ORBS again blacklists all of PacBell Internet
Bill Pitz
> PacBell Internet (PBI) was originally listed in ORBS because of a couple
> of open relays operated by subscribers that were never implicated in any
> actual spam.
> I just checked, and ORBS has again blacklisted PBI, based on the claim
> that four ADSL subscribers are running open relays, with no proof that
> these servers have ever sent (or would ever be likely to send) any actual
> spam.
So you're saying they blacklisted PBI's MTAs because of ADSL customers that
had nothing to do with the "official" PBI mail servers?
ORBS gets more idiotic every day...
-Bill
John Navas
of open relays operated by subscribers that were never implicated in any
actual spam.
I just checked, and ORBS has again blacklisted PBI, based on the claim
that four ADSL subscribers are running open relays, with no proof that
these servers have ever sent (or would ever be likely to send) any actual
spam.
ORBS n. Internet vigilantes that try to coerce ISP's into adopting the
ORBS point of view by intentionally punishing innocent victims.
--
Best regards,
John Navas <http://navasgrp.home.att.net/>
CABLE/DSL TIPS: <http://navasgrp.home.att.net/tech/cable_dsl.htm>
David desJardins
>> PacBell Internet (PBI) was originally listed in ORBS because of a couple
>> of open relays operated by subscribers that were never implicated in any
>> actual spam.
Bill Pitz <bi...@nospammm.svn.net> writes:
> So you're saying they blacklisted PBI's MTAs because of ADSL customers
> that had nothing to do with the "official" PBI mail servers?
No, he's not saying that. You need to fine-tune your Navas decoder.
David desJardins
Philip J. Koenig
desJardins) writes...
No, actually ORBS refers to such a scenario as "3rd party relay".
IE, a customer MTA on the ISPs network is relayable (allows
external parties to use it to send to non-local addresses), and
supposedly that MTA relays traffic through the ISP's MTA(s),
therefore "tainting" the ISPs MTAs. (which are then listed by
ORBS)
As John wrote, none of this means that any spam necessarily ever
used this path, just that it "might theoretically be possible".
For that, they inconvenience or damage communications for
200,000+ users. Cute.
--
Philip J. Koenig The Electric Kahuna Organization [see below]
-----------------Computers & Communications for the New Millenium-------------
* This message is spam-resistant. To send email, use the following address *
* by removing numbers and spaces: pjkunet64 @ ekahuna27 . c o m *
* *
* Expose ORBS for what it is: abuse of the net. *
* Simple answers are for simple minds. Try a new way of looking at things. *
John Navas
Bill Pitz <bi...@nospammm.svn.net> wrote:
>John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
>> PacBell Internet (PBI) was originally listed in ORBS because of a couple
>> of open relays operated by subscribers that were never implicated in any
>> actual spam.
>
>> I just checked, and ORBS has again blacklisted PBI, based on the claim
>> that four ADSL subscribers are running open relays, with no proof that
>> these servers have ever sent (or would ever be likely to send) any actual
>> spam.
>
>So you're saying they blacklisted PBI's MTAs because of ADSL customers that
>had nothing to do with the "official" PBI mail servers?
The ORBS argument is that these servers might relay through PacBell
servers, and that thereby the PacBell servers are tainted.
>ORBS gets more idiotic every day...
I would have said offensive, but otherwise I agree. ;-)
For PacBell to satisfy ORBS, it would have to continuously check each and
every ADSL subscriber for an open relay. That would involve much more
than just portscanning -- in order to distinguish open relays, PacBell
would have to attempt to send mail through any mailserver it found. Or
simply block incoming port 25, thereby preventing subscribers from running
their own mailservers. Either way, can you say "draconian?"
John Navas
Bill Pitz <bi...@nospammm.svn.net> wrote:
>John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
>> PacBell Internet (PBI) was originally listed in ORBS because of a couple
>> of open relays operated by subscribers that were never implicated in any
>> actual spam.
>
>> I just checked, and ORBS has again blacklisted PBI, based on the claim
>> that four ADSL subscribers are running open relays, with no proof that
>> these servers have ever sent (or would ever be likely to send) any actual
>> spam.
>
>So you're saying they blacklisted PBI's MTAs because of ADSL customers that
>had nothing to do with the "official" PBI mail servers?
>
>ORBS gets more idiotic every day...
p.s. The irony is that ORBS, by making the ISP's mailservers less
dependable and reliable, tends to encourage subscribers to set up their
own mailservers, thereby tending to exacerbate the very problem that ORBS
purports to solve. (Not just speculation.)
John Navas
See_email_@ddress_below.This_one_is.invalid (Philip J. Koenig) wrote:
>No, actually ORBS refers to such a scenario as "3rd party relay".
>
>IE, a customer MTA on the ISPs network is relayable (allows
>external parties to use it to send to non-local addresses), and
>supposedly that MTA relays traffic through the ISP's MTA(s),
>therefore "tainting" the ISPs MTAs. (which are then listed by
>ORBS)
>
>As John wrote, none of this means that any spam necessarily ever
>used this path, just that it "might theoretically be possible".
>
>For that, they inconvenience or damage communications for
>200,000+ users. Cute.
Another cute aspect of ORBS is publishing its list of relays that have
been open (or simply unverified) for more than 30 days. This of course
makes it easy for spammers to find those servers that might otherwise
never be used to send spam. To me the purported reason for publication
doesn't really wash -- it looks more to me like ORBS may be trying to
blackmail ISP's into using ORBS by increasing the differential between
spam sent through open relays listed by ORBS as compared to open relays
unknown to ORBS. Either way, it's hypocritical.
--
Best regards,
John Navas <http://navasgrp.home.att.net/>
ORBS n. Internet vigilantes that try to coerce ISP's into complying
with the ORBS agenda by intentionally punishing innocent victims.
Bill Pitz
> p.s. The irony is that ORBS, by making the ISP's mailservers less
> dependable and reliable, tends to encourage subscribers to set up their
> own mailservers, thereby tending to exacerbate the very problem that ORBS
> purports to solve. (Not just speculation.)
Ok, ok John. You've convinced me 100% now.
ORBS (n.) Internet vigilantes that try to coerce ISP's into complying
with the ORBS agenda by intentionally punishing innocent victims. As a
test, I've taken ORBS out of my procmail routines. Still have RSS in
there. Either way, I've always felt that ORBS should not be implemented
on the mail server level, but should be available as an option (like a
procmail filter) to users who really hate spam. It works out a lot better,
since the mail just gets set aside into a different file. Since I already
have several files for mail (for mailing lists, etc. that I subscribe to)
checking an extra one now and then wasn't a big deal.
-Bill
Philip J. Koenig
Yanno, if it's for personal use, do whatever you like. And
I don't have a problem with someone who provides such a
facility to their users, provided users know *exactly* what
is going on, better yet, can opt out.. or better still, just
use it for a scoring system rather than a blocking system and
allow users to decide if they want to keep anything in the
"junkpile".
Which of course doesn't address the sysadmin's familiar
lament that that doesn't help MTA overloading caused by
large incoming spams. (assuming other methods haven't
solved the problem, ie RBL) Such a case is where you
will typically find many sysadmins vehemently defending
ORBS.. but my view is that it's shortsighted thinking.
I like Brightmail's idea of monitoring for spamming
in realtime, and sending rule updates to their subscribers
fast enough to block the incoming traffic while it's
still hitting the MTA. Problem is, they charge for it.
I think it would be really keen to put together a
public system (ie MAPS) to do that kind of thing
instead. (but I'm a bit hesitant because I also
want to support what Brightmail is doing, and I'm
not sure if they have any kind of intellectual property
claims on such a scheme. I certainly didn't think it
up, I just like the idea :-)
Such a system alleviates all of my concerns about dropping
the traffic at the gateway itself, because unlike miscellaneous
traffic that comes in randomly, such things are *positively
identified* as being part of a big bulk blast of junk, and
I would have *no* problem sending that stuff to the bit bucket
right out to the border of my network.
(although there are some other interesting strategies, like
this guy who came up with the "throttling" thing that just
puts your MTA into "slow-motion" when it talks to such hosts,
holds each socket open for a looooooong time, forcing the
sending host to chew on memory and cpu cycles as it waits
longer and longer waiting for a response that never comes back.. )
John Navas
c.c....@59.usenet.us.com (Rahul Dhesi) wrote:
>In <1WWw4.5776$sR2.1...@news.swbell.net> John Navas
><spamf...@navasgrp.dublin.ca.us> writes:
>
>>For PacBell to satisfy ORBS, it would have to continuously check each
>>and every ADSL subscriber for an open relay....
>
>All that Pacific Bell Internet needs to do is give an additional IP
>address to each of its SMTP relay hosts, and configure all of them such
>that:
>
>Set A refuses to accept mail from any ORBS-listed host, but will
>otherwise accept mail from any customer and relay it.
>
>Set B will accept mail from any customer and relay it.
>...
Which would result in upset customers, a tech support nightmare, and added
expense, all for no good purpose. Would you have PacBell similarly cave
in to other forms of blackmail? Where would it stop?
--
Best regards,
John Navas <http://navasgrp.home.att.net/>
CABLE/DSL TIPS: <http://navasgrp.home.att.net/tech/cable_dsl.htm>
Bill Pitz
> Which would result in upset customers, a tech support nightmare, and added
> expense, all for no good purpose. Would you have PacBell similarly cave
> in to other forms of blackmail? Where would it stop?
Tech suport nightmare doesn't begin to describe it... They'd either
have to double their staff available at any time, or futher irritate
customers by having outrageous hold times.
-Bill
Rahul Dhesi
>For PacBell to satisfy ORBS, it would have to continuously check each
>and every ADSL subscriber for an open relay....
All that Pacific Bell Internet needs to do is give an additional IP
address to each of its SMTP relay hosts, and configure all of them such
that:
Set A refuses to accept mail from any ORBS-listed host, but will
otherwise accept mail from any customer and relay it.
Set B will accept mail from any customer and relay it.
Neither set A nor set B will promiscuously relay mail for any
non-customer.
Customers of Pacific Bell Internet that want to be able to always send
mail to sites that use ORBS would relay their outgoing mail via set A.
Customers that don't care about sending mail to sites that use ORBS
would relay it via set B.
This way everybody gets what they want. No scanning of ADSL
subscribers' machines is needed.
--
Rahul Dhesi <dh...@email.rahul.net> (spam-filtered with RSS and ORBS)
See my ORBS faq:
http://www.rahul.net/dhesi/orbs.faq.txt
Philip J. Koenig
(John Navas) writes...
> ><spamf...@navasgrp.dublin.ca.us> writes:
> >
> >>For PacBell to satisfy ORBS, it would have to continuously check each
> >>and every ADSL subscriber for an open relay....
> >
> >All that Pacific Bell Internet needs to do is give an additional IP
> >address to each of its SMTP relay hosts, and configure all of them such
> >that:
> >
> >Set A refuses to accept mail from any ORBS-listed host, but will
> >otherwise accept mail from any customer and relay it.
> >
> >Set B will accept mail from any customer and relay it.
>
> Which would result in upset customers, a tech support nightmare, and added
> expense, all for no good purpose. Would you have PacBell similarly cave
> in to other forms of blackmail? Where would it stop?
Well I agree in part with John, but I must admit from a technical
standpoint Rahul's idea is kind of interesting. It's one of the
few new ideas I've seen on the subject of ORBS for awhile.
@hotmail.com Shrodinger's Cat
RICO.
ORBS that is.
On Mon, 06 Mar 2000 12:37:02 -0800, John Navas
<spamf...@navasgrp.dublin.ca.us> wrote:
>PacBell Internet (PBI) was originally listed in ORBS because of a couple
>of open relays operated by subscribers that were never implicated in any
>actual spam.
>
>I just checked, and ORBS has again blacklisted PBI, based on the claim
>that four ADSL subscribers are running open relays, with no proof that
>these servers have ever sent (or would ever be likely to send) any actual
>spam.
>
>ORBS n. Internet vigilantes that try to coerce ISP's into adopting the
>ORBS point of view by intentionally punishing innocent victims.
John Navas
ORBS moved to New Zealand, essentially putting it out of reach of U.S.
law. Otherwise I doubt that it would still be operating. ;-)
Shrodinger's Cat <Shrodingers_cat @hotmail.com> wrote:
>Another reason to break them up under anti-trust laws or
>RICO.
