90% of the spam I receive is easily recognizable by the subject line alone, therefore you won't even need to view the message. As you can see, I have my real e-mail address published in my user profile. I have had this address for approximately two years and I use hotmail to check other POP accounts that I have had longer. On average, I receive ~20 messages/day. About 10 of these are from friends or family. The rest are SPAM. It takes exactly two mouse clicks to delete a spam mailing. Hardly a major inconvenience.
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
Please,
The largest cost of spam happens when mail is queued for users on mail servers and the time it takes for the user to read/delete the mail.
ORBS tries to mail themselves through your mail server. If you don't want people to use your mail SERVICE then don't let them relay through it.
But perhaps you are one of those who think it should be illegal to access a web server except by following a link from an authorized site.
use LWP::Simple;
l "; /xargs/, /<a href=(\S+)/g);
/<TITLE>\s*(.*?)<\/TITLE>/i)[0], "\n";
$page = get "http://www.goto.com/d/search/?Keywords=bulk+emai
@urls = grep
($page =~
foreach (@urls) {
my $subpage = get "http://www.goto.com$_";
print "-- ", ($subpage =~
}
--
The quality of the relaying info in the ORBS database seems to be rather poor anyway --- much of the time the nomination "evidence" seems only a weak excuse for blacklisting ISPs just for the hell of it. Most people think that ORBS merely blacklist ISPs for running their MTAs as open relays, which would be sensible, but if you look closely this is not so.
If you examine the entries for blacklist-nominated ISPs on their site where the ISP's smarthosts are not open relays but the ISP is still under threat of blacklisting, you'll see that ORBS offers the ISPs two ways of avoiding the blacklisting being imposed:
- either the ISP must not allow its customers to post mail to the Internet through the SMTP smarthosts that those customers are paying to use [hilariously funny];
- or alternatively they must ensure that their customers do not run open SMTP software on their own PCs. In other words ORBS implies that ISPs must require their customers to allow the ISP to vet/check their PCs or else offer only a "managed end-user equipment" service [impossibly costly].
As should be obvious, neither of these alternatives constitutes a viable option in the large-scale ISP market, so ORBS really have no intention of acting in a constructive manner in this area. There must be a few tens of millions of ISP-connected PCs in the US alone that contravene ORBS' requirements, and I bet that many of their own administrators' home PCs do as well, ie. those that use their ISP's smarthosts. ORBS are merely exercising their hatred for spam in a vengeful way, without any regard at all for whether what they demand is possible or not.
Well, ORBS's policy is ORBS's business, but if they sincerely want to reduce the amount of spam on the net then they've got to use policies that make it possible for ISPs to comply. Their current ones do not allow this, so it's not surprising that ORBS is getting more and more marginalized and treated as unprofessional.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
perl -MLWP::Simple -e '(get("http://www.goto.com$_") =~ m{<TITLE>\s*(.*?)</TITLE>}i) && print "-- $1\n" foreach (grep /xargs/, get("http://goto.com/d/search/?Keywords=bulk+email ") =~ /<a href=(\S+)/g)'
--
Given that 40% of the Internet blocks on the MAPS RBL, and that Sendmail 8.10.x doesn't relay out of the box (while natively supporting the RBL/RSS), the point of laziness is rather moot.
--
WolfSkunks for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.keenspace.com";
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
Folow this link it will bring you to goto.com were spammers pay goto.com per click :-)
If you bookmark this and go there once a day and click on the top 10 links you
will cost each of these scum bags up to several dollars a day
If there are only 100 of us doing this we can cost them a fortune
It won't do any good to click a link more then once because goto.com
has a system in place to prevent that
goto.com bulk email
This info is from my war on spam page follow the link in my sig.
to find out more
http://Lenny.com
How would this apply in terms of junk mail sent to WAP devices/PDAs? I don't think they use SMTP.
The point is that these "honest" people are shoving the cost onto OTHER people. Therefore, they never make the investments, but do gather the profits. The fact that they often forge headers and use cracked servers does not contribute to their image.
You admit that spam costs each person a few k of bandwidth. Let's say that an average junkmail is 5k in size. In an average mailing action we are talking about more than 1M addresses. This means at least 5GB of data transfer per mailing action.
Multiply this by the number of spammers and you can begin to see the scope of the problem.
It wouldn't be so much of a problem if they PAID to send their junk. One of the problems is that they victimize innocent people and they end up with damages ranging in the thousands of dollars so that the spammer in question can earn at most a few hundred.
Perhaps this is why the term 'leeches' is often used with this sort of people.
There is no fix on the number of junkmails one gets. You could be 'lucky' and get only a few per day or you could get over 50. If you try to be removed from the list you will get more junk.
It is good that you have a tolerance for spam. I will consider you 'opt-in' if I ever feel the need to send bulkmails.
Moz.
see a Text Widget
I just checked one of my older e-mail accounts, and I had 5 doses of spam in it. Two were from uunet, and I forwarded them to the abuse department, one had a toll-free phone number with a ten-minute sales pitch for this wonderful business opportunity of a nature they weren't inclined to divulge, and two appeared to have come through open transports, so there wasn't much I could do to get back at the source. There, I hit 60% of them, but that leaves 40% left. Hopefully ORBS and MAPS and other such services will help get these people to patch their relays, and I won't get any spam anymore, or at least none that I can't trace back to the source and punish the sender, preferably with a white-hot iron...
