ORDB.org Going Offline

Allan Joergensen writes "ORDB.org has announced that they will shut down their services after fighting open relays and spam for more than five and a half years. The RBL DNS service and mailing lists will be taken down today (December 18, 2006) and the website will vanish by December 31, 2006." The reasons given tend to be the usual ones - volunteers have been focused on other things in life; my salute to those folks for keeping the service up as long as they did.

I'll miss' em

[laughing+rabbit]

Even though it took a long time to get my own domain off their list after I left a mis-configured server out in the wild, I really appreciate all they have done over the years. Who will take up the mantle next?

Re:I'll miss' em

[dreddnott]

I happened to run into an accidental open relay mail server during an onsite consultation (I ended up completely restructuring their deployment and getting ripped off). Most of the MILLIONS of e-mails were coming from China and/or Taiwan, and this was only a few months ago. Are the ORDB people sure they're not going to bring back the open relay problem by shutting down their admittedly useful services?

While the cancer of spam may have metastasized to other parts of the Internet, it doesn't mean it can't grow back in the places these guys are abandoning. As I understand it, there are other blacklists but nothing quite like the ORDB.

Re:I'll miss' em

Imagine one day, Slashdot.org would shutdown too. Can't think of the consequences...

We regret to inform you that slashdot.org, at the ripe age of 8 and a half, is shutting down. It's been a case where all the comments were either too +5 Linux or -5 Microsoft or too insightful that the moderators had to mod it "+2 BSD". Also very little work has gone into maintaining our Mysql database. We should have switched to MS SQL Server long back.
This caused our readers to get pre-occupied with the only other aspect of their lives, namely porn. In addition, the general consensus within the team is that open source technology is no longer the most effective way of preventing windows from entering your next door cute girl's desktop.

...where would all the nerds go?

Re:I'll miss' em

[Per+Abrahamsen]

Isn't it just to enter your domain (IP) in a form, and press "submit for testing"?

I vaguely remember doing that once, after my ISP refused to accept my outgoing mail, because they had assigned me an IP that had previously been used for an open relay.

Re:I'll miss' em

Took me a long time to get off their list even when I was properly configured. Big hassle, angry clients. I will not miss their brand of vigilante action. Good riddance.

Re:I'll miss' em

[clark0r]

Are you sure that's what your ISP did? I wasn't aware that ISPs ban email on port 25 for IP addresses that have previously been open relays. Most ISPs offer their own mail services of SMTP/POP3 (eg @ntlworld.com addresses). If they stopped all of your outgoing mail through their servers, then you wouldn't be able to use your ISP supplied mailbox! On the other hand, this is the UK. Most of our ISPs aren't too restrictive on what you do with your Internet connection.

Re:I'll miss' em

[Per+Abrahamsen]

I could read mail on my ISP mail account (pop3), but I could not use them as my mail relay (smtp).

Re:I'll miss' em

[Achromatic1978]

Are the ORDB people sure they're not going to bring back the open relay problem

Whilst I see your point, this is prtty badly phrased - it implies almost an obligation, the little boy with his finger in the dam, and it's his calling, nay, his duty, to keep it there, for the sake of the rest of us.

Which is not the case.

Re:I'll miss' em

[erpbridge]

Somehow, I'm thinking that K5 or D**g might be the replacements... not necessarily WORTHY ones, but...

The reasons

[jginspace]

The reasons are, expanding from TFA: "open relay RBLs are no longer the most effective way of preventing spam from entering your network as spammers have changed tactics in recent years, as have the anti-spam community."

I concur.

Re:The reasons

[MztrBlack]

Truth. I'm down to about one spam in a thousand that's coming from a (known) open relay on my mail server. Doesn't mean spam is any less, just that RBLs aren't serving the purpose they once did.

Re:The reasons

[BenFranske]

Which is nearly what they said in the article:

We encourage system owners to remove ORDB checks from their mailers immediately and start investigating alternative methods of spam filtering. We recommend a combination involving greylisting and content-based analysis (such as the dspam project, bmf or Spam Assassin).

Re:The reasons

[Bazer]

"Me too."

Fix that for ya.

Apart from that. What's the best way to fight spam today?

Re:The reasons

[LoadWB]

Their statement is exactly the reason why I have been migrating away from DNSBL use solely, and modified my "no whitelist" policy -- DNSBLs are useful, but by themselves lack effectiveness.

In the case of ORDB, out of a couple hundred thousand email rejections last week, only five were due to an ORDB listing. In my configurations, ORDB is fourth in line to other DNSBLs, like the SBL/XBL, which catch a good 73% of crap before ORDB even has a chance.

Many thanks to them for the work over the years.

Re:The reasons

Greylisting.

Re:The reasons

[garwain]

I'll agree as well, they are not the most effective way, but with a carefully designed setup, and well chosen lists they be very helpful. I use several RBLs and if I find 3 or more hits for the IP, I reject the mail completely, not analysis needed on my end. With the quantites of email that I process every day, I'd need at least one extra server to handle baysean filtering of all the spam that is being blocked by the RBLs.

SORBS

[Spazmania]

Now if extortionist SORBS would die, the anti-spam communinity could refocus on dealing with actual spammers. SORBS never was a pillar of responsibility but the current practice of "dontate to a SORBS-approved charity to get off the list" is just plain wrong.

Re:SORBS

[GigsVT]

Don't forgot the "we blocked you because you used the wrong ISP" people, SPEWS.

Re:SORBS

[gclef]

SORBS has one useful list: the dial-up DNS blacklist (spare me the diatribes about being able to send mail from a dynamic address. I know the arguments, but the benefit doesn't outweigh the cost of the spam coming from that address space).

I'm not willing to pay Trend Micro for access to what used to be MAPS for my one, small domain, and I haven't found anyone other than SORBS offering a collection of dial-up addresses as a DNS blacklist. If there are other, reliable, dial-up blacklists, I'd love to hear about them.

Re:SORBS

[benoitg]

If people taking this stance would at least bounce the email, it wouldn't be quite so bad. Right now a lot of people don't, and those running their own mailservers do not even know when a message will not reach the intended recipient because their IP address wasn't "expensive enough".

Re:SORBS

[misleb]

Problem with sending bouncebacks is that you can end up causing just as much of a problem as you are solving. If you bounceback messages to forged senders, you are effectively spamming people. One has to be careful about which messages are just dropped and which are bounced back. If you reject blacklisted IPs at the SMTP level, you should always get a bounceback. But if messages are "scored" based on blacklists, you may not get a bounceback if it scores to high...

-matthew

Re:SORBS

[gclef]

The default behavior on the SMTP servers I've worked with (sendmail and exim4) is to reject the mail before the DATA segment if the source is listed in a DNSBL...so you should be getting bounces from most organizations that do this (that's certainly how mine's working).

Re:SORBS

In other words, please stop breaking the internet by supporting the idiots at SORBS.

Re:SORBS

[darksoulz]

dynablock.njabl.org

Re:SORBS

[CFrankBernard]

He may already realize that. I've seen lots of people use the terms "bounce" and "drop" to refer either during delivery (in-session with connecting/source IP address) or else after DATA / message delivery. The former is of course the best. The sending server should be configured to copy the whole SMTP error ("bounce") message to the sender's inbox.

Re:SORBS

[Secrity]

The cure to this problem is for you to use your ISP's mail relay (or any other mail server that isn't using a dynamic IP address; which is usually residential grade internet service). I run a mail server for a rather large company and the server is configured to reject SMTP connections from dynamic IPs, which prevents quite a bit of spam -- and the sender is aware that the mail has been rejected.

Re:SORBS

[dodobh]

dynablock.njabl.org

Re:SORBS

[chris+mazuc]

Blocking dynamic IPs is wonderful... unless you are unlucky enough to inherit an old dynamic subnet. I've spent the last three weeks getting off of almost every blacklist on the planet.

Re:SORBS

[osu-neko]

SORBS has one useful list: the dial-up DNS blacklist (spare me the diatribes about being able to send mail from a dynamic address. I know the arguments, but the benefit doesn't outweigh the cost of the spam coming from that address space).

True. Now, if only someone actually had an accurate list of dynamic IP addresses, this would be a good strategy, but since neither SORBS nor anyone else actually has one, it gets rather annoying for those of us who get our email bounced or eaten because some idiot has their mailserver configured to bounce mail from our perfectly static IP addresses that happens to be on one of these highly inaccurate lists.

Re:SORBS

[geminidomino]

Problem with sending bouncebacks is that you can end up causing just as much of a problem as you are solving.

This is a misconception born at the hands of idiotic software like Norton AV.

A properly setup SMTP MTA will reject with a 55x (permanent failure) error, and the sending MTA generates the bounce message, sending it to the account generating the email, not looking at the From: address at all.

Re:SORBS

[Elshar]

Or the "We don't like your ip naming scheme, because we think its too generic"

Re:SORBS

[Fred_A]

I'm not willing to pay Trend Micro for access to what used to be MAPS for my one, small domain, and I haven't found anyone other than SORBS offering a collection of dial-up addresses as a DNS blacklist. If there are other, reliable, dial-up blacklists, I'd love to hear about them.

Sorry, but as dynamic addresses go, MAPS certainly isn't reliable. It lists a number of statically allocated blocks (some addresses of which may indeed be abused) ans dynamic when they aren't.
For example my block is in the MAPS database despite having a proper reverse DNS, a properly setup DNS, a behaving MTA, etc. It is connected by ADSL but will be switched to fibre one of these days.

Dropping mail solely based on blacklists is stupid. Using it to score mails (in he spirit of what spamassassin does), in combination with other things, might be useful.

Re:SORBS

[tokul]

Now if extortionist SORBS would die ... "dontate to a SORBS-approved charity to get off the list"

Or good cause.

Extortion is a criminal offense, which occurs when a person either obtains money or property from another through coercion or intimidation or threatens one with physical harm unless they are paid money or property.

They don't get those 50 USD and you must pay for delisting only if you are listed as spammer. Delisting from other lists is free. Prove that they made mistake, make sure that your server is not abused or vulnerable and they will remove you.

So you are spammer or your address was used by spammer and you haven't checked that address when provider assigned it to you.

Re:SORBS

[kju]

Nonsense. It isn't about the "price" of the ip addresses but the simple fact that dialup users will send their mail in 99.9% through their providers mailserver and therefore nearly everything coming directly from a dialup ip is abuse by spam or virus sending trojans. It just makes sense to block dialup ips and it would have been better if users would have been forced to use their providers servers from the beginning, because its a lot easier to track abuse when mail is going through the isps relay.

Re:SORBS

[Dion]

Well, no, that list is crap, because it's not in sync with reality.

I have a machine in a range that SORBS thinks is dynamically allocated, but it's not.

Re:SORBS

[misleb]

A properly setup SMTP MTA will reject with a 55x (permanent failure) error, and the sending MTA generates the bounce message, sending it to the account generating the email, not looking at the From: address at all.

Some admins prefer to use blacklists for scoring rather than automatic rejection. It cuts down greatly on the false positives.

-matthew

Re:SORBS

[geminidomino]

At the cost of not being able to notify the sender that the mail wasn't received (not to mention vastly increased resource usage)... unless they do ignore it and send the backscatter... gods, I hate those people... they're almost as bad as those C/R fools and their backscat.

Re:SORBS

The cure to this problem is for you to use your ISP's mail relay (or any other mail server that isn't using a dynamic IP address; which is usually residential grade internet service). I run a mail server for a rather large company and the server is configured to reject SMTP connections from dynamic IPs, which prevents quite a bit of spam -- and the sender is aware that the mail has been rejected.

Which is fine... in theory. In reality, the lists of what is a dynamic IP are very inaccurate. I had a business class DSL line w/ static IP ($150/mo) for 5+ years that I was never able to use for e-mail because of incorrect entries on those blacklists.

Using blacklists for scoring is smart. But you need to be careful about using them for blocking. Blocking on an open-relay indicator works well because you're disciplining a server where the admin has control (and if they care they'll reconfigure their server to get off of the list). Blocking based on a known erroneous dynamic IP list isn't as smart because the administrator of the affected system probably doesn't have an alternative. You're punishing someone based on incorrect information that they have no control over.

(Just make sure if you're bouncing messages to check against the SPF records to determine whether the bounce messages are worth sending. If the message was received from an invalid IP address then it probably won't get back to a recipient who cares.)

Already offline?

[The+Blue+Meanie]

If they've already shut down, I guess that explains the rather sudden and rather LARGE increase in spam I had sitting in my various mailboxes waiting for me this morning. :(

Can anyone suggest a good alternative? I'm using spamhaus, sorbs, and uceprotect at the moment, and no, I won't use spamcop. ordb HAD been an excellent fourth.

Re:Already offline?

[Aladrin]

Yes, we get that. He doesn't WANT TO.

I haven't seen BadAnalogyGuy lately, so I'll have to do his job I guess:

Slapping mosquitos is not the most effective way of killing mosquitos, but I'm not going to ignore the ones sucking my blood simply because sprays, candles and electric noises work better.

'Not best' is not the same as 'not useful.'

Re:Already offline?

[The+Blue+Meanie]

Thanks. Couldn't have said it better myself.

See the many postings below this about how many people are blocking thousands of mails at the front door BEFORE subjecting them to resource-intense or flaky at best filtering solutions.

And my original question still stands.

Re:Already offline?

[dodobh]

Which spamhaus list? The sbl-xbl is rather good. You might want to block email addresses with ' and non FQDN HELOs as well.

Re:Already offline?

[Incadenza]

Here's my set-up (old-style Postfix config). No false positives in five years, so these are pretty reliable (and from the comment the I must have written myself, ordb has been of my list for quite a while):

maps_rbl_domains =
list.dsbl.org,
sbl-xbl.spamhaus.org,
hil.habeas.com,
dul.dnsbl.sorbs.net,
dynablock.njabl.org

# Not enough hits to justify keeping them in the list

# relays.ordb.org
# opm.blitzed.org

Also, for RBL's that might not be 100% reliable, there is a simple to way to add them to your spamassassin setup (/etc/mail/spamassassin/local.cf), as I have done for PSBL:

# http://psbl.surriel.com/howto/

header RCVD_IN_PSBL eval:check_rbl('psbl', 'psbl.surriel.com.')
describe RCVD_IN_PSBL Received via a relay in PSBL
tflags RCVD_IN_PSBL net
score RCVD_IN_PSBL 0 1.00 0 1.00

Re:Already offline?

Well according to them they will shutdown December 18,2006 and they are in Denmark so it is technically down. The large spike of spam has being going since October 2006 and shows no signs of slowing down.
Back to the RBL I had this running until June 2006 when Google changed it smtp servers to send mail anonymously via some former spammer's IP address so I need to turn this service off. When I turn all of these service off but left them as part of the spamassassin's point calcuation my spam when off the deep end. It is pain for me and other mail administrators to have Google do this to us.

Re:Already offline?

[Onymous+Coward]

We must receive spam from radically different sources. (Which can't be the case, really.) Here's stats for back in October for performance of my then-configured 3 block lists:
    of 1609 total RBL rejections (for one week):

            94.0% DSBL (1514 blocks)
              5.7% Spamhaus SBL (92 blocks)
              0.1% ORDB (3 blocks)

+3 spam a week is obviously not a flood. I even had ORDB listed as the first DNSBL to check (sorry for the load, ORDB guys).

So ORDB hasn't been serving me for some time.

(Thanks to anyone about to recommend CBL/XBL, I'm already investigating.)

Re:Already offline?

[geminidomino]

Reading comprehension FTW!

FTA: "open relay RBLs are no longer the most effective..."

Because most admins have sufficient clue now NOT to run open relays, that particular idiocy is less widespread nowadays. There are plenty of other IPs that belong on RBLs that aren't open relays.

Re:Already offline?

[geminidomino]

Not ideal, but you can run your own DNSBL, if you find that this list was blocking a lot of spam (as you suggested).

Using BIND:

Set up a zone (ordb.yourdomain.tld, for example) and set up the zonefile with reversed IP records.

ddd.ccc.bbb.aaa IN A 127.0.0.1
*.ccc.bbb.aaa IN A 127.0.0.1
                                  IN TXT /24
*.bbb.aaa IN A 127.0.0.1
                                  IN TXT /16 ... .. ..

etc...

And then you can set up your MTA to use this blocklist the same way you'd had it set up to use the original ORDB.

The downside of this approach is that you have to maintain it yourself, and it'll take time and a lot of spam to build up to a useful level.

Still, it's a useful thing to know.

Re:Already offline?

[totally+bogus+dude]

You might want to block email addresses with ' and non FQDN HELOs as well These can be quite useful, though you will run into legitimate servers which say hello using only a bare hostname. Depending on your mood you can try to convince their postmaster to fix their server config, but it's usually easier to just add their IP to a whitelist.

Another very useful thing to do (if you don't already) is to refuse mail service from anything claiming to be from your own domain. A lot of spam engines seem to use either the domain name, the name of the mail server they're talking to, or your mail server's IP address in their HELO.

So, make sure your system trusts your own IP addresses, and then reject anyone that claims to be one of your own servers. So far today (just under 6 hours) we've rejected 177 messages from people claiming to be our own server, versus 13 with a non-FQDN hostname in their HELO. No legitimate server will ever do this, and it provides a low-cost way to refuse some of the stupider spambots.

I wonder...

[jfengel]

If the RBLs go offline, will spammers shift back to using open relays? I suspect not; the bot-nets are harder to stop and, from the spammer's POV, probably more reliable. The dark side of distributed, highly redundant networks.

Still, it's pretty nice to think that they're going offline because they've largely solved the problem they were fighting. It's like declaring smallpox or polio extinct. And if they come back, we'll remember the formula.

Re:I wonder...

[pla]

Still, it's pretty nice to think that they're going offline because they've largely solved the problem they were fighting.

I wish I could agree with that sentiment, but I'd call it a closer analogy to say that the disease gained immunity to the best known antibiotic so far and further use of it just wastes resources better spent elsewhere.

The governments of the world need to make it legal to hunt down and torture spammers and their extended families to death. Until then, they will always find ways to fill our inboxes with garbage.

Re:I wonder...

The governments of the world need to make it legal to hunt down and torture spammers and their extended families to death

Your post advocates a

( ) technical ( ) legislative ( ) market-based (x) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:I wonder...

[smaddox]

Yeah, but that means you had to come up with about 30 phrases that didn't apply to the suggestion. Your just not lazy enough to exist here on slashdot.

Re:I wonder...

[nuzak]

http://www.craphound.com/spamsolutions.txt

He didn't invent the list. That's the kind of laziness we're looking for.

He even used it for the checklist's intended reason -- as satire. EVERYTHING fails somewhere on that list.

Re:I wonder...

[fullphaser]

Furthermore, this is what I think about you: (x) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

I am afraid the correct responce to a vigilante is always
(X) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:I wonder...

I am afraid the correct responce to a vigilante is always
(X) Nice try, assh0le! I'm going to find out where you live and burn your house down!

And as always, there's an "Internet Tough Guy" willing to show his ass.

Please.. I suspect most vigilantes have quite a bit more in the balls department than you do.

Re:I wonder...

