If you're running an attractive nuisance, it's simply a matter of time until someone -does- find you.
If this time is _10_ years (which is not too bad assumption_) - why not? let the people do their work instead of fighting with the shadows.
ORBS is simply being proactive about it, on advisement from people around the Internet.
What ORBS is doing is like some man who is walking by the street and, if you forgot to close your car, break the ignition locks and write message _dear sir; you did not closed your car, and it could be stolen or used for the crime; to prevent it, I broke your car - now bad guys could not abuse it for their dark purposes_. Guess when this man finish his work?
ORBS is NOT damaging your car, your network, or your ability to provide service. ORBS is merely letting you know that you left your car parked without the emergency brake on, and that it might roll down the hill and run over someone when you're not looking. And it's letting people who might be in the area know too. Yes, this means that someone might give your car a quick shove down the hill. But it also means people can get out of the way first. Aren't analogies fun?
ORBS is simply investigating and reporting mail servers which are provable open relays, and netblocks which are unverifiable due to administrative choice (either requesting addition to the listing, or by blocking the testers). It's making use of information that is easily obtainable, on the suggestion from someone who has probably already checked that you might be a good choice to investigate (meaning someone has already noticed you, and you're not hidden from view anymore).
I get regular ORBS probes, and I welcome them. As long as my service is not directly impacted by those probes (ie. they start bogging down my systems with tests, or consume a noticable chunk of bandwidth), I'll continue to do so.
Just the same ORBS. It's your concern to have open relay as long as it does not bother others.
And it's my prerogative to not listen to your mail server if I believe it is being operated negligently, if I don't believe your mail is RFC conformant, or if it's tea time. *shrug* ORBS helps me in making my decision with the first part. I decide if it's tea time by myself. :-)
-- Edward S. Marshall <emarshal@logic.net> http://www.xnet.com/~emarshal/ ------------------------------------------------------------------------------- [ Felix qui potuit rerum cognoscere causas. ]
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/