[ On Sunday, July 9, 2000 at 09:04:51 (-0700), Roeland M.J. Meyer wrote: ]
Subject: RE: RBL-type BGP service for known rogue networks?
Now that you mention it, yes I do. Spammers don't block access. The RBL, which my systems subscribe to, only lists systems that are PROVEN to originate or relay spam. ORBS simply is on the "close all relays" jihad even if the system never saw spam. This is very Napoleanic, not something that I can condone.
I'm sorry but any open relay, exploited or not, presents a very real risk not only to itself but to the entire Internet (or at least to those parts of the Internet that are not willing to accept unsolicited junk e-mail and other forms of e-mail-based abuse, such as viruses/trojans and so on). Indeed it are those that have not yet been exploited which are now the larger risk since those that have been exploited are either shut down or listed in other more widely used blocking lists. As such I cannot condone allowing any open relay to function without question especially if it has not yet been exploited, because eventually it will be exploited (even if only to relay one single unwanted message). Refusing all e-mail from all known open relays is the only way I know to at least try to ensure that the operators of such a relays learn that they are operating insecure systems that present very real risks to the rest of the Internet community. If they are unwilling to fix their open relay after being notified of it then that's even more reason to continue to refuse all e-mail originating from it. The more people who use ORBS the fewer open relays we will have to endure. If you can show me a more effective way of forcing admins who run open relays to either shut them down or secure them *before* they are ever exploited then I will gladly champion it (and of course use it too!). This isn't just about spam any more! I'm willing to bet that the next wave of actual e-mail delivered exploits will be initiated through open relays that have not yet been used to deliver spam and which are not yet even listed in ORBS. Now that IMRSS is gone we can only thank the spammers for discovering open relays and causing them to be listed in ORBS before they are used for even more nefarious purposes (not that I'm condoning spam in any way whatsoever, of course!). -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>