North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Now the idiots at ORBS are probing random dial-ups

  • From: Valdis.Kletnieks
  • Date: Tue Aug 22 16:53:22 2000

On Mon, 21 Aug 2000 21:55:18 EDT, Barry Shein <[email protected]>  said:
> Is there any reasonable way to tell these ORBS and MAPS losers
> "possibly good intentions, but so badly run that: no thanks" from the
> net administrator community.

OK.. I'm *not* trying to restart the MAPS/ORBS war *again* (personally,
I believe that BOTH sides are partially correct), but I have
a few questions for the audience:

1) The ORBS stuff currently returns an IP of for things it
thinks are tested open relays.  Personally, I've never caught it returning and *not* had a test message on their web page - has anybody
seen it do that? (Remember - *only*).

2) A big part of the ORBS furor seems to be related to hosts that
return (for sites that have router blocks against ORBS), and (which seems to be a catch-all "screw you spammer" code).
Part of the problem is that currently, it's hard to get Sendmail to
distinguish between case (1) and (2).

Sendmail 8.12 may come out with features to allow disambiguating the
two cases (and a patch for 8.11 may happen as well).  I *cant* commit to
it being in there, or a date - I can just say it's "being looked at".

Would that at least help address the "innocent bystanders" concerns?
(and yes, I know there's the scanning concern too - that's a seperate issue
which may be finessed as well - sites that don't like it put in blocks,
they get's, and sites that only check ORBS for get
the benefit they want....)

3) (Ok, I'll admit it) one of our large Listserv hubs checks in ORBS,
mostly to save *my* sanity - it has been cutting out a *large* amount
of attempted spamming (most of which would otherwise have dropped into
my lap as a postmaster double-bounce).  ORBS got added in because MAPS
*just didnt have the hosts listed*.  For yesterday, I had 466 ORBS
rejections for 122 hosts, and 35 for 5 distinct hosts from  

Of the 5 hosts, 2 were in ORBS as well, and of the 122
ORBS hosts, only 13 were in as well.

It's nice to be able to say "yes, MAPS does 43 different hand-checks to
make sure that we don't list a site by accident".  However, if it only
lists 10% of the sites that you're being spammed from, it's not a useful
tool to make any meaningful dent.  And yes, I *could* sit here all day
and for each of the 100 or so extra pieces of bounced mail I'd get, nominate
it for MAPS - but *I* only see the ones that double-bounce.

The problem is that *both* sides are right, in their mindset - the MAPS
crew is correct in their goals, but the ORBS crew is correct in noticing
that by the time a MAPS entry shows up for a box, it's probably already
forwarded tens or hundreds of thousands of pieces of e-mail.
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

Attachment: pgp00019.pgp
Description: PGP signature