Mailing List SIMS@mail.stalker.com Message #7250
From: Richard Johnson <rdump@river.com>
Subject: Re: Anti SPAM methods
Date: Mon, 27 Nov 2000 11:21:56 -0700
To: SIMS Discussions <SIMS@mail.stalker.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 14:57 -0700 on 11/21/00, Kreme wrote:
> >         2) use outputs.orbs.org instead of relays.orbs.org
>
> I'm not sure I understand what outputs and inputs really is.  Sounds like
> it's simply #1 in your list, right?


inputs.orbs.org lists relay inputs.  outputs.orbs.org lists relay outputs.
Those are the same for single-stage relays, but different for multi-stage
relays.

The primary differences between outputs.orbs.org and relays.orbs.org are 1)
outputs doesn't include the static list, and 2) outputs has no grace period
for multi-stage relay chains.

Do keep in mind, however, that I'm describing documented+observed behavior at
the present time on experimental features of ORBS.  The behavior of the
experimental domains and the return codes may well change.


> >         3) use RSS instead of or in addition to ORBS
>
> Yeah, that's what I do, though RSS seems to catch little spam.


That's almost certainly because the MAPS RSS is more widely used than ORBS.
Yes indeed, more widely used lists should catch less spam for each separate
user (as long as it's possible to get off the list by fixing the spam problem
:-).

As a result of the greater usage-driven power behind a listing on the MAPS
RSS, open relays listed on the RSS tend to get fixed more quickly.

ORBS's has policies and problems that turn most potential users off.  ORBS's
relay testing technique does cause multiple double-bounces to land on
postmasters of some non-relaying systems, and it repeats tests.  ORBS's
static list policy can cause a severe amount of collateral damage when it
lists large providers.  In addition, ORBS lists systems which appear open to
single relay tests, but that actually don't relay spam.  All those make it
less than attractive for most users.

In addition, ORBS will test and potentially list any IP submitted to it.
ORBS relies upon users to only submit IPs the users have good reason to
believe are open relays.  ORBS ends up testing systems that have not and
could not have relayed spam because someone got lost, typoed an IP, is using
ORBS to abuse someone else, etc.  This policy makes ORBS faster at listing
open relays (it will even sometimes pre-emptively list open relays before
spammers use them), but it also makes ORBS anathema to those of us who would
prefer that spammers actually prove a relay is abusable before it has any
chance of being listed.

In this respect, even though RSS is slightly slower to list open relays, and
it doesn't pre-emptively list anything before spam is sent through it, the
RSS is more effective at getting relays closed.  The RSS is thus a better
long-term solution to open relay spam than is ORBS.

ORBS is OK (not great :-) for blocking more spam in the near-term if you can
get the collateral damage down to a level tolerable for you.  However, for
the best long-term effect for the net, use RSS.


Richard

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBOiKZeWKSuJuuNAZUEQLkJwCg2M8eoY5eS7lJyD2nRgliUJilRj4AoPv8
7gP5/qaTfO4Niy4BNMU8bpTe
=6XuA
-----END PGP SIGNATURE-----


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster