Slashdot Mirror
ORBS Forks
Noxxus writes: "Wired is carrying this article about the shutdown of Alan Brown's Open Relay Behavior-Modification System, more commonly known as ORBS. Brown, of New Zealand, closed his operation after two local companies won legal injunctions against him for listing them."
It seems the list of 94,000 open relays will be maintained by:
"Open Relay Black List of Phoenix, AZ, Open Relay Block Zone (ORBZ), of Basingstoke, England, and the Open Relay Database (ORDB), of Aarhus, Denmark."
We've gotten a zillion ORBS submissions since the day
its website
went down, but this is the first post-ORBS story with enough info to be worth a mention. Guess the dust just needed to settle.
We're obviously in the minority, but I think the EFF's John Gilmore has cut to the chase:
For Gilmore, spam blocking should occur at the recipient level, not at the level of self-appointed upstream censors.
"I noticed years ago that the community tends to go 'mob' and lose its morals and principles when it comes to spam," Gilmore says. "Free speech, interoperability, inclusiveness, tolerance, privacy, anonymity -- all go out the window when they get in the way of killing off those damn spammers."
I wonder if he'll get added to spam lists now, like I do every time I post a story critical of anti-spam activists. Yeah, subscribe me and Rob to more mailing lists under the handle "Spamlover." That's real mature.
That'd look more accurate.
=)
As long as it is the end user, and not ISPs, that are filtering based upon the ORBs databases, then it isn't censorship, rather it is simply filtering based upon another's suggestion.
One could argue that personal email is not a public forum, such as USENET and places like slashdot, and that any form of filtering, at any point along the way, is not censorship in the real sense of the word.
In any event, as long as the end user is informed, and has a choice, it isn't the kind of institutional censorship so often, and so correctly, decried here, it is merely voluntary filtering of what those who subscribe to it view as noise, as is their right.
As for slashdot being united about anything, a quick perusal of any discussion, on any topic, should dissuade you of that erroneous assumption.
The Future of Human Evolution: Autonomy
I'm saying that, all other things being equal, how do you have more money if you don't get spammed. How does the presence of 'spam' in your inbox cost you money.
Yes, time is money, but please show me how you actually would have earned more money had you not had to delete, let's say, 20 pieces of spam a day.
Now.. a mail relay getting hacked or otherwise used for bulk spamming, THAT Is theft of services, no doubt about it. That's not what I was talking about. I'm saying that, when you, as the end user, get some spam, it is NOT 'theft of service'. You're mixing up two different aspects of it.
I'm not in favor of spammers, I think there are several legal avenues to persue regarding making email sane again, I just don't think end users claiming 'theft' of services is the way to do it.
I understand what unsolicited means.
My time is worth a great deal to me (and those who pay me), but I'm realistic. Most spam whiners spend FAR more time whining about spam and setting up filters than they would simply deleting the spam. I know deleting the 30+ pieces I get a day takes me LESS THAN 2 minutes a day. I spend more time than that going to the watercooler and back. Get real.
Why can't people just select all and hit delete
Because my delete key wore out.
I can delete a couple of spams a week, but the current several hundred? Get real.
Oh damn, I just responded to a troll.
EZ
"Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
There is a huge freaking world of difference between censorship and closing open mail relays. This is *not* a free speech issue. The people using open mail relays are not legitimate businesses. They are hijacking other peoples 1)ignorance or 2) goodwill in order to hide their origins and make it impossible for the *end user* to block these unwanted messages. If people want to send spam, fine. All the best of luck to them. But they should at least be honest about it. This has absolutely nothing to do with free speech.
---- El diablo esta en mis pantalones! Mire, mire!
Sigh. Anyone who knows anything about debate knows that the "slippery-slope" argument is not a good argument.
------
Nobody's saying spammers shouldn't be allowed to say what they're saying, it's how they're saying it. Pepsi can run commercials on TV telling me to drink pepsi all they want, but if they hire someone to tap the message "Drink more pepsi" in morse code on my forehead then they've gone too far and should be stopped. If someone wants to sell me a list of 50 billion email addresses of eighteen year old girls who want to enlarge my penis while making money fast that's fine, I have no problem with them doing that, get an ad in a newspaper or magazine but don't email it to me and don't tap it into my forehead and don't shout it via megaphone at 3:00 AM outside my house.
Spam is free speech, people! When you prevent someone from telling people about their issue or product, what ever it might be, in the United States, you are restriting their Constitutionally-guarenteed rights to free speech. (emphasis added)
This is false. The Constitution prevents THE GOVERNMENT from regulating such speech. It does not prevent me or any private third party from doing so, nor does it obligate me or them to use my private resources to forward on an endless supply of mindless chatter. And it most certainly does not stop us from sharing information on who we think is irresponsible enough to privately block.
In fact, it is an exercise of free speech (and property rights) for me or them to put a privately owned mail server on the internet and choose not to forward mail designated by whatever source I choose to. If you don't like it, too bad. You are free to start routing your own mail with your own resources, but I'm free to block whatever mail I feel like from being transferred by my private property.
Everyone should have a right to tell people about events.
They do, but not with the assistance of private resources of those who oppose their message or editorial style.
I would prefer that my provider use the blacklists, but in case they don't, I fashioned this procmail entry to help out. It strips out all of the IPs from the Received: headers and checks them all against whatever blacklists you want to use. rblcheck is used.
/usr/local/bin/formail -xReceived: | egrep \[[0-9.]+\] | sed -e 's/.*\[//'
-e 's/\].*//' | xargs -n 1 /usr/local/bin/rblcheck -c -q -s blackholes.mail-abuse.org -s dialups.mail-abuse.org -s relays.mail-abuse.org -s inputs.orbs.org -s spamsources.orbs.org
* !?
Sorry, I missed your E-Mail address in your user profile. Please post it so we can help the spammers practice their constitutionally guaranteed right of free speech on you.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I tend to assume that spam can only be handled on the level of me and my personal friends. Which is why i own and/or control every server that hosts my email, and i can filter what i want/dont want. The "if you want the job done right, do it yourself" attitude may seem a bit cynical, but it works, and doesnt rely on some company thats either a) struggling to stay afloat or b) trying to make more profits of my personal info.
I am !amused.
Organizations like this are GOOD, they allow freedom of choice on the personal level by providing information to anyone who wants it.
I'm the big fish in the big pond bitch.
Saying "spam is free speech" is like saying "I, posing as you, using your neighbor's phone card, calling some guy in California to sell him a penile enhancement tool which he doesn't want" is free speech.
The best strategy I can see for limiting spam is ending the open relays. I don't see any legitimate use for an open relay. Anyone care to enlighten me?
Ceci n'est pas une pipe.
Censorship is either good or bad. Pick one.
Vintage computer games and RPG books available. Email me if you're interested.
One of them was XTRA, the ISP owned by the ex-SOA telco Telecom New Zealand. I believe the other was Actrix, a Wellington based ISP. Before you go "publicly shaming" those two organisations, you should be aware that their blacklisting may very well have had more to do with Alan Brown's personality (I like the guy and respect him immensely but must acknowledge that he can be extremely difficult) and his commercial interests than it did spam. That said, more power to him and Manawatu Internet services. He keeps "the Man" on his toes.
While there is no question that Brown was too often a bulldog, a service like ORBS noticeably helped cut down on spam for our ISP that services about 16,000 customers. Significantly.
Anyone who says that spam should only be blocked/fought at the recipient level doesn't have to run a mail server for thousands of customers. Spam bogs down our mail server often and we also have to respond to complaints from our customers, etc.
There is a lot of room between censorship and giving spammers free reign. A responsible and level-headed version of ORBS is very possible and quite welcome to me. For example, they can help notify us, and our customers who run their own mail servers, when a mail server allows open relays and we can try to get that blocked before a spammer compromises their machine and our bandwidth.
Spam doesn't only affect the mail boxes of end users, after all. Most spammers are reprehensible and a couple of procmail filters isn't enough to keep this in check. I just hope that one or more organizations will step up, learn from the mistakes as well as the successes of ORBS and help us no drown in spam.
can't you see that that's too late?
by the time the packet has reached my wire, it has already stolen my resources. I can block on the Rx side all I want; but the PDUs will still eat up my precious wire bandwidth.
blocking at the source is the only way to stop theft of service. spam is TOS - no other way to look at it.
suppose you didn't lock your doors at home, so that any thief can come in and poke around your stuff. then, as he's walking out, you automatically snap a photo of him. what good does that do? he's already come in and messed around and had his way - 'protection' after-the-fact is totally useless once the crime has been committed.
--
--
"It is now safe to switch off your computer."
just one example for you. my time is worth money. whenever I have to fix or upgrade my mail system cause some turkey found a way to get thru my spamfilters, that takes time away from actual work that I need to get done. whenever a third party relay gets jammed and those sysadmins have to spend time purging their queues from theft-of-service (you obviously don't agree, and this shows you've never had to admin a large ISP's mailsystem before - so your viewpoint counts for nothing in this context) THAT costs time and money.
stop being a jerk and start understanding what the word unsolicited means.
--
--
"It is now safe to switch off your computer."
some joker in mpinet.net just wouldn't give up - I had several hits PER SECOND on my home dsl line. quite the TOS attack.
I was forced to learn more about my mail system (qmail on openbsd) and the oh-so-useful tcp-wrappers. I also learned about the ORBS, MAPS/RBL/RSS servers.
in a few days I had hacked my qmail and tcpwrappers system to consult the RBL lists and if there was a hit, add the offender to a local cache (so that I can recognize him quickly next time).
since my site has very very few valid usernames, it was also easy to honeypot the spammers and when an invalid username was sent to, the source IP and username would be logged for future auto-blacklisting.
