Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Spam

ORBS Lookup Entries Undergo Major Revamping 93

Posted by timothy from the lovely-spam-wonderful-spam- dept.
John Bajana-Bacalle writes: "I noticed this morning that as of 2001/2/1 relays.orbs.org has been decommisioned, ORBS has announced. The announcement further mentions some serious new testing/checking/hostname additions, about a dozen of them, that will greatly increase the granularity of the ORBS results. A benefit seems to be the end user now has fine granularity in the results s/he will get back, obviating some of the bullshit griping that surrounds ORBS most often. More power to us and them. =)"
This discussion has been archived. No new comments can be posted.

ORBS Lookup Entries Undergone Major Revamping More

ORBS Lookup Entries Undergone Major Revamping

Comments Filter:
  • The source I have up now doesn't have the sessionid in it, but I don't know if that has any effect.
  • Are you guys on crack?
  • It also seems that the urls were mangled by slashdot. It was worth a shot.
  • Hhm.. that last comment applied to spammers in general (or at least the ones I had the misfortune to deal with), not to you. I don't know your background, your activities, what kind of person you are, etc. I'm sorry.. attacking you personally is not good.

    I am fairly sure that if you spend tens to hundreds of hours dealing with the damage resulting from some spammers abusing _your_ mail server and getting thousands upon thousands of people mad at YOU because they think YOU were responsible for the spam, you too would be somewhat less openminded about spammers.

    You see.. people who let YOU take the heat for things THEY did are not people I like. I (the company I work for, rather) gets thousands worth of damage, not to mention a bad name so that some spammer can earn some quick bucks without too much work.

    How exactly can this be justified?

    Spam results in real damage - maybe not per se for the individuals who just have to 'click delete', but somebody ends up getting hurt. And in most societies, people do not have the freedom to inflict damage onto other people.

    Cheers,

    Moz.
  • Getting gang moded down was quite a shock
    it knoked me down to zero karma
    but hey It was for a good cause
    at least I believe in it :-)
    you have some good points about volintaring
    and doing good things
    but I have been on the net for along time
    and spam has been a problem for much of that time
    when I used to read the newsgroups alot spam was
    a real pain in the ass
    spam in e-mail is getting worse all the time
    would you like it if your kids got spammed by porn sites?

    Spam is more then an inconvience
    It goes against everything the internet was originaly founded on

  • From http://www.orbs.org/usingindex.html [orbs.org]:
    untestable-netblocks.orbs.org - netblocks known to contain open relays and which have been proven to be blocking the ORBS tester or who have demanded that ORBS not test. Returns 127.0.0.7. Updated: hourly

    Come on, this is not called fine granularity.

  • I would tend to agree that Spam is little more than an inconvienience -- in the US. The problem is that there are many places in the world where Internet access is still per-minute charged. By having 10 pieces of spam in your inbox to sift through, it will take an extra minute - that may only be $0.02, but it's still money.

    Now consider someone who is fairly active online - I have Spam-proofed all but one account which I need for business (and thus I can't risk not relaying legit mail by using ORBS, MAPS, or RBL). This address recieves approximately 150 UCE's per day! Granted, I do filter them quickly, and it's more annoying than anything. However, for many it would be a significant cost.

    That is why I fight against Spam.

    --
  • I've been trying this (have the same thing my .cf), and I can't get any of it to work right. The test mail from crynwyr or however its spelled gets through, and nslookup d.c.b.a.inputs.orbs.org on the test IP fail, although the web page at ORBS claims it is in the database. Direct nslookups from the inputs.orbs.org nameservers fail as well on the test IP.

  • Not to sound critical, but over 50% of the posts in your user info are nothing more than anti-spam propaganda. A less understanding person might consider this type of repetitive posting of the same information to be spam itself.

  • or alternatively they must ensure that their customers do not run open SMTP software on their own PCs. In other words ORBS implies that ISPs must require their customers to allow the ISP to vet/check their PCs or else offer only a "managed end-user equipment" service [impossibly costly].

    This is specious. All an ISP has to do to prevent customers from doing their own SMTP deliveries, is tell their router to block outbound connections to TCP port 25. Takes 30 seconds, costs nothing, and requires no interacting with client equipment/software.

  • OK guys, I'm a little slow when it comes to havking Sendmail. What I currently have is this in the .mc file:

    FEATURE(dnsbl,`relays.orbs.org',` open relay $&{client_addr}; see: http://www.orbs.org')

    I'd also include the corresponding excerpt from sendmail.cf, but Slashdot's lameness filter thinks sendmail.cf is crap.

    If I simply replace relays.orbs.org with inputs.orbs.org, it looks like that will ONLY block real open relays. I do want to block open relay servers, but I don't want to block legitimate servers that have stupid Exchange servers on their networks happily forwarding mail, and I don't want to block legitimate servers like Earthlink's that happen to have sent out spam before but are widely used by a lot of people. Previously, I had to explicitly allow relaying from certain hosts; otherwise I was losing legitimate mail. Hopefully I won't have to do that anymore.

    Does this look good? Is there anything else I should be doing? I do also use the MAPS RBL, btw.

    --

  • Unfortunately, this script has a flaw. It sends an http header identifying it as a script instead of a legitimate browser. I will fix this and resubmit.

    If you want to butcher your LWP::Simple, look for a line that says:

    $ua->agent("LWP::Simple/$LWP::VERSION");

    and make it say something like:

    $ua->agent("Mozilla/5.0 (X11; U; Linux 2.2.16 i686; en-US; 0.7) Gecko/20010105
    ");

    that last is all one line. LWP::UserAgent is the way to go to fix this for real.
  • Here's a one that will actually work.
    #!/bin/bash

    if [ ! -d /tmp/spam ] ; then

    mkdir -p /tmp/spam
    chmod a+rwxt /tmp/spam
    elif [ ! -w /tmp/spam ] ; then
    exit 1
    fi

    cd /tmp/spam

    while [ -e LOCK ] ; do sleep 2 ; done

    touch LOCK
    chmod go= LOCK

    wget -r -l 2 -nd -o logfile &> /dev/null 'http://www.goto.com/d/search/?type=home&Keywo rds=bulk+email'

    rm -rf /tmp/spam/*
  • follow this link it will take you to a page were a spam company explains how to spam how to spam [desktopserver2000.com]
  • Having worked for years in IT at MIT and Harvard, I've had my share of run-ins with ORBS.

