Forgot your password?
typodupeerror
Networking IT

ORDB.org Going Offline 156

Posted by Hemos
from the the-end-of-the-road dept.
Allan Joergensen writes "ORDB.org has announced that they will shut down their services after fighting open relays and spam for more than five and a half years. The RBL DNS service and mailing lists will be taken down today (December 18, 2006) and the website will vanish by December 31, 2006." The reasons given tend to be the usual ones - volunteers have been focused on other things in life; my salute to those folks for keeping the service up as long as they did.
This discussion has been archived. No new comments can be posted.

ORDB.org Going Offline

Comments Filter:
  • I'll miss' em (Score:2, Interesting)

    Even though it took a long time to get my own domain off their list after I left a mis-configured server out in the wild, I really appreciate all they have done over the years. Who will take up the mantle next?
    • Re: (Score:2, Insightful)

      by dreddnott (555950)
      I happened to run into an accidental open relay mail server during an onsite consultation (I ended up completely restructuring their deployment and getting ripped off). Most of the MILLIONS of e-mails were coming from China and/or Taiwan, and this was only a few months ago. Are the ORDB people sure they're not going to bring back the open relay problem by shutting down their admittedly useful services?

      While the cancer of spam may have metastasized to other parts of the Internet, it doesn't mean it can't gro
      • Re: (Score:3, Insightful)

        Are the ORDB people sure they're not going to bring back the open relay problem

        Whilst I see your point, this is prtty badly phrased - it implies almost an obligation, the little boy with his finger in the dam, and it's his calling, nay, his duty, to keep it there, for the sake of the rest of us.

        Which is not the case.

    • Re: (Score:3, Funny)

      by Anonymous Coward
      Imagine one day, Slashdot.org would shutdown too. Can't think of the consequences...

      We regret to inform you that slashdot.org, at the ripe age of 8 and a half, is shutting down. It's been a case where all the comments were either too +5 Linux or -5 Microsoft or too insightful that the moderators had to mod it "+2 BSD". Also very little work has gone into maintaining our Mysql database. We should have switched to MS SQL Server long back.
      This caused our readers to get pre-occupied with the only other a
      • by erpbridge (64037)
        Somehow, I'm thinking that K5 or D**g might be the replacements... not necessarily WORTHY ones, but...
    • Isn't it just to enter your domain (IP) in a form, and press "submit for testing"?

      I vaguely remember doing that once, after my ISP refused to accept my outgoing mail, because they had assigned me an IP that had previously been used for an open relay.
      • by clark0r (925569)
        Are you sure that's what your ISP did? I wasn't aware that ISPs ban email on port 25 for IP addresses that have previously been open relays. Most ISPs offer their own mail services of SMTP/POP3 (eg @ntlworld.com addresses). If they stopped all of your outgoing mail through their servers, then you wouldn't be able to use your ISP supplied mailbox! On the other hand, this is the UK. Most of our ISPs aren't too restrictive on what you do with your Internet connection.
  • The reasons (Score:5, Informative)

    by jginspace (678908) <jginspace AT yahoo DOT com> on Monday December 18, 2006 @01:00PM (#17287894) Homepage Journal
    The reasons are, expanding from TFA: "open relay RBLs are no longer the most effective way of preventing spam from entering your network as spammers have changed tactics in recent years, as have the anti-spam community."

    I concur.
    • by MztrBlack (35164)
      Truth. I'm down to about one spam in a thousand that's coming from a (known) open relay on my mail server. Doesn't mean spam is any less, just that RBLs aren't serving the purpose they once did.
      • Re:The reasons (Score:4, Informative)

        by BenFranske (646563) on Monday December 18, 2006 @01:07PM (#17288028) Homepage
        Which is nearly what they said in the article:
        We encourage system owners to remove ORDB checks from their mailers immediately and start investigating alternative methods of spam filtering. We recommend a combination involving greylisting and content-based analysis (such as the dspam project, bmf or Spam Assassin).
        • by LoadWB (592248) *
          Their statement is exactly the reason why I have been migrating away from DNSBL use solely, and modified my "no whitelist" policy -- DNSBLs are useful, but by themselves lack effectiveness.

          In the case of ORDB, out of a couple hundred thousand email rejections last week, only five were due to an ORDB listing. In my configurations, ORDB is fourth in line to other DNSBLs, like the SBL/XBL, which catch a good 73% of crap before ORDB even has a chance.

          Many thanks to them for the work over the years.
    • I wonder... (Score:5, Insightful)

      by jfengel (409917) on Monday December 18, 2006 @01:09PM (#17288074) Homepage Journal
      If the RBLs go offline, will spammers shift back to using open relays? I suspect not; the bot-nets are harder to stop and, from the spammer's POV, probably more reliable. The dark side of distributed, highly redundant networks.

      Still, it's pretty nice to think that they're going offline because they've largely solved the problem they were fighting. It's like declaring smallpox or polio extinct. And if they come back, we'll remember the formula.
      • by pla (258480)
        Still, it's pretty nice to think that they're going offline because they've largely solved the problem they were fighting.

        I wish I could agree with that sentiment, but I'd call it a closer analogy to say that the disease gained immunity to the best known antibiotic so far and further use of it just wastes resources better spent elsewhere.

        The governments of the world need to make it legal to hunt down and torture spammers and their extended families to death. Until then, they will always find ways to fi
        • by Anonymous Coward on Monday December 18, 2006 @01:34PM (#17288486)
          The governments of the world need to make it legal to hunt down and torture spammers and their extended families to death

          Your post advocates a

          ( ) technical ( ) legislative ( ) market-based (x) vigilante

          approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

          ( ) Spammers can easily use it to harvest email addresses
          ( ) Mailing lists and other legitimate email uses would be affected
          ( ) No one will be able to find the guy or collect the money
          ( ) It is defenseless against brute force attacks
          ( ) It will stop spam for two weeks and then we'll be stuck with it
          ( ) Users of email will not put up with it
          ( ) Microsoft will not put up with it
          (x) The police will not put up with it
          ( ) Requires too much cooperation from spammers
          ( ) Requires immediate total cooperation from everybody at once
          ( ) Many email users cannot afford to lose business or alienate potential employers
          ( ) Spammers don't care about invalid addresses in their lists
          ( ) Anyone could anonymously destroy anyone else's career or business

          Specifically, your plan fails to account for

          (x) Laws expressly prohibiting it
          ( ) Lack of centrally controlling authority for email
          ( ) Open relays in foreign countries
          ( ) Ease of searching tiny alphanumeric address space of all email addresses
          ( ) Asshats
          ( ) Jurisdictional problems
          ( ) Unpopularity of weird new taxes
          ( ) Public reluctance to accept weird new forms of money
          ( ) Huge existing software investment in SMTP
          ( ) Susceptibility of protocols other than SMTP to attack
          ( ) Willingness of users to install OS patches received by email
          ( ) Armies of worm riddled broadband-connected Windows boxes
          ( ) Eternal arms race involved in all filtering approaches
          ( ) Extreme profitability of spam
          (x) Joe jobs and/or identity theft
          (x) Technically illiterate politicians
          ( ) Extreme stupidity on the part of people who do business with spammers
          ( ) Dishonesty on the part of spammers themselves
          ( ) Bandwidth costs that are unaffected by client filtering
          ( ) Outlook

          and the following philosophical objections may also apply:

          (x) Ideas similar to yours are easy to come up with, yet none have ever
          been shown practical
          ( ) Any scheme based on opt-out is unacceptable
          ( ) SMTP headers should not be the subject of legislation
          ( ) Blacklists suck
          ( ) Whitelists suck
          ( ) We should be able to talk about Viagra without being censored
          ( ) Countermeasures should not involve wire fraud or credit card fraud
          ( ) Countermeasures should not involve sabotage of public networks
          ( ) Countermeasures must work if phased in gradually
          ( ) Sending email should be free
          ( ) Why should we have to trust you and your servers?
          ( ) Incompatiblity with open source or open source licenses
          (x) Feel-good measures do nothing to solve the problem
          ( ) Temporary/one-time email addresses are cumbersome
          ( ) I don't want the government reading my email
          (x) Killing them that way is not slow and painful enough

          Furthermore, this is what I think about you:

          (x) Sorry dude, but I don't think it would work.
          ( ) This is a stupid idea, and you're a stupid person for suggesting it.
          ( ) Nice try, assh0le! I'm going to find out where you live and burn your
          house down!
          • Furthermore, this is what I think about you: (x) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
            I am afraid the correct responce to a vigilante is always
            (X) Nice try, assh0le! I'm going to find out where you live and burn your house down!
      • by canuck57 (662392)

        If the RBLs go offline, will spammers shift back to using open relays? I suspect not; the bot-nets are harder to stop and, from the spammer's POV, probably more reliable. The dark side of distributed, highly redundant networks.