I've found that cutting the spammers off at the tcp-env level is quite effective in cutting down bandwidth. they can't even telnet to my port 25 anymore - I immediately shutdown the connection! no more megabyte-of-.doc crap, no more offensive spam, no more crapola, nada. just clean and quick tcp rejects ("connection refused").
the only shame is that I fear most mass abusers don't check the return codes of mail attempts and more than that, they engage the STOLEN use of open relays. so its the open relay that queues and retries and retries (I see it in my logs..) over and over. I almost wonder if I should let them complete their junk email exchange (only after hours, when I don't need my line) just to help purge their queues (?).
at any rate, the following scripts are quite useful in this battle:
rlytest.pl, checks (sends mail to) open mail relays
blq.pl, checks the MAPS,ORBS,RSS,DUL realtime blocking lists
--
--
"It is now safe to switch off your computer."
Yeah, but the problem was that large, enterprise-scale ISP's (eg. Earthlink) decided it would be a good idea for them to block mail from these IP's, so then people who were incorrectly added to the list could no longer send mail to 3% of the internet. That blows.
This is one of those situations that strikes me as being a misguided application of civil liberties thinking. Fact is, this is a technical and financial problem, not a freedom-of-speech problem. Spam annoys people and cuts bandwidth. I really don't think freedom of speech extends to dumping junkmail by the grocerybag-full in my backyard, which is essentially what spam is. A spammer makes a mess of my mailbox, I have to clean it up (maybe pay for it if I'm using a service like Palm.net -- there are still services that charge for downloads), and this is protected speech? There's a gap missing in the logic here.
Just out of curiosity, what's Gilmore's take on junk fax? I'm sure even he realizes that that's an issue...
/Brian
...choice. I can choose to use ORBS [in a way, I do, since I use SpamCop], or I can choose not to use it. Using ORBS will block mail, some legitimate, from reaching me. But hey, that's my choice.
While the Internet is open [for the most part] territory, each of the ISP's are private entities and, if they so choose, can choose to use ORBS [or similar] to protect their customers from spam. Some will like it, some won't. The spam policy is one of the things I research about an ISP before I use them--and when they make changes in that policy, I sort through them. I have left an ISP because of a spam policy, and I won't hesitate to do so again.
If you don't like that Earthlink is using ORBS and its child processes, don't use Earthlink. It's as simple as that.
-- Geof F. Morris
Granted, I only did this on rare occassions when the amount of spam from a particular company irritated me.
The last time was when I was investigating an application for our company. I visited their website and downloaded the trial version. When I filled the online form I used a "spam" address that I use specifically for occassions like this. However, when I contacted one of their sales people for an extension on the trial period, the guy added my name to a newsletter. Incensed, I wrote the guy and told him to remove me ASAP. When it became apparent that he was either unable or unwilling to remove me, I reversed the situation. I began forwarding all of my spam to him... all of it... from 3 accounts, including my "spam" account, averaging 200-300 emails a day.
Knowing he was a salesperson and maintaining an unchanging email address was vital, I wasn't surprised to be contacted within 2 days by their administrator. At which point, I informed him that until I received a formal, snail-mail (I loved that part) apology from the salesperson, that it would continue.
Then I added the administrator.
Knowing my mail was probably getting blocked, I used several accounts on several machines, rotating the names daily, and religiously adding a header explaining the situation. All in all, I was contacted by 5-6 people on my "important" email address and each time I added that name to my forwarding list (checking the company overview page and adding some execs probably didn't hurt, either). It took under a week and I received a fedex letter from that salesperson. I promptly stopped my forwarding and have yet to receive a single email from the company.
I know this isn't the ideal way to stop spam, as most spammers are near impossible to reach, but it worked for me. Getting a taste of their own medicine never hurts.
The main goal wasn't so much filtering spam as it was getting people to close their mail relays. If you had a mail server with an open relay, and knew that most of the mail from that server would never GET anywhere because of that, it'd be a pretty logical and obvious step to just turn relay-ing off.
Hence the name ORBS "Open Relay Behavior-Modification System". Modifying the behaviour of open relays by getting them to not BE open relays any more.
The filtering was a (nice) side-effect, or a means to get to the end.
what the hell is a 'junk character', anyway?
For Gilmore, spam blocking should occur at the recipient level, not at the level of self-appointed upstream censors.
Now, I could be wrong here, but wasn't ORBS something that you used if you wanted to, and didn't use if you didn't want to? Doesn't that mean it qualified as 'at the recipient level'? I mean, it's not like ORBS forces you to block traffic from these sites, but it's a good resource to use if you _want_ to.