[ On Sunday, May 27, 2001 at 00:01:36 (-0700), Roeland Meyer wrote: ]
Subject: RE: Scanning (was Re: Stealth Blocking)
The mechanically verified part of ORBS cannot, by definition, lead to any
Greg, it all comes down to ONE major issue ... collateral damage.
All my friends, colleagues, etc., who were still stupid enough to be running open relays on the day I started using ORBS had their mailers secured by sundown. (and any that didn't, well, perhaps they weren't smart enough to be my friends and colleagues after all.... :-)
He makes a perfectly valid point here. In the past few days I have seen much testimony, from folks right here on this list, that were listed on ORBS. I've also read testimony that their systems were never used for spam. I can't imagine a spammer being on this list for long. Nor, can I imagine those illustrious folks being spammers. Yet, they were on the ORBS list.
You keep, conveniently it seems, forgetting that ORBS is not designed to block spammers -- it's designed to convince people not to run open relays. So, in other words, those illustrious folks were being less-than- professional, one way or another (either they were insisting on running open relays, or they were blocking the tester for political reasons). Please also try harder to remember that there's ORBS, and then there are the other adjunct lists that are offered under the same domain name but which are not mechanically tested open relays. These days ORBS doesn't completely confuse untestable hosts with hosts that are open relays!
But, without spammer behavior, open-relays are perfectly acceptable. Else, why was it the default option in sendmail for so long? The "anti" argument falls over dead without spammers. It's not the gun, it's the bloke pointing it.
Open relays are unacceptable on any public network, since they lead not only to plain old theft-of-service, but also to much more dangerous things, such as theft-of-service for the purpose of committing fraud. They would be unacceptable even in a spam-free world. Sendmail started out as an open relay mailer by default for so long because it was the de facto mailer on an effectively private academic network where peer pressure is more of a deterrent than any technical control can ever be! Think about it -- true hackers (in the MIT sense) find technical controls to be a challenge. (Hmmm... maybe sendmail should always have been secure by default and then the early hackers would have long ago identified all its weak spots! ;-) Obviously the problem on the public Internet wouldn't be quite so bad if mailers didn't start out as open relays by default. Unfortunately even though most mailer authors and maintainers have long ago fixed their software to be secure by default, their vendors have often failed to work to erradicate the old insecure instances and as such we still see new open relays installed every day. Technical controls are the only feasible way to identify and deter the use of such new open relays. Your USA-centric view of the world is also part of the problem. If all perpetrators of theft of service and fraud could be prosecuted equally under a common law then it would be much more difficult for them to get away with the illegal acts they are committing. However given that the Internet is actually a global service, and given that open relays can be installed in any legal jurisdiction and used from any other legal jurisdiction, it's almost impossible to ever make legal action into any serious deterrent, at least not within any reasonable Internet-based timeframe. Only technical controls can ever stand a chance of creating such a deterrent in this kind of disjoint legal quagmire. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <woods@robohack.ca> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>