UPDATED: AOL Added To ORBS List - At Their Request 220
Scott Crain, AOL 'Spamdinista,' wrote in with an update, and to make what's going on crystal clear.
There are two machines that have been added to ORBS on AOL's networks, at my request. The two machines are a new system in place to allow us to keep spammers from using outbound SMTP connections to spam the rest of the net with junk. Alan Brown, the maintainer of ORBS and I correspond frequently on a couple mailing lists we both frequent, and he asked if it would be ok if I had him place these two machines in ORBS, to which I agreed.
Basically, the two machines that are there are the external gateway for a percentage of AOL members using their TCP connectivity to send mail out of AOL without using the AOL client. It's no different than blocking AOL's dialup IP's (*.ipt.aol.com) as the MAPS DUL does currently.
In other words, this is a good thing. I'm sure I'm not the only one who doesn't like spam from AOL, and this looks like a step in the right direction.
Re:Most mail problems (Score:1)
a dial-up mail server for ages now, it is as locked down secure as I can make it yet according to the MAPS DUL I dont have the legitmate right to
run my own mail server because I am just a lowly
dial-up.
"We have not found a legitimate reason for dial-up
users to talk directly to recipients' mail servers"
The reason might be because I can and dont spam. If I relay thru the ISP I will lose my domain name
and heve to put in alot of header re-write rules.
My domain is hosted elsewhere for free but no
mail services other than forwarding. This is just
not well thought thru.
My ISP doesnt have a policy against this
so it is not unauthorized I pull in the mail thru
the ISP's pop. I hate spam as much as anybody but
that is a real snobby statement especially if
your ISP's server may suck periodically.
I dont put a load on their dial-up router and
they leave me alone.
And of course the real issue is that more and
more people are dialing in and want to run all
their services themselves. With the advent of
IPv6 everyone will have a fixed IP. The trend
then will be toward de-centralizing services and
educated, responsible customers actually can take
the load of the ISP's central mail server.
I worked at an ISP once and we tried MAPS RBL
but it was too exclusionary and like all these
efforts needs to be a lot more specific. And I
have heard all the ORBS nightmares as well.
Re:AOL on ORBS list (Score:1)
My ISP found ORBS to be very aggressive. I spoke with them to find out why they are on the ORBS list of [orbs.org]
Netblock Entries (aka "the Bozos List") .
The fact is that my ISP protested the unsolicited scanning of their networks from an outside source, white hat or not. And the scan was also hitting customer dialups. My ISP secured their sendmails, and told ORBS to kiss off and stop probing their networks.
I really don't blame them. A "white hat" service should not be as intrusive as ORBS.
Re:Can anyone explain something to me? (Score:1)
Just a guess.
RBL abuse (Score:1)
----------------------------
Re:Well, the UDP worked on @Home... (Score:1)
I do recall @Home cracking down on their customers. For years, I used a friend's cable modem box for mail and a mush, and we noticed @Home mass portscanning their customers on port 80. Not long after that he got a nastygram to cease and desist or be disconnected. So we moved everything to a safer system in record time. For the record, we had been running several daemons off that cable box for four years before @Home bothered to notice.
Re:Don't overreact: they're harmless (Score:1)
blacklist smarthosts of open relays too, this can be much to less time.
ORBS had half of germany scanned last year, and some major ISPs turned out with 200+ open relays. Now all of this relays are under control of the customers, so you need time to find out what MTA they run, how to fix it, even explain the problem to them.
If you try to tell ORBS that you are working on it and need more time, they simply tell you, "Duh, you have plenty of time, we don't care how long your work days are". This and the fact that ORBS is lying (they tell that they won't scan blocks and won't use data which were likely get out of such scans) makes them unreliably and not a source to trust in.
Block ORBS.
Most mail problems (Score:1)
Re:I hope this is true (Score:1)
Whatever - much kudos to AOL UK for being extremely vocal in their dislike of the UK telco charging structures.
..
Well done. (Score:1)
For spam filtering at my site, I use two services: the MAPS RBL, which lists the IP address blocks of repeat and unrepentant spammers, and the MAPS RSS, which lists any still-open relays that have been spammed through.
MAPS RSS is different from ORBS in that spam must have been sent through a server at least once for it to be listed - you won't get listed in the RSS if you just block relay tests from them. ORBS is somewhat less "polite," and I don't use them because of the larger number of false-positive spam-blocks.
I'd use the MAPS DUL, which is a list of IPs used for modem pools (which should always be using their ISP's SMTP servers), but I can't get Sendmail to allow relaying from DUL-blocked IPs that should be otherwise allowed to relay through me (customers of mine using DRAC POP-before-SMTP). Anyone?
More information on MAPS services is available at http://www.mail-abuse.org/ [mail-abuse.org] (not affiliated, etc.).
Re:AOL's "spam problem" (Score:1)
In the last two weeks, I got some spam via an open relay in Spain, some via some obscure mail servers in China, and about 50% via AOL. I have no idea about the number of users in China (1.2 billion? *grin*) or using the Spanish ISP (actually, it was a bank), but AOL certainly is one of the major spam sources at the moment.
I expect AOL to improve fast - while their user base still sucks, they did get a quite good support team.
Re:AOL on ORBS list (Score:1)
It's quite possible that AOL is completely irresponsible here and has an open relay and ORBS could be completely right, but I think some caution is due here before throwing down on AOL (which a vast majority of the posters here seem to be doing without knowing anything about mail transport or mail blackhole lists).
--
Kevin Doherty
kdoherty+slashdot@jurai.net
Re:AOL on ORBS list (Score:1)
Just because some spammers use AOL doesn't mean that AOL should be in ORBS; AOL should only be there if it operates open relays.
--
Kevin Doherty
kdoherty+slashdot@jurai.net
Re:Why AOL was put in ORBS (I know... I did it) (Score:1)
This just makes the fight against spam that much more difficult.