        Botnets are trivial to stop, load up spamassassin and research how to tune the rules with SPF

        Knock'em dead.

        But ORDB will be sadly missed. It was in my 2 cents, the most reliable going. Every system it hit was because someone didn't configure it properly.

  • SORBS (Score:4, Insightful)

    by Spazmania (174582) on Monday December 18, 2006 @01:05PM (#17287998) Homepage
    Now if extortionist SORBS would die, the anti-spam communinity could refocus on dealing with actual spammers. SORBS never was a pillar of responsibility but the current practice of "dontate to a SORBS-approved charity to get off the list" is just plain wrong.
    • Re: (Score:3, Informative)

      by GigsVT (208848)
      Don't forgot the "we blocked you because you used the wrong ISP" people, SPEWS.
    • Re: (Score:3, Interesting)

      by gclef (96311)
      SORBS has one useful list: the dial-up DNS blacklist (spare me the diatribes about being able to send mail from a dynamic address. I know the arguments, but the benefit doesn't outweigh the cost of the spam coming from that address space).

      I'm not willing to pay Trend Micro for access to what used to be MAPS for my one, small domain, and I haven't found anyone other than SORBS offering a collection of dial-up addresses as a DNS blacklist. If there are other, reliable, dial-up blacklists, I'd love to hear a
      • by benoitg (302050)
        If people taking this stance would at least bounce the email, it wouldn't be quite so bad. Right now a lot of people don't, and those running their own mailservers do not even know when a message will not reach the intended recipient because their IP address wasn't "expensive enough".
        • by misleb (129952)
          Problem with sending bouncebacks is that you can end up causing just as much of a problem as you are solving. If you bounceback messages to forged senders, you are effectively spamming people. One has to be careful about which messages are just dropped and which are bounced back. If you reject blacklisted IPs at the SMTP level, you should always get a bounceback. But if messages are "scored" based on blacklists, you may not get a bounceback if it scores to high...

          -matthew
          • He may already realize that. I've seen lots of people use the terms "bounce" and "drop" to refer either during delivery (in-session with connecting/source IP address) or else after DATA / message delivery. The former is of course the best. The sending server should be configured to copy the whole SMTP error ("bounce") message to the sender's inbox.
          • Problem with sending bouncebacks is that you can end up causing just as much of a problem as you are solving.

            This is a misconception born at the hands of idiotic software like Norton AV.

            A properly setup SMTP MTA will reject with a 55x (permanent failure) error, and the sending MTA generates the bounce message, sending it to the account generating the email, not looking at the From: address at all.

            • by misleb (129952)
              A properly setup SMTP MTA will reject with a 55x (permanent failure) error, and the sending MTA generates the bounce message, sending it to the account generating the email, not looking at the From: address at all.


              Some admins prefer to use blacklists for scoring rather than automatic rejection. It cuts down greatly on the false positives.

              -matthew
              • At the cost of not being able to notify the sender that the mail wasn't received (not to mention vastly increased resource usage)... unless they do ignore it and send the backscatter... gods, I hate those people... they're almost as bad as those C/R fools and their backscat.
        • by gclef (96311)
          The default behavior on the SMTP servers I've worked with (sendmail and exim4) is to reject the mail before the DATA segment if the source is listed in a DNSBL...so you should be getting bounces from most organizations that do this (that's certainly how mine's working).
        • by Secrity (742221)
          The cure to this problem is for you to use your ISP's mail relay (or any other mail server that isn't using a dynamic IP address; which is usually residential grade internet service). I run a mail server for a rather large company and the server is configured to reject SMTP connections from dynamic IPs, which prevents quite a bit of spam -- and the sender is aware that the mail has been rejected.
        • by kju (327)
          Nonsense. It isn't about the "price" of the ip addresses but the simple fact that dialup users will send their mail in 99.9% through their providers mailserver and therefore nearly everything coming directly from a dialup ip is abuse by spam or virus sending trojans. It just makes sense to block dialup ips and it would have been better if users would have been forced to use their providers servers from the beginning, because its a lot easier to track abuse when mail is going through the isps relay.
      • by darksoulz (700833)
      • by dodobh (65811)
        dynablock.njabl.org
      • by chris mazuc (8017)
        Blocking dynamic IPs is wonderful... unless you are unlucky enough to inherit an old dynamic subnet. I've spent the last three weeks getting off of almost every blacklist on the planet.
      • Re: (Score:2, Informative)

        by osu-neko (2604)

        SORBS has one useful list: the dial-up DNS blacklist (spare me the diatribes about being able to send mail from a dynamic address. I know the arguments, but the benefit doesn't outweigh the cost of the spam coming from that address space).

