[ On Saturday, July 8, 2000 at 08:42:41 (-0700), Randy Bush wrote: ]
Subject: Re: RBL-type BGP service for known rogue networks?
ORBS lists open relay by policy. As simple as that. If ORBS is aware that you are an open relay, you get listed. ORBS is 100% objective.
as we all know, this is utter horsepucky. orbs goes vigilante crazy and blackholes entire isp blocks over political poweplay nonsense.
Listing a net-block that has several proven open relays within it but which will not allow testing, is not "going vigilante crazy" -- it's a very very reasonable and well thought out reaction (i.e. there is no lesser action possible since the originally tested open relays have been moved to new address space within the block). It is critically important to also realise that "ORBS" itself doesn't "go crazy" and do these things -- such "rogue net-block" listings are directly a result of pressure from ORBS users. Such users who continue to get spam from relays they've reported to ORBS for testing will complain and put pressure on the ORBS administrators until there is no other choice but to list the entire offending net-block. Use of the term "blackhole" in this context is not only wrong but also misleading. It is very important to understand that ORBS users are free to programmatically ignore, in real time, that section of the ORBS database which lists the so-called "rogue" net-blocks and only use the section of the database which contains actually verified relay results. Accusing ORBS of political powerplay and vigilantism is wrong since it is not ORBS, nor even its users, but rather the "rogue" net-block administrators who are playing political power games. In my humble opinion any admin who permits their mailer to receive any e-mail from a known open relay (even so-called legitimate e-mail, since there's absolutely no way to identify legitimacy at the protocol level) is an accessory to any theft-of-service attack perpetrated on the relay, and is furthermore "guilty" in part of allowing known spam to reach their end users (assuming of course that they are willing to do anything at all in the first place to protect their users from unsolicited junk e-mail). To this end an impartial and independent testing service such as ORBS is critical to the success of such efforts. The other services you mention are valuable, but nowhere near as powerful, and they are far more susceptible to unnecessary delays (time is critical in spam fighting!), and by definition they are more susceptible to human error. Finally it cannot be pointed out enough times that the administrators of the so-called "rogue" blocks need only change their attitudes and co-operate with ORBS in order to make this issue completely go away. Any SMTP service administrator who believes that SMTP port is totally private property is sadly mistaken and should firewall it if they really want it to be private. Being irrational about public testing of public services is, frankly, insane. Public testing by a known independent non-profit agency should be vigorously welcomed by all network admins! -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>