[lordSaurontheGreat]

Perhaps the makers of this list would care to put their clearly superior intellect towards solving the problem, rather than making fun of people who try to solve the problem? The best SPAM solution I've heard yet is rebuilding the whole email system from the ground up, integrating new message sender authenitcation techniques. However, this is rejected because it breaks existing systems which rely on automatically sent email. In addition, the system would be too easily abused (who decides what's legitimate email?). SPAM I think will eventually collapse upon itself. It's currently saturating the internet, making normal, legitimate traffic wait. I recently noticed that a fellow member of the Silicon Valley Linux Users Group finally tweaked his email server enough to recieve something other than spam. He said he got about 3 months of backlogged legit email. If SPAM breaks the internet, SPAM will die. They have to find a limit at some point, and they also need to find a way to make money. I can't find anyone that says they've actually bought anything from spammers. Rather, I'm led to believe that they make almost all their money off of phishing. It's therefore my supposition that they keep up these massive bot nets and mass-spam tactics to keep us distracted from their real cash source: phishing. Remember: they don't necessarily need to get your credit card number. They can make a pretty penny simply selling your personal information (email, address, phone number, whatever) to other spammers. The phishing and PIM-harvesting is their big ticket item. I'm willing to speculate that there aren't any drugs in Canada. It's all a distraction.

Re:I wonder...

[nuzak]

> Perhaps the makers of this list would care to put their clearly superior intellect towards solving the problem, rather than making fun of people who try to solve the problem?

Whoosh. I even said it was satire in the very post you responded to.

> If SPAM breaks the internet, SPAM will die.

My brain fairly vibrates with the impact of such tremendous insight. But the internet's been doing a pretty good job so far at surviving.

Re:I wonder...

[lordSaurontheGreat]

> Perhaps the makers of this list would care to put their clearly superior intellect towards solving the problem, rather than making fun of people who try to solve the problem?

Whoosh. I even said it was satire in the very post you responded to.
That people have created a system of ridiculing people searching for a solution tells me that we're getting further from a solution. It also makes me begin to suspect that the people making/using that list are spammers attempting to stomp all attempts to find a solution. I don't find it satirical as much as I find it BS. Slightly amusing BS, but it's not welcome AFAIC. I want a solution, not excuses. Spam is a crime. It wastes other people's time and money. It's petty theft. It's no better than walking up to someone and mugging them. You're doing the same thing, anyways. They're loosing money paying (either directly or indirectly, either in their time or in the time of the people they either directly or indirectly employ) and time wasted in the totally bogus unsolicited spam. More and more of the spam I see (I'll read one or two every week or so just so I know more or less what I'm talking about) is a gigantic con. Phishing. It's nothing but miserable people who have nothing to offer society leeching off of society by preying on those that aren't looking out for the predators. It's low. It's horrible. It should be highly punishable. That doesn't help. We need to either find a way of tracking them or find a way of screening them out. I'm open to solutions. I've spent considerable thought on the problem, and I don't have any ideas short of blacklisting (which isn't feasible.)

If SPAM breaks the internet, SPAM will die.

My brain fairly vibrates with the impact of such tremendous insight. But the internet's been doing a pretty good job so far at surviving. I would beg to differ. http://lists.svlug.org/archives/svlug/2006-Decembe r/053992.html There are other stories on the same list. I don't feel obligated to teach/show/do-for-you how to mangle a URL to find the proper page to navigate through.

Re:I wonder...

Rather, I'm led to believe that they make almost all their money off of phishing. It's therefore my supposition that they keep up these massive bot nets and mass-spam tactics to keep us distracted from their real cash source: phishing.

Phishing (via email) is a far newer thing, while you could argue that the old fake login prompts from shared college computers constituted the first "phishing" incidents, but the modern explosion came well afterwards.

I won't bother to list all the ways you can make money off spam for the same reasosn I don't publish how-to guides on terrorism, but I can assure you there are lots of ways you aren't thinking of.

I can't find anyone that says they've actually bought anything from spammers.

I can't find anyone who thinks they are dumb as a brick, but I can find a lot of people who are dumb as a brick (DAAB). You need better measures

I recently noticed that a fellow member of the Silicon Valley Linux Users Group finally tweaked his email server enough to recieve something other than spam.

So his server was only passing spam but rejecting valid email? For 3 months? I think I found another member of the DAAB set.

Perhaps the makers of this list would care to put their clearly superior intellect towards solving the problem, rather than making fun of people who try to solve the problem?

The form, like most forms, was created as a time saving device so they wouldn't have to waste so much time with the DAAB folks who think they know the answer that folks who have been devoted to the problem for years haven't been able to think of.

I'll have your DAAB card out to you by the end of the week.

Re:I wonder...

that's because he meant to check legislative

Re:I wonder...

[totally+bogus+dude]

That people have created a system of ridiculing people searching for a solution tells me that we're getting further from a solution. It also makes me begin to suspect that the people making/using that list are spammers attempting to stomp all attempts to find a solution. The response is mostly designed for cases where people see the same old "solutions" propose time and again by technically illiterate folk who think that they've found a simple and easy solution that all the experts have somehow missed. It converts something repetitive and tedious into something that's at least a little bit amusing.

Or in other words: the people that made that list are actively involved in trying to find ways to fight spam, and use it to stomp useless suggestions (which have all been suggested before) which either do nothing to address the problem or are completely impractical.

Spam is a crime. It wastes other people's time and money. It's petty theft. It's no better than walking up to someone and mugging them. I see your point! Surely if we can prevent people from mugging other people, we can prevent people from spamming others as well! Oh, wait... we can't even protect the physical safety of people from others who live in the same society and under the same code of laws as them.

We need to either find a way of tracking them or find a way of screening them out. I'm open to solutions. I've spent considerable thought on the problem, and I don't have any ideas short of blacklisting (which isn't feasible.) That's because it's a complex problem with no simple solution, just like many of the other problems we're currently unable to solve. You aware that many, many people are trying to find ways to eliminate or at least reduce the problem? And many of these people seem to be a good deal more intelligent than you, but haven't come up with a silver bullet.

But the internet's been doing a pretty good job so far at surviving.
 
I would beg to differ. Your link contains a message from someone who's mail service was being overwhelmed by spam connections, and he improved his system so it's able to automatically block (at the network level) the major problems. It actually sounds like this problem resulted in him increasing the efficiency of his mail system.

Hardly a good example of spam "breaking the internet", or a demonstration that the internet isn't surviving.

Finally: the humorous canned response was a reply to someone who suggested we make it legal to hunt down and torture spammers and their families. It's nice that you're so serious about wanting to stop spam, but I don't think anyone expected a serious reply to that proposal.

Re:I wonder...

[canuck57]

If the RBLs go offline, will spammers shift back to using open relays? I suspect not; the bot-nets are harder to stop and, from the spammer's POV, probably more reliable. The dark side of distributed, highly redundant networks.

Botnets are trivial to stop, load up spamassassin and research how to tune the rules with SPF

Knock'em dead.

But ORDB will be sadly missed. It was in my 2 cents, the most reliable going. Every system it hit was because someone didn't configure it properly.

Re:I wonder...

[RealGrouchy]

EVERYTHING fails somewhere on that list.

Exactly. That's why we should stop trying to fight or filter spam.

Now, getting back to the main point of the story, I'd like to interest you in a serios bussines opportunity...

- RG>

Re:I wonder...

[lordSaurontheGreat]

That people have created a system of ridiculing people searching for a solution tells me that we're getting further from a solution. It also makes me begin to suspect that the people making/using that list are spammers attempting to stomp all attempts to find a solution.

The response is mostly designed for cases where people see the same old "solutions" propose time and again by technically illiterate folk who think that they've found a simple and easy solution that all the experts have somehow missed. It converts something repetitive and tedious into something that's at least a little bit amusing.

Or in other words: the people that made that list are actively involved in trying to find ways to fight spam, and use it to stomp useless suggestions (which have all been suggested before) which either do nothing to address the problem or are completely impractical.

The would you mind helping these people? Simply ridiculing them is alienating a mind that is willing to work on the problem. It's extremely counter-productive.

Spam is a crime. It wastes other people's time and money. It's petty theft. It's no better than walking up to someone and mugging them.

I see your point! Surely if we can prevent people from mugging other people, we can prevent people from spamming others as well! Oh, wait... we can't even protect the physical safety of people from others who live in the same society and under the same code of laws as them.

Surely even you are aware of the statistics. Somewhere around 95% of all email sent is spam. Now, even in San Francisco you don't get mugged 95% of the time you walk out your door. Similarly, I don't think that 95% of my [email] time should be stolen. You have a perfectly valid point, though it doesn't stand the test of statistics. If spam were floating at somewhere around 40% or even 50%, you'd have a much more valid argument.

We need to either find a way of tracking them or find a way of screening them out. I'm open to solutions. I've spent considerable thought on the problem, and I don't have any ideas short of blacklisting (which isn't feasible.)

That's because it's a complex problem with no simple solution, just like many of the other problems we're currently unable to solve. You aware that many, many people are trying to find ways to eliminate or at least reduce the problem? And many of these people seem to be a good deal more intelligent than you, but haven't come up with a silver bullet.

It's unrealistic for you to expect me, or anyone, to have a solution. However, you're being anarchistically unwilling to hear any kind of solution out. If I didn't know any better, I'd say that you're trying to be part of the problem.

But the internet's been doing a pretty good job so far at surviving.

I would beg to differ.

Your link contains a message from someone who's mail service was being overwhelmed by spam connections, and he improved his system so it's able to automatically block (at the network level) the major problems. It actually sounds like this problem resulted in him increasing the efficiency of his mail system.

Hardly a good example of spam "breaking the internet", or a demonstration that the internet isn't surviving.

Finally: the humorous canned response was a reply to someone who suggested we make it legal to hunt down and torture spammers and their families. It's nice that you're so serious about wanting to stop spam, but I don't think anyone expected a serious reply to that proposal.

