upstream scanning - upstream filtering

The logic of this escapes me. So ORBS scans for open relays.
Their goals are no different from's scanning for vulnerable
nameservers. The only fundamental differences are that
is probing their own customers and using a different TCP/UDP port.
If wants to filter scans that's one thing but they could
have started better by filtering some of the many netscans we see
from .kr and .cn subnets.

I have no problem being scanned by either ORBS or I do
have a problem with upstream port filtering without my knowledge
or express permission.

One reason might block ORBS probably has not been discussed
on NANOG. ORBS competes directly with RBL/DUL/RSS/
RBL and share management.'s filters, it would
seem, are the result of a business decision whose goal has less to
do with customer safety than with inhibiting competition.

With the exception of ORBS filtering both and ISC are
doing a great job. Here's hoping takes the opportunity to
improve by adopting more consistent policies on scanning and

Can you explain the logic which leads you to this conclusion?

  (BTW, the entity you call 'RBL/DUL/RSS/' is more
  accurately named Mail Abuse Prevention System LLC, or MAPS.)