        True. Now, if only someone actually had an accurate list of dynamic IP addresses, this would be a good strategy, but since neither SORBS nor anyone else actually has one, it gets rather annoying for those of us who get our email bounced or eaten because some idiot has

      • Re: (Score:3, Informative)

        by Fred_A (10934)

        I'm not willing to pay Trend Micro for access to what used to be MAPS for my one, small domain, and I haven't found anyone other than SORBS offering a collection of dial-up addresses as a DNS blacklist. If there are other, reliable, dial-up blacklists, I'd love to hear about them.

        Sorry, but as dynamic addresses go, MAPS certainly isn't reliable. It lists a number of statically allocated blocks (some addresses of which may indeed be abused) ans dynamic when they aren't.
        For example my block is in the MAPS

      • by Dion (10186)
        Well, no, that list is crap, because it's not in sync with reality.

        I have a machine in a range that SORBS thinks is dynamically allocated, but it's not.

  • by The Blue Meanie (223473) on Monday December 18, 2006 @01:06PM (#17288024)
    If they've already shut down, I guess that explains the rather sudden and rather LARGE increase in spam I had sitting in my various mailboxes waiting for me this morning. :(

    Can anyone suggest a good alternative? I'm using spamhaus, sorbs, and uceprotect at the moment, and no, I won't use spamcop. ordb HAD been an excellent fourth.
    • by goldcd (587052)
      I started using Blacklists, but always ended up in a mess. Stuff still got through, so you'd add another blacklist and then one would randomly start blocking gmails 'to teach google a lesson' etc.
      ASSP installs nicely (I'm actually running it on MS Server with hmailserver) and does what it says on the tin. Takes a week or so to train it up, but once it's up it easily gets 99% of all spam, tags it and then my mail server shoves it into my users junk folders.
    • by dodobh (65811)
      Which spamhaus list? The sbl-xbl is rather good. You might want to block email addresses with ' and non FQDN HELOs as well.
    • Re: (Score:3, Informative)

      by Incadenza (560402)
      Here's my set-up (old-style Postfix config). No false positives in five years, so these are pretty reliable (and from the comment the I must have written myself, ordb has been of my list for quite a while):

      maps_rbl_domains =
      list.dsbl.org,
      sbl-xbl.spamhaus.org,
      hil.habeas.com,
      dul.dnsbl.sorbs.net,
      dynablock.njabl.org

      # Not enough hits to justify keeping them in the list

      # relays.ordb.org
      # opm.blitzed.org

      Also, for RBL's that might not be 100% reliable, there is a simple to way to add th

  • by RingDev (879105) on Monday December 18, 2006 @01:10PM (#17288082) Homepage Journal
    I guess some of these groups have a rather large following, but how about actually linking to their page or to a wiki that describes what they do? For those of us lazy American's too lazy to cut and paste.

    -Rick
    • Re: (Score:3, Informative)

      by BenFranske (646563)
      Maybe this will clarify [nyud.net] what they do.
    • by brufar (926802)
      This is a large list of the different blacklists available with a short blurb about how they operate, if they are free or fee based, and a link to each site. http://shopping.declude.com/Articles.asp?ID=97 [declude.com]

      182 working spam databases listed. 254 total spam databases listed. About 681 represented, including country databases. List of All Known DNS-based Spam Databases. The most common way of detecting spam is by using spam databases (blacklists, sometimes incorrectly referred to as RBLs, since RBL is trademarked by MAPS) that list the addresses of mail servers known (or believed) to send spam.

  • by xxxJonBoyxxx (565205) on Monday December 18, 2006 @01:15PM (#17288174)
    Is this a good case why it's not generally a good idea to put any long-term trust in "community" services like this?

    The RBL DNS service and mailing lists will be taken down today (December 18, 2006) and the website will vanish by December 31, 2006.


    Thanks - that's not even two weeks notice.

    The reasons given tend to be the usual ones - volunteers have been focused on other things in life


    More likely, they woke up one day and figured out they were sick of eating Ramen noodles while being taking for a ride by commercial leeches who never kicked back.

    • I removed my server from checking them today. For grins, I went back a week to see how many uce's they blocked. I did not find one.

      Anyone else notice this?
    • As far as community services go, I always put ORDB in the category of "means well, but a half assed effort." I inherited a job taking care of the mail servers at a company I used to work at, and I came to find out that we had an open relay and had been blacklisted. If memory serves me right, I want to say this was almost 5 years ago.