    The ugly scene unfolds: A professor or grad student slaps her new linux box on the net, sendmail running, third-party relay enabled, and WHAM! Eighty angry faculty and staff come crashing into your office demanding to know why their government/private/overseas collaborators can no longer receive mail from them. ORBS rears its fugly head. And the underpaid, underappreciated, overworked IT person gets the blame.

    Before you get your panties in a bunch over crappy .edu "security," you should know that edus are notoriously understaffed (both quality and quantity-wise) in IT. People putting new (insecure) boxes on the network is a constant occurrance, and very difficult to control.

    At least when it comes to .edus, "services" like ORBS take IT ppl's time away from dealing with many more pressing security problems. It also often undermines users' confidence in their IT staff, and can thus compound the problem of .edus not allocating enough of their budgets for IT.

    -my02.
  • From what I've seen and read, ORBS has fallen from whatever grace it ever enjoyed, and it's blocking polilcy for legitimate open relays, as well as it's practice of adding to its blockedlist the mail servers of its critics has pretty much sidelined it as far as serious mail administrators are concerned. A much better list is the RSS list from mail-abuse.org. See http://www.mail-abuse.org/rss [mail-abuse.org]. BTW, I understand that the mail server at mail-abuse.org is on the ORBS list :(.
  • he's not posting how to kill spam in other discussions

  • Ha ha, very funny. In other words, all an ISP has to do is to cut off its customers from the Internet on port 25.

    Yes, what's the problem with that? ISPs run mail relays for their customers; it's not like this stops them from doing anything legitimate.

  • This looks like a troll to me, but I'll bite anyway :)

    Let's do some math. Let's say that there is one second between the first two clicks, and then a full two second after the second one before you can click on the next one while you wait for the email to be deleted. That's 3 seconds per spam. You said that you get 10 per day? That's 30 seconds to delete all the spam for the day. With 365.25 days per year, that's 21915 seconds or 6.09 hours of deleting spam. I'd rather be coding...

  • it's not like this stops them from doing anything legitimate.

    You're wrong.

    Perhaps that's the case for Microsoft users who have little option but to deliver all their mail to a smarthost, but it's certainly not the case for Unix/Linux/BSD users. The norm there is for their MTAs to manage their own queues and to deliver direct to the destination mail exchangers in accordance with DNS/MX, not only because that is the default for Unix machines out of the box, but also because that's the normal method of delivery for MTAs on the Internet, as opposed to those on internal networks.

    They are paying to be on the Internet, so blocking their MTAs from delivering outbound traffic in the normal way for Internet machinery is definitely stopping totally legitimate activity.

    Fighting spam is important, but if you do so by blocking ports then you're on the slippery slope from being a supplier of Internet connectivity to running a closed and restricted environment like MSN or the old Compuserve. If that's the business you want to be in, fine, but then don't call your business an ISP, or at least be honest and advertise your connectivity as restricted.

    Just because some people are criminals, you don't put everyone in jail on the offchance that they might commit a crime.
  • It takes exactly two mouse clicks to delete a spam mailing. Hardly a major inconvenience.

    "And theft is OK as long as you don't steal more than $5 from any one person. That way it's 'hardly a major inconvenience.'"

  • Here's the script in WebL (*):

    while true do
    var P = GetURL("http://www.goto.com/d/search/?Keywords=bul k+email");
    every p in Seq(P,"li") do
    try
    GetURL(Elem(p,"a")[0].href);
    catch E
    end;
    end;
    end;

    Please use irresponsibly.

    -- Dr. Pain

    (*) http://www.research.compaq.com/SRC/WebL/index.html

  • Perhaps that's the case for Microsoft users who have little option but to deliver all their mail to a smarthost, but it's certainly not the case for Unix/Linux/BSD users.

    So what? Reconfigure your box. Surely you have the 30 seconds to spare, if you can manage it for Slashdot. You have to configure the gateway and netmask and NNTP server, configure an SMTP smarthost as well.

    The norm there is for their MTAs to manage their own queues and to deliver direct to the destination mail exchangers in accordance with DNS/MX, not only because that is the default for Unix machines out of the box, but also because that's the normal method of delivery for MTAs on the Internet, as opposed to those on internal networks.

    Since I've been doing this internet stuff (about 15 years now) it's never been the "norm" for individual boxes to deliver mail straight to the destination MX. Back when we were creaming our collective pants over new clusters of Apollo workstations with 4M (wow!) of RAM, mail was forwarded to a central machine for delivery. Now that the kids are creaming their collective pants over 1.3GHz barnstormers running the latest Gatesware, mail is forwarded to a central machine for delivery.

    I don't understand your distinction between "internal networks" and "machines on the internet" unless you mean to distinguish between those machines which potentially - due to the lack of intervening proxy servers or to intermittent connectivity - have the capability of end-to-end contact with remote MXes and those which don't, in which case please refer to my paragraph above.

    They are paying to be on the Internet, so blocking their MTAs from delivering outbound traffic in the normal way for Internet machinery is definitely stopping totally legitimate activity.

    The activity these people are trying to engage in is the delivery of mail, not the communication between their MTA and a specific SMTP server. You might as well complain that UUnet is no longer sending your packets through 200.at-6-0-0.XR1.ATL1.ALTER.NET, which has always been your favorite backbone router since you were a child. As long as they provide a mail relay that gets the mail there immediately and reliably, you are none the worse off (except, perhaps, that you have to wait for bounces rather than looking in your logs to identify certain short-term delivery problems which are out of your hands anyway).

    Just because some people are criminals, you don't put everyone in jail on the offchance that they might commit a crime.

    Just because most people aren't criminals, doesn't mean you give them all keys to the bank vault. Sorry, what are these homilies supposed to prove again?

  • Re:You R correct!!!! (Score:1)

    by Anonymous Coward
    As long as we live in America, we will receive unsolicited advertisements

    But those of us not in america still get the same spams as you do. the amount of american spam that hits my relay is incredible - and it dosen't benefit me or the spammers.

    dunno what my point is...
  • I'm going to assume that you were irate when you wrote the parent and ignore the numerous spelling and grammatical errors in your post.

    "I don't call 30 spams a day a minor inconience SPAM is not free speach these people are abusing resources"
    So you run your own mail server? Let's assume the average spam is 2k in size and you receive 30/day. It will take less than 15 seconds to pull these through a 56k line. That's assuming you *don't* have any server side blocking software installed, which, if you hate spam as much as you claim, would be a prudent choice. I would say ~90% of the spam I receive is easily recognizable by the subject line alone, therefore you won't even need to view the message. As you can see, I have my real e-mail address published in my user profile. I have had this address for approximately two years and I use hotmail to check other POP accounts that I have had longer. On average, I receive ~20 messages/day. About 10 of these are from friends or family. The rest are SPAM. It takes exactly two mouse clicks to delete a spam mailing. Hardly a major inconvenience.

  • I saw the goto.com thing, and I thought, what if I just copy one of the top 10 links into the Address field of my browser, and then rest my .308 rifle round on the Enter key? That would put out thousands of clicks per minute! I think I'll do this right now while I go to the bathroom!

  • Freedon of Speech (Score:1)

    by Anonymous Coward
    A correction to all those who believe that spam is protected by the First Amendment (Freedom of Speech).

    Freedom of Speech is protection between the government and citizen, not citizen to citizen. In that case freedom of speech doesn't exist. You or I do not *have* to listen to another person, no person has the right to force their 'freedom of speech' on to another. I do not have the legal right to come into your home (via phone, email etc.) and force you to listen to my opinion.

    Please fight spam: http://spamcop.net
  • Yes I have to agree
    I thought about that when I posted
    I have no way to justify my actions
    but I can think of no better way to spread the word
    at least I am not trying to make money from my posts

  • Re:good riddance (Score:3)

    by zyklone ( 8959 ) on Saturday February 03, 2001 @08:53AM (#459377) Homepage
    Please,

    The largest cost of spam happens when mail is queued for users on mail servers and the time it takes for the user to read/delete the mail.

    ORBS tries to mail themselves through your mail server. If you don't want people to use your mail SERVICE then don't let them relay through it.

    But perhaps you are one of those who think it should be illegal to access a web server except by following a link from an authorized site.

  • use LWP::Simple;

    $page = get "http://www.goto.com/d/search/?Keywords=bulk+email ";
    @urls = grep /xargs/,
    ($page =~ /<a href=(\S+)/g);

    foreach (@urls) {
    my $subpage = get "http://www.goto.com$_";
    print "-- ", ($subpage =~ /<TITLE>\s*(.*?)<\/TITLE>/i)[0], "\n";
    }
    --
  • he fixed a real problem with my original post
    please mod him up

  • The quality of the relaying info in the ORBS database seems to be rather poor anyway --- much of the time the nomination "evidence" seems only a weak excuse for blacklisting ISPs just for the hell of it. Most people think that ORBS merely blacklist ISPs for running their MTAs as open relays, which would be sensible, but if you look closely this is not so.

    If you examine the entries for blacklist-nominated ISPs on their site where the ISP's smarthosts are not open relays but the ISP is still under threat of blacklisting, you'll see that ORBS offers the ISPs two ways of avoiding the blacklisting being imposed:

    - either the ISP must not allow its customers to post mail to the Internet through the SMTP smarthosts that those customers are paying to use [hilariously funny];

    - or alternatively they must ensure that their customers do not run open SMTP software on their own PCs. In other words ORBS implies that ISPs must require their customers to allow the ISP to vet/check their PCs or else offer only a "managed end-user equipment" service [impossibly costly].

    As should be obvious, neither of these alternatives constitutes a viable option in the large-scale ISP market, so ORBS really have no intention of acting in a constructive manner in this area. There must be a few tens of millions of ISP-connected PCs in the US alone that contravene ORBS' requirements, and I bet that many of their own administrators' home PCs do as well, ie. those that use their ISP's smarthosts. ORBS are merely exercising their hatred for spam in a vengeful way, without any regard at all for whether what they demand is possible or not.

    Well, ORBS's policy is ORBS's business, but if they sincerely want to reduce the amount of spam on the net then they've got to use policies that make it possible for ISPs to comply. Their current ones do not allow this, so it's not surprising that ORBS is getting more and more marginalized and treated as unprofessional.
  • Or in the slightly less readable form, using no semicolons:

    perl -MLWP::Simple -e '(get("http://www.goto.com$_") =~ m{<TITLE>\s*(.*?)</TITLE>}i) && print "-- $1\n" foreach (grep /xargs/, get("http://goto.com/d/search/?Keywords=bulk+email ") =~ /<a href=(\S+)/g)'
    --

  • #!/usr/bin/perl -w

    use LWP::UserAgent;
    $ua = new LWP::UserAgent;