>
>ORBS that is.
>
>On Mon, 06 Mar 2000 12:37:02 -0800, John Navas
><spamf...@navasgrp.dublin.ca.us> wrote:
>
>>PacBell Internet (PBI) was originally listed in ORBS because of a couple
>>of open relays operated by subscribers that were never implicated in any
>>actual spam.
>>
>>I just checked, and ORBS has again blacklisted PBI, based on the claim
>>that four ADSL subscribers are running open relays, with no proof that
>>these servers have ever sent (or would ever be likely to send) any actual
>>spam.
--
Best regards,
John Navas <http://navasgrp.home.att.net/>
ORBS n. Internet vigilantes that try to coerce ISP's into complying
with the ORBS agenda by intentionally punishing innocent victims.
Bill Pitz
> [POSTED TO ba.internet]
> ORBS moved to New Zealand, essentially putting it out of reach of U.S.
> law. Otherwise I doubt that it would still be operating. ;-)
We all ought to just blackhole the route to them so they can't reach any
servers here in the U.S. :)
-Bill
Derek Balling
(in message <38ca...@news1.svn.net>):
Never happen. :) There are too many people working the "big routers" who:
(A) agree with ORBS,
(B) Disagree with ORBS, but also disagree that they should be destroyed
(C) Believe that regardless of WHAT they think of ORBS, "censorship is
interpreted on the net as an outage and data is routed around it"
Obviously, there ARE people in "D" (the "Fuck ORBS" category) but there's
enough A-C to prevent it from being effective.
D
Roger Marquis
>We all ought to just blackhole the route to them so they can't reach any
>servers here in the U.S. :)
Trouble with that censorship scenario is that there are at least
a dozen site that would take over where ORBS left off, mine included.
Think about it, if it weren't for subscribers there would be no
ORBS. As long as spam continues to be a serious problem, and as
long as open relays are the primary reason for spam there will be
services like ORBS.
Of course none of these reasonable arguments make any difference
to fundamentalists like Pitz and Navas. To you guys I can only
recommend setting up a domain with it's own ORBS-enabled mailserver.
After a few days the sendmail logs will be proof enough.
It's not surprising that the posts complaining about ORBS never
include logs. Proof, pudding, ...
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
>Mar 14 04:41:36 sendmail[4989]: EAA04989: ruleset=check_mail, arg1=<dd132...@yahoo.com>, relay=du-148-233-224-1.prodigy.net.mx [148.233.224.1], reject=550 <dd132...@yahoo.com>... no access from 148.233.224.1, see http://www.orbs.org/
>Mar 14 09:48:44 sendmail[7823]: JAA07823: ruleset=check_mail, arg1=<med...@es.com.sv>, relay=enlinea.com.sv [168.243.148.66], reject=550 <med...@es.com.sv>... no access from 168.243.148.66, see http://www.orbs.org/
>Mar 14 10:50:11 sendmail[8510]: KAA08510: ruleset=check_mail, arg1=<jfousry...@chinahot.net>, relay=[202.101.106.253], reject=550 <jfousry...@chinahot.net>... no access from 202.101.106.253, see http://www.orbs.org/
>Mar 14 12:30:23 sendmail[8999]: MAA08999: ruleset=check_mail, arg1=<2la...@beer.com>, relay=jpl-mx.j-plaza.or.jp [202.220.108.42], reject=550 <2la...@beer.com>... no access from 202.220.108.42, see http://www.orbs.org/
>Mar 14 18:39:54 sendmail[11319]: SAA11319: ruleset=check_mail, arg1=<sp...@ms1.hinet.net>, relay=ms2.hinet.net [168.95.4.20], reject=550 <sp...@ms1.hinet.net>... no access from 168.95.4.20, see http://www.orbs.org/
>Mar 14 21:04:49 sendmail[12413]: VAA12413: ruleset=check_mail, arg1=<ma...@techspot.com>, relay=exchange.keylabs.com [207.179.38.200], reject=550 <ma...@techspot.com>... no access from 207.179.38.200, see http://www.orbs.org/
>...
John Navas
Roger Marquis <not-fo...@roble.com> wrote:
>Bill Pitz <bi...@nospammm.svn.net> wrote:
>>We all ought to just blackhole the route to them so they can't reach any
>>servers here in the U.S. :)
>
>Trouble with that censorship scenario is that there are at least
>a dozen site that would take over where ORBS left off, mine included.
>Think about it, if it weren't for subscribers there would be no
>ORBS. As long as spam continues to be a serious problem, and as
>long as open relays are the primary reason for spam there will be
>services like ORBS.
Perhaps, but I tend to doubt it. ORBS had to move to New Zealand to
escape the consequences of its actions. It remains to be seen how long
that strategy will be viable.
>Of course none of these reasonable arguments make any difference
>to fundamentalists like Pitz and Navas.
More name calling -- how charming and how ORBS.
>To you guys I can only
>recommend setting up a domain with it's own ORBS-enabled mailserver.
>After a few days the sendmail logs will be proof enough.
Been there; done that. The "proof" is that ORBS is not as effective as
other methods, both from a true positive and a false positive perspective.
But then I don't have an "open relay" agenda, just a desire to minimize
spam while also minimizing false positives.
>It's not surprising that the posts complaining about ORBS never
>include logs. Proof, pudding, ...
Pot, kettle, ... Things posted in defense of ORBS tend to be purported
spam that could have been avoided by other (more effective) means.
--
Best regards,
John Navas <http://navasgrp.home.att.net/>
CABLE/DSL TIPS: <http://navasgrp.home.att.net/tech/cable_dsl.htm>
Bill Pitz
> Bill Pitz <bi...@nospammm.svn.net> wrote:
>>We all ought to just blackhole the route to them so they can't reach any
>>servers here in the U.S. :)
> Trouble with that censorship scenario is that there are at least
> a dozen site that would take over where ORBS left off, mine included.
> Think about it, if it weren't for subscribers there would be no
> ORBS. As long as spam continues to be a serious problem, and as
> long as open relays are the primary reason for spam there will be
> services like ORBS.
> Of course none of these reasonable arguments make any difference
> to fundamentalists like Pitz and Navas. To you guys I can only
> recommend setting up a domain with it's own ORBS-enabled mailserver.
> After a few days the sendmail logs will be proof enough.
I don't consider myself a "fundamentailst" ... I actually have been
pretty happy with the use of orbs in my personal procmail filter, but
it *does* throw away a lot of legitimate mail. You can't deny that.
> It's not surprising that the posts complaining about ORBS never
> include logs. Proof, pudding, ...
Would you like me to include logs of legitimate messages that it's
thrown away? Nobody is trying to say that ORBS doesn't cut down on
spam. Some of their practices are just extreme.
Of course, none of these reasonable arguments (ie. People don't like
to lose their e-mail...trust me, I've worked tech support) make any
difference to extremists like Marquis.
-Bill
Philip J. Koenig
> John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
> > [POSTED TO ba.internet]
>
> > ORBS moved to New Zealand, essentially putting it out of reach of U.S.
> > law. Otherwise I doubt that it would still be operating. ;-)
>
> servers here in the U.S. :)
>
Nice idea, but too many sysadmins view them as heroes to
ever get that off the ground.
How poetic though.. blackholing the blackholers.. <g>
Rahul Dhesi
<not-fo...@roble.com> writes:
>Trouble with that censorship scenario is that there are at least
>a dozen site that would take over where ORBS left off, mine included.
>Think about it, if it weren't for subscribers there would be no
>ORBS. As long as spam continues to be a serious problem, and as
>long as open relays are the primary reason for spam there will be
>services like ORBS.
Any idea/estimates about how many people or sites use ORBS?
Rahul Dhesi
>Would you like me to include logs of legitimate messages that it's
>thrown away? Nobody is trying to say that ORBS doesn't cut down on
>spam. Some of their practices are just extreme.
Did any miss any of these extreme practices in my orbs faq? If I did,
help me document them with verifiable information.
John Navas
c.c....@59.usenet.us.com (Rahul Dhesi) wrote:
I think you've missed on at least the following points:
1. Your description of ORBS omits the purported meaning of the acronym
("Open Relay Behaviour-modification System") as well as the fact that ORBS
is descended from "Dorkslayers." You also fail to note that it was
terminated for abuse by its original Canadian ISP, whereupon it moved to
New Zealand, making it much less subject to possible legal action.
2. Claiming that ORBS exists just to block spam flies in the face of its
own acronym. ORBS blocks email as a means to the end of closing open
relays. You effectively concede as much with your: "Be probed or be
listed."
3. Suggesting that ORBS is not responsible for blocking email is like
suggesting that the person casing the bank and planning the robbery is not
actually robbing the bank if that person does not go along on the actual
heist. ORBS intends to block email as the means to its end.
4. I think your suggestion that "any" blocked mail will be bounced back
is overstated. My own experience, confirmed by public statements, is that
some blocked mail is being tossed by some admins using ORBS. All that
really can be said is that mail may or may not be bounced, depending on
many factors, including the whim and skill of the mail admin at the
intended destination.
5. While you do mention blocking of netblocks, you don't discuss the
impact of listing outgoing mail relays for entire domains, even though
those servers are not themselves open, as in the current case of PacBell
Internet. (I consider this to be the most glaring omission.)
6. Although you dance around the issue, you don't really make it clear
that ORBS knowingly blocks mail from servers that have never actually been
implicated in spam and that might well (probably would) never be actually
implicated in spam (absent publication by ORBS).
7. You fail to note how little notice and time are given by ORBS before
it blacklists servers.
8. You fail to note that (after 30 days) ORBS publishes open relays,
which would tend to make them targets of abuse. Some consider that to be
objectionable and/or hypocritical.
9. You fail to note that attempts by ORBS to send email through a server
without authorization are considered by many, and admitted by ORBS, to be
a form of abuse (justified as "the lesser of 2 evils").
10. You claim that ORBS (alone) is able to block "almost all" spam
without any compelling evidence for that claim. You then claim that only
"some" legitimate email is also blocked. I think that paints a false
picture of ORBS effectiveness (with regard to true positives, other forms
of spam blocking, and any reasonable definition false positives).
11. You fail to note that ORBS is doomed to failure in its stated purpose
of reducing spam by closing open relays, since it cannot possibly hope to
reach 100% effectiveness, leaving sufficient resources open to spammers,
not to mention their other available options.
12. I think your suggestion that ORBS mail probes are easy to filter is
overstated, since ORBS has not adopted a fixed and stated methodology to
make that possible.
13. You fail to note that there is no evidence that ORBS has actually
succeeded in reducing Internet email spam. In fact, given that spam has
continued to increase, ORBS would appear to be a failure at its intended
purpose (thus far at least).
14. You demean reasonable objections to ORBS with:
| Q. So you are saying that it's possible to use ORBS and not risk losing
| mail, yet people still get upset with ORBS?
|
| A. Yes, indeed. Welcome to life in the big city. :-)
But at least I can find something to agree with:
| Q. Some guy I met said your FAQ is biased and not to be trusted.
|
| A. Give that man a cigar! This FAQ is indeed biased and not to be
| trusted. It represents the opinions of the author of this FAQ.
;-)
p.s. I suspect that this response was just as waste of time, but hope
springs eternal.
Rahul Dhesi
<spamf...@navasgrp.dublin.ca.us> writes:
[ lots of editorial opinion ]
My faq does not try to document a lot of editorial opinion (except my
own). And your editorial opinion, in particular, is so full of colorful
language and exaggerated descriptions that even if were to include some
facts they would not be helpful. What I am looking for is more
objective facts. You should feel free to document your own editorial
opinions in your own faq.
Most importantly, I am looking for evidence of evidence of false
positives. The sort of false positives I am looking for are:
- A host that is not an open relay
- Its administrator or its netblock administrators have not blocked ORBS
testing or asked ORBS to stop testing
- But that host is listed in ORBS
And finally, please note that it's trivially obvious that those sites
that use ORBS will block/bounce/refile/discard/etc. mail coming from
ORBS-listed hosts, whether or not that email is spam. I don't see any
point is repeating this ad nauseum.
