Slashdot Mirror

← Back to Stories (view on slashdot.org)

ORDB.org Going Offline

Posted by Hemos on from the the-end-of-the-road dept.

Allan Joergensen writes "ORDB.org has announced that they will shut down their services after fighting open relays and spam for more than five and a half years. The RBL DNS service and mailing lists will be taken down today (December 18, 2006) and the website will vanish by December 31, 2006." The reasons given tend to be the usual ones - volunteers have been focused on other things in life; my salute to those folks for keeping the service up as long as they did.

40 of 156 comments (clear)

  1. I'll miss' em by laughing+rabbit · · Score: 2, Interesting

    Even though it took a long time to get my own domain off their list after I left a mis-configured server out in the wild, I really appreciate all they have done over the years. Who will take up the mantle next?

    --
    No incumbents, not no where, not no how.
    Vote them out every term.
    1. Re:I'll miss' em by dreddnott · · Score: 2, Insightful

      I happened to run into an accidental open relay mail server during an onsite consultation (I ended up completely restructuring their deployment and getting ripped off). Most of the MILLIONS of e-mails were coming from China and/or Taiwan, and this was only a few months ago. Are the ORDB people sure they're not going to bring back the open relay problem by shutting down their admittedly useful services?

      While the cancer of spam may have metastasized to other parts of the Internet, it doesn't mean it can't grow back in the places these guys are abandoning. As I understand it, there are other blacklists but nothing quite like the ORDB.

      --
      I may make you feel, but I can't make you think.
    2. Re:I'll miss' em by Anonymous Coward · · Score: 3, Funny

      Imagine one day, Slashdot.org would shutdown too. Can't think of the consequences...

      We regret to inform you that slashdot.org, at the ripe age of 8 and a half, is shutting down. It's been a case where all the comments were either too +5 Linux or -5 Microsoft or too insightful that the moderators had to mod it "+2 BSD". Also very little work has gone into maintaining our Mysql database. We should have switched to MS SQL Server long back.
      This caused our readers to get pre-occupied with the only other aspect of their lives, namely porn. In addition, the general consensus within the team is that open source technology is no longer the most effective way of preventing windows from entering your next door cute girl's desktop.

      ...where would all the nerds go?

    3. Re:I'll miss' em by Achromatic1978 · · Score: 2, Insightful
      Are the ORDB people sure they're not going to bring back the open relay problem

      Whilst I see your point, this is prtty badly phrased - it implies almost an obligation, the little boy with his finger in the dam, and it's his calling, nay, his duty, to keep it there, for the sake of the rest of us.

      Which is not the case.

  2. The reasons by jginspace · · Score: 5, Informative

    The reasons are, expanding from TFA: "open relay RBLs are no longer the most effective way of preventing spam from entering your network as spammers have changed tactics in recent years, as have the anti-spam community."

    I concur.

    1. Re:The reasons by BenFranske · · Score: 3, Informative
      Which is nearly what they said in the article:
      We encourage system owners to remove ORDB checks from their mailers immediately and start investigating alternative methods of spam filtering. We recommend a combination involving greylisting and content-based analysis (such as the dspam project, bmf or Spam Assassin).
  3. SORBS by Spazmania · · Score: 3, Insightful

    Now if extortionist SORBS would die, the anti-spam communinity could refocus on dealing with actual spammers. SORBS never was a pillar of responsibility but the current practice of "dontate to a SORBS-approved charity to get off the list" is just plain wrong.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    1. Re:SORBS by GigsVT · · Score: 3, Informative

      Don't forgot the "we blocked you because you used the wrong ISP" people, SPEWS.

      --
      I've had enough abrasive sigs. Kittens are cute and fuzzy.
    2. Re:SORBS by gclef · · Score: 2, Interesting

      SORBS has one useful list: the dial-up DNS blacklist (spare me the diatribes about being able to send mail from a dynamic address. I know the arguments, but the benefit doesn't outweigh the cost of the spam coming from that address space).

