ORBS (Re: Scanning)

Date: Sun, 27 May 2001 02:02:24 -0400 (EDT)
From: Greg A. Woods <woods@weird.com>

But, ORBS remains indefensible.

It would seem that I have no problems either defending it, or using it.

ORBS catches far more than MAPS. My take is that anybody who has a
problem with the infrequent ORBS probes should have a huge problem with
the daily bombardment of relay attempts.

Besides, whoever said that one must use ORBS "out of the box"? I maintain
a whitelist of IP addresses to override ORBS. As much as I'd like to see
Earthlink get a clue, MSN close their relays (have they yet?), and
RoadRunner cooperate, I allow their MXes through when I find them.

Modern spammers have gotten nasty. They use hundreds of different relays,
each time changing the source address:


with * DNS so that all subdomains resolve, and the subject:

  I have no respect for netiquette!!!!! [i35ed7]
  I have no respect for netiquette!!!!! [ed8ooe]
  I have no respect for netiquette!!!!! [h8qi2h]

So as to throw off MXes that look for the same message again and again.
I suppose that scanning the body and looking for repetition is possible,
but it's only a matter of time until _that_ get perturbed in 100 different

Bottom line: Blocking mail from rogue servers is the best way to stop
spam and to not be a party to somebody else getting relay-raped. Anyone
with clue closed relays how many years ago?

I don't buy the "we need open relay for nationwide users" argument,
either. Build a cheap MX that does nothing but take mail from a given
POP, and send it to the world. Anti-spoofing at the border, don't accept
mail from the outside world, and you're done.