John Navas
c.c....@59.usenet.us.com (Rahul Dhesi) wrote:
>In <0iIz4.3605$34.6...@news.swbell.net> John Navas
><spamf...@navasgrp.dublin.ca.us> writes:
>
>[ lots of editorial opinion ]
>
>My faq does not try to document a lot of editorial opinion (except my
>own). And your editorial opinion, in particular, is so full of colorful
>language and exaggerated descriptions that even if were to include some
>facts they would not be helpful. What I am looking for is more
>objective facts. You should feel free to document your own editorial
>opinions in your own faq.
Whereas I found your "FAQ" to be mostly editorial opinion, short on
objective facts, and full of colorful language and exaggerated
descriptions. Our mileage obviously does vary. But I still made the
effort to provide a substantive and thoughtful response in the hope that
you might at least take it seriously. There was a time that I had great
respect for your position on spam.
>Most importantly, I am looking for evidence of evidence of false
>positives. The sort of false positives I am looking for are:
>
>- A host that is not an open relay
>- Its administrator or its netblock administrators have not blocked ORBS
> testing or asked ORBS to stop testing
>- But that host is listed in ORBS
The problem is that in ORBS terms "positive" has nothing to do with actual
spam, just open relays. This tortured and circular definition of "false
positive" (rejected email that was not tainted in some way by passing
through a server listed by ORBS, whether that server is actually open or
not) is what makes it so difficult to have a productive discussion of ORBS
(or even to take it seriously).
>And finally, please note that it's trivially obvious that those sites
>that use ORBS will block/bounce/refile/discard/etc. mail coming from
>ORBS-listed hosts, whether or not that email is spam. I don't see any
>point is repeating this ad nauseum.
After all, it would interfere with the colorful language and exaggerated
descriptions. ;-)
p.s. I'll try to remember how you disposed of my detailed response so
summarily and casually in order to avoid wasting more time on pointless
exercises in the future.
John Navas
c.c....@59.usenet.us.com (Rahul Dhesi) wrote:
>[SNIP]
As I wrote, I'm not going to waste any more time on your FAQ.
Rahul Dhesi
<spamf...@navasgrp.dublin.ca.us> writes:
>p.s. I'll try to remember how you disposed of my detailed response so
>summarily and casually in order to avoid wasting more time on pointless
>exercises in the future.
I looked very, very hard for a single fact in your response that
countered a single claim in faq. I found none. At that point the
disposition of your detailed response was easy. If you think I
overlooked such a fact, please try again.
Most importantly, you pointed out not even one instance of a host listed
by ORBS in violation of the "be probed or be listed" policy. If you do
know of such instances, and if you can supply specific IP addresses, I
would very much like to know about them.
John Higdon
> RBL, RSS and DUL are subject to US law. They are still operating. I
> don't see any difference, except the listing criterion. I can't
> imagine a legal difference between the listing criterion, though, I am
> not a lawyer.
I would love to have someone suggest chapter and verse of any US law being
broken. By some contortion, it might be possible for someone to file a civil
action for damaged resulting from blocked email, but then who would one sue?
The list maintainers (who coerced no one to use the list)? A sysadmin who
used the list?
It seems like a lot of wheel spinning.
--
John Higdon | P.O. Box 7648 | http://www.anntec.com/
+1 415 428 2697 | Silicon Valley, CA 95150-7648 | FAX: +1 408 264 4407
+1 408 264 4115 | Email Address Valid |
John Higdon
> However, I still think there are some conditions where ORBS is a useful
> tool. It should NOT, however, be implemented on the system-wide level
> when there are users on the system who do not know the full details of
> ORBS.
ORBS is not used here for one very simple reason: some of our important
customers are on sites listed as relays. That means that essential email
would not be received here. I don't personally know if those listed sites
have actually relayed spam, but I do know that all email that does come in
is checked against the RBL, the RSS, and the DUL. So far, no known essential
email has been blocked.
Philip J. Koenig
>
> That is correct. This is how ORBS works, and why it works. This also
> describes all such services. UDP works by the same process, as does
> RBL, DUL and RSS. They all make the demand that a certain activity
> stop, or else _everyone_ using the identified communications resource
> will be blocked, without regard to innocence, knowledge or other
> factors.
>
> I am glad that you are sticking to facts, thanks. Well, mostly
> anyway. I will disagree with the term vigilante. The fact is they
> are elected officials. Being elected officials I think negates the
> use of the term vigilante. Do you think they aren't elected? If so,
> can you name such a site that didn't either directly elect or
> indirectly elect them?
All the innocent users who did nothing wrong, and just wanted
to send a message to an equally innocent recipient, certainly
didn't elect them.
Sooner or later everyone who sends an email message is affected
by such self-styled netcops. The argument that the usage of
such systems is stricly a local issue is bogus. There are 2
sides to every email transmission.
Philip J. Koenig
> In article <_Guy4.2094$_3.2...@news.swbell.net>,
> John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
> >ORBS moved to New Zealand, essentially putting it out of reach of U.S.
> >law. Otherwise I doubt that it would still be operating. ;-)
>
> don't see any difference, except the listing criterion. I can't
> imagine a legal difference between the listing criterion, though, I am
> not a lawyer.
There's a massive difference between most of what Vixie's group
does, and ORBS.
Vixie's group (RBL, mail-abuse.org, et al) with one significant
exception, ONLY blacklists hosts and sites which have ACTUALLY
SENT SPAM. Not only that, you probably won't get listed on
most of their systems just for sending a single spam. But if
you're belligerant about it, or knowingly support and/or encourage
it, THEN you'll get listed.
ORBS on the other hand, cares not a whit whether you ever have,
or ever will participate or facilitate a spam.
I think the difference is pretty obvious.
Philip J. Koenig
Higdon) writes...
> I would love to have someone suggest chapter and verse of any US law being
> broken. By some contortion, it might be possible for someone to file a civil
> action for damaged resulting from blocked email, but then who would one sue?
> The list maintainers (who coerced no one to use the list)? A sysadmin who
> used the list?
>
> It seems like a lot of wheel spinning.
And I am quite sure it is not lost on the operators of such
systems that their chosen architecture provides them such
"deniability of responsibility". Matter of fact, the operators
tend to be somewhat smug about their perceived immunity as
a result of that distributed design.
As a blatant contrast, watch how fast MCI or AT&T or GTE
or Cable&Wireless or Level3 would end up in court if they
so much as implied they might start blocking traffic on
their backbones (traffic which did not originate from their
own customers) using the same criteria.. but without the
benefit of the "he did it... no THEY did it" shell game.
Philip J. Koenig
> In article <8stz4.2935$34.5...@news.swbell.net>,
> John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
> Oh, actually, nix my request above. It doesn't matter if ORBS by
> itself is as effective as other means. I am not contrained to use
> just one means, nither is anyone else I know. However, what I will
> state, is that the most effective scheme for reducing spam, must
> include ORBS, this you can either agree with or disagree with. If you
> disagree with it, please state your proof. I'd love to dump ORBS, I
> mean, really love to dump ORBS. I hate, absolutely hate using it.
Why do you hate using it?
> However, since my experience is that any scheme to reduce spam can be
> positively improved by using ORBS in addition to the base scheme, I
> continue to use it. I do realize that ORBS may trigger false
> positives, but I am willing to live with them to minimize spam. I do
> realize that you however may not be willing to live with false
> positives and that ORBS may not be right for you. Out of 187 ORBS
> blocked spams, I have only had about 2 false positives that I cared
> about. I think 4 total otherwise. 1-2%. Since I read even the orbs
> blocked mail, I use ORBS merely as an email sorter, the false
> positives don't affect me.
If the false positives are acceptable to you, as they seem to
be, then why do you "absolutely hate using it"?
You trying to say you don't like their ethics? Because if so,
there are those of us who find such things to be quite enough
justification to oppose using it.
Is it because the system is unreliable? If so, in what way?
> Can you use ORBS as an email sorter? Do you? If not, why not?
Of course you can. But we all know that most sysadmins use it
to drop incoming traffic on the floor. (or bounce it)
If I had an ORBS-capable MTA I'd use ORBS as a scoring device,
if only just for research. I certainly wouldn't set it up to
bounce all matches and then walk away and forget about it. (as
I suspect most ORBS-using systems are implemented)
No I don't have proof of what percentage of systems do this and
what percentage does that - neither does anyone else. If ORBS
actually had such statistics (which they might) and were
interested in providing them to the public, they could do it
easily. For some reason they don't.
What a surprise. Might blow someone's cover doncha know. (and
don't forget that all-important deniability: "hey, we don't
know what people do with these lists maan... we just compile
'em. For all we know they wash their laundry with it..")
"We don't need no steenkin statistics doood"
John Higdon
Koenig wrote:
> As a blatant contrast, watch how fast MCI or AT&T or GTE
> or Cable&Wireless or Level3 would end up in court if they
> so much as implied they might start blocking traffic on
> their backbones (traffic which did not originate from their
> own customers) using the same criteria.. but without the
> benefit of the "he did it... no THEY did it" shell game.
It is kind of one thing to offer something free of charge to anyone who
DESIRES to use it, and quite another to block traffic. Neither ORBS nor MAPS
is a backbone or even a commercial network. Technically speaking, all they
offer are searchable lists. The individual sites are the ones taking action
and committing whatever tort you might conjure.
Of course, I would like to see someone sue me or my company because a
message was refused by this site. I don't think any attorney would see
enough dollar signs to take the case on contingency.
Mike Stump
Mike Stump
Bill Pitz
Kind of simple. I don't know the real legalities of it, but ORBS lets
any dummy go and submit an IP address for scanning. They will also add
any open relay, regardless of whether or not it has ever relayed SPAM.
RSS requires real spam headers. DUL only lists dialup lines that were
submitted *by the ISP* ...
However, I still think there are some conditions where ORBS is a useful
tool. It should NOT, however, be implemented on the system-wide level
when there are users on the system who do not know the full details of
ORBS.
-Bill
Mike Stump
John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
>The "proof" is that ORBS is not as effective as other methods, both
>from a true positive and a false positive perspective. But then I
>don't have an "open relay" agenda, just a desire to minimize spam
>while also minimizing false positives.
Hum, I was absent the day you presented that proof. I was absent when
an independent party verified it. Could you help me out and point out
the web page that contained the proof, thanks. Since I think it would
be wrong to not back my side, let me take the opportunity to do that
now:
http://gcc.gnu.org/ml/gcc/2000-02/msg00209.html
Also, if others could collect data and summarize it, and put it up on
a web site for all to see, that would be helpful. I don't care what
your numbers are or show, but I would like to know what others see.
The question I am particularly interested in, was, if I dropped ORBS,
what % increase would I see, given that I already use RBL+DUL+RSS to
block spam and no other measures. That answer appears to be 57%.
Oh, actually, nix my request above. It doesn't matter if ORBS by
itself is as effective as other means. I am not contrained to use
just one means, nither is anyone else I know. However, what I will
state, is that the most effective scheme for reducing spam, must
include ORBS, this you can either agree with or disagree with. If you
disagree with it, please state your proof. I'd love to dump ORBS, I
mean, really love to dump ORBS. I hate, absolutely hate using it.
However, since my experience is that any scheme to reduce spam can be
positively improved by using ORBS in addition to the base scheme, I
continue to use it. I do realize that ORBS may trigger false
positives, but I am willing to live with them to minimize spam. I do
realize that you however may not be willing to live with false
positives and that ORBS may not be right for you. Out of 187 ORBS
blocked spams, I have only had about 2 false positives that I cared
about. I think 4 total otherwise. 1-2%. Since I read even the orbs
blocked mail, I use ORBS merely as an email sorter, the false
positives don't affect me.
Can you use ORBS as an email sorter? Do you? If not, why not?
Mike Stump
>I actually have been pretty happy with the use of orbs in my personal
>procmail filter, but it *does* throw away a lot of legitimate mail.
>You can't deny that.
`a lot' is a subjective term. I _can_ deny a subjective term. I
won't bother, it is pointless. What I will bother with is, to ask
what your experience has been. What % of email that it sorted as
coming from an open relay was legitimate email? In my case, it was
about 2% (4 out of a sample size 187).