    @agents = split /\n/,
    'Mozilla/4.74 [en] (X11; U; Linux 2.2.16 i686)
    Mozilla/4.72 [en] (X11; U; Linux 2.2.16 i686)
    Mozilla/4.73 [en] (X11; U; Linux 2.2.16 i686)
    Mozilla/4.75 [en] (X11; U; Linux 2.2.16 i686)
    Mozilla/5.0 (X11; U; Linux 2.2.16 i686; en-US; 0.7) Gecko/20010105
    Mozilla/5.0 (X11; U; Linux 2.2.14-5 i686; en-US; 0.7) Gecko/20010105
    Mozilla/5.0 (X11; U; Linux 2.2.14-5 i686; en-US; 0.6) Gecko/20001206
    Mozilla/4.51 [en] (WinNT; U)
    Mozilla/4.72 [en] (WinNT; U)
    Mozilla/4.74 [en] (WinNT; U)
    Mozilla/4.08 [en] (WinNT; U)
    Mozilla/4.08 [en] (WinNT; U)';

    srand( time() ^ ($$ + ($$ << 15)) );
    $agent = $agents[int(rand(scalar(@agents)))];
    warn "$agent\n";
    $ua->agent($agent);
    $request =new HTTP::Request('GET', 'http://www.goto.com/d/search/?Keywords=bulk+email ');
    $response = $ua->request($request); # or
    $page = $response->content;
    @urls = grep /xargs/, ($page =~ /<a href=(\S+)/g);

    $maxpulls = int(5 + rand(10));
    warn "$maxpulls\n";
    foreach (@urls)
    {
    $request = new HTTP::Request('GET', "http://www.goto.com$_");
    $ua->agent($agent);
    $response = $ua->request($request); # or
    $subpage = $response->content;
    print "-- ", ($subpage =~ /<TITLE>\s*(.*?)<\/TITLE>/i)[0], "\n";
    last if $i++ > $maxpulls;
    $sleep = int(16 + rand(16));
    warn "sleeping $sleep seconds\n";
    sleep $sleep;
    }
  • Get off ORBS.

    Block inbound port 25. to everything except your approved MTA hosts. Be sure to reject (icmp port unreachable) rather than deny (no response).

    Block outbound port 25 from everything except approved MTA hosts.

    Should keep you off ORBS. Maybe.

  • From http://www.orbs.org/usingindex.html: untestable-netblocks.orbs.org - netblocks known to contain open relays and which have been proven to be blocking the ORBS tester or who have demanded that ORBS not test. Returns 127.0.0.7. Updated: hourly Come on, this is not called fine granularity
    Babe, you have to choose to want to block nets that don't want to be tested. The plainer inputs.orbs.org will not return hits like the above. IOW, the user now has the granularity to test for verified open relays (inputs.orbs.org), and if she chooses, for networks that do not allow themselves to be tested. You have now been given the choice to discriminate, that is called granularity.

    Your problem then would be with the users who specifically choose to also check for nets that will not allow themselves to be ORBS tested, the assumtion there being that perhaps they could be spammers. Read the ORBS announcement a few times, it took me a while to get the intent of the other new entries as well.

    For example, I guess that the difference between spamsources.orbs.org and spamsource-netblocks.orbs.org is that the latter checks, acts on a netblock basis. Whilst the former is less broad, per IP, I surmise. And spamsources would 'appear' to indicate a known professional spammer outfit, IP/netblock. The announcement could use a detailed URL reference on the nitty-gritty differences.

    --
    Me pican las bolas, man!
    Thanks

  • This:
    • chooses the user agent quasi-randomly from a list
    • chooses how many of the first URLs in the page to get quasi-randomly
    • waits a quasi-random amount of time between retrieving URLs from the page.

    Enjoy.
  • I don't see what your gripe is, here.

    Oops, unfortunately you misunderstood me totally.

    Smarthosts that allow relay from the entire world are open relays. They have been and will be abused for large amounts of spam. There are plenty of solutions to circumvent this problem. The simplest is to let people use the SMTP server of their access-provider

    Yes, you're 100% correct, but I was referring not to the more amateurish ISPs that still run open relays since the issue there is obvious, but exclusively to the major ISPs who provide CLOSED relays for private use by their customers and by nobody else. There all non-customers are blocked from relaying completely. ORBS still blacklists such ISPs, not just those running open relays like most people think, and therein lies the problem for ORBS because it makes them look like cowboys. Now re-read what I said in that context.

    [If they only blacklisted ISPs that run open relays then ORBS wouldn't be in the continual doghouse that it's in, and there wouldn't be any war between them and MAPS.]
  • Also, the bit about printing the title of each URL as it's gotten I stole from another /. post.
    Oops, was using the other browser. That's me.
  • Am I the only one who finds it ironic that he who advocates war on spammers is spamming /. ?
  • Given that 40% of the Internet blocks on the MAPS RBL, and that Sendmail 8.10.x doesn't relay out of the box (while natively supporting the RBL/RSS), the point of laziness is rather moot.

    --
    WolfSkunks for a better Linux Kernel
    $Stalag99{"URL"}="http://stalag99.keenspace.com";
  • So what? Reconfigure your box. Surely you have the 30 seconds to spare,

    You either understand full well that it's not a time issue, or else you're missing the point through a total lack of understanding. Virtually nobody that is trying to run a quality setup at home in order to have some semblance of control over mail delivery by holding mail in their local queue until it is accepted by the remote mail exchanger (like virtually all the people I know who run Unix-type boxes on personal LANs) is going to reconfigure their box just because you want them to. You may not mind your mail being at the mercy of your local ISP's sysadmins but that doesn't necessarily mean that others think likewise. The only people I know who would accept what you propose are those running Windows, and that's because for the most part they've installed an ISP's software off some CDROM and there's no MTA capability in their DUN and so they know no other way of working.

    Since I've been doing this internet stuff (about 15 years now) ...

    OK, so you joined the party late, but that's no excuse for proposing a newbie-style solution that not only runs utterly counter to the values on which the Internet was built, but actually breaks normal usage to boot.

    ... it's never been the "norm" for individual boxes to deliver mail straight to the destination MX.

