Long-Dead ORDB Begins Returning False Positives

Chapter80 writes "At noon today (Eastern Standard Time), the long dead ORDB spam identification system began returning false positives as a way to get sleeping users to remove the ORDB query from their spam filters. The net effect: all mail is blocked on servers still configured to use the ORDB service, which was taken out of commission in December of 2006. So if you're not getting any mail, check your spam filter configuration!"

Whoa! ORDB better have a good disclaimer

[mrcaseyj]

Intentionally causing large numbers of emails to be lost is a risky move indeed.

Re:Whoa! ORDB better have a good disclaimer

[mrcaseyj]

It's one thing for a spam filter to make a mistake or even be careless and put a message into the spam folder, but quite another for a filter to intentionally cause known good messages to be absent from a users inbox. Why don't they just start reporting all messages as good, or just not give any rating to any message? This might be especially bad in situations where ORDB is only given partial weighting in the spam categorization process so that many messages still get through, thus making it less likely that the errors will be noticed quickly because there will not be a total block on email. To do what they're doing might be considered wreckless. I don't know much about the law in a situation like this but I'd be worried about liability even with a good disclaimer in the user agreement.

Re:Whoa! ORDB better have a good disclaimer

[iangoldby]

When I had a run-in with my old ISP a few years ago, the issue was that a) they did not advertise anywhere that they weren't accepting mail from blacklisted peers, and b) mail from blacklisted peers was simply discarded. There was no 'administration interface' to '"release" the mail and/or mark it as safe.' There was in fact no way for the recipient (i.e. me) to ever know that a mail addressed to them that had not been delivered had even been sent.

That said, the approach of ORDB does seem to be the right way to stop administrators from using it. If you don't force the issue by stopping all mail, then random non-spam emails will continue to be blocked indefinitely. Short-term pain for long-term gain...

Re:Whoa! ORDB better have a good disclaimer

[timmarhy]

the only person to blame is the careless mail admin who leaves ORDB in. ORDB is a free service, they have every right to take it down, hell i'm pretty amazed they left it up for a year and gave all the warnings they did.

Re:Whoa! ORDB better have a good disclaimer

[MrNaz]

As much as we can rail against stupid mail admins, I think it would not be remiss of us to remember that the ultimate sufferers are end users who probably have no idea what their mail server administrator is doing. In other words, this hurts the people who *rely* on mail administrators, not the mail administrators. For that reason, I think ORDB is doing the wrong thing. This is yet another reason why privately owned spam registrars like ORDB are a bad idea; they just do not understand the either the gravity of what they are doing, nor do they have the responsibility to take it seriously. If you are doing something on such a large scale, it is inevitable that there will always be stragglers. Don't get all indignant about how "dumb mail admins" should know better unless you know that all your utility providers abide by the latest best industry practices in their respective fields.

On a side note, given that this move by ORDB specifically targets people other than those who they want to change the behaviour of in an attempt to get those innocent bystanders to affect change upon the real people they want to affect, this actually meets the FBI's definition of terrorism.

Re:Whoa! ORDB better have a good disclaimer

[squiggleslash]

And the end users will learn what admins do, complain, and admins who subscribe to third party "anti-spam" solutions that use innuendo based logic to remove spam will get a well deserved roasting from their users.

No, I'm not happy the innocent users are suffering either, but I'd argue that they already were, just less aware of what was going on (probably suffering occasional emails removed due to false positives without realizing it was due to deliberate administrator decisions, blaming instead "unreliable email" (clue: it really isn't unreliable any more, except for the effects of some of the more incompetent anti-spam solutions)

Let's be clear here: the fact is these admins not only subscribed to an innuendo-based filtering system, but also didn't bother doing their job, monitoring the services they subscribe to and ensuring their system used it correctly. It's safe to say the users were suffering anyway, both because of the decisions the admins had made directly, and because of the general skill level of the admin whose services the users are relying upon. Hopefully for many of those users, this is a lesson in why not to trust the people they're currently relying upon.

