LISTSERV - HP3000-L Archives

HP3000-L Archives

January 1999, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L January 1999, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	ORBS (Online Spam Blocking Service) is back!
From:	Chris Bartram <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Wed, 20 Jan 1999 22:32:10 -0500
Content-Type:	Text/Plain
Parts/Attachments:	Text/Plain (90 lines)

For those NetMail/3000 and sendmail users out there that were using the free
ORBS (Online Relay Blocking Service - a wonderful spam filtering service); it
had been taken "offline" (for mostly political reasons) but is now back.

It is however, using a different domain name (it used to be called
"dorkslayers.com"; now it's a somewhat milder orbs.org).

<detailed discussion follows>

For the unfamiliar, ORBS (and a few similar services) operate DNS-style
servers that allow mail programs (with the appropriate hooks; which both
NetMail/3000&DeskLink and recent sendmail versions have) to do a quick
reverse "lookup" on a mail server attempting to deliver mail to your server.
The lookup finds a match if the sending host's IP address is flagged in their
service as a potential "bad guy"; and if flagged, the receiving mail server
has the option of refusing to accept any mail from them.

There are a couple services out there that work the same way, but flag servers
for different reasons:

1) MAPS (Mail Abuse Prevention Service) - a very conservative service that
   only flags known (and confirmed) spammer servers - or ISPs that allow
   spammers to use their servers

2) DUL (ORCA's Dial-Up-List) - a service that keeps a database of known dial-
  up ports. Since legitimate mail servers must have reserved (and usually
  fixed) IP addresses - the only *SMTP* delivered mail coming from a dialup
  port is coming from the various spamware packages (bulkmail programs). Using
  this service allows you to prevent your getting mail from any of these.
  (Note that it does NOT affect POP users)

3) ORBS (Online Relay Blocking Service) keeps a database of mail servers that
   aren't configured properly; in that they will allow anyone to relay/bounce
   mail messages through their server to innocent third parties. A majority of
   all spam these days is sent through unsecured mail servers.

   ORBS has always been the most controversial of these services, in that they
   used to have a web page script where users could submit any mail server's
   name to be automatically "tested" (i.e. attempt to relay a message through
   the server). Many people objected to this "testing" (and still do), but
   this service is the single best filter for keeping spam out of a mail
   server that exists today. There were well over 25,000 mail servers listed
   last I heard.
   The drawback is that alot of "innocent/incompetent" sites get blacklisted
   by this service, and find themselves unable to send mail to any server
   using this filter. However, the ORBS server automatically re-tests from
   time to time, and users can submit a server for re-test at any time, so all
   it takes to get OFF the list is fixing your mail server.

   For those interested, the new address for dns-lookups for ORBS is
   <reverseip>.relays.orbs.org

4) IMRSS (I forget what the acronym stands for) is yet another about-to-be-
   released free/public mail-server-database. This one also lists open mail
   relays/servers, but goes a step further. It started with the ORBS database
   and the operators added code to automatically scan entire IP address blocks
   for open mail servers. First they trap spam via several "bait" mailboxes;
   once a spam via an open relay is found, the entire IP address block that
   server belongs to is scanned for open mail servers. The idea being that
   most organizations that have a broken mail server, often have more than one
   of the same.
   IMRSS is still building their database (they haven't made the DNS-query
   portion for mail-server lookup available yet), but amazingly, have already
   recorded over *50,000* open mail servers, and are accumulating hundreds
   more per day.

   While their approach (especially the IP scanning) are the most controvers-
   ial of the bunch, they are utilizing some of the same tools that spammers
   are already using; they're just using them to protect those who HAVE gone
   to the trouble of configuring their mail servers correctly/responsibly
   from the ever growing flood of spam.

<plug> NetMail/3000 and DeskLink already have the code built-in to enable the
IMRSS service (as well as all the others); interested sites will be able to
turn on the switch (a JCW in the background job) to add this filter to their
arsenals as soon as it's officially "announced". We're happy to be the FIRST
commercial mail package to support *ALL* these filtering services, in addition
to the (hopefully soon to be obsoleted) filter files we already distribute
and maintain ourselves. </plug>

P.S. Freeware NetMail can also enable these filters. Updated versions of all
    our mail packages were just placed on our www and ftp sites a few minutes
    ago.

            -Chris (remove nospam) Bartram

P.P.S. For those of you that also like to watch bug-zappers in use; all our
     mail packages log all refused mail in an 'errorlog' file, which can
     bring you hours of enjoyment watching as it bounces all that spam. ;-)

ATOM RSS1 RSS2

RAVEN.UTC.EDU