Don't try to tell me that AOL can't pay a FTE or three to sort through the abuse mailbox and dispatch the complaints to the appropriate team.
Re:Possible solution? (Score:1)
Plus, the VPN would add to the overall security as well.
Re:Get in phase! (Score:1)
Jeff Sand
shroom-at-bradley.edu
Re:Off-topic, but not a troll (Score:1)
http://www.adcritic.com/content/mountain-dew-bu
check www.adcritic.com, they usually list the background songs for all the ads there...
Re:AOL on ORBS list (Score:1)
Re:No surprises here... (Score:1)
I see...
Re:AOL on ORBS list (Score:1)
Re:AOL on ORBS list (Score:1)
While I appreciate the work the Orbs people are doing I don't appreciate the rough and offensive way in which they operate.
Re:What good timing! (Score:1)
The one time I got spam from a legitimate AOL user (and not a fake @aol.com address), I sent it to abuse@aol.com. After a few days, I got back a confirmed kill letter. That's a hellava better response than I've gotten out of any other ISP.
--
Re:AOL not all good by any means (Score:1)
Maybe my work is spamming people, or maybe the guy just wanted to give me negative feedback. Has made my shy away from sellers on AOL, tho.
--
Re:Don't overreact: they're harmless (Score:1)
Except that's not what they do. They first send you a note saying your door is unlocked, wait a month to see if you close it, and then post it on a billboard. You've had the chance to fix it, if you don't that's your problem.
If this was the case, why was a request for the basis of spam claim ignored? Because they can not provide it. I'd LOVE to see the claimed spam mail for my source....yet, this is not forthcoming.
They don't list spammers perse... They list open relays. They don't need a spam complaint, all they need to see is your open relay. It's what they are, a list of open relays. You don't like it, live with it.
Re:More proof of ORBS's stupidity (Score:1)
With ORBS, one could test a server to see if it will relay mail for you. If it does, you know, and orbs tells them. You can spam for up to 30 days before ORBS notifies the rest of the spammers, that that machine is now available. The spamming continues until the machine is blackholed.
Why publicize it? Why not just wait until the machine is actually used for spam, and then gothrough the steps of RBLing it? It's that whole innocent until proven guilty thing... They haven't done anything wrong, there's just potential for wrong to be done.
Sound familiar, Napster fans?
Er, and? (Score:1)
(Neither of which are on ORBS because the people using them seem to do direct-to-MX spam, before anyone says anything.
If people want to do something, try complaining to the people hosting the spamvertised sites, the tools to do it (eg www.cybercreek.com), etc. Lurk in the newsgroup news.admin.net-abuse.email for a while, you'll soon see links to helpful pages.
But basically, don't go needlessly off on another AOL rampage, when they're not really doing too badly at present.
Re:ORBS too aggressive (Score:1)
Re:I'm on the blacklist, and likely to stay there. (Score:1)
Andre
Re:AOL on ORBS list (Score:1)
Apon discovering that one of our customers are in the netblock, rather than finding polite, helpful guys like the vixie mob, ORBS are just arrogant.
On one occasion, one of OUR relays was thrown into ORBS for allowing %hack type relaying, yeah, like THAT is useful to a spammer.!
Re:Don't overreact: they're harmless (Score:1)
@Home is on it as well (Score:1)
--
GroundAndPound.com [groundandpound.com] News and info for martial artists of all styles.
Re: Useful links (Score:1)
Well, the UDP worked on @Home... (Score:2)
I certianly hope AOL does get the message, however. God only knows how much spam I get from AOL accounts, yet I can't afford to block them because I need to be able to communicate with customers that only have AOL.
Re:Why AOL was put in ORBS (I know... I did it) (Score:2)
NOW if it will only tell me what they have done to several spammers I've reported. All I'm getting is a virtual "We're won't tell you anything. It's our 'security' policy. NYAH!" when I'm still getting junk from AOL's dialups and servers are slowly banning AOL manually. This isn't just for spamming, it also encompases harrassment of the users of those non-AOL servers. (IRC, MUCK's, interative services, even AOL's own AIM are examples of this)
---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack
Re:Why AOL was put in ORBS (I know... I did it) (Score:2)
All I'm looking for is a semi-personal form letter saying you've nuked the account afflicted. This is insanely eazy to implement, and can even be hooked up into an existing reporting database. Infact, I wrote one up in this Usenet post to news.admin.net-abuse.email [deja.com] for UUNet. Just this setup time works well with ISP's as big as AOL.
We can't tell you any specific details of any action we take against a member's account, because AOL's privacy policy guidelines prohibit this.
[humor] I don't care if you used a five-kiloton thermonuke missile to get a spammer off your system, or a three-kiloton. [/humor] All I ask is that the user who sent me the junk to my account has been delt with. Not "We'll deal with it." I'm looking for a "We've dealt with him. He will not be spamming from us again."
All I'm getting is a "We're looking into it." I've gotten too many "We're looking into it's" from ISPs. I've gotten too many bounce messages, too. I've already helped get Real Networks on the MAPS RBL for being unrepentant in sending me junk. XOOM's getting there now. I have 84 spams waiting for LARTS to be fired off again, 4 relays to nominate to the RSS, and 74 spams filtered out according to the RBL or RSS. I'm tempted to start doing a spam or four a day. I only delete spams when I see the user responsible removed or reeducated. I wouldn't be suprized if I get a third of the load cut down because it's all AOL origionating stuff.
I'm not saying that the job gets done. I just don't have any proof of it, and it shows on other servers.
---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack
Re:How do you get through to these people? (Score:2)
Yet even with all that, I _still_ am beginning to hate uunet more and more. I've taken to adding little personal notes to my customary remarks- like "Please kill this spammer's account, oh UUnet source of my unending torments and target of my everlasting loathing and hatred. -postmaster@airwindows.com" It seems to make no difference and only relieves my feelings a bit. UUnet never stops giving spammers accounts and I'm damned if I can figure out if they even restrict them in the slightest way. I've heard they might do something like give warnings and say 'Send to other emails, ones that don't complain to us!' which is not an acceptable response.
