ORDB.org Going Offline

Allan Joergensen writes "ORDB.org has announced that they will shut down their services after fighting open relays and spam for more than five and a half years. The RBL DNS service and mailing lists will be taken down today (December 18, 2006) and the website will vanish by December 31, 2006." The reasons given tend to be the usual ones - volunteers have been focused on other things in life; my salute to those folks for keeping the service up as long as they did.

The reasons

[jginspace]

The reasons are, expanding from TFA: "open relay RBLs are no longer the most effective way of preventing spam from entering your network as spammers have changed tactics in recent years, as have the anti-spam community."

I concur.

Re:The reasons

[BenFranske]

Which is nearly what they said in the article:

We encourage system owners to remove ORDB checks from their mailers immediately and start investigating alternative methods of spam filtering. We recommend a combination involving greylisting and content-based analysis (such as the dspam project, bmf or Spam Assassin).

SORBS

[Spazmania]

Now if extortionist SORBS would die, the anti-spam communinity could refocus on dealing with actual spammers. SORBS never was a pillar of responsibility but the current practice of "dontate to a SORBS-approved charity to get off the list" is just plain wrong.

Re:SORBS

[GigsVT]

Don't forgot the "we blocked you because you used the wrong ISP" people, SPEWS.

I wonder...

[jfengel]

If the RBLs go offline, will spammers shift back to using open relays? I suspect not; the bot-nets are harder to stop and, from the spammer's POV, probably more reliable. The dark side of distributed, highly redundant networks.

Still, it's pretty nice to think that they're going offline because they've largely solved the problem they were fighting. It's like declaring smallpox or polio extinct. And if they come back, we'll remember the formula.

Re:I wonder...

The governments of the world need to make it legal to hunt down and torture spammers and their extended families to death

Your post advocates a

( ) technical ( ) legislative ( ) market-based (x) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:I wonder...

[nuzak]

http://www.craphound.com/spamsolutions.txt

He didn't invent the list. That's the kind of laziness we're looking for.

He even used it for the checklist's intended reason -- as satire. EVERYTHING fails somewhere on that list.

Good case why not to trust "community" services?

[xxxJonBoyxxx]

Is this a good case why it's not generally a good idea to put any long-term trust in "community" services like this?

The RBL DNS service and mailing lists will be taken down today (December 18, 2006) and the website will vanish by December 31, 2006.

Thanks - that's not even two weeks notice.

The reasons given tend to be the usual ones - volunteers have been focused on other things in life

More likely, they woke up one day and figured out they were sick of eating Ramen noodles while being taking for a ride by commercial leeches who never kicked back.

Re:Already offline?

[Aladrin]

Yes, we get that. He doesn't WANT TO.

I haven't seen BadAnalogyGuy lately, so I'll have to do his job I guess:

Slapping mosquitos is not the most effective way of killing mosquitos, but I'm not going to ignore the ones sucking my blood simply because sprays, candles and electric noises work better.

'Not best' is not the same as 'not useful.'

Are RBL's really finished

[Albanach]

We, and many others, still use RBLs as a front line tool to stop spam. Generally it'll stop several thousand emails a day from even entering the mail system.

Spamassassin is great, we have sever custom rules and find it very effective. However it is resource intensive, especially if you are to add features like OCR detection of image spam.

Is it really the case that folk should be accepting all this traffic from known open relays and then spending processor cycles analyzing it?

Is there a middle ground? Some third way that lets lets you reject as much as possible at the start of the SMTP transaction? Greylisting is certainly an option but it presents significant problems too - many companies simply won't respond. Automatic emails will be missed, signup to websites becomes problematic etc etc. What, if any, are the other options?

Re:Are RBL's really finished

[LodCrappo]

We block tons of spam simply by requiring the sending server to strictly follow RFC 2821. A HELO name that follows the rules seems particularly difficult for the spammers to configure. Non FQDNs on the sender, recipient or hostname... sending domains that don't even exist in DNS, servers using your domain name or your IP address and their HELO... a whole variety of strange things that only spammers (and once in a while really bad sysadmins) do. Then you can go a step further and require that someone's sending domain actually have dns properly setup for mail delivery (a "you can't mail me if I can't mail you" kind of thing).

Also, some grey listing systems are better than others. One that really works well for me is sqlgrey http://sqlgrey.sourceforge.net/ Sqlgrey comes with a fairly decent list of servers to exclude due to their inability to properly follow specs, so you don't lose mail from most of the broken but nonspammer servers. This list is also updated automagically and seems to work pretty well.. makes greylisting actually usable, for us at least.

P.S. Don't want to start any holy wars, but if you're trying to fight mail and want a system thats easy to config and just works, postfix is a really great mail server.

Re:Are RBL's really finished

[Sentry21]

On my server, I use greylisting and RBLs, as well as other checks. In the span of one week, we received 128,000 e-mail attempts, 5000 of which were successful. The checks below block huge amounts of spam, to the point where I've actually removed spamassassin because the only messages it gets a chance to check are all legitimate.

For anyone who's wondering, here's what we've got going on, plus amavisd/clamav doing virus scanning. This blocks all spam I get (used to be 30-200 messages per day that Spamassassin would catch).

smtpd_recipient_restrictions =
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_invalid_hostname,
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_unauth_pipelining,
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client list.dsbl.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client dynablock.njabl.org

Efficiency

[cockroach2]

I'm not sure I agree about the lack of efficiency: On a "normal" day my server which hosts about 60 mailboxes blocks between 5000 and 6000 e-mail messages (4992 yesterday, 4936 Sunday, 5615 Saturday, 5763 Friday etc.) using ordb, spamhaus and dsbl. While it's true that I still have to use spamassassin for additional content filtering, that's more than 5000 messages a day which don't even enter the system - I consider that quite a lot.

RBLs not so trivial

[jblakezachary]

The ORDB notice makes it sound like we should all abandon RBL lookups all together. I operate a small GroupWise domain ~about 300 users~ and checked my GWAVA stats when I read the article. 78,000 of the last 155,000 inbound messages were blocked as RBL hits. This first step in ridding most of our spam takes a load off of the more server intensive methods of filtering mail and still seems very relevant. I will be sad to see ORDB go.

For those of you relying on RBL lookups, the following are still available and seem to be very reliable, producing few to zero false positives:
zen.spamhaus.org
bl.spamcop.net
list.dsbl.org

Re:I'll miss' em

Imagine one day, Slashdot.org would shutdown too. Can't think of the consequences...

We regret to inform you that slashdot.org, at the ripe age of 8 and a half, is shutting down. It's been a case where all the comments were either too +5 Linux or -5 Microsoft or too insightful that the moderators had to mod it "+2 BSD". Also very little work has gone into maintaining our Mysql database. We should have switched to MS SQL Server long back.
This caused our readers to get pre-occupied with the only other aspect of their lives, namely porn. In addition, the general consensus within the team is that open source technology is no longer the most effective way of preventing windows from entering your next door cute girl's desktop.

...where would all the nerds go?

Re:Good case why not to trust "community" services

[mephistus]

As far as community services go, I always put ORDB in the category of "means well, but a half assed effort." I inherited a job taking care of the mail servers at a company I used to work at, and I came to find out that we had an open relay and had been blacklisted. If memory serves me right, I want to say this was almost 5 years ago.

How did I come to find out that we had an open relay? Did ORDB notify us? Hell no. They just slapped us on their list, and our users started getting bounce messages from other mail servers. I fixed the problem quite easily once I knew about it, but the biggest problem was getting off the list!!! That was a whole other nightmare take took longer than hearing about the problem and fixing it.

So I say good riddance. Those guys are pretty bright and meant well, but my experience with them left me with a very bad impression. Hopefully they were more professional in recent years, but from the way they're ending their service, it sure as hell doesn't seem like it.

Re:Spam Can-Doers

[rworne]

Really?

The U.S. Senate voted 97-0 (with 3 nonvoting senators).
Congress voted in much a similar fashion: 392-5.

link

Jump off that hate bandwagon and realize you being screwed over by both parties.

Re:Good case why not to trust "community" services

[scoof]

ORDB always attempted to notify the administrators of listed servers, several variations on the postmaster@server would have been sent and ignored by the people maintaining the server before you.