    ROFL. End of discussion then, because our experiences differ utterly and you don't accept that the people who I describe exist, so you will never be able to propose an anti-spam solution that captures their requirements. That simply eliminates you from the ISP market place in that area.
  • But will it really matter if the admins of SMTP servers are too lazy to setup the blackhole list to make sure that the spammer relays can't send mail?
  • Somehow I get the feeling you dont like spam. And after following the link, I realize I was wrong.. You really really hate it! :-)
  • Folow this link it will bring you to goto.com were spammers pay goto.com per click
    If you bookmark this and go there once a day and click on the top 10 links you
    will cost each of these scum bags up to several dollars a day
    If there are only 100 of us doing this we can cost them a fortune :-)
    It won't do any good to click a link more then once because goto.com
    has a system in place to prevent that

    goto.com bulk email [goto.com]

    This info is from my war on spam page follow the link in my sig.
    to find out more
  • If people would stop bitchin about spam
    and fight back we can do some serious damage to spammers
    Call the 800 numbers in spam IT COSTS THEM MONEY!!
    Process all spam thru spamcop [spamcop.net]
    If enough of us fight back we can really make a difference
    If you ignore spam you are HELPING SPAMMERS!
    If you really hate spam follow the link in my sig.
    YOU CAN MAKE A DIFFERENCE!

  • How would this apply in terms of junk mail sent to WAP devices/PDAs? I don't think they use SMTP.

  • Some calculations.... (Score:3)

    by moz25 ( 262020 ) on Saturday February 03, 2001 @08:54AM (#459396) Homepage
    The point is that these "honest" people are shoving the cost onto OTHER people. Therefore, they never make the investments, but do gather the profits. The fact that they often forge headers and use cracked servers does not contribute to their image.

    You admit that spam costs each person a few k of bandwidth. Let's say that an average junkmail is 5k in size. In an average mailing action we are talking about more than 1M addresses. This means at least 5GB of data transfer per mailing action.
    Multiply this by the number of spammers and you can begin to see the scope of the problem.

    It wouldn't be so much of a problem if they PAID to send their junk. One of the problems is that they victimize innocent people and they end up with damages ranging in the thousands of dollars so that the spammer in question can earn at most a few hundred.

    Perhaps this is why the term 'leeches' is often used with this sort of people.

    There is no fix on the number of junkmails one gets. You could be 'lucky' and get only a few per day or you could get over 50. If you try to be removed from the list you will get more junk.

    It is good that you have a tolerance for spam. I will consider you 'opt-in' if I ever feel the need to send bulkmails.

    Moz.
  • HEY! What's wrong with leaches? They are a useful part of the ecosystem. (unless you don't like the ecosystem, in which case I can't help you...)
  • I just checked one of my older e-mail accounts, and I had 5 doses of spam in it. Two were from uunet, and I forwarded them to the abuse department, one had a toll-free phone number with a ten-minute sales pitch for this wonderful business opportunity of a nature they weren't inclined to divulge, and two appeared to have come through open transports, so there wasn't much I could do to get back at the source. There, I hit 60% of them, but that leaves 40% left. Hopefully ORBS and MAPS and other such services will help get these people to patch their relays, and I won't get any spam anymore, or at least none that I can't trace back to the source and punish the sender, preferably with a white-hot iron...
  • First of all, let me apologize to you for the unfair moderation done to your previous posts. It is truly a sad day for this weblog when a reasonable, thoughtful, ontopic conversation gets modded down by idiot moderators.

    I don't advocate or condone the actions of spammers. Yes, in some cases, spam can cause inconvenience, and uses resources and bandwidth, but the whole idea behind the Internet was to create a medium to communicate thoughts and ideas to a set of people that, for geographic or other reasons, would not not otherwise be able to communicate. While I don't always agree with the messages sent out by spammers, I defend their right to say what they please and to try and sell my their product/idea. It is also my right to delete spam/set up blocking software/ and flat out refuse spammers offers. I would much rather deal with ~10 junk mails per day than give up some of my other rights by having the Internet regulated and monitored to prevent spam. Sometimes the solution is worse than the problem. I also do not understand your almost cultlike hatred of spam. Perhaps I'm missing something, but I would much rather stand up for a cause that acutally *means something*. Instead of fighting for my protection from something like spam that causes me a minor inconvenience, I would like to see more people do something to make a real and tangible difference. Volunteer at a local soup kitchen, become a mentor to an at-risk youth, or donate a day of your time to help Habitat for Humanity built housing for low income families. It just seems to me that any of the above would do more to make the world a better place than hunting down spammers would.

    Disclaimer: I do not, nor have I ever sent bulk unsolicited e-mails. My previous posts reflect my opinions so please don't flame me.

  • The fact that this was needed to let average users get a list of relays uncontaminated with spite listings shows that, indeed, the griping was well-founded.

    I'm glad ORBS is finally running a more responsible list.
  • #!/usr/bin/perl -w

    use LWP::Simple;

    my $baseurl = 'http://www.goto.com';

    $origurl =
    $baseurl . '/d/search/' .
    '?type=home&Keywords=bulk+email';

    my @initial = split(/\n/, get($origurl));

    for my $line ( @initial )
    {
    next unless $line =~ /^<li><b>/;
    $line =~ /href=(\S*?)\s/;
    my $url = "$baseurl$1";
    my $discard = get("$url");
    if ( defined $discard) { print "Got OK\n"; }
    else { print "Get FAILED\n"; }
    }

    # this uses the URL Lenny provided, but does
    # all the damage automagically
    # Also, since it does no cookie processing
    # it gets a new session ID each time it runs
    # so you can probably run it over and over
    # and defeat the protections built in against
    # repeat requests.
    # you'll need to install LWP::Simple and
    # it's requirements to run this
    # see www.cpan.org
    # perl rules!
  • ORBS suck. They blacklisted most of the IP addresses allocated to Australia incorrectly and refused to listen to reasoned arguments why this should not be so. What a bunch of assholes.
  • They're finally giving us two items which will allow us to say "yep, ORBS is over-aggressive in relay testing:" (QUOTING SITE)

    • manual.orbs.org - open relays tested manually and believed to be blocking the tester.
    • untestable-netblocks.orbs.org - netblocks known to contain open relays and which have been proven to be blocking the ORBS tester or who have demanded that ORBS not test.

    ORBS in the past has been known to be very agressive in testing, to the point of causing a DoS attack. They also are known to do "revenge listings" of those who block ORBS' testing.

    MAPS' Relay Spam Stopper is tested by humans only, and also allows you to test your relay yourself. I've done this on my systems at work -- I don't relay.



    --
    WolfSkunks for a better Linux Kernel
    $Stalag99{"URL"}="http://stalag99.keenspace.com";

  • Re:Some calculations.... (Score:3)

    by evanbd ( 210358 ) on Saturday February 03, 2001 @11:43AM (#459404)
    It's relatively easy to get this kind of bandwidth cheaply. Just do what the spammers do: steal it. Use open relays and the like. But there are a few caches: it's illegal. it's unethical. it only works for spam -- you don't get that much bandwidth, you just get to use that much bandwidth for free to send many copies of the same thing. Also, open relays can only be used to steal bandwidth for email -- which is so small as to not be worth stealing UNLESS you plan to use it for spam. I personally have much less of a problem with companies that buy all their own badwidth and then send UCE from their own servers directly -- they are only stealing from the recipient, and not from some relatively innocent 3rd party whose bandwidth they stole. Some companies do this. Unfortunately, it's hard to tell which from the stuff that lands in your inbox. I would assume they are also the ones that seem relatively nice about giving you opt-out mechanisms, but I don't know.
  • Would that be anything like WGET set at one level run as a daily chron task?
  • Actually, it's the particular .edu that doesn't take steps to at least reduce their spam output that sucks. Thankfully, not all .edus are as wont to make excuses in place of taking action and getting their networks under control.

    Here's one way a few of the responsible .edus have ended (not just slowed, ended) their open relay abuse problem on all hosts.

    1. Border router blocks all inbound connections to port 25, except those destined to designated campus mail hubs.
    2. Designated campus mail hubs relay inbound mail for campus domain only.
    3. Non-promiscuous hubs have access to internal MX information, and so know which departmental mail server (or which faculty member's linux box) should get the mail.
    4. Outside mail senders see translated MXes (split DNS), with the internal MXes changed to that of the mail hubs.
    5. Mail from outside arrives at mail hubs. If the mail hubs relay for that domain, the mail hubs look up internal MXes, and deliver inward.
    6. Mail arrives; users happy. No spam relaying either, so no ORBS listing; users happy again. But best of all, overstretched sysadmins at the .edu don't have to run around securing sendmail on every single box; sysadmins happy.
    If you skip the filtering of port 25 connects inbound, spammers will just port-scan your entire .edu's net and find the open faculty linux relays.

    If you skip the MX translation for outside viewing, your filtering will cause timeouts.

    It's best to do both the filtering and the MX translation.

    If you do both, bingo, your .edu has no more problems with spam sent through promiscuous relays.

    Sure, that's possible only if the institution gives a hoot. However, the alternative is continued spam relaying and continued ineffectual whining.

    I choose no more whining. We fixed the problem. You can too.

  • This DOESN'T work! YOu have to go into the page this gets and go to the individual URLs to cost the spammers money. See the scripts submitted by interiot or me at various points in the thread.
  • All an ISP has to do to prevent customers from doing their own SMTP deliveries, is tell their router to block outbound connections to TCP port 25

    Ha ha, very funny. In other words, all an ISP has to do is to cut off its customers from the Internet on port 25. Great. It's that kind of pragmatism that put several million Jews in the gas chambers in the last war. Do you have any solutions for the common cold that don't involve cutting off the head?

    Evidently you aren't aware that people go to an Internet Service Provider in order to be connected to the Internet, not to be blocked from it. Sheesh.

    Remind me not to hire you when I have any hard problems to resolve.
  • Since you included your sessionID in the link you provided, this probably won't work. Nice thought though.

  • Speaking As A Mail Admin... (Score:1)

    by Anonymous Coward
    ... this is great! Kudos to ORBS.

    For some time now, certain folks have been bitching about how ORBS is too agressive. About how ORBS lists too man (allegedly) innocent sites. Well this may not do anything to answer the critics of ORBS' active open relay discovery, but it certainly addresses the second complaint very nicely.

    I've got inputs, outputs and manual in the checks now. It'll be interesting to see the output of my maillog analyzer over the next week or so--seeing which of these blocks what.

  • This is a minor inconvenience to put up with in order to ensure the right of free speech for everyone else.

    spam has nothing to do with free speech. spam is qualified not by its content but by:
    • the number of recipients.
    • the forged headers
    • the fact that it is unsolicited
    Simply outlawing forged headers and Unsolicited email does nothing to impede free speech.
  • Then block it at your edge router. It's how I protect my network. To complain that misconfigured hosts are placed on the network is no excuse. If outside mailers can only connect to correctly configured MTAs then you can't relay spam.
  • untestable-netblocks.orbs.org - netblocks known to contain open relays and which have been proven to be blocking the ORBS tester or who have demanded that ORBS not test.

    Note how if you do not like the testing methods or the way ORBS is run, and ask not to be tested, you are lumped into the same space as 'known open relays'.

    *sigh* No change in policy, just a shuffling of the deck chairs on the titanic is all.
  • I'll go you one better. Why spend time thinking about it? Doesn't Linux excel at automation?

    DISCLAIMER: This is probably illegal or immoral and I myself would never concieve of actually doing such a thing, much less telling someone else to. For Entertainment value only. There's probably an easier way to do it if you're a WGET expert.
    1. Go to this URL [goto.com], and save the page source. Copy out the search results, eliminate all the useless BS of the frame, and page, etc. You just want those massive GOTO.COM links.
    2. Run a search-and-replace, replacing all instances of:
      HREF=/d/sr
      With
      HREF=www.goto.com/d/sr
      Save the results as /tmp/spammers.
    3. Set up a cron job to run once daily using WGET, like this:
      wget -qHr -l1 --spider -i /tmp/spammers

    4. TA DA! Instant drain to spammer resources, the world over. Update your SPAMMERS file every few weeks, as this will probably drive many of them out of business very quickly.