Hum, on another point... orbs seems to be not blocking as much in
March as I would otherwise expect. I only have 1 blocked email in all
of March so far, with the normal rate I see in a month being in the
12-19 range (feb I had 12, jan I had 19). Are others seeing this as
well? I wonder why? Is the relay raper on vacation? A long term
trend, or a short term trend?
Anyway, thanks for any numbers you can share.
Mike Stump
John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
>11. You fail to note that ORBS is doomed to failure in its stated purpose
>of reducing spam by closing open relays, since it cannot possibly hope to
>reach 100% effectiveness, leaving sufficient resources open to spammers,
>not to mention their other available options.
This is nonsense. I have here in my hand, one email that orbs
blocked. Since it was blocked, and since it was spam, it did in fact
reduce spam. If its goal was to reduce spam, it has meet that goal.
Because it met that goal, it can't be doomed to failure.
It need not reach 100% effectiveness to reduce spam.
I can't believe you are that stupid (I know you are not that stupid),
so, obviously I didn't understand what you meant to say. Could you
please rephrase it for me, thanks.
If you mean its goal was to close open relays, then I could search
around for similar evidence, I am sure I have some.
>13. You fail to note that there is no evidence that ORBS has actually
>succeeded in reducing Internet email spam. In fact, given that spam has
>continued to increase, ORBS would appear to be a failure at its intended
>purpose (thus far at least).
Same as above. I have a piece of spam that was blocked by orbs.
Because it exists, it did succeed in reducing Internet email spam. If
you want me to post proof that I have such a piece of spam, I can, but
surely, you would take my word for it?
Oh, wait, I get it. I think I might see how you interpreted it. I
think you thought that they meant to say that they will reduce the
numbers absolutely. No, that isn't what they must have meant. They
could have meant it in a more relative sense. Reducing the number
from what it otherwise would have been without ORBS.
Now, even if we accept your definition of what they meant. I can
offer proof here that it has succeeded. In December, January and
February 2000, there were 25 emails not blocked for me, in February
March and April of 1998 there were 118 spams not blocked. Now, is
this an aberration, I don't know. This is just what I saw. However,
the numbers for me post filtering have dropped substantially and
absolutely. What did you see? What is your experience? Do you want
to see these 143 emails, I have them. Hum, this decrease is a
combined effort between ORBS, RSS, RBL and DUL. Is your point that I
still use the others as well? I don't have any stats handy to see how
ORBS fairs against the others, only indirectly, after the others fail.
So, I am left wonder just what you might have meant.
tre...@sirius.com
>There's a massive difference between most of what Vixie's group
>does, and ORBS.
>
>Vixie's group (RBL, mail-abuse.org, et al) with one significant
>exception, ONLY blacklists hosts and sites which have ACTUALLY
>SENT SPAM. Not only that, you probably won't get listed on
>ORBS on the other hand, cares not a whit whether you ever have,
>or ever will participate or facilitate a spam.
>
>I think the difference is pretty obvious.
That "massive" difference becomes irrelevant when you consider the main
equalizing point between the two: people use each voluntarily.
If someone has a list of all domains with 'e' in their names, and I want to
block incoming traffic to my domain from those domains for whatever
perverse, psycopathic reason I might have, it is my right to use that list
to achive my perverse, psycopathic goals.
And people might call me nuts, but it's my right to be nuts.
tre...@sirius.com
>All the innocent users who did nothing wrong, and just wanted
>to send a message to an equally innocent recipient, certainly
>didn't elect them.
Those "innocent users" are customers, and they elected their ISPs. They
also demanded from their ISPs that _something_ be done about all the spam.
This is the sole reason ISPs implement any anti-spam measures. As much as
spam represents real costs, its cost is much lower than the cost of losing
a customer. No ISP would block spam in the face of opposition from its
customers, and no ISP has.
Philip J. Koenig
(tre...@sirius.com) writes...
> See_email_@ddress_below.This_one_is.invalid (Philip J. Koenig) wrote:
>
> >All the innocent users who did nothing wrong, and just wanted
> >to send a message to an equally innocent recipient, certainly
> >didn't elect them.
>
> Those "innocent users" are customers, and they elected their ISPs.
I've said it several times and I'll say it again: there is no
practical way for any given ISP customer, no matter how astute,
to be able to predict that one day, their chosen ISP will end
up on an ORBS list or something similiar to it. Many very high-
profile "anti-spam" ISPs have ended up on ORBS.. many simply due
to political reasons. (see: above.net)
> They
> also demanded from their ISPs that _something_ be done about all the spam.
> This is the sole reason ISPs implement any anti-spam measures. As much as
> spam represents real costs, its cost is much lower than the cost of losing
> a customer. No ISP would block spam in the face of opposition from its
> customers, and no ISP has.
Outrageous claim to make in that last sentence there.. where
do you get the confidence to make it?
I've personally been a paying customer of ISPs which have
done *exactly* that. In at least one case, they thought
they could "get away with it" as long as they kept a low
profile, played dumb and didn't disclose what they were
doing. It took heavy pressure, haranguing and publicizing
of their practices by me for them to admit what they were
doing. It wouldn't have been an issue if it weren't for
the fact that perfectly legitimate email traffic was being
dropped on the floor. It certainly impacted me negatively,
but they didn't think they needed to tell us what they were
doing.
But you should know this kind of stuff goes on. What kind
of rose-colored glasses are you wearing?
ISPs can claim all they want that they're doing things
to benefit their customers. But ISPs, just like many
other businesses, will get away with whatever they can
get away with. If it means cutting corners, yep - they
cut corners. And when it comes to anti-spam measures -
absence of disclosure, playing stupid, and/or not being
upfront with your customers about the real pluses AND
minuses of your chosen "anti-spam" measures most
definitely comes under the category of "cutting corners".
The only reason more ISPs haven't gone out of business
(see: AOL) is that the vast majority of ISP consumers
are poorly educated about what level of service they
have a right to expect. That will slowly change, over
time. (As customers become more educated on the various
schemes used to attempt to address spam, or to block
various types of traffic, customers will become more
picky about it, and may even start demanding more
personal control. So either the ISPs will change to
adapt, or they will go away.)
I sometimes hear ISP people complain these days about
customers who ask them questions about whether they
have a T1 or a T3 connection etc. to the net but who
don't fully understand the issues.
On the one hand I commiserate.. but on the other hand
it's quite amazing that consumers are even asking these
questions these days. Testament that people are indeed
becoming more sophisticated ISP consumers, and will
continue to do so.
Derek Balling
>
>> If someone has a list of all domains with 'e' in their names, and I want to
>> block incoming traffic to my domain from those domains for whatever
>> perverse, psycopathic reason I might have, it is my right to use that list
>> to achive my perverse, psycopathic goals.
>>
>> And people might call me nuts, but it's my right to be nuts.
>
>
> those around you in a destructive way that we as a
> community have a right to complain about or prevent
> you from harming others.. especially when those others
> have done nothing to deserve destructive treatment.
Phil, here is where your argument falls apart.
If *I* am nuts, and decide "no 'e's for me!", and I make a list of all
domains with 'e', so that I don't accept them (because we've acknowledged
that I'm nuts and don't like 'e's in my domains). HOW is it "bad" or "wrong"
me to say "Hey, Joe, are you nuts too? Ah don't bother compiling your own
list, I've done it for you!"
Joe is equally nuts. He doesn't like 'e's either. He has the right to have
his mailserver reject 'e's just as much as I do.
> When the usage of a widespread system which is designed
> to block email from innocent correspondents and to block
> traffic from hosts or domains which in many cases have
> never participated or facilited spam, nor may they ever
> do so in the future, you've just impacted people far
> beyond your local sandbox, and with perilously weak
> justification.
Nobody has a "RIGHT" to talk to another person's mail server. It is a
privilege that may be revoked at the receiving-server's whim. I could reject
mail from you because you are too young, too old, black, white, purple, have
an "e" in your name, because you are gay, because you are hetero, because you
are asexual. I can reject mail from you because you are skinny, fat, gorgeous
or ugly. I can reject mail from you because my cousin Nick says you're a
jagoff and I shouldn't talk to you. I can reject mail from you because you're
an ISP and I'm an ISP and I want to adversely impact a competitor by not
dealing with them. I can reject mail from you because your mail server is a
potential input for spam. I can reject mail from you because my cousin Nick
says he THINKS you're a potential spam injection point.
If you are impacted in any way, that is YOUR PROBLEM. I have simply revoked a
privilege that it was my right to revoke. As much as the foundation for my
decision may be (a) silly, (b) unethical, (c) immoral, or (d) stupid, in your
eyes, it doesn't change that it was MY DECISION.
The only caveat, ONLY caveat, is that if people are paying ME for MY service,
they have a right to be aware of what they are paying for, and any
restrictions that I may be placing on delivering the mail to them. That is
because they (by paying me) have a right to the service they're paying for.
If they (as a paying customer) don't have a problem with not receiving e-mail
from people with 'e' in their domain, then there is no problem.
> Over the longterm such blocking practices without any evidence
> of specific wrongdoing are simply abuse of power. I feel they
> are abuse of the net, because it sets a bad precedent: we can
> block you because we think you *might* be "bad" about "something"
> sometime in the future. We can block you just "because". Sooner
> or later, it will become blatantly apparent just how thin that
> ice is they are skating on.
It's not thin ice, Phil. It is VERY VERY THICK ice. Your position sounds like
a pro-spammer position, indicating that the sender enjoys some sort of
"right" to send mail that a system is infringing upon if they reject it.
> If law enforcement worked that way, well.. let's just say we'd
> all be in big trouble. I view such practices as not unlike
> your neighbors marching up to your house and upon finding
> that you don't always lock your doors at night, taking it
> upon themselves to build a wall around your property so no
> one can go in or out.
In many parts of the world, law enforcement DOES work that way. As a point of
reference, crimes tend to be much lower in these countries, but that's not
relevant right now.
Governments are bound to behave in certain ways by their countries'
constitutions. People are bound to behave in a lawful manner. In THIS
country, the USA, I am not required to accept peoples' e-mail. That's
infringing on MY rights. If I want to quickly look up on someone's list to
see if THEY think you're a bad person, and not talk to you because of it,
that's my right as well.
D
Derek Balling
> All the innocent users who did nothing wrong, and just wanted
> to send a message to an equally innocent recipient, certainly
> didn't elect them.
Actually, Phil, it can be said with unequalled certainty that the recipient,
or his paid agent in the form of his ISP, *DID* in fact vote for ORBS.
> Sooner or later everyone who sends an email message is affected
> by such self-styled netcops. The argument that the usage of
> such systems is stricly a local issue is bogus. There are 2
> sides to every email transmission.
And only the receiving end has any rights in the situation. If you believe
otherwise, you need to be working for CyberPromo.
D
Derek Balling
> Those "innocent users" are customers, and they elected their ISPs. They
> also demanded from their ISPs that _something_ be done about all the spam.
> This is the sole reason ISPs implement any anti-spam measures. As much as
> spam represents real costs, its cost is much lower than the cost of losing
> a customer. No ISP would block spam in the face of opposition from its
> customers, and no ISP has.
Oh that's not true. :)
You need to talk to users of MCS.NET in Chicago. Karl Denninger was very much
of a mind "I block this stuff because it annoys ME, if you don't like it,
here's our competitors' phone numbers, ta ta".
Gotta respect that.
D
black
>Do correspondents have a right to a *reasonable expectation*
>that they can successfully send email to any publicly-connected
>site as long as they are complying with normal, accepted internet
>standards? Yes.
Say what! Where did this "right" come from?
How about whether or not the publicly-connected
server _wants_ your emails?
John Higdon
Koenig wrote:
> Do correspondents have a right to a *reasonable expectation*
> that they can successfully send email to any publicly-connected
> site as long as they are complying with normal, accepted internet
> standards? Yes. Said correspondents are not spamming, are
> conforming to accepted standards, are not sending to a site
> or from a site which has participated in spamming, yet their
> traffic may be dropped on the floor.
This can happen for any number of reasons in addition to the use of ORBS or
MAPS. A recent complaint from one of my users involved the inability to
receive a mailing list that he considered important. Investigation revealed
that due to a misconfigured DNS server, the list's "Sender" was not
routable. My user at first asked that I relax the requirement for a routable
return address so that he could get his "important" material. I explained
that it was not up to me to bend because someone else was sloppy.