Could _somebody_ please rip uunet's head off and #*$% down their neck? As a personal favor to me and Denor here? :P
Re:How do you get through to these people? (Score:2)
Ohhhhh, I like this. I like it very much. I would point out that it's much much better to not have the others making threatening (and actionable) remarks at all. Have them just be there in a chillingly disciplined manner, saying nothing.
Ohhhhh, I'd pay to get to do that. Maybe someone should try to organize this :) pity I don't have a black suit. I do have imitation Blues Bros. sunglasses :)
Possible solution? (Score:2)
That should be easier than moving your whole operation to Sendmail all at once.
--
Re:You're giving them too much credit.... (Score:2)
I suspect that this is why ORBS is still accused of scanning for open relays. Some spammer is probably "nominating" whole IP blocks so they can check the ORBS list later. Since nobody smart uses ORBS, they now have a list of open relays, which are not on any real blacklist.
Either this is the case, the ORBS kiddies actually *are* doing scans, or AboveNET and many other ISPs are lying when they claim ORBS is scanning them.
Re:For those opposed to ORBS, what about RSS? (Score:2)
1) It doesn't list multi-level relays[*] -- I count this as an advantage, because it cuts out the "block an entire ISP because of a few rogue customer" effect.
2) They can actually produce a spam for each listing, something that ORBS cannot do in most cases.
3) [related to (2)] When explaining to a (non-)admin why you are blocking their mail, you can point them to an ACTUAL SPAM INCIDENT and say
"here's why."
4) [also related to (2)] There are no "manual listings" on the RSS -- every RSS-listed host is actually an open relay. Many ORBS-listed hosts are not open relays.... perhaps even most, with the multiple
[*] I really dislike the way ORBS handles this problem. Basically, if you run a (closed) relay, you apparently need to subscribe that relay to ORBS in order to keep it off of ORBS. Oh, yeah... there is one other alternative: you can enforce a no-servers policy, or (ack!) filter all incoming port 25 traffic to customers.
Police brutality (Score:2)
how can you say they can't block you?
It's not that they can't, because clearly they can. It's that they shouldn't. They have attained a position of significant repspectability (fairly wide-spread use) with their service, this separates them from the common user or isp. Users trust them to provide even-handed and consistent service, just like we trust our local police not to shoot someone in the knee caps for saying "Fuck you" to an officer.
When such brutality does occur, as we all know it does from time to time, the Police must be taken to task for weilding state-level power on a personal basis.
ORBS has successfully become a sort of 'Police' of the Internet. If they aren't grown-up enough to handle the responsibility in an enlightened manner, they will be replaced, and rightfully so.
I think (hope) that such things are growing pains, and that as they come to realize that their new-found influence comes with certain responsibilities.
.
.
CLUE indeed (Score:2)
Re:Oh no... (Score:2)
That said, I disagree with your post for the simple reason that this is an interesting and important issue, and it's good to have it a bit further in the public eye. I care about such things, but I'm not a full-time administrator, so I don't (yet) peruse the specialist forums. Your annoyance is understandable, but I still disagree.
Respectfully,
skent
Re:ORBS List (Score:2)
Oh well!
The danger of huge market share (Score:2)
--
Bah. Not ALL of AOL... (Score:2)
I'm sure the vast majority of the AOL machines are NOT in ORBS, and most mail will get through.
---
R.I.P ORBS (Score:2)
Now they've taken on someone who knows very well how to spell "lawyer".
The last I saw a discussion with the ORBS kids, their attitude was "we decide who is in the wrong, and how to punish them". Even when they are right, such an attitude creates enemies.
And when they are wrong, the lawyers descend.
Re:Invalidation -- just like the RBL (Score:2)
Subjective control of the Net is wrong, for the same reason that censorware is wrong.
The RBL is a heavy handed approach to solving problems. Rather than taking the approach ESR took with Netscape, they are extorting email providers into compliance. That's just wrong.
ORBS only serves to make an application level RBL. These approaches are entirely wrong, diplomatic approaches must be made to solve the problem, not heavy handed politics.
Re:I'm on the blacklist, and likely to stay there. (Score:2)
Re:I know I am risking it here but I don't care (Score:2)
Tough luck. When you sign with an ISP you sign with the Acceptable Use Policy, Term of Service and other appropriate stuff. If it says no SPAM this means no SPAM. If unhappy change the ISP. You have no legal grounds to sue the sysadmin after you have signed that you actually allow the sysadmin to do the filtering. So long and thank you for the Fish...
Re:Invalidation (Score:2)
AOL has been in the RBL in the past. It has not invalidated the RBL. Actually it brought more popularity.
I did not consider using ORBS till now, I do now.
Re:R.I.P ORBS (Score:2)
It was discussing litigation against ISPs refusing email from them in the past on at least some mailing lists like NANOG. And guess what - it found that it had no legal grounds to even file a suit.
Any ISP has no obligation to receive mail from anyone. They are not obliged. Period. The only ones to sue them are the ISP users and only if the ISP has been dumb enough to start filtering without formulating its contracts properly. The usual contracts with an ISP make sure that the user have no grounds for any lawsuit ;-). That is life...
Re:Can't find any AOL's SMTP server listed by ORBS (Score:2)
These are not AOL mail outputs. These are the inputs.
As a person who had been hit by an AOL end-user generated mail D.O.S. at one of my previous jobs I can tell you for sure. You are checking the wrong IPs. Better scan your logs for AOL incoming and get the IPs from there. Thus you will get the tier 1 relays. From what I recall there are at least two more tiers which you can determine by firewalling Tier1 and than the appearing Tier2.
Re:I'm on the blacklist, and likely to stay there. (Score:2)
Re:Hehe 8^D (Score:2)
Re:Don't overreact: they're harmless (Score:2)
Unless, of course, it's a power trip, and has nothing to do with stopping spam.
Should people with buggy MTA's upgrade? Probably. But ORBS shouldn't spite-list them, and shouldn't keep testing them; it should leave them alone.
Keep in mind, we're not talking about "any random SMTP". We're talking about servers that move thousands of messages an hour, and never, ever, crash *EXCEPT WHEN ORBS HITS THEM*.
You may prefer 17 messages to a spam run. I prefer no messages to 17 messages. I know enough
to keep my servers secured, and test them actively whenever anything changes. ORBS does not believe I have a right to be left alone.
Re:Why AOL was put in ORBS (I know... I did it) (Score:2)
Re:Don't overreact: they're harmless (Score:2)
There are mail servers, *WHICH ARE NOT OPEN RELAYS*
* where any relay attempt will create a message in postmaster's inbox.
* where certain of the ORBS tests *CRASH THE MAIL SERVER*.
The latter is a bug. So? Why should you have to let this *ASSHOLE* crash your system every time he gets the idea, when you *CAN'T* be used as a relay? He won't stop, ever, and the best you can do is have him list you as if you were a spam hydrant, even if no spam, ever, has left your machine, and you're not an open relay.
I know people who have this problem.
Anyway, if seventeen messages isn't enough resources to worry about, why do you mind spam? I only very rarely get more than 17 spams in a day after filtering...
AOL's "spam problem" (Score:2)
How much spam do you get per user? How does this compare to other ISP's?
I don't think AOL is all that bad *on a per-user basis*. The same thing that makes them so hard to block (they have an amazing number of users) pretty much guarantees that, even if they had many fewer spammers "per million users", they'd have an apparent "spam problem".
AOL isn't nearly as bad as Netcom and uu.net once were, and none of them are as bad now as what we used to take for granted as the cost of having an email address. I don't mind AOL all that much; they're not that much of my junk mail.
Re:Invalidation -- just like the RBL (Score:2)
Or, allow me to continue believing that the RBL is astoundingly well-managed.
(Note that everything like this I've heard dates back about to the point where they had maybe one employee, and really doesn't apply to the RBL as it exists today.)
Don't overreact: they're harmless (Score:2)
Besides the obvious desire to provoke, why would you call their probes an "attack"? From my mail logs, I see that their probes take up very little resources. There were not that many requests, and there were pauses between them. They test using legitimate SMTP requests, and they are entitled to do so once you put your SMTP server on the net. There is a big difference between a handful of probes that result in perhaps a single relayed mail, and a spammer pounding on your unsecured server with thousands of requests for relayed email. I would rather have ORBS test my server any day.
See their site for details. They do not randomly test sites, but only test when a suspected unsecured site is nominated by someone. Their probing serves, as you say, to "talk to the host accused". The admin has a whole month to secure the thing if it is found insecure, before it is publicly listed.
Re:I know I am risking it here but I don't care (Score:2)
I'm sorry? My company's mail and web servers that run off of a 2mbps SDSL line are pirate or not legitimate? The mail and "do everything" linux box I have on my 768k ADSL line is pirate or not legitimate? Gee, that's funny. I rather thought anything that could fling packets via TCP/IP was a "legitimate" server.
This will be of great interest to my users, both at home and at work. 752 people (as of this morning) will be happy to know the services they reliably access, and have accessed for almost 2 years now, are provided by an illegitimate server.
Oh, and before posting, please learn to spell. It's an "impediment" to accurate communication.
--------------------
Re:AOL on ORBS list (Score:2)
FYI, this would still be the case even if AOL were not in the ORBS database. ORBS lists quite a lot of servers that mostly deliver legitimate mail, sometimes on the basis of pretty obscure relay tests and often even if the relay is not actively being abused by spammers. The ORBS philosophy, as far as I can tell, is essentially that it's okay to throw out a few babies as long as you get rid of the bathwater.
I would put more trust in the MAPS RBL, [mail-abuse.org] DUL [mail-abuse.org] and RSS [mail-abuse.org] databases as more responsibly run systems: while not as aggressive as MAPS, much less likely to discard legitimate correspondence. For many sites, that is of paramount importance.
Re:AOL on ORBS list (Score:2)
RSS [mail-abuse.org]
DUL [vix.com]
RBL [mail-abuse.org]
The RSS is a toned down version of ORBS; it only lists relays that have been used to spam, which makes it easier to explain the problem. The DUL blocks any direct from dialup spam. The RBL blocks blackhole sites. The main problem with ORBS is that it is harder to explain (with RSS you can say 'spam _has_ been sent through this server'), and it blocks a lot more sites, which makes it hard to handle on anything larger than a personal mail machine.
Re:Invalidation (Score:2)
-B
Re:ORBS is NOT a "Black Hole" (Score:2)
AFA their criteria, all of these different lists have different criteria. It's the Admin's job to pick the one that fits best with their mentality.
Pax.
Re:R.I.P ORBS (Score:2)
Re:Invalidation (Score:2)
Say something about your mail service, aol.com (create that), is assisting spammers and illegal activity, yadda yadda. If you want to help fix this so you can send *your* e-mail, forward this to postmaster@aol.com (create that, too). With a minute or two spent on the message, you could practically tell them step by step how to properly deal with it (though some couldn't find a button with two hands and a roadmap...). Then in the next paragraph you can list the normal ORBS stuff, with the URL and all that jazz.
Tens of thousands of calls to AOL customer service may be the only way to remedy the situation, so people have to do this. I suggested in another post a rather extreme view (have the backbones cut them off from the rest of the world until they update a setting or two). Shouldn't be tough to see some action then, and then AOL could have some cute little 'art' appear on everyone's screen saying that the world has stopped being unfair to all of you wonderful AOLusers and that you can get back to that big scary internet, but we know you don't want to, so come join a chatroom...
A lawsuit would work, too
Before the dawn of AOL (Score:2)
This entire discussion -- ORBS, RBL, etc. -- does bring up an interesting tangent: as a community, we have a helluva pull on the marionette strings. When a company does something bad, the ball usually starts rolling here for protest pages. But why doesn't someone start an "evil-company blackhole list" and disallow *all* services to that company. Block access to www.mattel.com or, better yet, redirect to a page telling people why Mattel is being evil and then give them the option of continuing to the site or signing a petition.
It's just a thought, a random and tangential thought, but hey... I figured why not throw it out there.
----
ORBS, Sucks or not? (Score:2)
ORBS aren't angels either.... (Score:2)
Send outgoing first, then receive incoming (Score:2)
Worse than Guilty-Until-Proven-Innocent (Score:2)
So you're guilty _because_ you're innocent!
Seriously, if the purpose of ORBS is to prevent machines from being used by SPAMMERS, and ORBS can't get in to abuse the relay as a test, then spammers can't get in to abuse it for spamming.
If you've got a site that _deliberately_ blocks ORBS, either it's got some good reason to dislike the probes (e.g. the guys whose lameNT mailer crashes), or because it's running mailer protection software that interprets ORBS as a spammer's probe (good - so they're blocking real spammers too), or perhaps they provide spamming services (in which case the real problem is users with accounts there, not relays.)
I know I am risking it here but I don't care (Score:2)
Essentially their argument is that you can't have anything worthwhile to say if you have a free or no cost based web site. On that basis almost all of geocities, xoom, and many other providers gets blocked (Bess).
Another question that needs asking here. I can just imagine a group of fed up people actually taking civil action against and ISP that has some sysadmin that just blithely blocks e-mail from some location because of "spam" (that's a crapy name for it).
Few of the people who actually run ISPs are in fact owners of said equipment or lines and as such do not have the moral or ethical footing to make such calls.
Unless you are actually running your own legitimate server (no not a pirated or other server off you cable modem or DSL or ISDN connection) you can't make calls like that.
I have every reason to believe that most people are just getting screwed over by the Olympians on this one because no one who is getting harmed with having their e-mail blocked has any ability to effectively do anything with it.
As another poster has already pointed out there is a really nad streak of BOFH in many people that works almost the yway it does in cartoons.
You know the two little people that stand on the sholders of various characters and represent good and evil? Well I think that many people are listening to the pointy horned one.
I know personally of several cases where judgements were filed against various sysadmins who thought that they were going to screw the users in any fashion they wanted. A teacher at a highschool was relieved of his position after taking copies of e-mail correspondence that in fact did not belond to him and then attempting to use it to further his own agenda and get the people involved kicked out of school.
Data deletion and malicious banning are also things that I have known to happen.
How would you feel if say I really didn't like you and started to actually do packet sniffing and then do an active regex search of all packets comming out of your domain. Then I systematically tamper and trash all of those packets that are e-mail messages say after a random number of packets has matched? Not so funny now is it?
When you work at a job there is a little clause in employment contracts which states something to the effect that anything you do is only permitted if you have authorization from legal representatives within the company and perhaps others in the upper eschelons of the company. Without this you cannot do anything without taking a hefty chunk of liability and as such should not try to limit access from ISPs who are trying to legitimately attempting to provide a service to their users.
The mere fact that the list of blocked sites that is being discussed has been removed from it's own service providers several times is indicitative of how draconian these people are.
There are already attempts to make intelligent AI driver mail and news filtering engines that can attempt to classify various messages by content and word analysis (similar to Eschelon). Positive results are showing up all over the place.
Then once that is done just rapidly have users check their "spam" folder rather rapidly and bam no more problem for them. After doing an analysis of my own mail box and roughly 40,000 from several unix domains I have determined that in fact on the whole 97.8956% of all spam messages that are sent during "peek" times (ie when factored for various changes in TIme Zones relative to each other) between say Monday-Friday 10:00-22:00 with the peak being at about 8pm on Wednesday (maybe more people are home then).
Messages in this time period do not exceed 8-12k in any circumstance.
I can't see how realistically when such massive bandwidth and tremendous risk is involved one can justify acting as a free speach empidement.
What? (Score:2)
Oh, sorry... was that a troll?
ORBS is not a freedom-fighter, they are net-terror (Score:2)
If you are talking about the door-knob turner, they ARE breaking the law. It is called prowling. And Trespass. And if they keep doing it, stalking
http://www.wwlia.org/ca-stalk.htm
>you should try to resolv this matter
Resolution is possible with reasonable people. ORBS are not reasonable with their methology. They blindly attack hosts, and when asked for proof as to why my host was attacked, they can provide NO PROOF OF SPAM so that I might figure out how to stop that 'alledged spam' in the future.
Go on NANOG's lists. Look around, and you will see that ORBS is believed to do more harm than good. Because ORBS is no better than the spammers who probe hosts. And because ORBS is a net terrorist.
You want change? Then get ORBS to modify their methods. Get them to contact the admins before they test. And provide proof of the SPAM from a site. Have ORBS be REASONABLE, and they won't generate all this ill-will they have.
Right now, ORBS is a net-terrorist.
Re:Don't overreact: they're harmless (Score:2)
If you insist that you manage the box, fine.
They provided the service of informing me of the security hole, for which I am grateful. Thanks to them, I secured my server against spam relaying.
Strange. I read my mail log files, and I notice things like people sending e-mail through my system. It is called SYSTEM MANAGEMENT. If YOU needed ORBS to tell you that you had an open relay, and ORBS only probes machines that have been used for spamming, then it looks like you need some help with the concept of system management.
Besides the obvious desire to provoke /., you should spend your time and energy reading some books on Unix Sysadminning, or taking a few courses on it at the local college. Feeling provoked yet? All I'm willing to do is point out how the people at ORBS are net-terrorists, pretending to be 'offering a service'.
No if I want to provoke I do something like this:
You sir, are an incompentent Sysadmin if you need to have an outside service tell you you have a problem. Looking at your own log files and having a basic knowledge of how to admin a Unix box should let you know you have a problem. You may not know HOW to fix the problem, but your post indicates that you were obvlious to the use of your box by relayers. Instead of spending time here on
why would you call their probes an "attack"?
Because it is. Looks like a probe attack, smells like a probe attack, LOGS like a probe attack, its a probe attack.
They test using legitimate SMTP requests, and they are entitled to do so once you put your SMTP server on the net. /. post, and some clown walked in because your door was unlocked, you would find this OK? ORBS is no better than someone who walks about the neighborhood, looking for unlocked doors or keys under the entry mat. Then they place up a billboard saying "Open door at 321 Evergreen". What shocks me is that you, as a systems manager are not outraged at such behavior.
And I bet if you were busy working on your next
and a spammer pounding on your unsecured server with thousands of requests for relayed email.
Amazing. You CLAIM to be an administrator of a box, yet you don't understand the concept of reading your maillog. Funny, my mail log lets me know when people are using it who should not be using it.
See their site for details.
I did read their site. And, they STILL are net-terrorists.
only test when a suspected unsecured site is nominated by someone.
BULLSHIT If this was the case, why was a request for the basis of spam claim ignored? Because they can not provide it. I'd LOVE to see the claimed spam mail for my source....yet, this is not forthcoming.
Terroists who are unable to back up their terror campaign when caught read-handed.
How do you get through to these people? (Score:2)
Lately, my anger has been less and less directed toward the spammers themselves (they're still bastards), and more and more toward the companies that allow it to happen.
Specifically, PSINet and uunet, but I've also got spam from AOL, the sprint dialup network, and various lesser-known servers. Most of the time, the only kind of response I get when I send in an abuse report is a form letter, and that's it. Sometimes I get to know when the offender's account has been closed down, but when it's actually a relay acting up, that doesn't help.
And no matter how many abuse reports I send in, no matter how many times I send a letter to the administrative contacts telling them that they are allowing people to exploit security holes (the open relays) in their mailservers to send bulk e-mail to people, I've never once got any kind of reply other than a form letter.
So my question is, really, is there any way to get through to these people? Are the corporate ISPs so utterly clueless that they can't comprehend the idea that spam is a Bad Thing? What does it take to get through to these corporations? Does the Better Business Bureau take complaints about spam-enabling companies? Would writing letters to the editor every time a spam-offending company is mentioned positively in an article help? Would making an appointment with the corporate types and showing up in person even make it past the "call them up and try to arrrange something" phase?
I'm becoming really burnt out on trying to get rid of my spam. The S/N ratio on my mailbox has dropped to almost negligable levels - I'd abandon it if most people didn't e-mail me there. I want to stop spammers, but even sending e-mail to abuse departments doesn't help. What, then, can be done?
Re:Invalidation (Score:2)
Additionally, in the same period of time, I've received probably 8 or 10 e-mails from friends/family that use AOL. I would most certainly raise a stink if my ISP decided to honor ORBS lists and keep me from receiving this e-mail.
IMO, AOL doesn't account for *nearly* the amount of spam as other major ISP's out there, and despite the fact that their abuse address never really replies to my complaints (or if they do, it's usually about a month later), I rarely (if at all that I can remember) get a repeat AOL spammer. I mean I'm perfectly willing to acknowledge the possibility that I might just be lucky, and that the true majority are getting pummeled with repeated AOL spams from the same people, I'm just not one of those people, and from what I've been reading, lots of others are in the same boat as me.
I've never been particularly impressed with ORBS.. their "rules" about who gets added is entirely to subjective and not nearly objective as it needs to be. MAPS RSS has the same goals (listing open relays), but they're much more responsible about when they list someone. *shrug*.. Just my opinion.
Re:AOL on ORBS list (Score:3)
mail.wideopenrelay.com RELAY
This, of course, diminishes the punitive value of the list, but it's better than not using the list at all. IMHO, you don't even need to give a second thought to using the RBL (which only lists serious repeat offenders, IIRC) and the DUL (dialup users should use their ISP's mailserver. The only servers I've had to whitelist at a user's request have been on RSS, which is far more agressive than the RBL. (I don't use ORBS, since I find it too aggressive.)
--
Invalidation (Score:3)
What needs to happen is a bunch of ISPs need to get together and file a lawsuit against AOL for allowing so much spam through their systems. A groundbreaking case for responsible management of systems on the Internet would serve our fair network well.
Re:Invalidation -- just like the RBL (Score:3)
I also find your anecdote extremely surprising, and I'd like to see some proof... I thought that the RBL was a last-ditch effort after contacts had been made.
---
The words of a co-worker (Score:3)
Re:ORBS is a net-terrorist. (Score:3)
My company has a dedicated server through Digital Nation. Well, apparently, we inherited the IP address of a machine that USED TO BE an open relay. Never mind that we've been using a version of sendmail that doesn't permit open relays since the first day we turned the machine on.
And ORBS refused to take us off their list.
You can't call them up and reason with a human being. You're totally at the mercy of their anonymous maintainers. And they don't listen to you when you show them PROOF that your IP isn't an open relay. And they don't listen to your ISP when they show them PROOF that there is no open relay.
ORBS sucks. Their cure really is worse than the disease.
ORBS nearly useless, this will make it worse. (Score:3)
As a behavior-modification tool, the ORBS is useless. Too many people run insecure mail servers for most people to be willing to filter it all out. Enforcing the ORBS list will be more painful to the enforcer than the violator.