  • 2 problems:
    • this will contain a session ID assigned when you first get the page which will cause runs after the first one to be detectable as programattic.
    • wget will send a User-Agent header that will identify itself as a program.
    I've submitted a script elsewhere to address these issues.
  • As long as we live in America, we will receive unsolicited advertisements. This is a minor inconvenience to put up with in order to ensure the right of free speech for everyone else. I would much rather have spam in my inbox than a mailbox full of coupons and credit card applications killing trees and filling our landfills. I would also prefer spam to receiving an unsolicited call from a telemarketer. Spam is relatively unobtrusive and can easily be deleted costing the recipient nothing more than a few k of bandwidth and several moments of inconvenience. Perhaps you should rethink your priorities and focus your energies on solving *real* problems instead of advocating the murder of innocent individuals who have done nothing worse than attempting to earn a living and support their family in a competitive capitalist economy. Grow up.

  • Re:PDA Mail (Score:1)

    by Anonymous Coward
    You're correct. ORBS is mainly a server-side protective measure, used by SysAdmins (like me) who have configured their mail servers to check incoming connection attempts against the database(s).

    The best suggestion I can give regarding spam to PDA's/wireless is to not use the target address, un-munged, on chat rooms, public Usenet groups, or for registering on suspect web sites.

    Alternatively, ask your wireless ISP to use ORBS.
  • If this is for real, then we could /. the shit out of these links and cost these mofo's some SERIOUS CASH!

    Send a message!!! [goto.com]

    Click that link, then for speed, right-click on each link and choose, "open in new window"

    Just let each page load, and force them to spend some REAL BUCKS!!!

  • Or put this in your crontab:

    wget -L -r -o /dev/null "http://www.goto.com/d/search/?type=home&Keywords= bulk+email"
  • "This means at least 5GB of data transfer per mailing action."

    and later

    "It wouldn't be so much of a problem if they PAID to send their junk"

    If you know where I can get 5GB of bandwidth for free, please let me know.

    "There is no fix on the number of junkmails one gets"

    Yes there is. You willingly publish your e-mail address in public forums such as Slashdot, therefore you are encouraging anyone who reads this forum, including spammers, to e-mail you. If you don't want to receive e-mails, don't post your e-mail address. There are also numerous filtering software applications available that can reduce the amount of bulk mail you will receive.

  • Fine, that's your opinion, and I will respect it as such.

    Simply null-route your network from the relay testers that ORBS uses; then they will note your netblock as being a possible spam carrier.

    Just don't complain if I refuse to accept mail from your servers because your netblock is registered as a possible spam relay.

    I trust ORBS, just as I trust MAPS, to reduce the amount of shit I and my users receive... don't insult a free anti-spam service simply because it uses a minimal amount of bandwidth in order to prevent misuse of *YOUR* network.

    In every case, ORBS will mail the postmaster at each server it finds as open; therefore telling you if you have an open relay... and giving you a chance to fix it. I think everybody who posts to Slashdot will agree that open relays are *BAD* things!

    I'd rather have a single anti-spam mechanism darkening my SMTP service every once in a while instead of 100 piss-ant spammers hitting my boxes with 10,000 messages an hour.

    "Be vewy vewy quiet, I'm hunting wuntime ewwors!" - Elmer Fudd

  • Comment removed based on user account deletion
  • Check my user bio for a Java program that will let you do this
    http://slashdot.org/users.pl?op=userinfo&nick=Lava Dog [slashdot.org]
  • I'm glad ORBS is finally running a more responsible list.

    That remains to be seen. They *MIGHT* actually become something useful.

    But, if ORBS continues with the spite listings in the normal listings, then they still won't be useful.

    You'll get to see 1st hand if they will actually not test sites that have asked not to be tested.
  • "If you know where I can get 5GB of bandwidth for free, please let me know."

    Well, doesn't that seem to be the problem now? You want something for free so you can sell it for money. That looks like theft to me. *somebody* ends up paying for it.

    Also, mr. spammer.. why are you asking where *you* can get 5GB of bandwidth for free? ;-) It looks like you have unwittingly revealed yourself.

    Is it possible for me to post my email address in a public forum and state "don't send me ANY spam!"? Will that be respected by spammers? I doubt it. They even seem to filter out "NOSPAM" segments in email addresses.

    If I willingly publish my fax number somewhere, am I also inviting people to send me junk faxes? Oh, wait.. that was illegal. Speaking of which, all too often illegal practices are used in the spam sending process. Addresses are forged, service is stolen, etc. This is highly anti-social and unethical.

    If you have no other way to provide yourself with an income, you should consider more profitable criminal activities.

    Moz.

  • I made a mistake in my original link
    the correct link is

    http://www.goto.com/d/search/?type=home&Keywords =b ulk+email">goto.com bulk email

    sorry about the inconience
    someone else cought themistake and pointed it out to me
    the original link identifies everyone that clicks it as the same person
    therefore they don't get billed for the clicks

  • It's nice to see that since I don't share your narrow-minded, paranoid views, that makes me a criminal.
  • As long as we live in America, we will receive unsolicited advertisements
    I don't live in America.
    One of the sicker aspects of spam is that I get lots of stuff I couldn't take advantage of EVEN IF I BELIEVED THEM.
    Spam is not free; even if email spam is cheaper to me than paper spam, it is also cheaper to the sender. To my disadvantage.
  • You are now in violation of Godwin's Law [tuxedo.org]. We will come to collect you shortly.
  • Spam is relatively unobtrusive and can easily be deleted costing the recipient nothing more than a few k of bandwidth and several moments of inconvenience.