Ultimately, he managed to convince the folks at the sending end to handle
the situation. I consider that a far more acceptable fix. If we just relax
everything, then standards mean nothing and we end up taking the short route
to chaos.
You may be interested to know that we reject more email due to bad Senders,
SMTP syntax errors, bad recipients, and relay attempts than we do from any
of the MAPS lists except for the DUL.
David desJardins
> Do correspondents have a right to a *reasonable expectation*
> that they can successfully send email to any publicly-connected
> site as long as they are complying with normal, accepted internet
> standards? Yes.
Get a clue. I don't have to accept your bogus email.
David desJardins
tre...@sirius.com
>I don't think people are looking beyond their nose here though.
>
>My argument all along has been based on the big picture, and
>the future of the net.
The future of the net is to be commercially sponsored, mind-numbing, mass
entertainment appealing to the lowest denominator. In contrast, TV will
look like an intellectual pursuit.
The net is never going to be what people a decade ago talked about it
becoming. It's not going to empower nobody. It's not going to erase no
borders. It's not going to create no world village unless by world village
you mean that I can now look at nekkid chix from more countries than ever
before.
The net will make a few companies enormous amounts of money, and that's
about all the net is for.
>People all have their panties in a bunch over a current situation
>which they are frustrated with. Understandable to a very limited
>extent, spam is a difficult problem but let's not cut off our nose
>to spite our face.
>
>It is certainly not something which justifies embarking down the
>slippery slope of widespread "punishment" for any and every little
>"transgression" that any particular group of geeks decides to get
>their girdle in a knot over this week.. especially when they are
>often tilting at windmills.
It may not justify it, but on the other hand, no justification is needed.
It's private property we're talking about. You need not justify why you
don't make your car available to certain people, and you need not justify
why you don't make your servers available to certain people.
>It all comes down to one thing: the implications of legitimizing
>this sort of thinking - punish first, ask questions later - are
>very dire over the long run for the net, IMHO.
At its most extreme, it is merely whitelisting. Furthermore, we already do
that in real life: my door is always locked. I'm punishing first and asking
questions later becase even people who are not robbers are prohibited from
entering without my approval.
tre...@sirius.com
>(tre...@sirius.com) writes...
>> That "massive" difference becomes irrelevant when you consider the main
>> equalizing point between the two: people use each voluntarily.
>
>I reject that argument as immaterial and misleading.
I see... well, I'm rubber, and you're glue. So there.
>If every correspondent that will ever have an occasion to
>send an email message that will touch that server has an
>opportunity to "voluntarily" choose whether or not their
>email is blocked, then maybe you have an argument.
But each correspondent does in fact have the opportunity to voluntarily
choose. Forget TCP, this is basic economic theory.
>Do people have a "right" to send email anywhere they
>want? Nope.
>
>Do correspondents have a right to a *reasonable expectation*
>that they can successfully send email to any publicly-connected
>site as long as they are complying with normal, accepted internet
>standards?
This does not parse. If it's a right, it need not be reasonable; if it must
be reasonable, then it's not a right, it is a privilege.
Besides, 'reasonable expectation' implies an outcome that is not
guaranteed. Reasonable expectations need not be met under unreasonable
circumstances.
>Yes. Said correspondents are not spamming, are
>conforming to accepted standards, are not sending to a site
>or from a site which has participated in spamming, yet their
>traffic may be dropped on the floor.
Yes, there is always a possibility of this happening. It can happen with or
without ORBS.
>> If someone has a list of all domains with 'e' in their names, and I want to
>> block incoming traffic to my domain from those domains for whatever
>> perverse, psycopathic reason I might have, it is my right to use that list
>You have a right to be nuts. It's only when you affect
>those around you in a destructive way that we as a
>community have a right to complain about or prevent
>you from harming others.. especially when those others
>have done nothing to deserve destructive treatment.
You need to understand that with respect to incoming traffic, there is no
obligation to those "around you." No one has the right to require that you
carry or receive his traffic.
Now, if by "around you" you meant the users of the domain, and not the
senders of the traffic, those are not people "around you," they are people
BELOW you. If they don't like it, they can leave. If enough of them don't
like it, the domain will go out of business.
It's a very self-correcting mechanism, and again, it's basic economics.
>When the usage of a widespread system which is designed
>to block email from innocent correspondents and to block
>traffic from hosts or domains which in many cases have
>never participated or facilited spam, nor may they ever
>do so in the future, you've just impacted people far
>beyond your local sandbox, and with perilously weak
>justification.
It's private property; no justification is needed.
>Over the longterm such blocking practices without any evidence
>of specific wrongdoing are simply abuse of power.
Forcing people to carry traffic they do not wish to is an abuse of power.
>are abuse of the net, because it sets a bad precedent: we can
>block you because we think you *might* be "bad" about "something"
>sometime in the future. We can block you just "because". Sooner
>or later, it will become blatantly apparent just how thin that
>ice is they are skating on.
Thin ice? A domain administrator who blocks traffic his or her users wish
to receive can be accused of professional incompetence. I have no problem
with that. But beyond that, it's just breathless, wild-eyed, Chicken Little
hysterics.
>If law enforcement worked that way, well.. let's just say we'd
>all be in big trouble.
Yes, but this isn't law enforcement, so you might as well say that if
baking a case worked this way, we'd all be in big trouble.
This is private individuals making decisions about the management and usage
of property they own.
>I view such practices as not unlike
>your neighbors marching up to your house and upon finding
>that you don't always lock your doors at night, taking it
>upon themselves to build a wall around your property so no
>one can go in or out.
Inaccurate analogy. The neighbors are building walls around their own
properties, and they are perfectly within their rights to do so.
tre...@sirius.com
>> a customer. No ISP would block spam in the face of opposition from its
>> customers, and no ISP has.
>I've personally been a paying customer of ISPs which have
>done *exactly* that.
You are right. I should not have made an absolute statement. There's a Soup
Nazi in every business. That does not change the general truth of the
statement, however: in competitive circumstances, businesses try to keep
their customers happy.
>In at least one case, they thought
>they could "get away with it" as long as they kept a low
>profile, played dumb and didn't disclose what they were
>doing. It took heavy pressure, haranguing and publicizing
>of their practices by me for them to admit what they were
>doing.
Never attribute to malice what can be explained by incompetence.
Surely, you don't actually believe they implemented anti-spam measures (the
appropriateness of said measures aside) just for the power-tripping,
ego-boosting high, do you?
More than likely, the people you talked to simply had no clue. More than
likely, the ISP found its complaints about spam dropping after they
implemented the measures they did. More than likely, you were one of the
few who complained.
>the fact that perfectly legitimate email traffic was being
>dropped on the floor. It certainly impacted me negatively,
>but they didn't think they needed to tell us what they were
>doing.
>
>But you should know this kind of stuff goes on. What kind
>of rose-colored glasses are you wearing?
>ISPs can claim all they want that they're doing things
>to benefit their customers. But ISPs, just like many
>other businesses, will get away with whatever they can
>get away with. If it means cutting corners, yep - they
>cut corners. And when it comes to anti-spam measures -
I have no idea how anti-spam measures can be considered cutting corners. It
takes a lot less effort, time and money to just let the mail roll
unattended. However much spam is an unacceptable shifting of costs, the
marginal cost of email approaches zero.
>absence of disclosure, playing stupid, and/or not being
>upfront with your customers about the real pluses AND
>minuses of your chosen "anti-spam" measures most
>definitely comes under the category of "cutting corners".
You're going to have to explain that one. Like I said, it's cheaper to just
let the spam roll in.
>The only reason more ISPs haven't gone out of business
>(see: AOL) is that the vast majority of ISP consumers
>are poorly educated about what level of service they
>have a right to expect.
You really, really need to bone up on economics. It explains so much.
Of course, in economics there are no rights; there is simply a demand, a
supply, and an equilibrium price.
>time. (As customers become more educated on the various
>schemes used to attempt to address spam, or to block
>various types of traffic, customers will become more
>picky about it, and may even start demanding more
>personal control. So either the ISPs will change to
>adapt, or they will go away.)
Most people do not want personal control over minutiae such as this. People
like to black-box things, and the more complex the issue, the more they
seek the comfort of the black box. Given a choice between rolling their
own, or store bought, consumers choose store bought every time. Why do you
think there is such a market for instant food?
It's the same with email. Given the choice between personally setting up
and maintaining their own filters, and letting the ISP do it, people will
invariably let the ISP do it, and the vast majority of them will accept
that the system isn't perfect.
tre...@sirius.com
>> a customer. No ISP would block spam in the face of opposition from its
>> customers, and no ISP has.
>
>Oh that's not true. :)
>
>You need to talk to users of MCS.NET in Chicago. Karl Denninger was very much
>of a mind "I block this stuff because it annoys ME, if you don't like it,
>here's our competitors' phone numbers, ta ta".
>
>Gotta respect that.
Indeed, and of course, I was not absolutely correct. On the other hand, my
recollection is that msc.net is a fairly small domain, with users in the,
oh, four digits?
Karl was working on some pornography cancelling Usenet bot, but I don't
know what happened to that project.
Derek Balling
(in message <pjt8dss5e7lqni9v5...@4ax.com>):
> Indeed, and of course, I was not absolutely correct. On the other hand, my
> recollection is that msc.net is a fairly small domain, with users in the,
> oh, four digits?
No, it was bigger than that. IIRC, they were one of the biggest in Chicago.
(I don't know what happened to them after they got bought by WinStar, though)
> Karl was working on some pornography cancelling Usenet bot, but I don't
> know what happened to that project.
*sigh* ... yeah. I think it died (thankfully), since there were definitely
going to be issues with that. In theory, the cancels would be limited to the
"opt-in" members of Karl's organization, except that cancels always leak, and
that would have been a bad thing. :) I need my pr0n. ;-)
D
John Navas
m...@kithrup.com (Mike Stump) wrote:
>In article <8stz4.2935$34.5...@news.swbell.net>,
>John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
>>The "proof" is that ORBS is not as effective as other methods, both
>>from a true positive and a false positive perspective. But then I
>>don't have an "open relay" agenda, just a desire to minimize spam
>>while also minimizing false positives.
>
>Hum, I was absent the day you presented that proof. ...
Hum, last time I checked, ORBS listed outgoing mail relays for the entire
pacbell.net domain (one of the larger ISP's). Perhaps, like some other
ORBS proponents, you think that *all* email from the pacbell.net domain
are "true positives" simply because they are "tainted" by passing through
the pacbell.net relay. If so, then I can understand why you don't accept
the proof. You've defined the problem away. ;-) Or perhaps you simply
don't get any email from any person or organization in the pacbell.net
domain.
--
Best regards,
John Navas <http://navasgrp.home.att.net/>
CABLE/DSL TIPS: <http://navasgrp.home.att.net/tech/cable_dsl.htm>
John Navas
m...@kithrup.com (Mike Stump) wrote:
>In article <0iIz4.3605$34.6...@news.swbell.net>,
>John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
>>11. You fail to note that ORBS is doomed to failure in its stated purpose
>>of reducing spam by closing open relays, since it cannot possibly hope to
>>reach 100% effectiveness, leaving sufficient resources open to spammers,
>>not to mention their other available options.
>
>This is nonsense. I have here in my hand, one email that orbs
>blocked. Since it was blocked, and since it was spam, it did in fact
>reduce spam. If its goal was to reduce spam, it has meet that goal.
>Because it met that goal, it can't be doomed to failure.
>
>It need not reach 100% effectiveness to reduce spam.
>
>I can't believe you are that stupid (I know you are not that stupid),
>so, obviously I didn't understand what you meant to say. Could you
>please rephrase it for me, thanks.
>
>If you mean its goal was to close open relays, then I could search
>around for similar evidence, I am sure I have some.
The stated purpose of ORBS (Open Relay Behavior-modification System) is
not filtering, but the closing of open relays in order to reduce overall
spam. It is clearly failing to accomplish that purpose.
>Oh, wait, I get it. I think I might see how you interpreted it. I
>think you thought that they meant to say that they will reduce the
>numbers absolutely. No, that isn't what they must have meant. They
>could have meant it in a more relative sense. Reducing the number
>from what it otherwise would have been without ORBS.