A better method would be to get a court case to establish that people running insecure mail-servers have partial liability for spam-floods using their server. A case could easily be made that anyone with the knowlege to run a mail-server has the ability to discover that running an open relay is dangerous, and the ability to perform some minimal securing.
Re:Invalidation (Score:3)
This has *NOTHING* to do with ORBS.
ORBS claims to list open relays. I haven't yet seen a convincing demonstration that AOL has an open relay.
ORBS, however, goes further. If they can't scan your
Neat, huh?
Of course, "ORBS doesn't scan". Of course not. Other sites do scans and submit results to ORBS. Or just submit whole netblocks. Or something.
Re:ORBS is NOT a "Black Hole" (Score:3)
If you follow the naive instructions to turn on ORBS, it will bounce everything, and it will also bounce all of the "static listings" - hosts which are almost always *NOT* open relays, many of which have never emitted a single spam, ever, but just don't allow gratuitous testing.
For those opposed to ORBS, what about RSS? (Score:3)
People like you are why I run orbs filters (Score:3)
People like you who dont bother to secure themselves against spam are why the problem exists. If you had an unsafe building then you would get forced to clean it up.
ORBS exists because people don't care about open
relaying. Hey its not you being spammed, its all
those other folk, you can fix it later.
Not socially responsible at all.
Hehe 8^D (Score:3)
The best is when the school ran a local search, and all sorts of people got hatemail saying "we found an active relaying mailserver on the system in your room. Fix it or be assimilated... I mean, deactivated" (or something to that effect). Pretty funny. Then, of course, came the firewall, so that ended the need for that, so they only scoured internal webservers for spurious
Of course, a college can easily shut off a port on a managed hub, but for AOL, maybe Sprint, MCI, et al could just sever any links out to the rest of the world until they comply... that would be pretty funny (I can see the even dumber commericials now... "Now with re-activted internet connectivity!").
AOL... hehe
Re:AOL not all good by any means (Score:3)
There's a simple reason that we don't bounce messages during the transaction, and that's because we don't verify user information during the transaction, in order to prevent spammers from dictionary-attacking us to get lists of AOL's usernames (Not that they don't try... they do... constantly).
Even though we have controls in place to try and prevent the amount of bounced mail we send to a delivering site, we still crush a number of them from time to time, because they're a: getting spammed through, or b: getting spam forged in their name.
Ask Netcom (well, you could if they were still around in other than name), MCI, Yahoo, hotmail, and more, but they're the ones that everyone knows. Hell, Vint Cerf's called personally to get us to take it easy on 'em. (I did).
Re:Why AOL was put in ORBS (I know... I did it) (Score:3)
I (up 'til yesterday) was the person that dealt with IRC abuse, and I know that it gets dealt with, albeit slowly because it takes awhile to track down the actual user.
As for MU(X|SH|CK|D)s, I'm a mux/mush coder myself, and I'm pretty damn sympathetic to those kind of abuses, and if I see 'em, they get dealt with harshly (no, that doesn't mean mail me directly... reports from people I don't know get ignored cause otherwise I'd go insane)
AIM is (supposed to be) self-policing... that's what the warning ability is there for. Sure, it gets abused, but well, you can't give something away with assholes getting in the mix.
Scott Crain
AOL Mail Ops (and up way too late. Where's dat update you mentioned, Hemos? =)
Roadrunner is blocked, was Re:No surprises here... (Score:3)
I simply don't see how ORBS helps the internet community. They block hosts indiscriminately, sometimes vindictively.
Here's Roadrunner's commentary on the whole mess, taken from one of their newsgroups:
; "Jr." wrote in message
news:MPG.12ffb6474d5873d1989688@newsr2.texas.rr
HISTORY:
Road Runner customers and Affiliates initially contacted us with a
security issue. They were concerned with their privacy and security when
an unknown entity (to them) began scanning them without permission. We
initially tried to address this case by case and later contacted the ORBS
administrators and requested this unwelcome scanning terminated. This is
analogous to someone requesting they be removed from a list that they did
not subscribe to. With this request, all Road Runner IP space was
unexpectedly added to the ORBS list with a public statement on the ORBS
WWW site, as well as the bounce message which our subscriber has
received. As scanning continued against our repeated requests, the
individual ORBS scanning hosts were filtered out of our network.
Although we strongly believe in stopping SPAM on the Internet, as well as
respect the initial work and charter ORBS has been under in the past, we
have serious concerns at the current methods and actions that are taking
place:
e.g.
- Scanning of private networks without permission from targets
- No REMOVE capability from the ORBS scanner
- When someone tries to stop or block the ORBS scans, they are blocked by
ORBS.
- No warning, as well as false public statements about the individuals
scanned or their provider. THAT IS: If you have a relay (known, or
unknown to you) you are called a SPAM supporter publicly without any
warning to correct it before ORBS adds you.
- Misinformation on ORBS' own web site
(http://www.orbs.org/whatisthis.html) "What is ORBS? The short answer:
ORBS is a validated database of open mail relays and open mail relay
output points, accessable via DNS lookup."
- The addition of Road Runner hosts to a "secret" database. Road Runner
hosts are not listed via their normal web lookup at
http://www.orbs.org/verify_1.html
Road Runner believes strongly in the fight against SPAM. We have address
it with strong policies, enforcement and our own relay detection methods.
We will continue this effort, work together with other providers and the
Internet community (including ORBS) to make a difference. However, we
reserve the right to assess the methods used, by whom and determine the
best way to accomplish the desired results for our business.
Can't find any AOL's SMTP server listed by ORBS... (Score:3)
# host -t MX aol.com
aol.com mail is handled (pri=15) by yh.mx.aol.com
aol.com mail is handled (pri=15) by za.mx.aol.com
aol.com mail is handled (pri=15) by zb.mx.aol.com
aol.com mail is handled (pri=15) by zc.mx.aol.com
aol.com mail is handled (pri=15) by zd.mx.aol.com
aol.com mail is handled (pri=15) by yb.mx.aol.com
aol.com mail is handled (pri=15) by yc.mx.aol.com
aol.com mail is handled (pri=15) by yd.mx.aol.com
aol.com mail is handled (pri=15) by yg.mx.aol.com
Ok, each entry is a round-robin alias with 4 IPs.