      How did I come to find out that we had an open relay? Did ORDB notify us? Hell no. They just slapped us on their list, and our users started getting bounce messages from other

      • Re: (Score:3, Informative)

        by scoof (2459)
        ORDB always attempted to notify the administrators of listed servers, several variations on the postmaster@server would have been sent and ignored by the people maintaining the server before you.
  • by Albanach (527650) on Monday December 18, 2006 @01:20PM (#17288244) Homepage
    We, and many others, still use RBLs as a front line tool to stop spam. Generally it'll stop several thousand emails a day from even entering the mail system.

    Spamassassin is great, we have sever custom rules and find it very effective. However it is resource intensive, especially if you are to add features like OCR detection of image spam.

    Is it really the case that folk should be accepting all this traffic from known open relays and then spending processor cycles analyzing it?

    Is there a middle ground? Some third way that lets lets you reject as much as possible at the start of the SMTP transaction? Greylisting is certainly an option but it presents significant problems too - many companies simply won't respond. Automatic emails will be missed, signup to websites becomes problematic etc etc. What, if any, are the other options?

    • by LodCrappo (705968) on Monday December 18, 2006 @01:40PM (#17288598) Homepage
      We block tons of spam simply by requiring the sending server to strictly follow RFC 2821. A HELO name that follows the rules seems particularly difficult for the spammers to configure. Non FQDNs on the sender, recipient or hostname... sending domains that don't even exist in DNS, servers using your domain name or your IP address and their HELO... a whole variety of strange things that only spammers (and once in a while really bad sysadmins) do. Then you can go a step further and require that someone's sending domain actually have dns properly setup for mail delivery (a "you can't mail me if I can't mail you" kind of thing).

      Also, some grey listing systems are better than others. One that really works well for me is sqlgrey http://sqlgrey.sourceforge.net/ [sourceforge.net] Sqlgrey comes with a fairly decent list of servers to exclude due to their inability to properly follow specs, so you don't lose mail from most of the broken but nonspammer servers. This list is also updated automagically and seems to work pretty well.. makes greylisting actually usable, for us at least.

      P.S. Don't want to start any holy wars, but if you're trying to fight mail and want a system thats easy to config and just works, postfix is a really great mail server.

      • by TubeSteak (669689)
        Any chance you can explain how I get e-mails where my address never shows up in the e-mail header?

        Received: from basp34 (unknown [10.10.101.71])
        by mailgate.buysell.com (Postfix) with ESMTP id xxx
        for checkmeout105@hotmail.com

        From: WickedGifts Postmaster@BuySell.com
        To: checkmeout105@hotmail.com

        My address is not checkmeout105@hotmail.com, but that's who it seems the e-mail was addressed to.

        • Re: (Score:3, Informative)

          by LodCrappo (705968)
          well we are way off topic here, but this can happen for several reasons. first off, anything in the headers can (and often is) completely fake. Second, there is a big difference between the "To:" field in a message's headers and the SMTP envelope RCPT TO: address. If you're geniunely interested, I'd suggest looking at RFC 2821 and 2822 which are free online, or maybe skimming a book on SMTP.

          HTH

        • Much like a physical business letter, SMTP messages have an envelope and a header. The envelope information is used for routing, just like the US mail, while the header information is what you see in your message just like the header on your business letter. So what you see in your client is totally arbitrary and has no effect on delivery.
          • by swillden (191260) *

            Much like a physical business letter, SMTP messages have an envelope and a header.

            Thanks for both enlightening me *and* making me feel like an idiot. Your analogy struck me as such a perfect one, and then I realized it's also an utterly obvious one. I've discussed SMTP envelopes before, but never thought to follow the analogy through to consider the mail headers as equivalent to the headings on a paper business letter. Duh!!! So obvious. Hit me like a bolt out of the blue, though.

            Thanks again!

        • Old spammer trick. Put a bogus address in TO: and the real victims email address in BCC: (Blind carbon copy)
      • Non FQDNs on the sender, recipient or hostname...

        Most spam does not fail FQDN checks. You could consider it "yet another check...", catching some but not all mail, making there be less to check, but it has false positive problems that cause problems in this regard. I am in fact staff on an IRC network while has been forced to require an email check for nickname registration, and we have problems with mail servers rejecting our mail in some cases because of FQDNs problems. Others, like Gmail, accept it and it arrives instantly.

        It isn't my area of knowledg

        • by LodCrappo (705968)

          Non FQDNs on the sender, recipient or hostname...

