[ On Sunday, May 27, 2001 at 00:17:29 (-0400), William Allen Simpson wrote: ]
Subject: Re: Scanning (was Re: Stealth Blocking)
And I love you too.... IIRC, investigation some time ago uncovered that these various services originated from and used the same databases.
The facts are not that hard to see from the current information available on their repective web pages -- if you care to look; and can be corroberated with other documentation easily found online with the assistance of Google, etc.
One or more of them did automated scanning, with considerable false positives. Hard to remember the details after all this time. They were all associated with the same belligerent operator.
IMRSS certainly did very systematic scanning for open relays. However I don't see how it could have detected any false positives since it was actually collecting relayed messages -- a relayed message sent from a more or less arbitrary host out there on the internet almost certainly indicates that the tested host is an open relay, no? There's only one possible exception I can think of, and if memory serves me correctly that particular exception could only have accounted for one or two of the hundreds of thousands of open relays IMRSS found. That exception being of course that it detected its own upstream relay(s) which would perhaps have explicitly authorised it to relay a message.
Greg, I'm sure you've done good things in the past. CVS comes to mind? (assuming my memory is not entirely failing.)
(I've not done much but debate about CVS lately -- though I still maintain Smail-3 and I contribute to *BSD and other minor things.)
But, ORBS remains indefensible.
It would seem that I have no problems either defending it, or using it. Whether I'm successful in the latter endeavour is only for me to decide. Whether I'm successful in the former endeavour is a larger question.
The MAPS leads to far fewer mistakes -- does not block non-relaying servers just because they don't think the network has sufficient "action against spammers in recent months." That's entirely judgmental, not operational.
The mechanically verified part of ORBS cannot, by definition, lead to any
It all comes down to trust and reliability. I trust MAPS.
I implicitly trust both MAPS and ORBS -- at least with my ability to receive e-mail! ;-) In fact I trust the mechanially verified primary ORBS list far more than any other related and manually maintained service. By now the softare maintaining that list has been extremely well tested and will most certainly never make anywhere near as many mistakes as even the most careful human.
We've been falsely accused by ORBS,
Which list were you on again? Wasn't it the manual netblocks list?
without any evidence of spamming.
Please do not forget that ORBS goal is not to detect or prevent spamming per se. It's full name should make this clear: Open Relay Behaviour- modification System. Any open relay is a bad thing regardless of whether it has yet been abused by a spammer (because it will undoubtably be abused unless it is closed first). I don't block e-mail from ORBS-listed hosts (just) because it might be spam. I block it because I do not wish to knowingly be a party to any acts of theft of service or fraud. If the received headers were part of the SMTP envelope then it might be possible to be more discerning about which messages to reject from an open relay, but with our current protocol that is not possible and so I must simply block all e-mail from any known open relay.
ORBS blocks for political reasons, rather than technical.
I guess I can't really disagree with that, though I will point out that I am using ORBS as a deterrent against such acts of theft of service and fraud and thus it is in fact what's known as a "technical control".
'nough said, for now.
or that.... :-) -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <woods@robohack.ca> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>