Re:Whoa! ORDB better have a good disclaimer

[brassman]

What you're missing is that if ORDB flags all mail as "good," then clueless soi-disant 'admins' will continue to hammer the site with their useless queries, up to thousands of them per second. Blocking world+dog is a desperation move -- which has been used a few times in the past by other RBL administrators -- just to make people stop doing that.

When someone just plain will not check back to see if your free service is still working (and free), how else do you get their attention?

Re:Whoa! ORDB better have a good disclaimer

[MrNaz]

I appreciate the ideas in your response, but I cannot even concede as far as your position. Let me ask you this: Would you be happy with somebody cutting the electricity to your house for a week to get you to complain to your power company about the fact that your neighbourhood has not yet been updated to use the latest most efficient transformers?

Re:Whoa! ORDB better have a good disclaimer

[squiggleslash]

Nope, but the two situations aren't comparable. If your electricity was provided by a company that chose to prevent power surges by having a (well insulated) three year old frequently swing at the overhead wires with a pole, the other end of which was earthed, essentially earthing the power every few seconds, and if power was supplied in your area by a variety of organizations, rather than only one company, and if you actually live in an mud-hut village in the middle of the third world that's only been using power for a few years and which nobody is completely reliant or trusting of it, then yeah, I'd be in favor of that (now grown up) ex-three year old using his key to go into the "earthing room" and leaving the pole up there, denying power to the people who were subscribing to this incompetent organization.

Of course, that's a completely unrealistic scenario, which is why your analogy doesn't really work. In this case:

1. e-mail is too unreliable for anyone to consider it critical
2. The use of an innuendo-based filtering system has already contributed to the above. It is simply implausible that anyone who lost email as a result of ORDB's actions has come to rely upon it.
3. There are a choice of email administrators to the end users. They will be able to chose someone else.

I am sympathetic to the end users, but I think the end users were suffering before this, and for the most part, all this has done is show the users what the real cause of their long time woes are.

Re:Whoa! ORDB better have a good disclaimer

[ta+bu+shi+da+yu]

Dude, ORDB didn't fail. It was taken down. Stupid mail admins kept using it. This generated a fair amount of traffic to a pretty useful domain name. The fault is solely with the mail admins, not the ORDB.

You cannot say that people were NOT warned. Lazy mail admins, who couldn't be bothered changing their boxes are the problem here. Looks like they got burned due to their laziness and lack of proactiveness. They weren't good mail admins in the first place, if they got this wrong, what else are they doing wrong? At the end of the day, they deserve everything they get.

Nice

[topham]

Dealing with Email and Spam issues can be enough of a pain in the ass without the added hassle of this shit.

It isn't that the recipient complains they aren't getting email, it's when the sender (my customer) complains to me that their mail isn't making it to the recipient and blames me when it's the spam filters at the other end causing the problem. And now this?
Nice.

Re:Nice

[TubeSteak]

It's like hotlinking an image off someone's website after you've been told not to. Yes, the site owner is a dick for replacing the pic with goatse, but it's still your fault for linking to it in the first place.

This will cause some confusion at first, but if it hit /. word will get out soon enough.
I just hope no one's spam filter defaults to automatic-deletion.

Why not just close the server?

[Em+Adespoton]

Why don't they just close the server so it no longer accepts connections? Are they doing this to stop the server currently at that location from being hammered with requests?

Re:Why not just close the server?

[ashridah]

While that's accurate to a point, Seems to me that doing this at the DNS level (deleting a DNS record, or pointing it to 127.0.0.1 and giving it a TTL of a few decades) would do the trick better than BLOCKING EMAIL.

My bet is this is going to really REALLY negatively affect all of those mailservers that have been setup, for which there is *no* administrator. You know. the ones setup for smaller companies who have no inhouse admin, who hired a consultant, but wouldn't pay for ongoing maintenance (either due to tightness or actual lack of funds, etc). The response time here, and time to resolution is likely to be high to non-existent.

All in all, this is a pathetic (understandable, mind you) move, and reeks of inconsideration.

