Date: Sun, 27 May 2001 02:02:24 -0400 (EDT)
From: Greg A. Woods <woods@weird.com>
But, ORBS remains indefensible.
It would seem that I have no problems either defending it, or using it.
ORBS catches far more than MAPS. My take is that anybody who has a
problem with the infrequent ORBS probes should have a huge problem with
the daily bombardment of relay attempts.
Besides, whoever said that one must use ORBS "out of the box"? I maintain
a whitelist of IP addresses to override ORBS. As much as I'd like to see
Earthlink get a clue, MSN close their relays (have they yet?), and
RoadRunner cooperate, I allow their MXes through when I find them.
Modern spammers have gotten nasty. They use hundreds of different relays,
each time changing the source address:
a57e6s@t8iji7.somedomain.tld
in46hi@diief4.anotherdomain.tld
xkm8ey@ithi62.yetanotherdomain.tld
with * DNS so that all subdomains resolve, and the subject:
I have no respect for netiquette!!!!! [i35ed7]
I have no respect for netiquette!!!!! [ed8ooe]
I have no respect for netiquette!!!!! [h8qi2h]
So as to throw off MXes that look for the same message again and again.
I suppose that scanning the body and looking for repetition is possible,
but it's only a matter of time until _that_ get perturbed in 100 different
fashions.
Bottom line: Blocking mail from rogue servers is the best way to stop
spam and to not be a party to somebody else getting relay-raped. Anyone
with clue closed relays how many years ago?
I don't buy the "we need open relay for nationwide users" argument,
either. Build a cheap MX that does nothing but take mail from a given
POP, and send it to the world. Anti-spoofing at the border, don't accept
mail from the outside world, and you're done.
Eddy