Fear is an effective tool of management. If we used the death sentence more often, do you think crime would be comitted as often? To me it's a preventative measure. However, the only flaw I can find in that planis the tracking down the spammers part. They're devious and careful. They're hackers. They know how to imp

Re:I wonder...

[fullphaser]

for an anonymous coward you sure do have the sence of humor of a rock

Re:I wonder...

[totally+bogus+dude]

Or in other words: the people that made that list are actively involved in trying to find ways to fight spam, and use it to stomp useless suggestions (which have all been suggested before) which either do nothing to address the problem or are completely impractical. Then would you mind helping these people? Simply ridiculing them is alienating a mind that is willing to work on the problem. It's extremely counter-productive.

The people who get the canned response are themselves being counter-productive. They haven't bothered to read the list archives or do any of their own research on the subject, or they would already know that their suggestion is useless. These sorts of minds are not a useful resource to apply to the problem.

I see your point! Surely if we can prevent people from mugging other people, we can prevent people from spamming others as well! Surely even you are aware of the statistics. Somewhere around 95% of all email sent is spam. Now, even in San Francisco you don't get mugged 95% of the time you walk out your door.

I for one would much rather have 95% of my email time wasted by spam than to be mugged even 0.01% of the time. They're not even close to being on the same scale.

However, you're being anarchistically unwilling to hear any kind of solution out. If I didn't know any better, I'd say that you're trying to be part of the problem.

I don't know where you got the impression that I'm unwilling to hear any kind of solution out. My original response in this thread was an (apparently misguided) effort to convince you that a humourous canned response is entirely appropriate for messages like the one which started the thread ("just make it legal to kill spammers and their families!"), and that doing so isn't in any way being a "part of the problem."

I (and many others) would be quite willing to hear about new methods for combatting spam. You may be correct in saying I'm anarchistically unwilling to hear completely impractical and unworkable "solutions" which just cause more problems and don't do anything to actually address the issue.

Fear is an effective tool of management.

But not all that effective. Ignoring the ethical and practical problems of the death penalty (false positives, anyone?), statistics have shown time and again that the threat of capital punishment doesn't reduce the rate of serious crimes by a significant amount compared to the threat of imprisonment. People commit crimes like these because either they're emotionally or mentally unstable, or because they believe they won't be caught.

Further, while you may like the idea of living in a society where you can be executed simply for sending someone an email they didn't want, I'm going to go ahead and hope that the majority continue to oppose that particular point of view.

Finally, you seem to be under the impression that the magic satirical response form is an either/or solution. It hasn't occurred to you that maybe it's only used for obviously unhelpful suggestions, and ones which might actually have some merit spawn intelligent, informed debate on the topic?

Re:I wonder...

[lordSaurontheGreat]

The people who get the canned response are themselves being counter-productive. They haven't bothered to read the list archives or do any of their own research on the subject, or they would already know that their suggestion is useless. These sorts of minds are not a useful resource to apply to the problem.

You know that in mailing lists it's generally considered rude if you speak when you have nothing to say? So you personally don't have the patience to explain to some newbie about the problem. Rather than maintaining silence and letting someone else help the person, you egotistically rebuke them. Honestly, it takes you more time to criticize them than it does to ignore it. Another way of learning more about something is making a suggestion and listening to feedback. Satirical, euphemistic feedback does not help.

I don't know where you got the impression that I'm unwilling to hear any kind of solution out. My original response in this thread was an (apparently misguided) effort to convince you that a humourous canned response is entirely appropriate for messages like the one which started the thread ("just make it legal to kill spammers and their families!"), and that doing so isn't in any way being a "part of the problem." I (and many others) would be quite willing to hear about new methods for combatting spam. You may be correct in saying I'm anarchistically unwilling to hear completely impractical and unworkable "solutions" which just cause more problems and don't do anything to actually address the issue.

I'm a programmer. You don't get far in programming that learning that your initial idea is nothing more than a starting point. True, the page is no longer blank, but you do have an eraser with which to make changes and modify the original idea. Your policy of just rejecting/ridiculing incepient solutions is counterproductive. The toughest problems only get closer to being solved the more times you approach them, and you're flat out refusing to come back and take another whack at it. More specifically, the Law does not install locks on doors to prevent theft, but provides punishments that deter potential theifs from comitting the crime. What you're saying is that you're unwilling to make a more effective law, and rather are only interested in building a better lock (a technical solution to spam, like a filter system). We need both.

I for one would much rather have 95% of my email time wasted by spam than to be mugged even 0.01% of the time. They're not even close to being on the same scale.

I agree with you there. However, seeing as how we have the mugging problem mostly under control, let's focus on the spam problem. They share the same abstract root. They simply manifest themselves differently.

But not all that effective. Ignoring the ethical and practical problems of the death penalty (false positives, anyone?), statistics have shown time and again that the threat of capital punishment doesn't reduce the rate of serious crimes by a significant amount compared to the threat of imprisonment. People commit crimes like these because either they're emotionally or mentally unstable, or because they believe they won't be caught.

You're missing the point. Those people you listed (the ones that are insane or think they won't get caught) are going to commit the crime no matter what law you have in place. It's the people that calcuate the risks of getting caught (ie. the cautious ones) that are more likely to commit the crime if there is a weak punishment. You can't do anything about the crazy people, but the strong punishment drives away the others. I wonder how many spammers keep spamming away because they know that the worst that will happen to them is a mere slap on the wrist. This would suggest two actions: 1) Stronger laws that punishes more severly the crime 2) Development of new ways to catch people commiting the crime One without the other is totally worthless. The OP suggested

Re:I wonder...

[totally+bogus+dude]

I think we disagree about what is a helpful solution. You're expecting a golden email to appear, outlining how to fix the problem. Realistically, a bunch of emails will collect - like the one you've defamed - that we have to weld together to create the silver platter.

The email I've apparently defamed said this:

The governments of the world need to make it legal to hunt down and torture spammers and their extended families to death. Until then, they will always find ways to fill our inboxes with garbage.

Now, for some reason you seem to believe that The original idea is sound, it just needs some more tweaking to make it work. I strongly disagree that people who behave in a slightly antisocial way deserve to be tortured to death, along with their families. Nothing about the original idea is sound. It's suggesting a horrible regression of society in order to combat a trivial inconvenience to all but the terminally stupid. (I also don't think it was a serious suggestion, so a non-serious reply is entirely expected.)

Another way of learning more about something is making a suggestion and listening to feedback.

A satirical, euphemistic response is feedback. It tells the person making the suggestion that they are hopeless underinformed on the issue. They can get all pissy about the fact that a serious discussion about a complicated issue actually requires that you have some idea of what you're talking about, or they can realise that they've made a naive suggestion (likely without bothering to check if anyone else has already done so) and go and learn more about the issues.

Honestly, it takes you more time to criticize them than it does to ignore it.

Yes, it is criticism: but it's constructive criticism (unless your ego is too large to be able to view it as such). I would also point out that many more people see these responses than just the original poster. If sending a quick form in response prevents even 2 or 3 other people from sending in their similarly flawed, over-simplistic "solutions", then it's actually saved the list members some time. They don't need to read the additional suggestions in the first place, and nobody has to spend time composing a nice polite email explaining basic things to them.

Lastly, you also admit that combating the spam problem through legislative means requires the cooperation of essentially every nation on the planet. Given the number of vastly more pressing issues which also require cooperation but have failed to obtain it, any suggestion that spam will be the issue that consolidates the world's governments and dictators is utterly absurd.

And if you really think spam is such a massive issue that is has the potential to work this miracle, I think you need to take a step back. Spam is an inconvenience, but it's hardly life-threatening. It's just part of the cost of doing business on the internet.

So basically my stance is this: this entire discussion is absurd!

Re:I wonder...

[lordSaurontheGreat]

Now, for some reason you seem to believe that The original idea is sound, it just needs some more tweaking to make it work. I strongly disagree that people who behave in a slightly antisocial way deserve to be tortured to death, along with their families. Nothing about the original idea is sound. It's suggesting a horrible regression of society in order to combat a trivial inconvenience to all but the terminally stupid. (I also don't think it was a serious suggestion, so a non-serious reply is entirely expected.) Tweak more. You might actually get to what I mean.

A satirical, euphemistic response is feedback. It tells the person making the suggestion that they are hopeless underinformed on the issue. They can get all pissy about the fact that a serious discussion about a complicated issue actually requires that you have some idea of what you're talking about, or they can realise that they've made a naive suggestion (likely without bothering to check if anyone else has already done so) and go and learn more about the issues. Wow. "This does not torture them enough" isn't constructive criticism, and really contradicts what you said before. I didn't think I needed to differentiate between good and bad feedback for you. You're a piece of work.

Yes, it is criticism: but it's constructive criticism (unless your ego is too large to be able to view it as such). I would also point out that many more people see these responses than just the original poster. If sending a quick form in response prevents even 2 or 3 other people from sending in their similarly flawed, over-simplistic "solutions", then it's actually saved the list members some time. They don't need to read the additional suggestions in the first place, and nobody has to spend time composing a nice polite email explaining basic things to them. So, if I'm reading this correctly: "I don't have time to explain it to them, therefore it's not worth explaining to them." Just because you don't have time does not mean that others do not.

Lastly, you also admit that combating the spam problem through legislative means requires the cooperation of essentially every nation on the planet. Given the number of vastly more pressing issues which also require cooperation but have failed to obtain it, any suggestion that spam will be the issue that consolidates the world's governments and dictators is utterly absurd. There already exist international crime fighting organizations. INTERPOL is one of them. Here's an idea for you: nations that fail to uphold their end of the bargain should be totally disconnected from the Internet. Let them spam themselves to death, but it's inherently unacceptable that I have to pay because it's illegal for people to prosecute some botnet in China just because of a border which doesn't exist in cyberspace. The geographical barriers which exist on the map aren't there on the net, and the law has to reflect that.

So basically my stance is this: this entire discussion is absurd! I've been silently thinking the same thing, though I thought it impolite to voice the matter. If you're done having me lecture you on kindergarten morals and ethics, I'll stop if you'll agree to stop.

Re:I wonder...

[totally+bogus+dude]

Wow. "This does not torture them enough" isn't constructive criticism, and really contradicts what you said before. I didn't think I needed to differentiate between good and bad feedback for you. You're a piece of work.

It was a humorous, satirical response, as you said yourself. Apparently other people took it as such, as it's currently moderated +4 funny. Perhaps you don't see the humour in ticking that particular box in response to someone suggesting we torture and kill them and their family; but presumably the person who posted the form response did.

Here's an idea for you: nations that fail to uphold their end of the bargain should be totally disconnected from the Internet.

This is the kind of argument that form was created for! All it takes is for one single country that you wish to have part of "your" internet to decide not to agree to this, and you're stuffed. There's plenty of reasons they might decide this: money being the most likely, but also some crazy idea of not wanting to make the entire country's population do without the benefits of the internet in order to punish the tiny minority who abuse the privilege.

Not to mention the requirement for a technical solution, as it's virtually impossible to tell where the spam sent from botnets actually originated from.

Just because you don't have time does not mean that others do not.

And just because I (or someone else) sends a satirical pro-forma response, doesn't mean that nobody else can respond in a more serious manner if they think it'd be more helpful. Note that there was only one other reply to the original suggestion, which was advocating a completely different solution. So it would appear that none of the many other slashdot readers thought it worth responding to the OP, either.

If you're done having me lecture you on kindergarten morals and ethics,

Perhaps that's precisely the issue here: you seem to want to apply kindergarten morals and ethics to the real world. In the real world, there is nothing immoral or unethical about dismissing an argument or point of view which you see zero value in. Quit being a freaking crybaby.

I'll stop if you'll agree to stop.

Agreed.

Re:I wonder...

[lordSaurontheGreat]

I'll stop if you'll agree to stop. Agreed. You didn't stop. You continued arguing the point. Your silence would show that you agree. I'll give you another chance by not replying to your counterarguments. However don't make the grave mistake of thinking I've nothing left to say - if you have a change of heart, my opinions and I will be here waiting.

Omnipotent awareness... or not

[RingDev]

I guess some of these groups have a rather large following, but how about actually linking to their page or to a wiki that describes what they do? For those of us lazy American's too lazy to cut and paste.

-Rick

Re:Omnipotent awareness... or not

[BenFranske]

Maybe this will clarify what they do.

Re:Omnipotent awareness... or not

[brufar]

This is a large list of the different blacklists available with a short blurb about how they operate, if they are free or fee based, and a link to each site. http://shopping.declude.com/Articles.asp?ID=97

182 working spam databases listed. 254 total spam databases listed. About 681 represented, including country databases. List of All Known DNS-based Spam Databases. The most common way of detecting spam is by using spam databases (blacklists, sometimes incorrectly referred to as RBLs, since RBL is trademarked by MAPS) that list the addresses of mail servers known (or believed) to send spam.

Good case why not to trust "community" services?

[xxxJonBoyxxx]

Is this a good case why it's not generally a good idea to put any long-term trust in "community" services like this?

The RBL DNS service and mailing lists will be taken down today (December 18, 2006) and the website will vanish by December 31, 2006.

Thanks - that's not even two weeks notice.

The reasons given tend to be the usual ones - volunteers have been focused on other things in life

More likely, they woke up one day and figured out they were sick of eating Ramen noodles while being taking for a ride by commercial leeches who never kicked back.

Re:Good case why not to trust "community" services

commercial leeches that never give back - that's why free software is dying and will NEVER work as a "business" model.

Are RBL's really finished

[Albanach]

We, and many others, still use RBLs as a front line tool to stop spam. Generally it'll stop several thousand emails a day from even entering the mail system.

Spamassassin is great, we have sever custom rules and find it very effective. However it is resource intensive, especially if you are to add features like OCR detection of image spam.

Is it really the case that folk should be accepting all this traffic from known open relays and then spending processor cycles analyzing it?

Is there a middle ground? Some third way that lets lets you reject as much as possible at the start of the SMTP transaction? Greylisting is certainly an option but it presents significant problems too - many companies simply won't respond. Automatic emails will be missed, signup to websites becomes problematic etc etc. What, if any, are the other options?

Re:Are RBL's really finished

Is there a middle ground? Some third way that lets lets you reject as much as possible at the start of the SMTP transaction?

Sendmail Reject List

If I find a DHCP or dial-up pool spamming me, I place the pool on the Sendmail Reject List and *POOF*, there is one less trouble spot.

Re:Are RBL's really finished

[LodCrappo]

We block tons of spam simply by requiring the sending server to strictly follow RFC 2821. A HELO name that follows the rules seems particularly difficult for the spammers to configure. Non FQDNs on the sender, recipient or hostname... sending domains that don't even exist in DNS, servers using your domain name or your IP address and their HELO... a whole variety of strange things that only spammers (and once in a while really bad sysadmins) do. Then you can go a step further and require that someone's sending domain actually have dns properly setup for mail delivery (a "you can't mail me if I can't mail you" kind of thing).

Also, some grey listing systems are better than others. One that really works well for me is sqlgrey http://sqlgrey.sourceforge.net/ Sqlgrey comes with a fairly decent list of servers to exclude due to their inability to properly follow specs, so you don't lose mail from most of the broken but nonspammer servers. This list is also updated automagically and seems to work pretty well.. makes greylisting actually usable, for us at least.

P.S. Don't want to start any holy wars, but if you're trying to fight mail and want a system thats easy to config and just works, postfix is a really great mail server.

Re:Are RBL's really finished

[Sentry21]

On my server, I use greylisting and RBLs, as well as other checks. In the span of one week, we received 128,000 e-mail attempts, 5000 of which were successful. The checks below block huge amounts of spam, to the point where I've actually removed spamassassin because the only messages it gets a chance to check are all legitimate.

For anyone who's wondering, here's what we've got going on, plus amavisd/clamav doing virus scanning. This blocks all spam I get (used to be 30-200 messages per day that Spamassassin would catch).

smtpd_recipient_restrictions =
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_invalid_hostname,
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_unauth_pipelining,
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client list.dsbl.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client dynablock.njabl.org

Re:Are RBL's really finished

[morgan_greywolf]

Is there a middle ground? Some third way that lets lets you reject as much as possible at the start of the SMTP transaction?

A big one a lot of people don't like and I've never been sure why: 95%+ of all messages where the domain in the 'To:' doesn't match the DNS domain of the IP address in the 'X-Originating-IP:' line are SPAM. So just reject them ALL. SPAM problem solved. Whiners will be executed on site.

Re:Are RBL's really finished

[btpier]

I use strict HELO requirements, greylisting, RBLs, and finally SpamAssassin on my home server. Very few spams make even make it to the SpamAssassin checks. Adding the HELO requirements and greylisting reduced the number spam emails SpamAssassin had to check from >100 emails per day down to an average of about 5 per week.

I haven't had any issues with greylisting. I know of no emails that I haven't eventually received and even web-page sign-ups/registrations have gotten through without a hitch.

There are also filters for postfix that can reject connections based on the age of the domain. If the domain is less than 4 days old, it's likely to be a spammer. I haven't implemented it yet but if the tide of spam swells again, that will be my next line of defense.

Re:Are RBL's really finished

[TubeSteak]

Any chance you can explain how I get e-mails where my address never shows up in the e-mail header?

Received: from basp34 (unknown [10.10.101.71])
        by mailgate.buysell.com (Postfix) with ESMTP id xxx
        for checkmeout105@hotmail.com

From: WickedGifts Postmaster@BuySell.com
To: checkmeout105@hotmail.com

My address is not checkmeout105@hotmail.com, but that's who it seems the e-mail was addressed to.

Re:Are RBL's really finished

[secolactico]

Uh? So the PTR of the originating IP has to match the domain of the destination?

But even if you meant the "From:", how do you deal with hosted mail domains? My domain might be one of thousands hosted at "smtpserver.bigprovider.com" or the like.

Re:Are RBL's really finished

[LodCrappo]

well we are way off topic here, but this can happen for several reasons. first off, anything in the headers can (and often is) completely fake. Second, there is a big difference between the "To:" field in a message's headers and the SMTP envelope RCPT TO: address. If you're geniunely interested, I'd suggest looking at RFC 2821 and 2822 which are free online, or maybe skimming a book on SMTP.

HTH

Re:Are RBL's really finished

[good+soldier+svejk]

Much like a physical business letter, SMTP messages have an envelope and a header. The envelope information is used for routing, just like the US mail, while the header information is what you see in your message just like the header on your business letter. So what you see in your client is totally arbitrary and has no effect on delivery.

Re:Are RBL's really finished

[BandoMcHando]

For example, one significant problem with greylisting is if your organisation happens to use a large 3rd party mail processing company for antivirus and antispam services... with many many email servers... so greylisting may decide to accept mail from you this time... or not... do you feel lucky today?

Re:Are RBL's really finished

[Namegduf+Live]

Non FQDNs on the sender, recipient or hostname... Most spam does not fail FQDN checks. You could consider it "yet another check...", catching some but not all mail, making there be less to check, but it has false positive problems that cause problems in this regard. I am in fact staff on an IRC network while has been forced to require an email check for nickname registration, and we have problems with mail servers rejecting our mail in some cases because of FQDNs problems. Others, like Gmail, accept it and it arrives instantly.

It isn't my area of knowledge but I'm assured that getting a FQDN isn't possible with our shell hosting, and these unnecessary filters creates a LOT of pain for users and staff who then must personally email the person to verify the email.

Is this a good idea if it hits false positive problems, and misses quite a lot anyway? Other checks would catch most spammers failing FQDN, and the number of false positives to spammers blocked who otherwise wouldn't be seems quite high.

Is FQDN supposed to be required for email servers?

Re:Are RBL's really finished

[morgandelra]

wow, I would kill for that light a load :) I get 150,000-300,000 attempts a day and I only have 2000 email accounts on my servers.

Re:Are RBL's really finished

[swillden]

Much like a physical business letter, SMTP messages have an envelope and a header.

Thanks for both enlightening me *and* making me feel like an idiot. Your analogy struck me as such a perfect one, and then I realized it's also an utterly obvious one. I've discussed SMTP envelopes before, but never thought to follow the analogy through to consider the mail headers as equivalent to the headings on a paper business letter. Duh!!! So obvious. Hit me like a bolt out of the blue, though.

Thanks again!

Re:Are RBL's really finished

[Onymous+Coward]

So, yeah, they'll tell you that the headers can be forged. This is true except for the last hop which should be your MTA.

So why doesn't your address show up in the "for" clause of the last hop? I don't think you'll see a fake address there, but where's your real address? I think in certain conditions your MTA will omit the "for". I don't know when that happens, but I've seen the "for" clause missing from the last hop on rare emails. I can't figure out the pattern.

(I use Postfix.)

Re:Are RBL's really finished

[Onymous+Coward]

My mailer only checks syntax of the hostname for FQDN-ness, not validity of the hostname. And it only does a loose interpretation of FQDN-ness syntax.

(We're talking about the hostname in the SMTP HELO/EHLO, if there's any question.)

That is,
    "foo" is not a FQDN by these measures
    "foo.bar" is FQDN by these measures
    "foo." is FQDN by these measures

No checks are performed for existence of any records (A, MX, or even NS) for the given domain. (I think there may be some misunderstanding as to what FQDN is.)

A technically complete FQDN (terminated by root zone '.') is not required (by my MTA).

And still this comprises 37% of total rejected spams on my server. Even more (potentially "most") if you dismiss the no-such-recipient rejections.

(FQDN requirement: RFC 2821 2.3.5)

Re:Are RBL's really finished

[LodCrappo]

Non FQDNs on the sender, recipient or hostname... Most spam does not fail FQDN checks.

uhh... what?? Tons of spammers fail these checks. Compromised Windows boxes acting as spam zombies almost always fail these checks, and as have increasingly becoming a major source of spam over the last couple years, these types of checks have become more and more effective. On the largest mail system I have access to stats on (about 200k messages per day) these checks blocked about 20% of all mail yesterday.

You could consider it "yet another check...", catching some but not all mail, making there be less to check, but it has false positive problems that cause problems in this regard. I am in fact staff on an IRC network while has been forced to require an email check for nickname registration, and we have problems with mail servers rejecting our mail in some cases because of FQDNs problems. Others, like Gmail, accept it and it arrives instantly.

It isn't my area of knowledge but I'm assured that getting a FQDN isn't possible with our shell hosting, and these unnecessary filters creates a LOT of pain for users and staff who then must personally email the person to verify the email.

Is this a good idea if it hits false positive problems, and misses quite a lot anyway? Other checks would catch most spammers failing FQDN, and the number of false positives to spammers blocked who otherwise wouldn't be seems quite high.
Sounds like sour grapes to me. Anyone who is telling you it isnt possible to configure your mail server correctly probably just doesn't understand how to do it.

Is FQDN supposed to be required for email servers?

Yes. Check out RFC 2821, section 4. And maybe take note of how many other people posted replies to this story suggesting the exact same types of strict checking for compliance with the standards. If you don't fix your server, expect the rejections to increase as more and more servers start requiring that mail server admins get their acts together.

Re:Are RBL's really finished

[LodCrappo]

sqlgrey at least will consider attempts for the same user from addresses in the same /24 to be equivalent, which helps a lot with this. but yes, sometimes this can be a problem. sqlgrey also has a dynamically updated list of sending domains/servers to exclude from greylisting due to known incompatibility, so this avoids problems with many "popular" third party mailers. I had given up on greylisting, but actually i'm having great results now that i use sqlgrey.

Re:Are RBL's really finished

[Namegduf+Live]

uhh... what?? Tons of spammers fail these checks. Compromised Windows boxes acting as spam zombies almost always fail these checks, and as have increasingly becoming a major source of spam over the last couple years Firstly... these checks? I am only criticising FQDN checks. Not the other standards checks. Those are fine, I expect. And true, the botnet mail would hit the FQDN checks. But they would also hit other checks (such as it being a dynamic port range, a number of other blacklists, etc) as well. The amount of spam blocked by the FQDN check ALONE would be much much lower, and be in a poor ratio (relatively) with the amount of genuine mail blocked.

Sounds like sour grapes to me. Anyone who is telling you it isnt possible to configure your mail server correctly probably just doesn't understand how to do it. We don't have a mail server, if you read my post. This is no large arrangement. It is sent from the IRC Services on nick registration. Nor does it ever receive mail - it's not a mail server, merely software that sends out emails. This runs on a shell, basically rented space. When you don't OWN the server you can't "configure it correctly". The fact we don't own it is the main reason it is impossible, IIRC. It is NOT a matter of 'getting our act together'. Small shell-users don't have that option.

And maybe take note of how many other people posted replies to this story suggesting the exact same types of strict checking for compliance with the standards. In general, the statement that requiring standards to be followed blocks spam is true. I am questioning this ONE particular part of that, that while working in most cases, can have false positive issues that can't be always be fixed by changes at one end. In addition I am suggesting that this part of requiring standards compliance is not so effective. You cited 20% blocked by 'these types of check'. Once again, I repeat that it is ONLY FQDN checks I have an issue with. What percentage by that check alone? And what percentage of those that failed the FQDN check would have passed other checks too? I suspect it would be very low.

If you don't fix your server, expect the rejections to increase as more and more servers start requiring that mail server admins get their acts together. Again, reading my post would suggest it was a shell and not a dedicated server. Thus not under our control, and not a matter of 'getting out act together'. Your comment is very much centric to larger organisations that have dedicated mail servers and admins for them. That is not the case. As for this problem increasing... perhaps. But mainly because FQDN checks are presumed good because they are thrown in with all the less troublesome ones. These filters may in general be effective but the FQDN check causes false positives that can't be worked around in some cases and especially hit non-businesses that don't have dedicated mail servers. And I doubt the effectiveness of the FQDN check alone nor the impact of dropping it alone on spam blocking.

Re:Are RBL's really finished

[LodCrappo]

first off, when i said "these checks" i meant all of (and only) the RFC 2821 compliance checks which relate to using FQDNs. The RFC specifies several places where they are required. And while you may question whether they are effective at fighting spam, they are required by the SMTP spec, simple as that. My 20% number refers to non FQDN used in the sender address and non FQDN used as the HELO hostname (technically there is another form allowed in the HELO phase but thats relatively rare).

I understand that it can be frustrating when you are forced to use a system that is outside of your control, but your complaint should be with your provider that is violating the RFC, not the people who deny your mail because of your provider's misconfiguration.

Re:Are RBL's really finished

[geminidomino]

Old spammer trick. Put a bogus address in TO: and the real victims email address in BCC: (Blind carbon copy)

Re:Are RBL's really finished

[ahodgson]

Depends on the software, but it probably happens when the message has multiple recipients on your server.

Re:Are RBL's really finished

[Onymous+Coward]

Ooh, exciting. Testing...

Yes indeed. "for" clause omitted when I manually tested an SMTP transaction to a couple addresses (using two "RCPT TO:" SMTP statements).

Thanks.

Re:Are RBL's really finished

[WuphonsReach]

A big one a lot of people don't like and I've never been sure why: 95%+ of all messages where the domain in the 'To:' doesn't match the DNS domain of the IP address in the 'X-Originating-IP:' line are SPAM. So just reject them ALL. SPAM problem solved. Whiners will be executed on site.

That doesn't work for situations where the mail server hosts multiple domains on a single IP address. Which is a very common situation for all but the few hundred largest organizations. Everyone else typically shares space on a mail server (or they have a mail server configured to handle multiple domains).

While you can technically assign multiple PTR records for an IP address, it doesn't work well in practice.

Efficiency

[cockroach2]

I'm not sure I agree about the lack of efficiency: On a "normal" day my server which hosts about 60 mailboxes blocks between 5000 and 6000 e-mail messages (4992 yesterday, 4936 Sunday, 5615 Saturday, 5763 Friday etc.) using ordb, spamhaus and dsbl. While it's true that I still have to use spamassassin for additional content filtering, that's more than 5000 messages a day which don't even enter the system - I consider that quite a lot.

Re:Good case why not to trust "community" services

[dreddnott]

They did provide the service free of charge for over five years if I'm not mistaken.

Still, you have a point. The same thing happens with other community-based products. An excellent example, although it might seem a bit puerile, can be found in pretty much every video game mod forum. There is either drama, or real life, or a new game in the series comes out, and *poof*, the mod, if it even reached a downloadable version, goes out the window and people are not even given the opportunity to "take up the mantle" as the first post said.

I have to suspend my disbelief a little bit to believe that nobody on the Great Intertron was willing to do this and at least occasionally maintain ORDB as a legacy service. I do understand, of course, the necessity of promptness in removing fixed mail servers from the list, although that wasn't really very prompt in practice, was it?

Open Relay Lists

[DaMattster]

According to ordb.org's website, they maintained a list of open relay servers that you can use to block mail. I may be wrong but it seems that most email servers disable open relay by default. I know that Postfix takes great pains to prevent open relay in the default install, configurations not even withstanding. ORDB filled a niche for a while but may actually be redundant at this point. Spam will always be a game of cat and mouse.

Re:Open Relay Lists

[erlenic]

As others have said, they are still very useful. At my company, of the 125,020 pieces of spam we blocked in November, 81,316 of them were blocked by blacklists. That's 65% of all detected spam. That's over 2,700 e-mails per day that our already overloaded relay server didn't have to spend much processing time on.

Re:Open Relay Lists

[mungtor]

but that's just a blacklist.... Which blacklists and why was the server on the blacklist? Was it a known source of spam and not an open relay?

Spam control methodology

[wiredog]

A "public" e-mail account, given to businesses, people who like to cross-post via CC (instead of BCC), places like /., etc. I use Gmail, which does a good bit of spam filtering.

A "private" e-mail account, given only to family and close friends, whit a set of filtering rules to build the whitelist, and everything else run through bayesian filtering.

Between the two, I have to deal with very little spam.

OT:This is my 2,000th Slashdot comment...

Re:Spam control methodology

[robogun]

OT:This is my 2,000th Slashdot comment...

Damn. I only received 337 of them, my filter must have caught the rest!

Re:Spam control methodology

[0100010001010011]

I'm doing something similar, I just wish my friends weren't idiots. I have my own domain and my e-mail goes something like this:
DreamHost -> Gmail -> DreamHost

slashdot@mydomain.com, etc helped me harass one website about using my e-mail in un-authorized ways.

Except that all my friends have my 'real' address, so when they invite me with something like e-invite or send me a funny URL through a webform, they use my 'real' e-mail.

Although most of the spam I'm getting now is bounces that "I" originated.

RBLs not so trivial

[jblakezachary]

The ORDB notice makes it sound like we should all abandon RBL lookups all together. I operate a small GroupWise domain ~about 300 users~ and checked my GWAVA stats when I read the article. 78,000 of the last 155,000 inbound messages were blocked as RBL hits. This first step in ridding most of our spam takes a load off of the more server intensive methods of filtering mail and still seems very relevant. I will be sad to see ORDB go.

For those of you relying on RBL lookups, the following are still available and seem to be very reliable, producing few to zero false positives:
zen.spamhaus.org
bl.spamcop.net
list.dsbl.org

Re:RBLs not so trivial

[Spoke]

zen.spamhaus.org
bl.spamcop.net
list.dsbl.org I use those same domains for my mail servers and also find them to be very effective.

Besides spamcop.net, are there any other useful service to forward spam to to help add to these blacklists?

Re:RBLs not so trivial

Don't know if anyone really cares but I have been using RBLs in
conjunction with grey listing to great effect on a small server
I run. I've been checking against spamcop, dsbl and ordb in that
order. RBL blocked mail last month by server is:

bl.spamcop.net 77,150
list.dsbl.org 10,681
relays.ordb.org 58

FWIW, I don't think ordb's demise will effect me much at all. Still,
I'd like to thank them for the service they have provided me over the
years...

Re:RBLs not so trivial

[Phroggy]

Just a note: do NOT use bl.spamcop.net to block mail, although using it to add to a SpamAssassin score is good. SpamCop's blacklist is completely automated, and it's easy for innocent IP addresses to get added to it by mistake (they're removed automatically too, of course).

However, I've had GREAT success with zen.spamhaus.org and list.dsbl.org. No false positives here either.

Efficiency?

[AltGrendel]

Not to be a troll, but what's the breakdown per service? Is ordb doing the heavy lifting? Or is spanhaus? If it's an even 33% aross the board, ok. But if ordb is only doing 1% of that 5000 then they're right, blocking relays is no longer effective.

Re:Efficiency?

[cockroach2]

You're right, about 95% (or more) of the blocking is done by spamhaus (it is the first filter which is used, thus it's clear that they catch more than the others). Still, the ORDB guys basically say that open relay RBLs in general don't make much sense anymore which, as I consider spamhaus to be an open relay RBL too, I can't agree to.

For completeness' sake, here's the breakdown for yesterday:
  - spamhaus: 4769 (96%)
  - dsbl.org: 220 (4%)
  - ordb.org: 3 (0%)

Re:Efficiency?

[ahodgson]

SpamHaus is mostly dedicated spammers and botnet listings, very few open relays per se.

Spam Can-Doers

[Doc+Ruby]

Since the Republican Congress "defeated spam" with their CAN-SPAM Act, I've noticed my incoming spam double every month for years. While I notice that the antispam organizations keep folding, or even getting shut down.

Re:Spam Can-Doers

[s7uar7]

Since the Republican Congress "defeated spam" with their CAN-SPAM Act, I've noticed my incoming spam double every month for years

CAN-SPAM took effect on 1 January 2004, so assuming you got 1 spam that month and it's doubled every month since, that means you're getting about 564 million spam emails a day now. I wouldn't want to be your ISP :)

Re:Spam Can-Doers

[Doc+Ruby]

Actually it seems to be doubling every three months, though that accelerated this past Summer. And "for years" since mid-2005. That's about 2^6, which is about the couple-few hundred spams I get each day.

I wouldn't want to be my ISP, anyway - or I would be :).

Re:Spam Can-Doers

[rworne]

Really?

The U.S. Senate voted 97-0 (with 3 nonvoting senators).
Congress voted in much a similar fashion: 392-5.

link

Jump off that hate bandwagon and realize you being screwed over by both parties.

Re:Spam Can-Doers

[Doc+Ruby]

Do you know how Congress works? Especially the now departing (but not lamented) Republican "Contract" Congress? They abused their majority to rewrite, abuse and selectively enforce rules that excluded minority Democrats from any representation, even in the nearly 50:50% proportions they controlled. To an unprecedented degree.

Democrats are no saints. They certainly do their share of the screwing. But theirs has been sustainable. Under Republican rule, Democrats had to trade votes to Republicans, including just for shows of "bipartisanship" engineered by Republicans, just to get crumbs. Which of course they shared mostly with their own corrupt cronies who bribe^Wdonate to their campaigns.

But this has been a Republican Congress, with a Republican president, in lockstep, stomping all over minority rights. Republcians take the blame.

Snap out of the Republican smokescreen that "they're both guilty" and realize the worst crooks have been raping us, even using the manageable crooks to hide their dirty hands.

ASSP

[goldcd]

I started using Blacklists, but always ended up in a mess. Stuff still got through, so you'd add another blacklist and then one would randomly start blocking gmails 'to teach google a lesson' etc.
ASSP installs nicely (I'm actually running it on MS Server with hmailserver) and does what it says on the tin. Takes a week or so to train it up, but once it's up it easily gets 99% of all spam, tags it and then my mail server shoves it into my users junk folders.

Re:Good case why not to trust "community" services

[Salsaman]

You have a point, but Free Software is hardly "dying" ! That's a ridiculous claim to make. *More* Free Software is being produced and used today than ever before. Just take a look at Freshmeat or Sourceforge.

Of course, if commercial organisations did wake up and realise they have a responsibilty to help support developers whose software they use, then probably developers would have a more comfortable lifestyle, and project development would become more professional and better organised.

Also, software is different from a web service. If a developer abandons a Free Software project, the code is still out their for somebody else to build on, or perhaps the original developer will return to it after taking a break.

Spam

[certel]

To fight spam we should hold the following responsible: 1) ISP's for not properly configurating their network to block certain traffic to certain home computers ports. Even more so when suspect traffic is noticed. Example, my ISP does not allow outbound port 25 connections. 2) Software companies who develop broken code allowing such activities (IE, Microsoft). Nuff said.

Re:Spam

[DShard]

And since phishing sites are bad for people we should also have ISPs block outbound port 80 and 443. That will stop those pesky get rich schemes.

Re:Spam

[johnw]

SP's for not properly configurating ITYM "configuratisationing"

Re:Spam

[Constantine+Evans]

When pushing port blocking to ISPs, take care to not make them overzealous. I had one client whose home ISP blocked ports 25, 465, and 587 outbound. There is no legitimate reason that I know of for blocking the submission port. Per RFC 4409, section 4.3, SMTP-AUTH is mandatory on the submission port.

Since I get a fair amount of spam...

I'd like to take advantage of the RBL lookups against my own database. Is there any open source software that can accept a DNS lookup message, enable me to lookup the IP in MySQL (for instance), and respond back with a 127.0.0.1 or not?

This would enable me to build my own blacklist from spams coming in to my server for accounts which have NEVER existed, or have only existed on remove lists.

Re:Since I get a fair amount of spam...

[Hymer]

Technically it is just a DNS server... there is nothing spookey about it, you just make a entry in your dns server for the spam source and point it to 127.0.0.2 (and not 127.0.0.1)...

Re:Since I get a fair amount of spam...

Yeah, but I don't want to rewrite and reload a zone file multiple times a day containing the hundreds to thousands of IP addresses I get spam from daily. That's why I'd like the lookups to take place against a database.

How nice of them to let us know....

[NerveGas]

    By giving people one entire day to remove their mailer configuration, they didn't leave people much time. Of course, that's sort of moot, I noticed early last week that my mailer wasn't getting responses from them any more, causing timeout delays on the query for every incoming message.

    Ah, well. I guess I shouldn't complain, since this one inconsiderate act is vastly overshadowed by the usefulness they've provided over the years.

Re:How nice of them to let us know....

[scoof]

The timeouts are not because the project shut down, but simply because the nameservers can't handle the traffic that's thrown at them. One of the largest burdens of running ORDB was getting proper name service. The zone is still served by many nameservers, but is empty.

I thought all the spam comes from Windows Zombies

I remember setting up a filter that would run an open relay check before accepting the mail.
That's when I realized that 99.9% of spam came from Windows zombie boxes, not from mail relays at all.

Blacklists are usefull...

For adding a few points in SpamAssassin. Other than that, don't rely on it.

Re:Good case why not to trust "community" services

[ACMENEWSLLC]

I removed my server from checking them today. For grins, I went back a week to see how many uce's they blocked. I did not find one.

Anyone else notice this?

Re:Good case why not to trust "community" services

[mephistus]

As far as community services go, I always put ORDB in the category of "means well, but a half assed effort." I inherited a job taking care of the mail servers at a company I used to work at, and I came to find out that we had an open relay and had been blacklisted. If memory serves me right, I want to say this was almost 5 years ago.

How did I come to find out that we had an open relay? Did ORDB notify us? Hell no. They just slapped us on their list, and our users started getting bounce messages from other mail servers. I fixed the problem quite easily once I knew about it, but the biggest problem was getting off the list!!! That was a whole other nightmare take took longer than hearing about the problem and fixing it.

So I say good riddance. Those guys are pretty bright and meant well, but my experience with them left me with a very bad impression. Hopefully they were more professional in recent years, but from the way they're ending their service, it sure as hell doesn't seem like it.

SORBS

[Hymer]

1. SORBS sucks... and they work because they suck. They assume any mail source is a spam source unless it got a rDNS record (wich may be quite hard to get on ADSL lines).
2. SpamHaus do a decent job and they don't make funny/crazy assumptions, and they do try to keep the list up to date.
3. Even content check does not block spam... spammers are sending pictures with their message... and they make those hard to run thru OCR (just like the Human-Check here on /.).
4. A world wide law against spam would help but is not likely to happen.
...whoever find a working non-STASI-like (ie. SORBS) and open solution will get my vote for the Nobel Prize...
...and yes I do know about several methods for fighting spam but they are far from perfect... they are usually based on certificates and they do work pretty well... we do however need a solution in the SMTP and not an propriatary addon on top of it...

Greylisting?

[jrobinson5]

Greylisting? Pfft, purplelisting is where it's at.

Re:Good case why not to trust "community" services

[scoof]

ORDB always attempted to notify the administrators of listed servers, several variations on the postmaster@server would have been sent and ignored by the people maintaining the server before you.

Re:Good case why not to trust "community" services

[scoof]

The zone has been emptied, so nothing will break due to the shutdown of ORDB.

Re:Good case why not to trust "community" services

More likely, they woke up one day and figured out they were sick of eating Ramen noodles while being taking for a ride by commercial leeches who never kicked back.

So long, and thanks for all the phish?

SPF to the rescue

[michaelredux]

Perhaps you are asking about SPF.

http://en.wikipedia.org/wiki/Sender_Policy_Framewo rk Spammers recently started forging my domain as their return address. I know this because I recieved a bucket-load of bounces every day until I blocked the catch-all address. All of that spam would have been blocked if the servers that bounced it had checked my SPF record first. It clearly specifies that all of the IP addresses where the spam is coming from are not authorized to serve email from my domain.

This is a simple, open standard that can eliminate spam from forged domains, which I would guess is most of it, at this point in history.

Re:SPF to the rescue

[WuphonsReach]

This is a simple, open standard that can eliminate spam from forged domains, which I would guess is most of it, at this point in history.

Just for the record... SPF is not anti-spam, it's anti-forgery. Which are admittedly overlapping problems.

Where SPF excels is:

- Blocking e-mail from an IP address that fails an SPF check. A good use of the system, but it probably won't block a ton of spam (spammers just create bogus domains with very loose SPF records).

- Eliminating bounce messages that are sent to a domain that doesn't care. Bounce messages are not free (they use up outbound bandwidth and CPU) and can be used as a DoS. If an e-mail fails the SPF check there's no point in sending a bounce message back to the source. Odds are high that the mail was forged.

I'll be on cloud nine if mail server admins ever figure out the 2nd point. For the domains that I administer, we have very strict SPF records published (and our users are aware). Our firm is small enough to make such a mandate work. I keep my SPF records on a short TTL (half a day) so that we can adjust them fairly quickly if an unforseen situation arises. But we also have encrypted SMTP/POP3 access for our users along with VPN access to the mail server. Plus encrypted webmail and encrypted IMAP ports. Which eliminates any reasons not to use our official mail servers for outbound e-mail.

(Yes it breaks forwarding and other semi-legitimate uses for domain forgery such as greeting card sites. But so far that's been a complete non-issue for us.)

Same applies to "commercial" services

[alandd]

I live in the Phoenix, Arizona, USA area. One morning we all woke up to find the Krispy Kreme donut shops all closed. Articles in the paper described employees showing up to work with the doors chained shut. They were not even told it would happen.

One day about 10 years ago I went to work to find an email response from a significant software component supplier. I had submitted a critical bug report the day before. The response was a canned email saying "Sorry, we are out of business as of four days ago." The company had a muli-thousand dollar licence and support contract with them. Could we sue based on failure to fullfill the contract? Yes, but when they are in recievership, what good does it do to waste time suing?

My point is that commercial projects are not immune to suddenly "going away" and lumping community projects into a pile of unreliable resources is just as valid as saying commercial projects will always be dependable.

Re:Good case why not to trust "community" services

[im_thatoneguy]

This morning in response to "who is going to pay for this Shiieeeet?" 10,000 businesses pointed at "the other guy" and went back to sleep.

ORDB largely redundant anyway

[Mr.+Roadkill]

I use RBLs. I like RBLs - most of our rejections are due to them, with SpamAssassin and the Sane Security signatures for CLAM responsible for most of the rest. When you reject a quarter million messages per day, and have no prospect of getting money for either the extra grunt or extra bandwidth required to analyse everything, it's a practical first line of defence.

That said, I'd been considering removing ORDB from our checks for some time. On days when NJABL and SpamHaus were picking up 30-50k messages each, ORDB would pick up between one and five messages. So, although it's sad to see their passing, for me at least they weren't that important a part of my spam-minimisation strategy.

Re:Good case why not to trust "community" services

[geminidomino]

Gosh, they gave us TWO weekends!

Err... the takedown notice is dated 18 Dec 2006... the takedown date is 18 Dec 2006.

That's 24 hours notice.

*sigh*

[furbearntrout]

Parent needs to get a life.
The satire in question was written by anti-spam advocates; in part to ridicule amateur, armchair philosophers; who think that their knee-jerk response is better than anything the experts have come up over the years.

OTOH first time I saw

(x) Killing them that way is not slow and painful enough

                                              used. Kudos

Re:*sigh*

[lordSaurontheGreat]

Amatuer --> Professional

Don't squash the armchair philosopher himself (as you advocate), rather, squash his pride. Then he'll be able to help the problem. Unti then, you're not helping anyone other than your own self-gratification in ridiculing those you consider inferior to yourself.

Remember: never hurt the newbie, because they are the ones that will be the next master.

Re:*sigh*

[Deviant+Q]

Ah, but the n00bs (as opposed to newbies) will never be the next master; therefore "hurting" them (ridiculing their ideas) is perfectly acceptable.

You have a serious defect in your humor/satire gene, by the way. Just sayin'.

Re:Thank god for dead RBLs

I wholeheartedly agree.

No one's interested in stopping botnets!

[hadaso]

SPF certainly cannot stop botnets. It's trivial to setup dummy domains with SPF records that allow sending from your botnet, and it's very cheap to register new domains everyday if you use stolen cerdit card info.

Botnets could be stopped if ISPs would have wanted to stop them, but then it's more profitable for ISPs to sell anti-spam+anti-virus+anti-spyware+contentfiltering +hosting-to spammers. I've made several complaints to several ISPs about PCs in their IP range sending out spam from domestic broadband connection, together with contact info (cellphone+promotional websites) of the spammer that sent the spam through their system, and the spammer is still free and continues to send spam that arrives from hundreds of PCs all around the world to my spamtraps. Only the ISPs can have positive evidence about PCs on their network being abused by spammers. I can only point out that one spammer sends email from residential IP spaces of many ISPs all around the world. The ISPs can monitor the known IP addresses (the ones I report to them) and provide law enforcement with positive evidence that the PC have been hijacked and how it is being used without the owner's permission. Apparently they have no interest in doing so. Spammers are selling their services openly and nobody wants to stop they. I asked a spammer for a quote and he got back to me from his ISP email address with a quote that included his street address and phone. It was a spammer that sent mail using botnet (as it seems from the "Received" headers on the spam I received that included the spammer's initial contact address). They're pretty sure nothing will happen for them, and they are making huge progress in selling their spamming services to "legit" businesses.

Don't count on governments - SPAM THE SPAMMERS!!!

[hadaso]

Spammers rely on you not getting back to them if you don't want what they sell. They send to millions but can only handle so many hundred responses. They are successful because we help them by not replying. Only those that are actually interested in doing business with them contact them.

If a small percetage of those that are not interested call back and express interest (that would not result in a purchase) their business concept collapses.

So go back to the spammers, fill their contact forms with bogus information. Order their stuff with fake CC numbers and fake contact info. Just spam them. Drown them in info they don't need! Make them call back thousands of phone numbers to find out the few who really wanted them to call back!

Their have been attempts to get back at spammers. These have mostly been automated systems that spammers could learn to circumvent or attack back. To really hurt spammers they need to be drowned in real responses from real people that are undistinguishable from real customers.

It can be effective with some sorts of spam, not all (such as not with the spam that encourages buying certain stocks) but it is important to make this particular spam fail, and leave spam to only illegitimate purposes that don't need you to contact them.

I have been feeding some spammers' contact forms with fake phone numbers *actually real phone numbers that I collected from other spammers contact info, why not have them phone each otehr...) It seems to have some effect, as they seem to have added now more rigourous checks on their forms (easily avoided using javascript:document.forms[0].submit()).