ORDB.org Going Offline

Allan Joergensen writes "ORDB.org has announced that they will shut down their services after fighting open relays and spam for more than five and a half years. The RBL DNS service and mailing lists will be taken down today (December 18, 2006) and the website will vanish by December 31, 2006." The reasons given tend to be the usual ones - volunteers have been focused on other things in life; my salute to those folks for keeping the service up as long as they did.

SORBS

[Spazmania]

Now if extortionist SORBS would die, the anti-spam communinity could refocus on dealing with actual spammers. SORBS never was a pillar of responsibility but the current practice of "dontate to a SORBS-approved charity to get off the list" is just plain wrong.

I wonder...

[jfengel]

If the RBLs go offline, will spammers shift back to using open relays? I suspect not; the bot-nets are harder to stop and, from the spammer's POV, probably more reliable. The dark side of distributed, highly redundant networks.

Still, it's pretty nice to think that they're going offline because they've largely solved the problem they were fighting. It's like declaring smallpox or polio extinct. And if they come back, we'll remember the formula.

Good case why not to trust "community" services?

[xxxJonBoyxxx]

Is this a good case why it's not generally a good idea to put any long-term trust in "community" services like this?

The RBL DNS service and mailing lists will be taken down today (December 18, 2006) and the website will vanish by December 31, 2006.

Thanks - that's not even two weeks notice.

The reasons given tend to be the usual ones - volunteers have been focused on other things in life

More likely, they woke up one day and figured out they were sick of eating Ramen noodles while being taking for a ride by commercial leeches who never kicked back.

Re:I'll miss' em

[dreddnott]

I happened to run into an accidental open relay mail server during an onsite consultation (I ended up completely restructuring their deployment and getting ripped off). Most of the MILLIONS of e-mails were coming from China and/or Taiwan, and this was only a few months ago. Are the ORDB people sure they're not going to bring back the open relay problem by shutting down their admittedly useful services?

While the cancer of spam may have metastasized to other parts of the Internet, it doesn't mean it can't grow back in the places these guys are abandoning. As I understand it, there are other blacklists but nothing quite like the ORDB.

Re:Already offline?

[Aladrin]

Yes, we get that. He doesn't WANT TO.

I haven't seen BadAnalogyGuy lately, so I'll have to do his job I guess:

Slapping mosquitos is not the most effective way of killing mosquitos, but I'm not going to ignore the ones sucking my blood simply because sprays, candles and electric noises work better.

'Not best' is not the same as 'not useful.'

Re:Are RBL's really finished

[LodCrappo]

We block tons of spam simply by requiring the sending server to strictly follow RFC 2821. A HELO name that follows the rules seems particularly difficult for the spammers to configure. Non FQDNs on the sender, recipient or hostname... sending domains that don't even exist in DNS, servers using your domain name or your IP address and their HELO... a whole variety of strange things that only spammers (and once in a while really bad sysadmins) do. Then you can go a step further and require that someone's sending domain actually have dns properly setup for mail delivery (a "you can't mail me if I can't mail you" kind of thing).

Also, some grey listing systems are better than others. One that really works well for me is sqlgrey http://sqlgrey.sourceforge.net/ [sourceforge.net] Sqlgrey comes with a fairly decent list of servers to exclude due to their inability to properly follow specs, so you don't lose mail from most of the broken but nonspammer servers. This list is also updated automagically and seems to work pretty well.. makes greylisting actually usable, for us at least.

P.S. Don't want to start any holy wars, but if you're trying to fight mail and want a system thats easy to config and just works, postfix is a really great mail server.

Re:Spam Can-Doers

[rworne]

Really?

The U.S. Senate voted 97-0 (with 3 nonvoting senators).
Congress voted in much a similar fashion: 392-5.

link [vote-smart.org]

Jump off that hate bandwagon and realize you being screwed over by both parties.

Re:I'll miss' em

[Achromatic1978]

Are the ORDB people sure they're not going to bring back the open relay problem

Whilst I see your point, this is prtty badly phrased - it implies almost an obligation, the little boy with his finger in the dam, and it's his calling, nay, his duty, to keep it there, for the sake of the rest of us.

Which is not the case.

SPF to the rescue

[michaelredux]

Perhaps you are asking about SPF.

http://en.wikipedia.org/wiki/Sender_Policy_Framewo rk [wikipedia.org] Spammers recently started forging my domain as their return address. I know this because I recieved a bucket-load of bounces every day until I blocked the catch-all address. All of that spam would have been blocked if the servers that bounced it had checked my SPF record first. It clearly specifies that all of the IP addresses where the spam is coming from are not authorized to serve email from my domain.

This is a simple, open standard that can eliminate spam from forged domains, which I would guess is most of it, at this point in history.

*sigh*

[furbearntrout]

Parent needs to get a life.
The satire in question was written by anti-spam advocates; in part to ridicule amateur, armchair philosophers; who think that their knee-jerk response is better than anything the experts have come up over the years.

OTOH first time I saw

(x) Killing them that way is not slow and painful enough

                                              used. Kudos