      I'm not willing to pay Trend Micro for access to what used to be MAPS for my one, small domain, and I haven't found anyone other than SORBS offering a collection of dial-up addresses as a DNS blacklist. If there are other, reliable, dial-up blacklists, I'd love to hear about them.

    3. Re:SORBS by osu-neko · · Score: 2, Informative

      SORBS has one useful list: the dial-up DNS blacklist (spare me the diatribes about being able to send mail from a dynamic address. I know the arguments, but the benefit doesn't outweigh the cost of the spam coming from that address space).

      True. Now, if only someone actually had an accurate list of dynamic IP addresses, this would be a good strategy, but since neither SORBS nor anyone else actually has one, it gets rather annoying for those of us who get our email bounced or eaten because some idiot has their mailserver configured to bounce mail from our perfectly static IP addresses that happens to be on one of these highly inaccurate lists.

      --
      "Convictions are more dangerous enemies of truth than lies."
    4. Re:SORBS by Fred_A · · Score: 2, Informative
      I'm not willing to pay Trend Micro for access to what used to be MAPS for my one, small domain, and I haven't found anyone other than SORBS offering a collection of dial-up addresses as a DNS blacklist. If there are other, reliable, dial-up blacklists, I'd love to hear about them.
      Sorry, but as dynamic addresses go, MAPS certainly isn't reliable. It lists a number of statically allocated blocks (some addresses of which may indeed be abused) ans dynamic when they aren't.
      For example my block is in the MAPS database despite having a proper reverse DNS, a properly setup DNS, a behaving MTA, etc. It is connected by ADSL but will be switched to fibre one of these days.

      Dropping mail solely based on blacklists is stupid. Using it to score mails (in he spirit of what spamassassin does), in combination with other things, might be useful.
      --

      May contain traces of nut.
      Made from the freshest electrons.
  4. Already offline? by The+Blue+Meanie · · Score: 2

    If they've already shut down, I guess that explains the rather sudden and rather LARGE increase in spam I had sitting in my various mailboxes waiting for me this morning. :(

    Can anyone suggest a good alternative? I'm using spamhaus, sorbs, and uceprotect at the moment, and no, I won't use spamcop. ordb HAD been an excellent fourth.

    --
    "I feel that if a person can't communicate, the very least he can do is to shut up." -- Tom Lehrer
    1. Re:Already offline? by Aladrin · · Score: 4, Insightful

      Yes, we get that. He doesn't WANT TO.

      I haven't seen BadAnalogyGuy lately, so I'll have to do his job I guess:

      Slapping mosquitos is not the most effective way of killing mosquitos, but I'm not going to ignore the ones sucking my blood simply because sprays, candles and electric noises work better.

      'Not best' is not the same as 'not useful.'

      --
      "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
    2. Re:Already offline? by Incadenza · · Score: 2, Informative
      Here's my set-up (old-style Postfix config). No false positives in five years, so these are pretty reliable (and from the comment the I must have written myself, ordb has been of my list for quite a while):

      maps_rbl_domains =
      list.dsbl.org,
      sbl-xbl.spamhaus.org,
      hil.habeas.com,
      dul.dnsbl.sorbs.net,
      dynablock.njabl.org

      # Not enough hits to justify keeping them in the list

      # relays.ordb.org
      # opm.blitzed.org
      Also, for RBL's that might not be 100% reliable, there is a simple to way to add them to your spamassassin setup (/etc/mail/spamassassin/local.cf), as I have done for PSBL:

      # http://psbl.surriel.com/howto/

      header RCVD_IN_PSBL eval:check_rbl('psbl', 'psbl.surriel.com.')
      describe RCVD_IN_PSBL Received via a relay in PSBL
      tflags RCVD_IN_PSBL net
      score RCVD_IN_PSBL 0 1.00 0 1.00
  5. I wonder... by jfengel · · Score: 4, Insightful

    If the RBLs go offline, will spammers shift back to using open relays? I suspect not; the bot-nets are harder to stop and, from the spammer's POV, probably more reliable. The dark side of distributed, highly redundant networks.

