Mailing List SIMS@mail.stalker.com Message #7225
From: Bill Cole <listbill@scconsult.com>
Subject: Re: Anti SPAM methods
Date: Mon, 27 Nov 2000 00:27:42 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
At 6:35 AM -0500 11/25/00, Paul Hess  imposed structure on a stream of
electrons, yielding:
>Hello Bill,
>
>Thanks for the explanation.  I use MAPS and ORBS (although I don't use
>the static blocking for ORBS).  As an innocent bystander I have a
>question for you:
>
>1. Does your company block ORBS because the tests and retests were truly
>a nuisance, or because of the principal that they should not be sending
>those unwanted tests & retests to people's systems (much like spam
>itself!)?

That's actually a complex question, and one that I'm not 100% confident
that I can answer it accurately and in full. The actual blocks are
upstream of us, because AboveNet has blocked the ORBS testers. Since that
blocking started (well over a year ago, as I understand it) MAPS has not
chosen to route around it, and Paul Vixie (MAPS' founder) has become a VP
of AboveNet's parent company. He has said a fair amount publicly about the
blocking (including multiple posts to news.admin.net-abuse.email over the
summer) and while I understand that it is kept in place on principle,
there have also been credible reports of serious impact on totally
innocent systems as a result of ORBS' carelessness.


>The reason I ask it is that it would seem that an occasional
>email probe once a month, or even once a week, would not overload either
>a mail server or a mail admin (who could ignore or even filter the
>notices out via a mail client filter), but multiple tests a day could be
>extremely annoying.  I don't know why one would get multiple tests a day
>or even a month unless it had something to do with the fact that MAPS and
>ORBS are "competitors" and related mischief by the owners or users.

MAPS doesn't view 'competitors' as enemies, but as allies and potential
assimilation targets. MAPS has deepened its copious red ink in order to
assure that the DUL and RSS lists have funding and full-time maintainers,
although both started as independent efforts by people who believed the
RBL was not doing enough. MAPS gains nothing from ORBS losing credibility
and loses nothing if ORBS (or other lists) attracts more users.

Reports that I have heard (not regarding MAPS' servers) of significant
problems from ORBS' testing are the result of machines handling a large
number of addresses and having them all tested regularly. At least one of
ORBS' test methods is really aimed at a specific design flaw in some
MTA's, but on other MTA's is almost certain to result in the test message
going as a 'double bounce' to the admin. While that test is arguably
necessary to test a relay, the indiscriminate testing done by ORBS using
such a problematic test is a recipe for abuse. ORBS tests without any
legitimate reason to believe that a server may be open, much less that it
is actually being abused.


--
Bill Cole
Senior Consultant, MAPS L.L.C. Consulting Services Group
wkc@mail-abuse.org (work)
bill@scconsult.com (personal)
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster