ORDB.org Going Offline

Allan Joergensen writes "ORDB.org has announced that they will shut down their services after fighting open relays and spam for more than five and a half years. The RBL DNS service and mailing lists will be taken down today (December 18, 2006) and the website will vanish by December 31, 2006." The reasons given tend to be the usual ones - volunteers have been focused on other things in life; my salute to those folks for keeping the service up as long as they did.

I'll miss' em

[laughing rabbit (216615)]

Even though it took a long time to get my own domain off their list after I left a mis-configured server out in the wild, I really appreciate all they have done over the years. Who will take up the mantle next?

Re:

[dreddnott (555950)]

I happened to run into an accidental open relay mail server during an onsite consultation (I ended up completely restructuring their deployment and getting ripped off). Most of the MILLIONS of e-mails were coming from China and/or Taiwan, and this was only a few months ago. Are the ORDB people sure they're not going to bring back the open relay problem by shutting down their admittedly useful services?

While the cancer of spam may have metastasized to other parts of the Internet, it doesn't mean it can't gro

Re:

[Achromatic1978 (916097)]

Are the ORDB people sure they're not going to bring back the open relay problem

Whilst I see your point, this is prtty badly phrased - it implies almost an obligation, the little boy with his finger in the dam, and it's his calling, nay, his duty, to keep it there, for the sake of the rest of us.

Which is not the case.

Re:

[by Anonymous Coward]

Imagine one day, Slashdot.org would shutdown too. Can't think of the consequences...

We regret to inform you that slashdot.org, at the ripe age of 8 and a half, is shutting down. It's been a case where all the comments were either too +5 Linux or -5 Microsoft or too insightful that the moderators had to mod it "+2 BSD". Also very little work has gone into maintaining our Mysql database. We should have switched to MS SQL Server long back.
This caused our readers to get pre-occupied with the only other a

Re:

[Per Abrahamsen (1397)]

Isn't it just to enter your domain (IP) in a form, and press "submit for testing"?

I vaguely remember doing that once, after my ISP refused to accept my outgoing mail, because they had assigned me an IP that had previously been used for an open relay.

The reasons

[jginspace (678908)]

The reasons are, expanding from TFA: "open relay RBLs are no longer the most effective way of preventing spam from entering your network as spammers have changed tactics in recent years, as have the anti-spam community."

I concur.

I wonder...

[jfengel (409917)]

If the RBLs go offline, will spammers shift back to using open relays? I suspect not; the bot-nets are harder to stop and, from the spammer's POV, probably more reliable. The dark side of distributed, highly redundant networks.

Still, it's pretty nice to think that they're going offline because they've largely solved the problem they were fighting. It's like declaring smallpox or polio extinct. And if they come back, we'll remember the formula.

Re:

[pla (258480)]

Still, it's pretty nice to think that they're going offline because they've largely solved the problem they were fighting.

I wish I could agree with that sentiment, but I'd call it a closer analogy to say that the disease gained immunity to the best known antibiotic so far and further use of it just wastes resources better spent elsewhere.

The governments of the world need to make it legal to hunt down and torture spammers and their extended families to death. Until then, they will always find ways to fi

Re:I wonder...

[by Anonymous Coward]

The governments of the world need to make it legal to hunt down and torture spammers and their extended families to death

Your post advocates a

( ) technical ( ) legislative ( ) market-based (x) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:I wonder...

[nuzak (959558)]

http://www.craphound.com/spamsolutions.txt [craphound.com]

He didn't invent the list. That's the kind of laziness we're looking for.

He even used it for the checklist's intended reason -- as satire. EVERYTHING fails somewhere on that list.

Re:The reasons

[BenFranske (646563)]

Which is nearly what they said in the article:

We encourage system owners to remove ORDB checks from their mailers immediately and start investigating alternative methods of spam filtering. We recommend a combination involving greylisting and content-based analysis (such as the dspam project, bmf or Spam Assassin).

Re:

[LoadWB (592248)]

Their statement is exactly the reason why I have been migrating away from DNSBL use solely, and modified my "no whitelist" policy -- DNSBLs are useful, but by themselves lack effectiveness.

In the case of ORDB, out of a couple hundred thousand email rejections last week, only five were due to an ORDB listing. In my configurations, ORDB is fourth in line to other DNSBLs, like the SBL/XBL, which catch a good 73% of crap before ORDB even has a chance.

Many thanks to them for the work over the years.

SORBS

[Spazmania (174582)]

Now if extortionist SORBS would die, the anti-spam communinity could refocus on dealing with actual spammers. SORBS never was a pillar of responsibility but the current practice of "dontate to a SORBS-approved charity to get off the list" is just plain wrong.

Re:

[GigsVT (208848)]

Don't forgot the "we blocked you because you used the wrong ISP" people, SPEWS.

Re:

[gclef (96311)]

SORBS has one useful list: the dial-up DNS blacklist (spare me the diatribes about being able to send mail from a dynamic address. I know the arguments, but the benefit doesn't outweigh the cost of the spam coming from that address space).

I'm not willing to pay Trend Micro for access to what used to be MAPS for my one, small domain, and I haven't found anyone other than SORBS offering a collection of dial-up addresses as a DNS blacklist. If there are other, reliable, dial-up blacklists, I'd love to hear a

Re:

[Fred_A (10934)]

I'm not willing to pay Trend Micro for access to what used to be MAPS for my one, small domain, and I haven't found anyone other than SORBS offering a collection of dial-up addresses as a DNS blacklist. If there are other, reliable, dial-up blacklists, I'd love to hear about them.

Sorry, but as dynamic addresses go, MAPS certainly isn't reliable. It lists a number of statically allocated blocks (some addresses of which may indeed be abused) ans dynamic when they aren't.
For example my block is in the MAPS

Re:

[misleb (129952)]

Problem with sending bouncebacks is that you can end up causing just as much of a problem as you are solving. If you bounceback messages to forged senders, you are effectively spamming people. One has to be careful about which messages are just dropped and which are bounced back. If you reject blacklisted IPs at the SMTP level, you should always get a bounceback. But if messages are "scored" based on blacklists, you may not get a bounceback if it scores to high...

-matthew

Re:

[gclef (96311)]

The default behavior on the SMTP servers I've worked with (sendmail and exim4) is to reject the mail before the DATA segment if the source is listed in a DNSBL...so you should be getting bounces from most organizations that do this (that's certainly how mine's working).

Already offline?

[The Blue Meanie (223473)]

If they've already shut down, I guess that explains the rather sudden and rather LARGE increase in spam I had sitting in my various mailboxes waiting for me this morning. :(

Can anyone suggest a good alternative? I'm using spamhaus, sorbs, and uceprotect at the moment, and no, I won't use spamcop. ordb HAD been an excellent fourth.

ASSP

[goldcd (587052)]

I started using Blacklists, but always ended up in a mess. Stuff still got through, so you'd add another blacklist and then one would randomly start blocking gmails 'to teach google a lesson' etc.
ASSP installs nicely (I'm actually running it on MS Server with hmailserver) and does what it says on the tin. Takes a week or so to train it up, but once it's up it easily gets 99% of all spam, tags it and then my mail server shoves it into my users junk folders.

Re:

[Incadenza (560402)]

Here's my set-up (old-style Postfix config). No false positives in five years, so these are pretty reliable (and from the comment the I must have written myself, ordb has been of my list for quite a while):

maps_rbl_domains =
list.dsbl.org,
sbl-xbl.spamhaus.org,
hil.habeas.com,
dul.dnsbl.sorbs.net,
dynablock.njabl.org

# Not enough hits to justify keeping them in the list

# relays.ordb.org
# opm.blitzed.org

Also, for RBL's that might not be 100% reliable, there is a simple to way to add th

Re:Already offline?

[Aladrin (926209)]

Yes, we get that. He doesn't WANT TO.

I haven't seen BadAnalogyGuy lately, so I'll have to do his job I guess:

Slapping mosquitos is not the most effective way of killing mosquitos, but I'm not going to ignore the ones sucking my blood simply because sprays, candles and electric noises work better.

'Not best' is not the same as 'not useful.'

Re:

[The Blue Meanie (223473)]

Thanks. Couldn't have said it better myself.

See the many postings below this about how many people are blocking thousands of mails at the front door BEFORE subjecting them to resource-intense or flaky at best filtering solutions.

And my original question still stands.

Omnipotent awareness... or not

[RingDev (879105)]

I guess some of these groups have a rather large following, but how about actually linking to their page or to a wiki that describes what they do? For those of us lazy American's too lazy to cut and paste.

-Rick

Re:

[BenFranske (646563)]

Maybe this will clarify [nyud.net] what they do.

Good case why not to trust "community" services?

[xxxJonBoyxxx (565205)]

Is this a good case why it's not generally a good idea to put any long-term trust in "community" services like this?

The RBL DNS service and mailing lists will be taken down today (December 18, 2006) and the website will vanish by December 31, 2006.

Thanks - that's not even two weeks notice.

The reasons given tend to be the usual ones - volunteers have been focused on other things in life

More likely, they woke up one day and figured out they were sick of eating Ramen noodles while being taking for a ride by commercial leeches who never kicked back.

Re:Good case why not to trust "community" services

[mephistus (217351)]

As far as community services go, I always put ORDB in the category of "means well, but a half assed effort." I inherited a job taking care of the mail servers at a company I used to work at, and I came to find out that we had an open relay and had been blacklisted. If memory serves me right, I want to say this was almost 5 years ago.

How did I come to find out that we had an open relay? Did ORDB notify us? Hell no. They just slapped us on their list, and our users started getting bounce messages from other

Re:

[scoof (2459)]

ORDB always attempted to notify the administrators of listed servers, several variations on the postmaster@server would have been sent and ignored by the people maintaining the server before you.

Re:

[Salsaman (141471)]

You have a point, but Free Software is hardly "dying" ! That's a ridiculous claim to make. *More* Free Software is being produced and used today than ever before. Just take a look at Freshmeat or Sourceforge.

Of course, if commercial organisations did wake up and realise they have a responsibilty to help support developers whose software they use, then probably developers would have a more comfortable lifestyle, and project development would become more professional and better organised.

Also, software is dif

Are RBL's really finished

[Albanach (527650)]

We, and many others, still use RBLs as a front line tool to stop spam. Generally it'll stop several thousand emails a day from even entering the mail system.

Spamassassin is great, we have sever custom rules and find it very effective. However it is resource intensive, especially if you are to add features like OCR detection of image spam.

Is it really the case that folk should be accepting all this traffic from known open relays and then spending processor cycles analyzing it?

Is there a middle ground? Some third way that lets lets you reject as much as possible at the start of the SMTP transaction? Greylisting is certainly an option but it presents significant problems too - many companies simply won't respond. Automatic emails will be missed, signup to websites becomes problematic etc etc. What, if any, are the other options?

Re:Are RBL's really finished

[LodCrappo (705968)]

We block tons of spam simply by requiring the sending server to strictly follow RFC 2821. A HELO name that follows the rules seems particularly difficult for the spammers to configure. Non FQDNs on the sender, recipient or hostname... sending domains that don't even exist in DNS, servers using your domain name or your IP address and their HELO... a whole variety of strange things that only spammers (and once in a while really bad sysadmins) do. Then you can go a step further and require that someone's sending domain actually have dns properly setup for mail delivery (a "you can't mail me if I can't mail you" kind of thing).

Also, some grey listing systems are better than others. One that really works well for me is sqlgrey http://sqlgrey.sourceforge.net/ [sourceforge.net] Sqlgrey comes with a fairly decent list of servers to exclude due to their inability to properly follow specs, so you don't lose mail from most of the broken but nonspammer servers. This list is also updated automagically and seems to work pretty well.. makes greylisting actually usable, for us at least.

P.S. Don't want to start any holy wars, but if you're trying to fight mail and want a system thats easy to config and just works, postfix is a really great mail server.

Re:

[TubeSteak (669689)]

Any chance you can explain how I get e-mails where my address never shows up in the e-mail header?

Received: from basp34 (unknown [10.10.101.71])
by mailgate.buysell.com (Postfix) with ESMTP id xxx
for checkmeout105@hotmail.com

From: WickedGifts Postmaster@BuySell.com
To: checkmeout105@hotmail.com

My address is not checkmeout105@hotmail.com, but that's who it seems the e-mail was addressed to.

Re:

[LodCrappo (705968)]

well we are way off topic here, but this can happen for several reasons. first off, anything in the headers can (and often is) completely fake. Second, there is a big difference between the "To:" field in a message's headers and the SMTP envelope RCPT TO: address. If you're geniunely interested, I'd suggest looking at RFC 2821 and 2822 which are free online, or maybe skimming a book on SMTP.

HTH

Re:

[good soldier svejk (571730)]

Much like a physical business letter, SMTP messages have an envelope and a header. The envelope information is used for routing, just like the US mail, while the header information is what you see in your message just like the header on your business letter. So what you see in your client is totally arbitrary and has no effect on delivery.

Re:Are RBL's really finished

[Sentry21 (8183)]

On my server, I use greylisting and RBLs, as well as other checks. In the span of one week, we received 128,000 e-mail attempts, 5000 of which were successful. The checks below block huge amounts of spam, to the point where I've actually removed spamassassin because the only messages it gets a chance to check are all legitimate.

For anyone who's wondering, here's what we've got going on, plus amavisd/clamav doing virus scanning. This blocks all spam I get (used to be 30-200 messages per day that Spamassassin would catch).

smtpd_recipient_restrictions =
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_invalid_hostname,
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_unauth_pipelining,
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client list.dsbl.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client dynablock.njabl.org

Re:

[morgan_greywolf (835522)]

Is there a middle ground? Some third way that lets lets you reject as much as possible at the start of the SMTP transaction?

A big one a lot of people don't like and I've never been sure why: 95%+ of all messages where the domain in the 'To:' doesn't match the DNS domain of the IP address in the 'X-Originating-IP:' line are SPAM. So just reject them ALL. SPAM problem solved. Whiners will be executed on site.

Re:

[secolactico (519805)]

Uh? So the PTR of the originating IP has to match the domain of the destination?

But even if you meant the "From:", how do you deal with hosted mail domains? My domain might be one of thousands hosted at "smtpserver.bigprovider.com" or the like.

Re:

[btpier (587890)]

I use strict HELO requirements, greylisting, RBLs, and finally SpamAssassin on my home server. Very few spams make even make it to the SpamAssassin checks. Adding the HELO requirements and greylisting reduced the number spam emails SpamAssassin had to check from >100 emails per day down to an average of about 5 per week.

I haven't had any issues with greylisting. I know of no emails that I haven't eventually received and even web-page sign-ups/registrations have gotten through without a hitch.

There ar

Efficiency

[cockroach2 (117475)]

I'm not sure I agree about the lack of efficiency: On a "normal" day my server which hosts about 60 mailboxes blocks between 5000 and 6000 e-mail messages (4992 yesterday, 4936 Sunday, 5615 Saturday, 5763 Friday etc.) using ordb, spamhaus and dsbl. While it's true that I still have to use spamassassin for additional content filtering, that's more than 5000 messages a day which don't even enter the system - I consider that quite a lot.

Efficiency?

[AltGrendel (175092)]

Not to be a troll, but what's the breakdown per service? Is ordb doing the heavy lifting? Or is spanhaus? If it's an even 33% aross the board, ok. But if ordb is only doing 1% of that 5000 then they're right, blocking relays is no longer effective.

Re:

[cockroach2 (117475)]

You're right, about 95% (or more) of the blocking is done by spamhaus (it is the first filter which is used, thus it's clear that they catch more than the others). Still, the ORDB guys basically say that open relay RBLs in general don't make much sense anymore which, as I consider spamhaus to be an open relay RBL too, I can't agree to.

For completeness' sake, here's the breakdown for yesterday:
  - spamhaus: 4769 (96%)
  - dsbl.org: 220 (4%)
  - ordb.org: 3 (0%)

Spam control methodology

[wiredog (43288)]

A "public" e-mail account, given to businesses, people who like to cross-post via CC (instead of BCC), places like /., etc. I use Gmail, which does a good bit of spam filtering.

A "private" e-mail account, given only to family and close friends, whit a set of filtering rules to build the whitelist, and everything else run through bayesian filtering.

Between the two, I have to deal with very little spam.

OT:This is my 2,000th Slashdot comment...

Re:

[robogun (466062)]

OT:This is my 2,000th Slashdot comment...

Damn. I only received 337 of them, my filter must have caught the rest!

RBLs not so trivial

[jblakezachary (1025970)]

The ORDB notice makes it sound like we should all abandon RBL lookups all together. I operate a small GroupWise domain ~about 300 users~ and checked my GWAVA stats when I read the article. 78,000 of the last 155,000 inbound messages were blocked as RBL hits. This first step in ridding most of our spam takes a load off of the more server intensive methods of filtering mail and still seems very relevant. I will be sad to see ORDB go.

For those of you relying on RBL lookups, the following are still available and seem to be very reliable, producing few to zero false positives:
zen.spamhaus.org
bl.spamcop.net
list.dsbl.org

Re:

[Spoke (6112)]

zen.spamhaus.org
bl.spamcop.net
list.dsbl.org

I use those same domains for my mail servers and also find them to be very effective.

Besides spamcop.net [slashdot.org], are there any other useful service to forward spam to to help add to these blacklists?

How nice of them to let us know....

[NerveGas (168686)]

    By giving people one entire day to remove their mailer configuration, they didn't leave people much time. Of course, that's sort of moot, I noticed early last week that my mailer wasn't getting responses from them any more, causing timeout delays on the query for every incoming message.

    Ah, well. I guess I shouldn't complain, since this one inconsiderate act is vastly overshadowed by the usefulness they've provided over the years.

Re:

[erlenic (95003)]

As others have said, they are still very useful. At my company, of the 125,020 pieces of spam we blocked in November, 81,316 of them were blocked by blacklists. That's 65% of all detected spam. That's over 2,700 e-mails per day that our already overloaded relay server didn't have to spend much processing time on.

Re:

[mungtor (306258)]

but that's just a blacklist.... Which blacklists and why was the server on the blacklist? Was it a known source of spam and not an open relay?

Re:

[s7uar7 (746699)]

Since the Republican Congress "defeated spam" with their CAN-SPAM Act, I've noticed my incoming spam double every month for years

CAN-SPAM took effect on 1 January 2004, so assuming you got 1 spam that month and it's doubled every month since, that means you're getting about 564 million spam emails a day now. I wouldn't want to be your ISP :)

Re:Spam Can-Doers

[rworne (538610)]

Really?

The U.S. Senate voted 97-0 (with 3 nonvoting senators).
Congress voted in much a similar fashion: 392-5.

link [vote-smart.org]

Jump off that hate bandwagon and realize you being screwed over by both parties.