Re:Why DNS-RBLs suck

[whoever57]

Oldie but goldie: http://acme.com/mail_filtering/shame.html#dnsrbls

I'll take the DNS-RBLs out of my email configuration when there is a realistic alternative. Clicking the "Conclusions" link on the referenced page, the author provides no solutions, other than throwing pies at Bill Gates. Not very credible.

It's the only way to get them to stop

[bl968]

I closed my lists and two years later after checking my dns server and seeing traffic for a couple of dnsbl lists which had been empty for the last 2 years and finding that we were still getting several hundred requests per minute.

Our blackhole lists are defunct. We announced their closure over 2 years ago and it was widely covered by the press at the time. We are still recording several hundred lookups per minute so Friday December 9th 2005 we started answering positive to all requests. If your mail is being blocked simply contact any isp blocking you using these lists and let them know they need to remove them ASAP! If they have questions they can contact me directly. [email removed]

To identify whom to contact please reference the error message you receive.

Look for something similar to:

----- Transcript of session follows -----
... while talking to mail.somedomain.com.:
>>> MAIL From:<youremail@yourdomain.com>
<<< 518 Your SMTP server is listed at something.domainremoved.net
554 5.0.0 Service unavailable


In this case you would contact somedomain.com you would tell them that the whatever.compu.net dnsbl is defunct and is now answering postiive on all lookups. As such they should remove it and any other compu.net dnsbl ASAP to prevent legitimate emails from being blocked.

If they need verification send them to this web site.

I announced this upcoming change to both the SPAM-L mailing list and the news.admin.net-abuse.email newsgroup

"Over 2 years ago I shutdown blackhole.somedomain.net, pacbelldsl.somedomain.net, and pm0-no-more.somedomain.net then announced the shutdown on the news.admin.net-abuse.email and several other mail and abuse related lists. As of today I am still logging several hundred requests per minute to it two years later. In one week I am going to start answering positive on every lookup to those domains. I don't want to do this however I am not going to continue to bear the load for something that ceased to exist over two years ago. So basically check your mail servers and if you are using the blackhole.somedomain.net, pacbelldsl.somedomain.net or pm0-no-more.somedomain.net dnsbls remove it asap!

Thanks."

It was the only way to get them to stop and if I check my server today, I will likely find I am still getting some requests on them. So it's not dickish at all as another commentator claimed.

Mmmm, stereotypes

Saying "A girlfriend? Proof positive that he's not a regular /. reader" is modded Insightful? Since every mention of "girlfriend" receives this response like clockwork, Redundant seemed more appropriate... Well then, I have some more Insightful tidbits for you:


Jocks are idiots.

Linux users have tiny penises.

Windows users are point-and-drool morons.

Mac users are artistic and gay and think overpriced computers are status symbols.

Business execs and politicians don't know fuck-all about computing or networking, but insist on controlling them anyway.

Women are shitty drivers (they themselves have fewer accidents, hence they receive a better insurance rate; they're shitty drivers because they do annoying shit that creates obstacles for others, like not knowing what the fuck the passing lane is for).

Black people are either from the ghetto, or act like they wish they were.

White people have zero sense of rhythm, can't dance, and can't jump.


Now where's my +5 Insightful?

Re:Is it really necessary?

[Chandon+Seldon]

How much would it cost to do it the Right Way from a user's point of view?

Blocking with an error code is the Right Way. That way the sending mail server generates a bounce message and the sender knows that the message didn't get through. The idea of accepting every message so the user can have 50,000 messages in his spambox that will never get looked at for every real message is absurd.

Block lists

[buss_error]

If one uses a block list, then one should subscribe to their email list as a minimum. Why? So that you are aware when that block list is no longer maintained... *sigh* Sadly, too many people that think they are experts at running a mail server will fail to do this. The really, really sad part is that they will most likely escape any punishment for their hubris.

Re:No it is not ...

[atamido]

I'm with arkhan_jg and Chandon Seldon on this one. If email is rejected during the initial handshake, then the sender (if legitimate) will know that he recipient will not see the email. If it is flagged afterwards and sent to a spam box, then the sender has no idea that the recipient will likely NOT ever see the email.

I know I would rather be notified of a rejection than have an email go to a spam box.