    Still, it's pretty nice to think that they're going offline because they've largely solved the problem they were fighting. It's like declaring smallpox or polio extinct. And if they come back, we'll remember the formula.

    1. Re:I wonder... by Anonymous Coward · · Score: 4, Funny
      The governments of the world need to make it legal to hunt down and torture spammers and their extended families to death

      Your post advocates a

      ( ) technical ( ) legislative ( ) market-based (x) vigilante

      approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

      ( ) Spammers can easily use it to harvest email addresses
      ( ) Mailing lists and other legitimate email uses would be affected
      ( ) No one will be able to find the guy or collect the money
      ( ) It is defenseless against brute force attacks
      ( ) It will stop spam for two weeks and then we'll be stuck with it
      ( ) Users of email will not put up with it
      ( ) Microsoft will not put up with it
      (x) The police will not put up with it
      ( ) Requires too much cooperation from spammers
      ( ) Requires immediate total cooperation from everybody at once
      ( ) Many email users cannot afford to lose business or alienate potential employers
      ( ) Spammers don't care about invalid addresses in their lists
      ( ) Anyone could anonymously destroy anyone else's career or business

      Specifically, your plan fails to account for

      (x) Laws expressly prohibiting it
      ( ) Lack of centrally controlling authority for email
      ( ) Open relays in foreign countries
      ( ) Ease of searching tiny alphanumeric address space of all email addresses
      ( ) Asshats
      ( ) Jurisdictional problems
      ( ) Unpopularity of weird new taxes
      ( ) Public reluctance to accept weird new forms of money
      ( ) Huge existing software investment in SMTP
      ( ) Susceptibility of protocols other than SMTP to attack
      ( ) Willingness of users to install OS patches received by email
      ( ) Armies of worm riddled broadband-connected Windows boxes
      ( ) Eternal arms race involved in all filtering approaches
      ( ) Extreme profitability of spam
      (x) Joe jobs and/or identity theft
      (x) Technically illiterate politicians
      ( ) Extreme stupidity on the part of people who do business with spammers
      ( ) Dishonesty on the part of spammers themselves
      ( ) Bandwidth costs that are unaffected by client filtering
      ( ) Outlook

      and the following philosophical objections may also apply:

      (x) Ideas similar to yours are easy to come up with, yet none have ever
      been shown practical
      ( ) Any scheme based on opt-out is unacceptable
      ( ) SMTP headers should not be the subject of legislation
      ( ) Blacklists suck
      ( ) Whitelists suck
      ( ) We should be able to talk about Viagra without being censored
      ( ) Countermeasures should not involve wire fraud or credit card fraud
      ( ) Countermeasures should not involve sabotage of public networks
      ( ) Countermeasures must work if phased in gradually
      ( ) Sending email should be free
      ( ) Why should we have to trust you and your servers?
      ( ) Incompatiblity with open source or open source licenses
      (x) Feel-good measures do nothing to solve the problem
      ( ) Temporary/one-time email addresses are cumbersome
      ( ) I don't want the government reading my email
      (x) Killing them that way is not slow and painful enough

      Furthermore, this is what I think about you:

      (x) Sorry dude, but I don't think it would work.
      ( ) This is a stupid idea, and you're a stupid person for suggesting it.
      ( ) Nice try, assh0le! I'm going to find out where you live and burn your
      house down!
    2. Re:I wonder... by nuzak · · Score: 3, Informative

      http://www.craphound.com/spamsolutions.txt

      He didn't invent the list. That's the kind of laziness we're looking for.

      He even used it for the checklist's intended reason -- as satire. EVERYTHING fails somewhere on that list.

      --
      Done with slashdot, done with nerds, getting a life.
    3. Re:I wonder... by RealGrouchy · · Score: 2
      EVERYTHING fails somewhere on that list.

      Exactly. That's why we should stop trying to fight or filter spam.

      Now, getting back to the main point of the story, I'd like to interest you in a serios bussines opportunity...

      - RG>
      --
      Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!
  6. Omnipotent awareness... or not by RingDev · · Score: 2

    I guess some of these groups have a rather large following, but how about actually linking to their page or to a wiki that describes what they do? For those of us lazy American's too lazy to cut and paste.