With that kind of argument (and no real substantiation), further
"discussion" seems pointless. (I'm reminded of the old joke about the
elephant hunter in England who pointed out that he had obviously
eliminated all the elephants.)
But then you already knew that. ;-)
John Navas
m...@kithrup.com (Mike Stump) wrote:
>In article <_Guy4.2094$_3.2...@news.swbell.net>,
>John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
>>ORBS moved to New Zealand, essentially putting it out of reach of U.S.
>>law. Otherwise I doubt that it would still be operating. ;-)
>
>RBL, RSS and DUL are subject to US law. They are still operating. I
>don't see any difference, except the listing criterion. I can't
>imagine a legal difference between the listing criterion, though, I am
>not a lawyer.
If you cannot see the difference for yourself (blocking *actual* sources
of spam versus blocking *potential* sources of spam that currently send
only legitimate email), then I doubt that you would be willing to accept
my/any explanation. ;-)
John Navas
m...@kithrup.com (Mike Stump) wrote:
>>On Mon, 06 Mar 2000 12:37:02 -0800, John Navas
>><spamf...@navasgrp.dublin.ca.us> wrote:
>>
>>ORBS n. Internet vigilantes that try to coerce ISP's into adopting the
>>ORBS point of view by intentionally punishing innocent victims.
>
>That is correct. ...
At least we agree on something. ;-)
>I am glad that you are sticking to facts, thanks. Well, mostly
>anyway. I will disagree with the term vigilante. The fact is they
>are elected officials. Being elected officials I think negates the
>use of the term vigilante. Do you think they aren't elected? ...
Yes. As does most of the rest of the known universe. ;-)
But then you already knew that too.
s...@bob.eecs.berkeley.edu
>in article FrLMq...@kithrup.com, Mike Stump wrote:
>> RBL, RSS and DUL are subject to US law. They are still operating. I
>> don't see any difference, except the listing criterion. I can't
>> imagine a legal difference between the listing criterion, though, I am
>> not a lawyer.
>I would love to have someone suggest chapter and verse of any US law being
>broken. By some contortion, it might be possible for someone to file a civil
>action for damaged resulting from blocked email, but then who would one sue?
You'd sue the entity that was blocking email after contractually
obligating itself to deliver email to you. Normally, that would
be your own ISP. (i.e., you pay them $20/month on the understanding
that they are including an email service, and they fail to
honor that contract by blocking rather than delivering the mail.)
Of course, if the ISP disclosed up front that they may be
blocking legitimate mail, that would let them off the hook.
But most don't; they either implement the blocking silently,
or they claim they're only blocking "spam".
Steve
David desJardins
>>>> ORBS moved to New Zealand, essentially putting it out of reach of U.S.
>>>> law. Otherwise I doubt that it would still be operating. ;-)
Mike Stump <m...@kithrup.com> writes:
>>> RBL, RSS and DUL are subject to US law. They are still operating. I
John Higdon <no-...@netninny.org> wrote:
>> I would love to have someone suggest chapter and verse of any US law
>> being broken.
"Steve" <s...@bob.eecs.berkeley.edu> writes:
> You'd sue the entity that was blocking email after contractually
> obligating itself to deliver email to you.
Steve, I don't understand how your comment relates to this thread. The
question is what laws ORBS might be breaking, or how legal action could
stop it from operating. How suing your ISP for using ORBS stop the ORBS
service from operating? And what difference would it make where ORBS is
located, if it isn't breaking any laws?
It seems absurd to me (as apparently to some others) to suggest that
publishing a list of IP addresses, which third parties can decline to
accept mail from if they choose, is somehow illegal.
David desJardins
s...@bob.eecs.berkeley.edu
>John Navas <spamf...@navasgrp.dublin.ca.us> writes:
>>>>> ORBS moved to New Zealand, essentially putting it out of reach of
>>>>> U.S. law. Otherwise I doubt that it would still be operating. ;-)
>Mike Stump <m...@kithrup.com> writes:
>>>> RBL, RSS and DUL are subject to US law. They are still operating. I
>John Higdon <no-...@netninny.org> wrote:
>>> I would love to have someone suggest chapter and verse of any US law
>>> being broken. By some contortion, it might be possible for
>>> someone to file a civil action for damaged resulting from blocked
>>> email, but then who would one sue?
>"Steve" <s...@bob.eecs.berkeley.edu> writes:
>> You'd sue the entity that was blocking email after contractually
>> obligating itself to deliver email to you.
>Steve, I don't understand how your comment relates to this thread.
Read for content. Higdon asks, "who would one sue"? I'm answering
that question.
> The question is what laws ORBS might be breaking, or how legal
> action could stop it from operating.
"The" question? huh? So I'm answering a tangentially different,
yet possibly more important question.
(And there is no such thing as "the" question in a Usenet thread...)
As far as I am concerned, ISP's should not be lulled into thinking
that just because these blacklists exist, it is contractually
allowable for them to be using them.
>It seems absurd to me (as apparently to some others) to suggest that
>publishing a list of IP addresses, which third parties can decline to
>accept mail from if they choose, is somehow illegal.
In my mind, the blacklist-composers themselves would only have a legal
problem if they were colluding with the blacklist-users to cause
some sort of tangible damages to someone. It's hard to say if
this has yet happened, and if so it would be hard to demonstrate.
But that might eventually emerge. But in any case, the parties
immediately at fault as far as consumers are concerned are the
ISP's.
Steve
Garlic
One of the ORBS tests violates Section 502 of the California Penal Code
(excerpt below)
(9) Knowingly and without permission uses the Internet domain name of
another
individual, corporation, or entity in connection with the sending of
one or more electronic mail
messages, and thereby damages or causes damage to a computer,
computer system, or
computer network.
RSS does not use the test in question.
David desJardins wrote:
> ....
>
> John Higdon <no-...@netninny.org> wrote:
> >> I would love to have someone suggest chapter and verse of any US law
> >> being broken.
>
> ....
>
> Steve, I don't understand how your comment relates to this thread. The
> question is what laws ORBS might be breaking, or how legal action could
> stop it from operating. How suing your ISP for using ORBS stop the ORBS
> service from operating? And what difference would it make where ORBS is
> located, if it isn't breaking any laws?
>
> .....
David desJardins
> One of the ORBS tests violates Section 502 of the California Penal Code
>
> another individual, corporation, or entity in connection with the
> sending of one or more electronic mail messages, and thereby damages
> or causes damage to a computer, computer system, or computer network.
Well, at least the first part. Obviously the second part ("thereby
damages") would be disputed. Thanks for the explanation.
David desJardins
John Higdon
>
> One of the ORBS tests violates Section 502 of the California Penal Code
> (excerpt below)
>
> (9) Knowingly and without permission uses the Internet domain name of
> another
> individual, corporation, or entity in connection with the sending of
> one or more electronic mail
> messages, and thereby damages or causes damage to a computer,
> computer system, or
> computer network.
Which ORBS test does all of this?? What domain name is improperly used? What
damage is caused? Several of my mail servers are regularly probed by ORBS
and I never have to pick up the pieces!
mag...@rahul.net
>"Garlic" <gar...@garlic.com> writes:
>> One of the ORBS tests violates Section 502 of the California Penal Code
>>
>> (9) Knowingly and without permission uses the Internet domain name of
>> another individual, corporation, or entity in connection with the
>> sending of one or more electronic mail messages, and thereby damages
>> or causes damage to a computer, computer system, or computer network.
>
>Well, at least the first part. Obviously the second part ("thereby
>damages") would be disputed. Thanks for the explanation.
Is there no damage from being listed on the ORBS list as a result of the ORBS
test using the "domain name of another individual..."?
Is there a significant difference between forging the "domain of another
individual" when sending bulk unsolicited email versus when probing an SMTP
server (without permission) if the result, in either case, is damage to the
computer, computer system, or computer network?
jc
David desJardins
> Is there no damage from being listed on the ORBS list as a result of
> the ORBS test using the "domain name of another individual..."?
As I said, that's obviously a matter of dispute.
You can argue that being listed on ORBS damages you. You can argue that
my personal decision not to accept mail from your system damages you.
You can argue that if I tell your friends that you are a loser because
your system is spammable, that damages you. You can argue that it's
somehow more expensive for your system to process certain email, and
that the extra load generated by those messages "damages" your system.
Whether any of these kinds of "damage" would be viewed by the courts to
be the sort of "damage" described by statute, I rather doubt, but it's
hard to know for sure.
David desJardins
David desJardins
> But these are all details; what we're facing is a massive,
> organized effort by various blacklisters to break email systems
> on a wide scale. It should be flat-out stopped, and there
> is little disagreement on this point among users and responsible
> admins.
It's amazing the conclusions that you can reach if you choose to define
"responsible" as "those who agree with me".
If you were to survey "all" admins instead of "responsible" admins, I'm
pretty confident that the great majority would endorse the principle
that each administrator should be allowed to decide what connections
they do or don't accept on their particular system according to whatever
rules they want.
David desJardins
Garlic
The test uses the domain name for the computer under test as the originator of
the mail message.
Damage is whatever the lawyers convince the jury. There a plenty of legal
definitions which you can find by looking up the various web sites but they are
all very gray. According to a lawyer I know, just consuming computer resources
that are intended for other use could be considered damage. If a system crashed
during an ORBS test, the lawyer was certain he would prevail at trial. Damage
could be monetary.
Arguing in this group what's damage and what isn't is futile. The point is that
ORBS commits the requisite act with no idea if the outcome is "damage".
John Higdon wrote:
> in article 38D5642C...@garlic.com, Garlic wrote:
>
> >
> > One of the ORBS tests violates Section 502 of the California Penal Code
> > (excerpt below)
> >
> > (9) Knowingly and without permission uses the Internet domain name of
> > another
> > individual, corporation, or entity in connection with the sending of
> > one or more electronic mail
> > messages, and thereby damages or causes damage to a computer,
> > computer system, or
> > computer network.
>
Garlic
Before you all go off on some weird tangent, the question is has ORBS committed a
violation of section 502? There are hundreds of thousands (if not millions) of
computers in California that ORBS might have tested. Can you say for certain that
none of them crashed? It doesn't matter if the intentions of ORBS are good or if
the system it was testing was flawed.
For those who say ORBS has commited no violations of the law then you are relying on
very small odds.
tre...@sirius.com
>m...@kithrup.com (Mike Stump) wrote:
>With that kind of argument (and no real substantiation), further
>"discussion" seems pointless. (I'm reminded of the old joke about the
>elephant hunter in England who pointed out that he had obviously
>eliminated all the elephants.)
But then, wouldn't this put you in the position of the little old lady who
wanted the elephant hunter arrested for having killed all those elephants?
I mean, if ORBS really is as ineffectual as the English elephant hunter
(and I believe they are), then why all the huff and puff about them? I
mean, c'mon, nobody of any note outside of a handful of very small domains
use ORBS, so why the fuss?
tre...@sirius.com
>But these are all details; what we're facing is a massive,
>organized effort by various blacklisters to break email systems
>on a wide scale.
You are wrong. However misguided some of the efforts may be, and however
much you may disagree with them, the intent behind these efforts is to save
email as a viable means of communication. Additionally, it is far from
being an 'organized effort.' In fact, ORBS is more or less in a continuou
beef with MAPS.
>It should be flat-out stopped, and there
>is little disagreement on this point among users and responsible
>admins.
Really now? Where's the outcry? I don't hear it. I hear John and Philip,
but they've been singing this song for years, and nobody much as joined in.
tre...@sirius.com
>Damage is whatever the lawyers convince the jury. There a plenty of legal
>definitions which you can find by looking up the various web sites but they are
>all very gray. According to a lawyer I know, just consuming computer resources
>that are intended for other use could be considered damage. If a system crashed
>during an ORBS test, the lawyer was certain he would prevail at trial.
I think he'd have to prove the system crashed _because_ of the ORBS test,
and that the two events (the crash and the test) were not merely
coincidental.
That sounds like one hell of an uphill battle.
tre...@sirius.com
>Before you all go off on some weird tangent, the question is has ORBS committed a
>violation of section 502? There are hundreds of thousands (if not millions) of
>computers in California that ORBS might have tested. Can you say for certain that
>none of them crashed?