    This is true for one spam a day. Is it true for ten? A hundred? A thousand?

    Spamming a million people costs the sender less than a small newspaper ad. How many ads did your local newspapers carry this week? And how many newspapers are their in the world? (Yeah, the world. I receive two or three spams a day for shit in Argentina. I've never even been to Argentina.)

    Sure, you don't get that much now. But the only reason we all get so little spam is that people who spam get booted off the Internet. If the DMA [the-dma.org], in conjunction with goofballs such as yourself, manages to make spam legitimate, then you will get that much spam.

    Thanks to the DMA and their ilk, 90% of my paper mail is garbage, and that's with them paying 100% of the cost. With email, the recipient pays a good chunk of the cost, even without the theft of services that 95% of spam involve. So what percentage of your inbox will be crap?

    And then, having made normal email useless, the marketroids will be competing for ways to "cut through the clutter". A spam won't be a few k anymore; it will be a few hundred. I'm already starting to see 'em with 50k of imbedded GIFs; flash animations won't be far behind.

    That makes it a little harder to ignore, eh, bucko?
  • I also do not understand your almost cultlike hatred of spam. Perhaps I'm missing something, but I would much rather stand up for a cause that acutally *means something*.

    It depends on what you define as "mean something". For me and for those I know that care about spam, there are indeed deeper issues involved:

    • Nipping a problem in the bud - You may thing spamming is a small problem now, but as I have discussed elsewhere [slashdot.org], it will grow radically if left alone. Ignoring it is like ignoring a breeding pair of cockroaches in your kitchen.
    • Keeping up the neighborhood - I've been using the Internet for more than a decade; many of the most dedicated spam-fighters are old fogies like me, who are reluctant to let something we've worked on go to the dogs. The FTC found that more than half of all spam was promoting schemes that were just plain illegal. Why allow that in the neighborhood?
    • Freedom of speech - To me, the preservation of freedom of speech is about nurturing a workable marketplace of ideas. Spam destroys the signal-to-noise ratio, burying interesting, important, or useful ideas in a mound of garbage.
    • Freedom of association - The freedom to associate with those that I choose is important to me. There is no way to get spammers to leave me alone; indeed, they spend extraordinary amounts of effort to circumvent the technical and legal barriers. Why should I have to spend more and more time and money just so I can communicate easily with the people I choose?
    • Fighting theft and parasites - Most spam involves stolen resources. Large ISPs spend millions fighting abuse and many millions more for hardware and bandwith to handle what still gets through, costs that hurt us all. Why shouldn't we try to stop theft?
    • Shifting power back to citizens - Starting from a nation of rugged individualists, a lot of power has ended up in the hands of corporations. Especially worrying is the concentration of media control into a small number of very large companies. The internet has the potential to undo that if it isn't wrecked by short-sighted marketroid greed.


    This is not to say that soup kitchens are not worthy, and I do contribute to them. But the worthiness of ameliorating the pain of poverty doesn't automatically make other positive actions meaningless.

    If you want to gripe at somebody about the poor state of the world, gripe at the large number of people who do nothing. Or better, gripe at the large number of parasites and dirtbags who are a drain on us all. Like, say, spammers.
  • I would much rather have spam in my inbox than a mailbox full of coupons and credit card applications killing trees and filling our landfills.

    Hey, and once this television thing catches on, they'll take all those commercials off the radio and take the ads out of newspapers, right?

    If we could shift all snail-mail, telephone, and junk-fax advertising to e-mail, I'd honestly have to think about it. But the truth is, it's not a choice of junk mail versus junk email. Your USPS mailbox is already doomed; it's a choice between saving our electronic inboxes or letting 'em fill up with crap too.
  • Ooh, I bet they don't have that test thingie in inputs.orbs.org - it was in relays.orbs.org, but that's no longer running, according to their site.

    Just leave it running as-is, and see if it blocks anything (grep for www.orbs.org in your Sendmail logs).

    --

  • Note that the third link isn't spammers -- it's opt-in email distribution software.
  • Wow that was very good!!
  • You willingly publish your e-mail address in public forums such as Slashdot, therefore you are encouraging anyone who reads this forum, including spammers, to e-mail you. If you don't want to receive e-mails, don't post your e-mail address so that people that want to contact us they can. Possibly to continue a conversation or to flaim but not for spammers to harvest for thier scummy e-mail scams there is a big difference. If we didn't post our e-mail how would we ever get to start intersting conversations with new people?
  • Was that supposed to do anything? Does absolutely jack when I run it.
    --
  • ...but, unfortunately for this cause, I'm one of the fortunate few who doesn't get any spam. Or, at the very least, not yet. When I had Verizon DSL, I got spam daily, and I fed it to SpamCop religiously. However, since I'm more controlled about giving my e-mail address away, I haven't received any spam ever since my new DSL line first started working. If I do start getting spam, though, then I'll start using SpamCop again.
  • I don't call 30 spams a day a minor inconience
    SPAM is not free speach
    these people are abusing resources

    I f you have a problem with killing trees
    then you should do something about it

    If you read my page you would see it has nothing to do with real murder

    individuals who have done nothing worse than attempting to earn a living and support their family in a competitive capitalist economy.

    these people arn't relying on spam to support thier familys
    They are part of the get rich quick on the internet crowd
    THEY ARE SCUM

    they don't care about the 999,990 people that hate thier spam
    they just care about 100 morons that fall for thier crap

  • Hit 'em where it Hurts: This way is EZ and $$$$ (Score:5)

    by jcapell ( 144056 ) <john@capell.net> on Saturday February 03, 2001 @08:22AM (#459441)
    (I got this idea from a previous post, but I've revised the link a bit)

    Once a day, go here [goto.com] and right-click on each link, select 'open in new window' and let the pages load.

    The expense will add up quite quick, I think!

Slashdot Top Deals

"Experience has proved that some people indeed know everything." -- Russell Baker

Close