    -Rick

    --
    "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
    1. Re:Omnipotent awareness... or not by BenFranske · · Score: 2, Informative

      Maybe this will clarify what they do.

  7. Good case why not to trust "community" services? by xxxJonBoyxxx · · Score: 4, Insightful
    Is this a good case why it's not generally a good idea to put any long-term trust in "community" services like this?

    The RBL DNS service and mailing lists will be taken down today (December 18, 2006) and the website will vanish by December 31, 2006.


    Thanks - that's not even two weeks notice.

    The reasons given tend to be the usual ones - volunteers have been focused on other things in life


    More likely, they woke up one day and figured out they were sick of eating Ramen noodles while being taking for a ride by commercial leeches who never kicked back.

  8. Are RBL's really finished by Albanach · · Score: 4, Interesting
    We, and many others, still use RBLs as a front line tool to stop spam. Generally it'll stop several thousand emails a day from even entering the mail system.

    Spamassassin is great, we have sever custom rules and find it very effective. However it is resource intensive, especially if you are to add features like OCR detection of image spam.

    Is it really the case that folk should be accepting all this traffic from known open relays and then spending processor cycles analyzing it?

    Is there a middle ground? Some third way that lets lets you reject as much as possible at the start of the SMTP transaction? Greylisting is certainly an option but it presents significant problems too - many companies simply won't respond. Automatic emails will be missed, signup to websites becomes problematic etc etc. What, if any, are the other options?

    1. Re:Are RBL's really finished by LodCrappo · · Score: 4, Insightful
      We block tons of spam simply by requiring the sending server to strictly follow RFC 2821. A HELO name that follows the rules seems particularly difficult for the spammers to configure. Non FQDNs on the sender, recipient or hostname... sending domains that don't even exist in DNS, servers using your domain name or your IP address and their HELO... a whole variety of strange things that only spammers (and once in a while really bad sysadmins) do. Then you can go a step further and require that someone's sending domain actually have dns properly setup for mail delivery (a "you can't mail me if I can't mail you" kind of thing).

      Also, some grey listing systems are better than others. One that really works well for me is sqlgrey http://sqlgrey.sourceforge.net/ Sqlgrey comes with a fairly decent list of servers to exclude due to their inability to properly follow specs, so you don't lose mail from most of the broken but nonspammer servers. This list is also updated automagically and seems to work pretty well.. makes greylisting actually usable, for us at least.

      P.S. Don't want to start any holy wars, but if you're trying to fight mail and want a system thats easy to config and just works, postfix is a really great mail server.

      --
      -Lod
    2. Re:Are RBL's really finished by Sentry21 · · Score: 3, Informative
      On my server, I use greylisting and RBLs, as well as other checks. In the span of one week, we received 128,000 e-mail attempts, 5000 of which were successful. The checks below block huge amounts of spam, to the point where I've actually removed spamassassin because the only messages it gets a chance to check are all legitimate.

      For anyone who's wondering, here's what we've got going on, plus amavisd/clamav doing virus scanning. This blocks all spam I get (used to be 30-200 messages per day that Spamassassin would catch).

      smtpd_recipient_restrictions =
          reject_non_fqdn_hostname,
          reject_non_fqdn_sender,
          reject_non_fqdn_recipient,
          reject_invalid_hostname,
          permit_mynetworks,
          permit_sasl_authenticated,
          reject_unauth_destination,
          reject_unauth_pipelining,
          reject_rbl_client opm.blitzed.org,
          reject_rbl_client list.dsbl.org,
          reject_rbl_client bl.spamcop.net,
          reject_rbl_client sbl-xbl.spamhaus.org,
          reject_rbl_client dynablock.njabl.org
    3. Re:Are RBL's really finished by btpier · · Score: 2, Informative
      I use strict HELO requirements, greylisting, RBLs, and finally SpamAssassin on my home server. Very few spams make even make it to the SpamAssassin checks. Adding the HELO requirements and greylisting reduced the number spam emails SpamAssassin had to check from >100 emails per day down to an average of about 5 per week.

