On Sat, Jul 08, 2000 at 12:35:14PM -0400, Greg A. Woods wrote:
[ On Saturday, July 8, 2000 at 08:42:41 (-0700), Randy Bush wrote: ]
Subject: Re: RBL-type BGP service for known rogue networks?
ORBS lists open relay by policy. As simple as that. If ORBS is aware that you are an open relay, you get listed. ORBS is 100% objective.
as we all know, this is utter horsepucky. orbs goes vigilante crazy and blackholes entire isp blocks over political poweplay nonsense.
Listing a net-block that has several proven open relays within it but which will not allow testing, is not "going vigilante crazy" -- it's a very very reasonable and well thought out reaction (i.e. there is no lesser action possible since the originally tested open relays have been moved to new address space within the block).
Let me explain some things: - ORBS does not blackhole. It lists hosts and sometimes complete netblocks. $administrator can then choose to take any action (or not!) based on these listings. - ORBS lists hosts in several categories. One is 'open relay inputs'. Another is 'open relay outputs' (most open relays will be both). Yet another is 'untested/untestable'. Hosts/netblocks can end up in this last category in two ways: - by request from the admin of that host/netblock - when ORBS finds out that they are being blocked specifically. It is therefore incorrect to state 'ORBS blackholes whole netblocks'. These netblocks are listed *different* from open relays. The admin that decides to use ORBS has a choice to block *only* open relays, or also block hosts that do not want to be tested by ORBS. I hope this clears things up.
It is critically important to also realise that "ORBS" itself doesn't "go crazy" and do these things -- such "rogue net-block" listings are directly a result of pressure from ORBS users. Such users who continue to get spam from relays they've reported to ORBS for testing will complain and put pressure on the ORBS administrators until there is no other choice but to list the entire offending net-block.
Nope. ORBS doesn't do 'user pressure'. Such net-block listings (as 'untestable', not as 'open relay') are only done based on actions/requests by admins responsible for these netblocks.
Use of the term "blackhole" in this context is not only wrong but also misleading. It is very important to understand that ORBS users are free to programmatically ignore, in real time, that section of the ORBS database which lists the so-called "rogue" net-blocks and only use the section of the database which contains actually verified relay results.
Correct, this is what I explained above.
In my humble opinion any admin who permits their mailer to receive any e-mail from a known open relay (even so-called legitimate e-mail, since there's absolutely no way to identify legitimacy at the protocol level) is an accessory to any theft-of-service attack perpetrated on the relay, and is furthermore "guilty" in part of allowing known spam to reach their end users (assuming of course that they are willing to do anything at all in the first place to protect their users from unsolicited junk e-mail). To this end an impartial and independent testing service such as ORBS is critical to the success of such efforts. The other services you mention are valuable, but nowhere near as powerful, and they are far more susceptible to unnecessary delays (time is critical in spam fighting!), and by definition they are more susceptible to human error.
Yes. On the other hand, one might say that you as an admin do not have the right to block *any* mail for your users. This is solved by for example just inserting headers based on ORBS-listing and not outright rejecting mail, and then leaving the choice to your users thru procmail or other per-user filtering means.
Finally it cannot be pointed out enough times that the administrators of the so-called "rogue" blocks need only change their attitudes and co-operate with ORBS in order to make this issue completely go away.
Correct.
Any SMTP service administrator who believes that SMTP port is totally private property is sadly mistaken and should firewall it if they really want it to be private. Being irrational about public testing of public services is, frankly, insane. Public testing by a known independent non-profit agency should be vigorously welcomed by all network admins!
Correct again. AboveNet blackholing ORBS is therefore an action I do not understand, especially since they host MAPS. I see 2 possibilities: - MAPS doesn't test if a reported spamhouse is really an open relay, and is therefore susceptible to forgery. - MAPS does do open relay testing and therefore performs the same 'unsolicited traffic' as ORBS, which would mean they're hypocritic. Greetz, Peter. -- petervd@vuurwerk.nl - Peter van Dijk [student:developer:ircoper]