Re: ORBS not recommended

Mon, 7 Feb 2000 15:48:20 -0800 

At 9:20 PM -0500 2/6/00, Len Budney wrote:
>[EMAIL PROTECTED] wrote:
>>
>> I would strongly recommend *against* using ORBS, because it blocks a
>> lot of legitimate mail.
>
>Agreed. (I cut a similar caution for space reasons; should've just omitted
>mention of ORBS.)
>
>Fascism is seductive to techies--in particular, the ORBS fellow does
>seem to have a bit of a god complex. <http://www.orbs.org/bugtraq.html>
>gives a good example.
>
>Len.


I use maildrop and a hacked version of rblcheck to simply add a 
header to suspected spam. If the last server before ours matches RBL, 
rblcheck's return code is incremented by 1. If it matches at 
RBL.maps.vix.com, incremented by 2. DUL.maps.vix.com, by 4. 
relays.mail-abuse.org, by 8. Then I throw the return value into the 
header. The results have been informative.

     Delivered-To: [EMAIL PROTECTED]
     Date: Mon, 7 Feb 2000 03:58:15 GMT
     From: [EMAIL PROTECTED]
     To: <[EMAIL PROTECTED]>
     Subject: 2 FREE GAMBLING CRUISE TICKETS !!!! L@@K!!!!
     Status:  U
     X-Spam: based on relay(1) 199.171.54.114

So in this case the spam was spotted by only ORBS. In the next 
example, ORBS and relays.mail-abuse caught it:

     Delivered-To: [EMAIL PROTECTED]
     To: [EMAIL PROTECTED]
     Bcc: <snipped for brevity>
     From: <[EMAIL PROTECTED]>
     Subject: Earn Big $$$ From Home!
     Status:  U
     X-Spam: based on relay(9) 205.168.240.10

And one that surely isn't spam:

     Delivered-To: [EMAIL PROTECTED]
     Date: Wed, 2 Feb 2000 17:02:31 -0500 (EST)
     From: [EMAIL PROTECTED]
     Subject: MODIFY DOMAIN somedomain.com
     Reply-To: <[EMAIL PROTECTED]>
     X-Spam: based on relay(1) 198.41.0.91
     Status:  U

ORBS catches a lot of spam, but they also hit a lot of big sites. 
Like Network Solutions in the above example. PacBell Internet. Ebay. 
Discover Brokerage. The thing is, all these sites DO HAVE open 
relays. Just because they're big, they should be able to get away 
with it? I've let all of them know (I'm sure they already knew), but 
haven't seen any of them change it.

Anyway, the plan is to eventually let users decide for themselves how 
much filtering they want, or if they're happy with just a header 
being added. If they want to chance lost mail and use ORBS, that's 
their choice.

jon

Reply via email to