      I haven't had any issues with greylisting. I know of no emails that I haven't eventually received and even web-page sign-ups/registrations have gotten through without a hitch.

      There are also filters for postfix that can reject connections based on the age of the domain. If the domain is less than 4 days old, it's likely to be a spammer. I haven't implemented it yet but if the tide of spam swells again, that will be my next line of defense.

    4. Re:Are RBL's really finished by LodCrappo · · Score: 2, Informative
      well we are way off topic here, but this can happen for several reasons. first off, anything in the headers can (and often is) completely fake. Second, there is a big difference between the "To:" field in a message's headers and the SMTP envelope RCPT TO: address. If you're geniunely interested, I'd suggest looking at RFC 2821 and 2822 which are free online, or maybe skimming a book on SMTP.

      HTH

      --
      -Lod
  9. Efficiency by cockroach2 · · Score: 3, Informative

    I'm not sure I agree about the lack of efficiency: On a "normal" day my server which hosts about 60 mailboxes blocks between 5000 and 6000 e-mail messages (4992 yesterday, 4936 Sunday, 5615 Saturday, 5763 Friday etc.) using ordb, spamhaus and dsbl. While it's true that I still have to use spamassassin for additional content filtering, that's more than 5000 messages a day which don't even enter the system - I consider that quite a lot.

  10. Spam control methodology by wiredog · · Score: 2, Informative
    A "public" e-mail account, given to businesses, people who like to cross-post via CC (instead of BCC), places like /., etc. I use Gmail, which does a good bit of spam filtering.

    A "private" e-mail account, given only to family and close friends, whit a set of filtering rules to build the whitelist, and everything else run through bayesian filtering.

    Between the two, I have to deal with very little spam.

    OT:This is my 2,000th Slashdot comment...

    --

    Best Slashdot Co
    1. Re:Spam control methodology by robogun · · Score: 2, Funny

      OT:This is my 2,000th Slashdot comment...

      Damn. I only received 337 of them, my filter must have caught the rest!

  11. RBLs not so trivial by jblakezachary · · Score: 4, Informative

    The ORDB notice makes it sound like we should all abandon RBL lookups all together. I operate a small GroupWise domain ~about 300 users~ and checked my GWAVA stats when I read the article. 78,000 of the last 155,000 inbound messages were blocked as RBL hits. This first step in ridding most of our spam takes a load off of the more server intensive methods of filtering mail and still seems very relevant. I will be sad to see ORDB go.

    For those of you relying on RBL lookups, the following are still available and seem to be very reliable, producing few to zero false positives:
    zen.spamhaus.org
    bl.spamcop.net
    list.dsbl.org

  12. Re:Good case why not to trust "community" services by Salsaman · · Score: 2, Informative

    You have a point, but Free Software is hardly "dying" ! That's a ridiculous claim to make. *More* Free Software is being produced and used today than ever before. Just take a look at Freshmeat or Sourceforge.

    Of course, if commercial organisations did wake up and realise they have a responsibilty to help support developers whose software they use, then probably developers would have a more comfortable lifestyle, and project development would become more professional and better organised.

    Also, software is different from a web service. If a developer abandons a Free Software project, the code is still out their for somebody else to build on, or perhaps the original developer will return to it after taking a break.

  13. Re:Efficiency? by cockroach2 · · Score: 2, Informative

    You're right, about 95% (or more) of the blocking is done by spamhaus (it is the first filter which is used, thus it's clear that they catch more than the others). Still, the ORDB guys basically say that open relay RBLs in general don't make much sense anymore which, as I consider spamhaus to be an open relay RBL too, I can't agree to.

    For completeness' sake, here's the breakdown for yesterday:
      - spamhaus: 4769 (96%)
      - dsbl.org: 220 (4%)
      - ordb.org: 3 (0%)

  14. How nice of them to let us know.... by NerveGas · · Score: 2, Interesting


        By giving people one entire day to remove their mailer configuration, they didn't leave people much time. Of course, that's sort of moot, I noticed early last week that my mailer wasn't getting responses from them any more, causing timeout delays on the query for every incoming message.