WARNING: there is a trojan on your
I don't advocate or condone the actions of spammers. Yes, in some cases, spam can cause inconvenience, and uses resources and bandwidth, but the whole idea behind the Internet was to create a medium to communicate thoughts and ideas to a set of people that, for geographic or other reasons, would not not otherwise be able to communicate. While I don't always agree with the messages sent out by spammers, I defend their right to say what they please and to try and sell my their product/idea. It is also my right to delete spam/set up blocking software/ and flat out refuse spammers offers. I would much rather deal with ~10 junk mails per day than give up some of my other rights by having the Internet regulated and monitored to prevent spam. Sometimes the solution is worse than the problem. I also do not understand your almost cultlike hatred of spam. Perhaps I'm missing something, but I would much rather stand up for a cause that acutally *means something*. Instead of fighting for my protection from something like spam that causes me a minor inconvenience, I would like to see more people do something to make a real and tangible difference. Volunteer at a local soup kitchen, become a mentor to an at-risk youth, or donate a day of your time to help Habitat for Humanity built housing for low income families. It just seems to me that any of the above would do more to make the world a better place than hunting down spammers would.
Disclaimer: I do not, nor have I ever sent bulk unsolicited e-mails. My previous posts reflect my opinions so please don't flame me.
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
The fact that this was needed to let average users get a list of relays uncontaminated with spite listings shows that, indeed, the griping was well-founded.
I'm glad ORBS is finally running a more responsible list.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
ORBS in the past has been known to be very agressive in testing, to the point of causing a DoS attack. They also are known to do "revenge listings" of those who block ORBS' testing.
MAPS' Relay Spam Stopper is tested by humans only, and also allows you to test your relay yourself. I've done this on my systems at work -- I don't relay.
--
WolfSkunks for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.keenspace.com";
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
DISCLAIMER: This is probably illegal or immoral and I myself would never concieve of actually doing such a thing, much less telling someone else to. For Entertainment value only. There's probably an easier way to do it if you're a WGET expert.
HREF=/d/sr
With
HREF=www.goto.com/d/sr
Save the results as
wget -qHr -l1 --spider -i
TA DA! Instant drain to spammer resources, the world over. Update your SPAMMERS file every few weeks, as this will probably drive many of them out of business very quickly.
Now!
As long as we live in America, we will receive unsolicited advertisements. This is a minor inconvenience to put up with in order to ensure the right of free speech for everyone else. I would much rather have spam in my inbox than a mailbox full of coupons and credit card applications killing trees and filling our landfills. I would also prefer spam to receiving an unsolicited call from a telemarketer. Spam is relatively unobtrusive and can easily be deleted costing the recipient nothing more than a few k of bandwidth and several moments of inconvenience. Perhaps you should rethink your priorities and focus your energies on solving *real* problems instead of advocating the murder of innocent individuals who have done nothing worse than attempting to earn a living and support their family in a competitive capitalist economy. Grow up.
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
...since my internet service comes through AboveNet, who thinks ORBS is satanic and the RBL is the answer to world hunger.
ORBS may have improved its functionality but the whole concept of cooperative anti-spam efforts will never work as long as the people involved are zealots. Zealots don't care who or what they're fighting, as long as they're fighting.
ORBS and RBL have probably put more effort into fighting each other than they have into fighting spam, and at least from where I sit (on AboveNet), it looks like that hasn't changed one bit. So congrats to ORBS, but the real breakthrough will be political, not technical.
-b
If I wanted a sig I would have filled in that stupid box.
You are now in violation of Godwin's Law. We will come to collect you shortly.
Spam is relatively unobtrusive and can easily be deleted costing the recipient nothing more than a few k of bandwidth and several moments of inconvenience.
This is true for one spam a day. Is it true for ten? A hundred? A thousand?
Spamming a million people costs the sender less than a small newspaper ad. How many ads did your local newspapers carry this week? And how many newspapers are their in the world? (Yeah, the world. I receive two or three spams a day for shit in Argentina. I've never even been to Argentina.)
Sure, you don't get that much now. But the only reason we all get so little spam is that people who spam get booted off the Internet. If the DMA, in conjunction with goofballs such as yourself, manages to make spam legitimate, then you will get that much spam.
Thanks to the DMA and their ilk, 90% of my paper mail is garbage, and that's with them paying 100% of the cost. With email, the recipient pays a good chunk of the cost, even without the theft of services that 95% of spam involve. So what percentage of your inbox will be crap?
And then, having made normal email useless, the marketroids will be competing for ways to "cut through the clutter". A spam won't be a few k anymore; it will be a few hundred. I'm already starting to see 'em with 50k of imbedded GIFs; flash animations won't be far behind.
That makes it a little harder to ignore, eh, bucko?
It depends on what you define as "mean something". For me and for those I know that care about spam, there are indeed deeper issues involved:
This is not to say that soup kitchens are not worthy, and I do contribute to them. But the worthiness of ameliorating the pain of poverty doesn't automatically make other positive actions meaningless.
If you want to gripe at somebody about the poor state of the world, gripe at the large number of people who do nothing. Or better, gripe at the large number of parasites and dirtbags who are a drain on us all. Like, say, spammers.
I would much rather have spam in my inbox than a mailbox full of coupons and credit card applications killing trees and filling our landfills.
Hey, and once this television thing catches on, they'll take all those commercials off the radio and take the ads out of newspapers, right?
If we could shift all snail-mail, telephone, and junk-fax advertising to e-mail, I'd honestly have to think about it. But the truth is, it's not a choice of junk mail versus junk email. Your USPS mailbox is already doomed; it's a choice between saving our electronic inboxes or letting 'em fill up with crap too.
Note that the third link isn't spammers -- it's opt-in email distribution software.
(I got this idea from a previous post, but I've revised the link a bit)
Once a day, go here and right-click on each link, select 'open in new window' and let the pages load.
The expense will add up quite quick, I think!