No, but that's not how it works.
First, find a computer that crashed. Then, prove it crashed because ORBS
tested it. Having proved this, then, and only then, can you say that ORBS
committed a violation of section 502.
And actually, even then it might be iffy. Say, for example, that ORBS
proved the server was so seriously missadministrated that there was
negligence on the part of its administrators.
Garlic
David desJardins
> I've been in the industry for over twenty years, and I have
> a pretty good concept as to what constitutes responsibility
> on the part of an admin.
It sure is a whole lot easier to simply argue by authority ("I'm right
because I say I'm right") than to bother with real arguments.
Unfortunately it doesn't do so much to convince anyone.
Even ORBS *defenders* can come up with better arguments against ORBS
than "ORBS is bad because responsible people are against it; the
responsible people are who I say they are; I am a good judge of who is
responsible because I have been in the industry for over twenty years."
David desJardins
David desJardins
> I've been fortunate to have worked with some excellent sysadmins
> over the years and very few of them have employed any blacklisting.
I hope you do understand that it's possible to defend the right of other
administrators to do what they want to do without wanting to do the same
thing oneself. The two are entirely unrelated. I don't know anyone who
does synchronized swimming, but that doesn't mean I want to ban it.
David desJardins
John Higdon
wrote:
> I hope you do understand that it's possible to defend the right of other
> administrators to do what they want to do without wanting to do the same
> thing oneself. The two are entirely unrelated. I don't know anyone who
> does synchronized swimming, but that doesn't mean I want to ban it.
I wouldn't use ORBS on a bet, but I don't see that it is any skin off my
nose that it exists or that others may want to use it.
David desJardins
> As I recall it, you tried to assert that my definition of
> good system administration was simply "opposed to blacklisting".
No, I'm sure that there are lots of other litmus tests that anyone must
pass for you to declare them "reasonable". I would guess that agreeing
with you on this particular issue is only one of them.
> Fine; but if you have any evidence to support your original assertion,
> then present it.
If almost everyone disagrees with you, but almost every "reasonable"
person agrees with you, then you have to be using a pretty goofy
definition of "reasonable".
David desJardins
s...@bob.eecs.berkeley.edu
>David desJardins <de...@math.berkeley.edu> wrote:
>>> (9) Knowingly and without permission uses the Internet domain name of
>>> another individual, corporation, or entity in connection with the
>>> sending of one or more electronic mail messages, and thereby damages
>>> or causes damage to a computer, computer system, or computer network.
>>Well, at least the first part. Obviously the second part ("thereby
>>damages") would be disputed. Thanks for the explanation.
> Is there no damage from being listed on the ORBS list as a
> result of the ORBS test using the "domain name of another
> individual..."?
> Is there a significant difference between forging the "domain
> of another individual" when sending bulk unsolicited email versus
> when probing an SMTP server (without permission) if the result,
> in either case, is damage to the computer, computer system, or
> computer network?
Obviously there is damage; if, by the unpermitted inclusion of an
entity's domain name by a blacklister, there is damage to
the delivery of email from that entity, that would seem to fall
under the above section of the penal code.
Interestingly, the above law is limited to use of domain names, and
not IP addresses, so blacklisters have a workaround.
But these are all details; what we're facing is a massive,
organized effort by various blacklisters to break email systems
on a wide scale. It should be flat-out stopped, and there
is little disagreement on this point among users and responsible
admins.
Steve
s...@bob.eecs.berkeley.edu
>"Steve" <s...@bob.eecs.berkeley.edu> writes:
>> But these are all details; what we're facing is a massive,
>> organized effort by various blacklisters to break email systems
>> on a wide scale. It should be flat-out stopped, and there
>> is little disagreement on this point among users and responsible
>> admins.
> It's amazing the conclusions that you can reach if you choose
> to define "responsible" as "those who agree with me".
And just how did you come up with this gem?
I've been in the industry for over twenty years, and I have
a pretty good concept as to what constitutes responsibility
on the part of an admin.
> If you were to survey "all" admins instead of "responsible"
> admins, I'm pretty confident that the great majority would
> endorse the principle that each administrator should be allowed
> to decide what connections they do or don't accept on their
> particular system according to whatever rules they want.
Responsible admins don't use "whatever rules they want"; they
are instead responsive to their management and their users.
Steve
s...@bob.eecs.berkeley.edu
>s...@bob.eecs.berkeley.edu wrote:
>>But these are all details; what we're facing is a massive,
>>organized effort by various blacklisters to break email systems
>>on a wide scale.
> You are wrong. However misguided some of the efforts may be,
> and however much you may disagree with them, the intent behind
> these efforts is to save email as a viable means of
> communication.
Maybe I've only been exposed to the misguided efforts...
>>It should be flat-out stopped, and there
>>is little disagreement on this point among users and responsible
>>admins.
> Really now? Where's the outcry? I don't hear it.
I've been fortunate to have worked with some excellent sysadmins
over the years and very few of them have employed any blacklisting.
However, on the one system I am on that does use blacklisting,
the user feedback is pretty much opposed to it. (And there'd
be even more opposition if the use of blacklisting was not so
carefully administered in that particular instance.)
Steve
s...@bob.eecs.berkeley.edu
>"Steve" <s...@bob.eecs.berkeley.edu> writes:
>> I've been in the industry for over twenty years, and I have
>> a pretty good concept as to what constitutes responsibility
>> on the part of an admin.
>
>It sure is a whole lot easier to simply argue by authority ("I'm right
>because I say I'm right") than to bother with real arguments.
As I recall it, you tried to assert that my definition of
good system administration was simply "opposed to blacklisting".
An assertion with absolutely no foundation.
I'm simply saying that I've been around long enough to have
other, more fundamental criteria when making such as judgement.
You don't want to believe me? Fine; but if you have
any evidence to support your original assertion, then present it.
Steve
Mike Stump
John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
>[POSTED TO ba.internet]
>m...@kithrup.com (Mike Stump) wrote:
>
>>John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
>
>>>The "proof" is that ORBS is not as effective as other methods, both
>>>from a true positive and a false positive perspective.
>>
>>Hum, I was absent the day you presented that proof. ...
>
>Or perhaps you simply don't get any email from any person or
>organization in the pacbell.net domain.
That's right.
Ok, you addressed from the false positive perspective. I didn't mean
to disagree with you on that point. I was interested in your proof
for the true positive case of ORBS not being as effective at
reducing spam as some other means. If by effective you meant both
cases simultaneously, then please disregard my message, I thought you
meant effective at just reducing spam.
Mike Stump
John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
>>>11. You fail to note that ORBS is doomed to failure in its stated purpose
>>>of reducing spam by closing open relays
>>
>The stated purpose of ORBS (Open Relay Behavior-modification System) is
>the closing of open relays in order to reduce overall
>spam. It is clearly failing to accomplish that purpose.
Which is it, you keep squiring around on me!
Let's pretend the later...
You say that ORBS has failed to accomplish the closing of open relays?
Please define success for me, as I have a different notion. What
percentage must be closed in 7 days for example, for ORBS to be
effective?
From the ORBS web site: 'Around 75% of all open relays discovered by
ORBS are secured within 7 days. ' In my book, this is effective.
Mike Stump
>
>One of the ORBS tests violates Section 502 of the California Penal Code
>(excerpt below)
>
> name of another individual, corporation, or entity in connection
> with the sending of one or more electronic mail messages, and
> thereby damages or causes damage to a computer, computer system,
> or computer network.
[laughing] I don't buy it, sorry. First, please quote the use of
their name in one of the test messages for me. I don't recall seeing
one... I'll even provide you with a rando test message:
http://www.orbs.org/messagelookup.cgi?address=204.214.80.6
to quote from.
Mike Stump
>
>The test uses the domain name for the computer under test as the originator of
>the mail message.
I obviously can't read. I tried to find it based upon your words, but
I was having a hard time. Could you be so kind as to quote the exact
line where this happens in the following random ORBS test message:
http://www.orbs.org/messagelookup.cgi?address=204.214.80.6
Thanks. I only saw:
From sen...@orbs.org Mon Feb 28 18:37:24 2000
Received: from relaytest.orbs.vuurwerk.nl by SANDBAR.AQAF.COM (IBM Firewall for AS/400/4.2.0) id AAA147.86; Mon, 28 Feb 2000 00:30:58 GMT
From: sen...@orbs.org
To: orbs-re...@manawatu.co.nz
X-Envelope-Sender: <sen...@orbs.org>
X-Envelope-Recipient: <orbs-re...@manawatu.co.nz>
Message-Id: <204.21...@orbs.org>
and so on. The only use of the third party's name happens on a line
injected _by_ that very third party.
So, could it be that you are just wrong?
Mike Stump
>
>Before you all go off on some weird tangent, the question is has ORBS
>committed a violation of section 502? There are hundreds of
>thousands (if not millions) of computers in California that ORBS
>might have tested. Can you say for certain that none of them
>the system it was testing was flawed.
And when I Microsoft web server crashes, are the people that used it
responsible without direct extenuating circumstances? No, get real!
Hell, even Microsoft isn't liable (yet, in time this will change I
bet).
[still laughing at you]
Mike Stump
[this is more for Garlic than trebor]
No, that still isn't enough. In my industry, email servers are these
things that accept email, make decisions upon what next to do with it,
and then do it. In my industry, it is simply unacceptable for an
email server to _ever_ crash, unless something specifically was used
to make it crash. Something that _might_ by found liable to have
caused a crash would be things like, the use of undocumented commands,
or commands that are not intended to be used, an excessive use of
resources, exceptionally invalid input or input that doesn't conform
to published standards. And even in these causes, I say might. The
typical use of an email server, with reasonable sized inputs, with
reasonably conformance to the protocols specifically should not cause
a crash, and if it does, that then is the gross negligence of the
operator.
Well, that is my industry. I don't know what industry you're in, but
it doesn't sound like the same one I am in.
If you want to prove you point, cite some case law, cite some
prosecutions... If you can't, then try and go sue someone and get
some establish. Yeah, that's it, go find a prosecutor and ask him if
he would prosecute. He will either say yes, or no. After you find
out, come back here and tell us and let us know.
Mike Stump
Philip J. Koenig <See_email_@ddress_below.This_one_is.invalid> wrote:
>There's a massive difference between most of what Vixie's group
>does, and ORBS.
That isn't sufficient. There also has to be a difference that is
distinguishing under the law. In your message you didn't cite _any_
difference distinguishable under the law.
>Vixie's group (RBL, mail-abuse.org, et al) with one significant
>exception, ONLY blacklists hosts and sites which have ACTUALLY
>SENT SPAM.
You obviously have no clue what you are saying or you have no clue
what is on the lists. The above is a nice introduction to them, but
that is like saying the half true that ORBS only lists open relays. It
does not.
For example, read the DUL and what it is, and the criteria needed for
getting a machine on it. Having sent spam isn't a requirement.
Further, RBL lists tons of addresses that have never sent spam. In
fact, I'll go out on a limb here and say the majority of sites (on a
per single IP address basis) listed, but I could be wrong. If you
know the %, feel free to correct me.
>I think the difference is pretty obvious.
Yes, there are differences to them, for example, the most glaring
differnce is they have different names. I didn't claim that they were
exactly identical, you'll have to go back and reread the thread to
find what differences we were talking about.
John Higdon
> And when I Microsoft web server crashes, are the people that used it
> responsible without direct extenuating circumstances? No, get real!
> Hell, even Microsoft isn't liable (yet, in time this will change I
> bet).
A server that goes down because of excessive load or other problems is
separate and distinct from a server that goes down because someone or some
bot it trying to trick it into doing something it was not intended to do.
This is exactly what ORBS does in its tests: it tries eighteen ruses to
attempt to relay unauthorized traffic through the target server.
As an administrator, if I found such a concerted attack on an SMTP server
from anywhere other than ORBS during a log check, it would result in an
instant strongly-worded email to the admin or provider for the originating
site. ORBS, of course, ignores any such email.
Drew Lawson
m...@kithrup.com (Mike Stump) writes:
>In article <38D58763...@garlic.com>, Garlic <gar...@garlic.com> wrote:
>>
>>The test uses the domain name for the computer under test as the originator of
>>the mail message.