          Most spam does not fail FQDN checks.

          uhh... what?? Tons of spammers fail these checks. Compromised Windows boxes acting as spam zombies almost always fail these checks, and as have increasingly becoming a major source of spam over the last couple years, these types of checks have become more and more effective. On the largest mail system I have access to stats on (about 200k messages per day) these checks blocked about 20% of all mail yesterday.

          You could consider it "yet another check...", catching some but not all mail, making there be less to check, but it has false positive problems that cause problems in this regard. I am in fact staff on an IRC network while has been forced to require an email check for nickname registration, and we have problems with mail servers rejecting our mail in some cases because of FQDNs problems. Others, like Gmail, accept it and it arrives instantly.

          It isn't my area of knowledge but I'm assured that getting a FQDN isn't possible with our shell hosting, and these unnecessary filters creates a LOT of pain for users and staff who then must personally email the person to verify the email.

          Is this a good idea if it hits false positive problems, and misses quite a lot anyway? Other checks would catch most spammers failing FQDN, and the number of false positives to spammers blocked who otherwise wouldn't be seems quite high.

          Sounds like sour grapes to me. Anyone who is telling you it isnt possible to configure your

    • by Sentry21 (8183) on Monday December 18, 2006 @01:40PM (#17288612) Journal
      On my server, I use greylisting and RBLs, as well as other checks. In the span of one week, we received 128,000 e-mail attempts, 5000 of which were successful. The checks below block huge amounts of spam, to the point where I've actually removed spamassassin because the only messages it gets a chance to check are all legitimate.

      For anyone who's wondering, here's what we've got going on, plus amavisd/clamav doing virus scanning. This blocks all spam I get (used to be 30-200 messages per day that Spamassassin would catch).

      smtpd_recipient_restrictions =
          reject_non_fqdn_hostname,
          reject_non_fqdn_sender,
          reject_non_fqdn_recipient,
          reject_invalid_hostname,
          permit_mynetworks,
          permit_sasl_authenticated,
          reject_unauth_destination,
          reject_unauth_pipelining,
          reject_rbl_client opm.blitzed.org,
          reject_rbl_client list.dsbl.org,
          reject_rbl_client bl.spamcop.net,
          reject_rbl_client sbl-xbl.spamhaus.org,
          reject_rbl_client dynablock.njabl.org
    • Is there a middle ground? Some third way that lets lets you reject as much as possible at the start of the SMTP transaction?


      A big one a lot of people don't like and I've never been sure why: 95%+ of all messages where the domain in the 'To:' doesn't match the DNS domain of the IP address in the 'X-Originating-IP:' line are SPAM. So just reject them ALL. SPAM problem solved. Whiners will be executed on site.

      • Uh? So the PTR of the originating IP has to match the domain of the destination?

        But even if you meant the "From:", how do you deal with hosted mail domains? My domain might be one of thousands hosted at "smtpserver.bigprovider.com" or the like.
      • A big one a lot of people don't like and I've never been sure why: 95%+ of all messages where the domain in the 'To:' doesn't match the DNS domain of the IP address in the 'X-Originating-IP:' line are SPAM. So just reject them ALL. SPAM problem solved. Whiners will be executed on site.

        That doesn't work for situations where the mail server hosts multiple domains on a single IP address. Which is a very common situation for all but the few hundred largest organizations. Everyone else typically shares spac
    • Re: (Score:2, Informative)

      by btpier (587890)
      I use strict HELO requirements, greylisting, RBLs, and finally SpamAssassin on my home server. Very few spams make even make it to the SpamAssassin checks. Adding the HELO requirements and greylisting reduced the number spam emails SpamAssassin had to check from >100 emails per day down to an average of about 5 per week.

      I haven't had any issues with greylisting. I know of no emails that I haven't eventually received and even web-page sign-ups/registrations have gotten through without a hitch.

      There ar

    • For example, one significant problem with greylisting is if your organisation happens to use a large 3rd party mail processing company for antivirus and antispam services... with many many email servers... so greylisting may decide to accept mail from you this time... or not... do you feel lucky today?
      • by LodCrappo (705968)
        sqlgrey at least will consider attempts for the same user from addresses in the same /24 to be equivalent, which helps a lot with this. but yes, sometimes this can be a problem. sqlgrey also has a dynamically updated list of sending domains/servers to exclude from greylisting due to known incompatibility, so this avoids problems with many "popular" third party mailers. I had given up on greylisting, but actually i'm having great results now that i use sqlgrey.
    • SPF to the rescue (Score:2, Insightful)

      by michaelredux (627547)
      Perhaps you are asking about SPF.

      http://en.wikipedia.org/wiki/Sender_Policy_Framewo rk [wikipedia.org] Spammers recently started forging my domain as their return address. I know this because I recieved a bucket-load of bounces every day until I blocked the catch-all address. All of that spam would have been blocked if the servers that bounced it had checked my SPF record first. It clearly specifies that all of the IP addresses where the spam is coming from are not authorized to serve email from my domain.