With a bit of typing and http://www.xnet.com/~emarshal/rblcheck/, I verified that no IP listed by this simple query is actually listed in ORBS database, or at least the database which can be queried by the standard RBL DNS hack.
# host za.mx.aol.com >> foo
# host zb.mx.aol.com >> foo
etc...
# echo "bla 127.0.0.2" >> foo
(this is to check the script below)
(script named "bar")
#!/bin/sh
rblcheck -q -c -s relays.orbs.org $1 1>/dev/null 2>/dev/null
echo $? : $1
# sed 's,.* \([0-9.]*\)$,\1,g' foo | xargs -n1
("0 : " == not listed in ORBS
"1 : " == listed in ORBS)
0 : 152.163.224.3
0 : 152.163.224.4
0 : 152.163.224.5
(...etc...)
0 : 205.188.157.1
0 : 205.188.157.2
1 : 127.0.0.2
ORBS is NOT a "Black Hole" (Score:4)
From their What is this? [orbs.org] Page:
ORBS is NOT a "black hole" - we do not disseminate routing information causing included hosts to be
unreachable from portions of the Internet. Running an open relay is usually accidental and those admins who
continue to run open relays after being warned about it by ORBS and/or other entities will eventually find
themselves in the MAPS RBL - which is a "black hole" and is used by at least 40% of the mail servers on the
Internet.
ORBS tracks these systems so that people operating mailservers subscribed to our database can block
e-mail coming from open relays until such time as they are fixed to no longer permit third-party SMTP relay.
Admins may alternatively set their systems up to tag messages delivered from open servers as "possibly
spam", or just log the connections. What any admin does is entirely up to that admin. If you've been blocked
from delivering mail and given a pointer to this site please note: It is the decision of the administrator of the site
which blocked you to disallow mail from open relays. Those open relays must comply with that admin's rules
(not ours) in order to deliver mail to that site - we're just verifying to the admin whether a host is an open relay
or not.
I hope this is true (Score:4)
I've never used AOL or had any problem with any of it's users. What I do know is that it's using it's muscle in the UK for force down the price of access. They are attempting to expand in the UK not by simply wooing competitors customers but by expanding the market. In this way even maintaining market share - or even losing some - is still a win. When players such as Freeserve haven't turned a profit but derive their huge revenue from bloated cost of access they are still vulnerable to the next wave.
AOL was the first major company to move to a 1p a minute 24 hour access. Previously it was 4p per minute for daytime modem access (8am-6pm). Others have quickly followed (ntl: for instance) and now we are beginning to see flat rate 24/7 access finally arrive.
The UK is finally going to come alive net wise so expect plenty more AOL users to come aboard.
I'm on the blacklist, and likely to stay there... (Score:5)
[posting anonymously for obvious reasons]
Our company's primary mail server has been in the ORBS database for a long, long time... We made the choice (mistake?) of choosing a closed-source, commercial mail package running on Windows NT Server instead of something open (like Sendmail or Qmail). I've been regretting it ever since...
Our relay is partially open - it allows relay only if the sender's e-mail address or at least one recipient's e-mail address is from a locally-hosted domain. Not the most secure method, perhaps, but it seems to be enough extra work that spammers simply find a wide-open relay and use it instead of us.
Originally, we had a completely open relay, but after a few incidents where our server was used by spammers, we paid (through the nose) for an add-on option to our mail server to allow this selective relay ability. During one of these incidents, we were added to the ORBS database. And once you're in the ORBS database, you never, ever, ever get out, even if you're clean.
We passed the ORBS test with flying colors after getting the selective relay option working on our system... until about a year later, ORBS put us back in the database, after adding a couple new tests. One of the tests (NULL sender envelope) got through our system, and we were once again considered an "open" relay.
About that time, our mail server vendor had just released a new version of their software, including a fix for the problems ORBS detected. And it was bargain priced - only $1,500 US to upgrade to version 4.0! And hey - that "unlimited" domain hosting option we paid for? Sorry, not available in version 4.0, we'll have to pay-per-domain. Oh, and we'll have to pay extra to upgrade the anti-spam option we already paid $800 extra for just a few months ago.
This is turning into a ramble... I guess my point is, thanks to needing to have a partially open relay to support our remote and traveling users (quite a large number) and getting screwed over by our software vendor, we're now considered an "open" relay. So far, in the past six months or so since we were re-classified as open, we haven't had a single message bounce back to us, and we haven't had a single incident of spammers hijacking our server... but it still drives me nuts thinking that our server is in a blacklist.
I've been looking at a few options, such as the new authenticated SMTP options available in Sendmail and Qmail, but realistically? If it's not causing us a problem (i.e. bounced/blocked mail) then it's not high enough on our priority list to allocate the time and resources required to do it right.
And that's why I'm on the blacklist, and likely to stay there for the foreseeable future...
No surprises here... (Score:5)
Really, they're jerks, and you should *NOT* use them to filter mail, unless you particularly think that everyone in the world has a moral obligation to let some guy run relay-rape attempts on their servers any time he feels like it.
I like MAPS. I don't like ORBS.
Re:I'm on the blacklist, and likely to stay there. (Score:5)
I have also this set up, but there is one problem. People dial up check their email, fine, and disconnect. Then they compose replies and reconnect (Ususally with a different IP, of course
--
Why AOL was put in ORBS (I know... I did it) (Score:5)
Now what're y'all gonna say, when ya find out that AOL added those machines to ORBS for your own good.
Scott Crain
AOL Mail Operations
AOL on ORBS list (Score:5)
--