>
>I obviously can't read. I tried to find it based upon your words, but
>I was having a hard time. Could you be so kind as to quote the exact
>line where this happens in the following random ORBS test message:
>
>http://www.orbs.org/messagelookup.cgi?address=204.214.80.6
I'm not conversant in the ORBS debate (other than as a lurker),
but one of my ISPs mail servers was listed, at least according to
discussion on internal groups.
The weakness was that it would relay any mail with
From: us...@ISPName.net
That (if such tests are done) cannot be tested without using a
third party's domain without permission (since the ISP wasn't in
on the test).
--
|Drew Lawson | So many newsgroups |
|dr...@furrfu.com | So little time |
|http://www.furrfu.com/ | |
tre...@sirius.com
>A server that goes down because of excessive load or other problems is
>separate and distinct from a server that goes down because someone or some
>bot it trying to trick it into doing something it was not intended to do.
>This is exactly what ORBS does in its tests: it tries eighteen ruses to
>attempt to relay unauthorized traffic through the target server.
Just for funs, has anyone ever tried teergrubing ORBS?
John Higdon
in article bs3edsg78vob49mj3...@4ax.com, tre...@sirius.com
wrote:
> Just for funs, has anyone ever tried teergrubing ORBS?
Hell, they would blacklist the poor sucker and the horse he rode in on!
tre...@sirius.com
>Mike Stump <m...@kithrup.com> wrote:
>>Philip J. Koenig <See_email_@ddress_below.This_one_is.invalid> wrote:
>>>Vixie's group (RBL, mail-abuse.org, et al) with one significant
>>>exception, ONLY blacklists hosts and sites which have ACTUALLY
>>>SENT SPAM.
>>You obviously have no clue what you are saying or you have no clue
>>what is on the lists. The above is a nice introduction to them, but
>He actually knows a bit more than you do, Mike.
Perhaps, yet Philip's claim is inaccurate: it is not necessary to actually
send spam to be listed in the RBL et al.
>Unfortunately, ORBS refuses to back off on those points, and so they will be
>considered childish vandals more interested in stroking their egos than
>helping a problem.
Undoubtedly. ORBS is like a big silly looking pink hat with feathers and
shit poking from it. You wouldn't catch me dead wearing it, but some people
like to strut around in it. That's their privilege.
But ORBS is self-limiting. Hotmail now subscribes to the RBL. Is there a
ghost of a chance that they would ever subscribe to ORBS? No, of course
not. ORBS is the BeOS of anti-spam measures; its supporters think it's the
coolest, but it's destined to remain a sliver of the pie forever.
ORBS is so insignificant from the big picture perspective that one wonders
what the big fuss is. The truth is that John and Philip have long had a
bone to pick with spam filtering. They just plain don't like it. They don't
believe that it should exist. Their rants in nanae about the "vigilantes"
that are MAPS and ORBS are archived in DejaNews (if they haven't completely
destroyed the Usenet archives) for anyone to see.
I suppose they've given up picking on MAPS, given MAPS's high level of
integrity and objectivity, so now they just pick on ORBS. But make no
mistake; they're picking on ORBS, but they really mean _all_ third party
spam filtering. They are to email what Dave Hayes is to Usenet.
Mike Stump
Philip J. Koenig <See_email_@ddress_below.This_one_is.invalid> wrote:
>that they can successfully send email to any publicly-connected
>site as long as they are complying with normal, accepted internet
>standards?
They have the right to expect that they can send email, fine. They
can expect that they can send it all they want, I don't care. They do
not in fact have an absolute right to send email to me. I have a
right to not have email sent to me, this right outweighs their right
to send me email. My right is absolute. It cannot be abridged by
anyone for any reason. Absolute. In the end, I can exercise my right
by not having email. This is currently allowable under the law.
There are no exceptions to this right I have.
>Yes. Said correspondents are not spamming, are conforming to
>accepted standards, are not sending to a site or from a site which
>has participated in spamming, yet their traffic may be dropped on the
>floor.
That is right, that is my right. It is absolute and cannot be
abridged, forfeited or taken away.
>You have a right to be nuts. It's only when you affect
>those around you in a destructive way that we as a
>community have a right to complain about or prevent
>you from harming others.. especially when those others
>have done nothing to deserve destructive treatment.
My right is absolute and outweighs your right. You cannot win.
>When the usage of a widespread system which is designed to block
>email from innocent correspondents and to block traffic from hosts or
>domains which in many cases have never participated or facilited
>spam, nor may they ever do so in the future, you've just impacted
>people far beyond your local sandbox, and with perilously weak
>justification.
I need absolutely no justification, as my right is absolute.
>Over the longterm such blocking practices without any evidence of
>specific wrongdoing are simply abuse of power. I feel they are abuse
>of the net, because it sets a bad precedent: we can block you because
>we think you *might* be "bad" about "something" sometime in the
>future. We can block you just "because". Sooner or later, it will
>become blatantly apparent just how thin that ice is they are skating
>on.
See above.
>I view such practices as not unlike your neighbors marching up to
>your house and upon finding that you don't always lock your doors at
>night, taking it upon themselves to build a wall around your property
>so no one can go in or out.
No, it is like having a door, and putting a lock on it, and closing
and locking the door. However, it is also different from this, as the
intent of not being disturb is not absolute. For example, the police,
can under some circumstance enter, regardless of what one might
otherwise desire.
Also, they probably have this right, if they own all the land around
you, and you don't otherwise have an easement, agreement or some other
legal mechanism in place to grant you access.
Mike Stump
black <nrhb...@condate.com> wrote:
>Philip J. Koenig wrote in message ...
>>Do correspondents have a right to a *reasonable expectation*
>>that they can successfully send email to any publicly-connected
>>site as long as they are complying with normal, accepted internet
>
>Say what! Where did this "right" come from?
Oh, I can answer this. All people have an intrinsic and absolute
right to expect anything that they want. This right cannot be
abridged, revoked or taken away.
Mike Stump
Philip J. Koenig <See_email_@ddress_below.This_one_is.invalid> wrote:
>to send a message to an equally innocent recipient, certainly
>didn't elect them.
But my dog didn't elect the president. Are you saying that the
president isn't an elected official? I say my dog, as I know some
people whose dog did vote. :-( Not that I agree with that.
If you will agree with me that the president is an elected official,
then you will also agree that not everyone, everything that can vote,
needs to vote inorder for the term elected official to apply. For
example, I believe that incarcerated persons are not allowed to vote
either. I believe that some foreigners may not be allowed as well.
Suffice it to say, that to _me_ they are. To anyone that so elects
them, they are. To the rests of the folks, I concede that the term
doesn't apply.
>There are 2 sides to every email transmission.
Are there 2 sides if I bounce it or route it to /dev/null? :-)
Mike Stump
John Navas <spamf...@navasgrp.dublin.ca.us> wrote:
>>>ORBS moved to New Zealand, essentially putting it out of reach of U.S.
>>>law. Otherwise I doubt that it would still be operating. ;-)
>>
>>RBL, RSS and DUL are subject to US law. They are still operating. I
>>don't see any difference, except the listing criterion. I can't
>>imagine a legal difference between the listing criterion, though, I am
>>not a lawyer.
>
>If you cannot see the difference for yourself (blocking *actual* sources
>of spam versus blocking *potential* sources of spam that currently send
>only legitimate email), then I doubt that you would be willing to accept
>my/any explanation. ;-)
I'd be happy to see you quote the law that distinguishes them. So far
I haven't seen it. If you can't quote a law (or invent what you think
the law might saw), and show briefly how it might apply, then I too
doubt that you can sway me.
Even if you could, the law would be subject to constitutional
challenge and I believe that I would win. The right to happiness, is
kinda high up on the constitution. You'd need to show a right that
outweighs this one. I don't know of any. If you want to try a stab a
defending your right to abridge my right to happiness, go ahead, I am
listening, though, try and not make it too lame.
Sean Eric Fagan
>In article <MPG.133ccda8c...@flamebuoyant.ekahuna.com>,
>Philip J. Koenig <See_email_@ddress_below.This_one_is.invalid> wrote:
>>does, and ORBS.
I agree. (Disclaimer: I work for MAPS.)
>That isn't sufficient. There also has to be a difference that is
>distinguishing under the law. In your message you didn't cite _any_
>difference distinguishable under the law.
I believe, with some justification, that ORBS performs illegal harassment.
My problems with ORBS are as follows:
1. They continue to probe sites, even after being asked to stop. Since a
probe is intrusive, and can generate significant problems (some sites, for
example, have relay probes send mail to the adminsitrator, which then causes a
pager to go off), continuing after being asked to stop _is_ harassment. And
these probes can happen very often -- I have some reports about one system
being hit multiple times in a single day.
2. They actively probe. This makes them pre-emptive, but it also means that
they are a fine list of relayable addresses. The same can be said of RSS, but
the RSS waits until spam has been received before taking any action; this is a
huge difference, in my mind.
3. They lie. John Levine, after getting fed up with their harassment, set
his system up so that the orbs probes went directly to Alan. This is not an
open relay; this is more the equivalent of an alias. And yet Alan put John
Levine's system on ORBS, claiming it is an open relay. Even more
significantly, ORBS automatically lists all systems the test message traverses
(even though the ones inbetween don't send mail), and yet he did not list his
own systemm -- even though, by his own rules, it should have been listed.
4. After being asked to stop, they don't (see point 1); if an adminsitrator
decides to protect himself from their harassment, ORBS then lists the entire
block, even though there may be no open relays in it.
That list is pretty much in descending order of my problems with them (that
is, point 1 is the worst offense in my eyes, and point four is the least
offensive).
>>Vixie's group (RBL, mail-abuse.org, et al) with one significant
>>exception, ONLY blacklists hosts and sites which have ACTUALLY
>>SENT SPAM.
>You obviously have no clue what you are saying or you have no clue
>what is on the lists. The above is a nice introduction to them, but
>that is like saying the half true that ORBS only lists open relays. It
>does not.
He actually knows a bit more than you do, Mike.
>For example, read the DUL and what it is, and the criteria needed for
>getting a machine on it. Having sent spam isn't a requirement.
The DUL consists of netblocks that have been volunteered by the ISp that owns
them, or from which spam has been sent. The DUL does not look for dialup
blocks and list them without either of those two actions having been taken.
And if an ISP asks, an address (or netblock) will be removed from the DUL.
Gordon, who runs the DUL, also just told me that you should read the Intro and
FAQ. He would have told you the same thing, had you bothered to ask him.
The FAQ is at http://mail-abuse.org/dul/faq.htm, and the Intro is at
http://mail-absue.org/dul/intro.htm.
>Further, RBL lists tons of addresses that have never sent spam. In
>fact, I'll go out on a limb here and say the majority of sites (on a
>per single IP address basis) listed, but I could be wrong. If you
>know the %, feel free to correct me.
There are something like 1.3 billion IP addresses on the RBL (or maybe it's
1.1billion, I forget). Almost all of those are /8's that IANA has not yet
allocated, and which were placed on the RBL a while back with John Postel's
permission. Checking the database... there are currently 83 /8's on the RBL;
one was removed in September when IANA allocated it. (It was removed before
the actual allocation, incidently -- MAPS is not the only organization which
does something with the unallocated IP addresses.)
Excluding those /8's, the RBL consists of open relays which have sent spam and
not been secured after being notified; "spamvertised" sites (spam has been
sent advertising a web page, and no action was taken after notification); some
sites that are spam sources (spam came from them, and no action was taken
after notification); some sites selling "spamware" (usually software that
advertises its ability to get around ISP filters, limits, and such, and no
action was taken after notification); and even some sites that volunteered to
be on the RBL.
The RSS, which is the closest equivalent to ORBS and is what most people have
been talking about (a fact Mike knows, but chooses to ignore), consists _only_
of open relays which have had spam sent through them. A host does not get
added without spam being received, nor does it get added if it is not an open
relay.
>Yes, there are differences to them, for example, the most glaring
>differnce is they have different names.
Sorry, the most glaring difference is that ORBS performs active probing and
listings, and also lies about why hosts are listed.
Other than the points I mentioned above, I don't really have a problem with
ORBS. If they would not probe after being asked to stop, and would only add
those particular addresses after spam has been received, I'd be much happier
with it. So, I think, would many other people.