        Ah, well. I guess I shouldn't complain, since this one inconsiderate act is vastly overshadowed by the usefulness they've provided over the years.

    --
    Oh, you're not stuck, you're just unable to let go of the onion rings.
  15. Re:Spam Can-Doers by s7uar7 · · Score: 2, Funny

    Since the Republican Congress "defeated spam" with their CAN-SPAM Act, I've noticed my incoming spam double every month for years

    CAN-SPAM took effect on 1 January 2004, so assuming you got 1 spam that month and it's doubled every month since, that means you're getting about 564 million spam emails a day now. I wouldn't want to be your ISP :)

  16. Re:Good case why not to trust "community" services by mephistus · · Score: 3, Informative
    As far as community services go, I always put ORDB in the category of "means well, but a half assed effort." I inherited a job taking care of the mail servers at a company I used to work at, and I came to find out that we had an open relay and had been blacklisted. If memory serves me right, I want to say this was almost 5 years ago.

    How did I come to find out that we had an open relay? Did ORDB notify us? Hell no. They just slapped us on their list, and our users started getting bounce messages from other mail servers. I fixed the problem quite easily once I knew about it, but the biggest problem was getting off the list!!! That was a whole other nightmare take took longer than hearing about the problem and fixing it.

    So I say good riddance. Those guys are pretty bright and meant well, but my experience with them left me with a very bad impression. Hopefully they were more professional in recent years, but from the way they're ending their service, it sure as hell doesn't seem like it.

  17. SORBS by Hymer · · Score: 2, Informative

    1. SORBS sucks... and they work because they suck. They assume any mail source is a spam source unless it got a rDNS record (wich may be quite hard to get on ADSL lines).
    2. SpamHaus do a decent job and they don't make funny/crazy assumptions, and they do try to keep the list up to date.
    3. Even content check does not block spam... spammers are sending pictures with their message... and they make those hard to run thru OCR (just like the Human-Check here on /.).
    4. A world wide law against spam would help but is not likely to happen.
    ...whoever find a working non-STASI-like (ie. SORBS) and open solution will get my vote for the Nobel Prize...
    ...and yes I do know about several methods for fighting spam but they are far from perfect... they are usually based on certificates and they do work pretty well... we do however need a solution in the SMTP and not an propriatary addon on top of it...

  18. Re:Spam Can-Doers by rworne · · Score: 3, Insightful

    Really?

    The U.S. Senate voted 97-0 (with 3 nonvoting senators).
    Congress voted in much a similar fashion: 392-5.

    link

    Jump off that hate bandwagon and realize you being screwed over by both parties.

    --
    I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
  19. Re:Good case why not to trust "community" services by scoof · · Score: 3, Informative

    ORDB always attempted to notify the administrators of listed servers, several variations on the postmaster@server would have been sent and ignored by the people maintaining the server before you.

    --
    -- Andreas
  20. SPF to the rescue by michaelredux · · Score: 2, Insightful

    Perhaps you are asking about SPF.

    http://en.wikipedia.org/wiki/Sender_Policy_Framewo rk Spammers recently started forging my domain as their return address. I know this because I recieved a bucket-load of bounces every day until I blocked the catch-all address. All of that spam would have been blocked if the servers that bounced it had checked my SPF record first. It clearly specifies that all of the IP addresses where the spam is coming from are not authorized to serve email from my domain.

    This is a simple, open standard that can eliminate spam from forged domains, which I would guess is most of it, at this point in history.

  21. *sigh* by furbearntrout · · Score: 2, Insightful

    Parent needs to get a life.
    The satire in question was written by anti-spam advocates; in part to ridicule amateur, armchair philosophers; who think that their knee-jerk response is better than anything the experts have come up over the years.

    OTOH first time I saw

    (x) Killing them that way is not slow and painful enough

                                                  used. Kudos

    --
    Crap. What did the new CSS do with the "Post anonymously" option??