      This is
      • This is a simple, open standard that can eliminate spam from forged domains, which I would guess is most of it, at this point in history.

        Just for the record... SPF is not anti-spam, it's anti-forgery. Which are admittedly overlapping problems.

        Where SPF excels is:

        - Blocking e-mail from an IP address that fails an SPF check. A good use of the system, but it probably won't block a ton of spam (spammers just create bogus domains with very loose SPF records).

        - Eliminating bounce messages that are sent
  • Efficiency (Score:3, Informative)

    by cockroach2 (117475) on Monday December 18, 2006 @01:20PM (#17288250) Homepage
    I'm not sure I agree about the lack of efficiency: On a "normal" day my server which hosts about 60 mailboxes blocks between 5000 and 6000 e-mail messages (4992 yesterday, 4936 Sunday, 5615 Saturday, 5763 Friday etc.) using ordb, spamhaus and dsbl. While it's true that I still have to use spamassassin for additional content filtering, that's more than 5000 messages a day which don't even enter the system - I consider that quite a lot.
    • Not to be a troll, but what's the breakdown per service? Is ordb doing the heavy lifting? Or is spanhaus? If it's an even 33% aross the board, ok. But if ordb is only doing 1% of that 5000 then they're right, blocking relays is no longer effective.
      • Re: (Score:2, Informative)

        by cockroach2 (117475)
        You're right, about 95% (or more) of the blocking is done by spamhaus (it is the first filter which is used, thus it's clear that they catch more than the others). Still, the ORDB guys basically say that open relay RBLs in general don't make much sense anymore which, as I consider spamhaus to be an open relay RBL too, I can't agree to.

        For completeness' sake, here's the breakdown for yesterday:
          - spamhaus: 4769 (96%)
          - dsbl.org: 220 (4%)
          - ordb.org: 3 (0%)
  • According to ordb.org's website, they maintained a list of open relay servers that you can use to block mail. I may be wrong but it seems that most email servers disable open relay by default. I know that Postfix takes great pains to prevent open relay in the default install, configurations not even withstanding. ORDB filled a niche for a while but may actually be redundant at this point. Spam will always be a game of cat and mouse.
    • by erlenic (95003)
      As others have said, they are still very useful. At my company, of the 125,020 pieces of spam we blocked in November, 81,316 of them were blocked by blacklists. That's 65% of all detected spam. That's over 2,700 e-mails per day that our already overloaded relay server didn't have to spend much processing time on.
      • by mungtor (306258)
        but that's just a blacklist.... Which blacklists and why was the server on the blacklist? Was it a known source of spam and not an open relay?
  • by wiredog (43288) on Monday December 18, 2006 @01:29PM (#17288398) Journal
    A "public" e-mail account, given to businesses, people who like to cross-post via CC (instead of BCC), places like /., etc. I use Gmail, which does a good bit of spam filtering.

    A "private" e-mail account, given only to family and close friends, whit a set of filtering rules to build the whitelist, and everything else run through bayesian filtering.

    Between the two, I have to deal with very little spam.

    OT:This is my 2,000th Slashdot comment...

    • Re: (Score:3, Funny)

      by robogun (466062)
      OT:This is my 2,000th Slashdot comment...

      Damn. I only received 337 of them, my filter must have caught the rest!
  • RBLs not so trivial (Score:4, Informative)

    by jblakezachary (1025970) on Monday December 18, 2006 @01:30PM (#17288408)
    The ORDB notice makes it sound like we should all abandon RBL lookups all together. I operate a small GroupWise domain ~about 300 users~ and checked my GWAVA stats when I read the article. 78,000 of the last 155,000 inbound messages were blocked as RBL hits. This first step in ridding most of our spam takes a load off of the more server intensive methods of filtering mail and still seems very relevant. I will be sad to see ORDB go.

    For those of you relying on RBL lookups, the following are still available and seem to be very reliable, producing few to zero false positives:
    zen.spamhaus.org
    bl.spamcop.net
    list.dsbl.org
    • by Spoke (6112)

      zen.spamhaus.org
      bl.spamcop.net
      list.dsbl.org
      I use those same domains for my mail servers and also find them to be very effective.

      Besides spamcop.net [slashdot.org], are there any other useful service to forward spam to to help add to these blacklists?
    • by Phroggy (441) *
      Just a note: do NOT use bl.spamcop.net to block mail, although using it to add to a SpamAssassin score is good. SpamCop's blacklist is completely automated, and it's easy for innocent IP addresses to get added to it by mistake (they're removed automatically too, of course).

      However, I've had GREAT success with zen.spamhaus.org and list.dsbl.org. No false positives here either.
  • Spam Can-Doers (Score:1, Flamebait)

    by Doc Ruby (173196)
    Since the Republican Congress "defeated spam" with their CAN-SPAM Act, I've noticed my incoming spam double every month for years. While I notice that the antispam organizations keep folding, or even getting shut down.
    • Re: (Score:3, Funny)

      by s7uar7 (746699)
      Since the Republican Congress "defeated spam" with their CAN-SPAM Act, I've noticed my incoming spam double every month for years

      CAN-SPAM took effect on 1 January 2004, so assuming you got 1 spam that month and it's doubled every month since, that means you're getting about 564 million spam emails a day now. I wouldn't want to be your ISP :)
      • by Doc Ruby (173196)
        Actually it seems to be doubling every three months, though that accelerated this past Summer. And "for years" since mid-2005. That's about 2^6, which is about the couple-few hundred spams I get each day.

        I wouldn't want to be my ISP, anyway - or I would be :).
    • Re:Spam Can-Doers (Score:4, Insightful)

      by rworne (538610) on Monday December 18, 2006 @04:54PM (#17291546) Homepage
      Really?

      The U.S. Senate voted 97-0 (with 3 nonvoting senators).
      Congress voted in much a similar fashion: 392-5.

      link [vote-smart.org]

      Jump off that hate bandwagon and realize you being screwed over by both parties.

      • by Doc Ruby (173196)
        Do you know how Congress works? Especially the now departing (but not lamented) Republican "Contract" Congress? They abused their majority to rewrite, abuse and selectively enforce rules that excluded minority Democrats from any representation, even in the nearly 50:50% proportions they controlled. To an unprecedented degree.

        Democrats are no saints. They certainly do their share of the screwing. But theirs has been sustainable. Under Republican rule, Democrats had to trade votes to Republicans, including ju
  • by certel (849946)
    To fight spam we should hold the following responsible: 1) ISP's for not properly configurating their network to block certain traffic to certain home computers ports. Even more so when suspect traffic is noticed. Example, my ISP does not allow outbound port 25 connections. 2) Software companies who develop broken code allowing such activities (IE, Microsoft). Nuff said.
    • by DShard (159067)
      And since phishing sites are bad for people we should also have ISPs block outbound port 80 and 443. That will stop those pesky get rich schemes.
    • by johnw (3725)

      SP's for not properly configurating
      ITYM "configuratisationing"
  • by NerveGas (168686) on Monday December 18, 2006 @02:18PM (#17289224)

        By giving people one entire day to remove their mailer configuration, they didn't leave people much time. Of course, that's sort of moot, I noticed early last week that my mailer wasn't getting responses from them any more, causing timeout delays on the query for every incoming message.

        Ah, well. I guess I shouldn't complain, since this one inconsiderate act is vastly overshadowed by the usefulness they've provided over the years.
  • SORBS (Score:2, Informative)

    by Hymer (856453)
    1. SORBS sucks... and they work because they suck. They assume any mail source is a spam source unless it got a rDNS record (wich may be quite hard to get on ADSL lines).
    2. SpamHaus do a decent job and they don't make funny/crazy assumptions, and they do try to keep the list up to date.
    3. Even content check does not block spam... spammers are sending pictures with their message... and they make those hard to run thru OCR (just like the Human-Check here on /.).
    4. A world wide law against spam would help
  • I use RBLs. I like RBLs - most of our rejections are due to them, with SpamAssassin and the Sane Security signatures for CLAM responsible for most of the rest. When you reject a quarter million messages per day, and have no prospect of getting money for either the extra grunt or extra bandwidth required to analyse everything, it's a practical first line of defence.

    That said, I'd been considering removing ORDB from our checks for some time. On days when NJABL and SpamHaus were picking up 30-50k messages ea

Memory fault -- brain fried

Working...