Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

ORBS is dead?!

By Lionfire in News
Mon Jun 11, 2001 at 02:07:32 PM EST
Tags: Internet (all tags)

It seems that ORBS (the Open Relays Blocking service) has vanished without a trace. Their website now contains the message "Due to circumstances beyond our control, the ORBS website is no longer available." and the test lookups are no longer in their DNS-based database.

After receiving much unfiltered spam in my inbox, I went to the ORBS website only to find the above message. There have been no annoucements and nothing mentioned in the news. According the website, the message has been there since the 31st of May.

Am I the only person to have noticed this?


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Do you know what happened to ORBS?
o Yes 26%
o No 56%
o Who knows? Inoshiro knows! 17%

Votes: 57
Results | Other Polls

Related Links
o ORBS website
o Also by Lionfire

Display: Sort:
ORBS is dead?! | 24 comments (20 topical, 4 editorial, 0 hidden)
Brashly stolen from NTK now (4.55 / 9) (#2)
by ti dave on Mon Jun 11, 2001 at 03:00:17 AM EST

at Fri, 8 Jun 2001 11:44:56 -0700 from


"And so farewell, ORBS, the New Zealand anti-spam blackhole list, whose utter paranoia proved both a selling point and a(literal) liability. It's still not entirely clear why maintainer Alan Brown decided to kill it - although the civil suit against him in NZ by companies included on the list, and his decision this month to sell his ISP and quit the whole Net biz altogether might have *something* to do with it. Of course, ORBS has died before, to be reborn - Alan B. only picked up managing the service when previous
operator, Alan Hodgson at Dorkslayers, threw in the towel. Now it looks like the former Alan has been playing around with restarting the service (although only for non-USA servers). And what's this? Mirrors of the complete ORBS blacklist, ready for someone else to take up the baton?

- anti-spam people: cranky to the point of incoherence

- ...like we can complain. Full dumps here."

But I don't feel bad, 'cause I subscribe.
I rather enjoy the NTK now mailing list...



"If you dial," Iran said, eyes open and watching, "for greater venom, then I'll dial the same."

For this who aren't (weren't?) familiar with ORBS (4.64 / 14) (#3)
by Lionfire on Mon Jun 11, 2001 at 03:04:22 AM EST

ORBS is/was a database of open mail relays. An open relay is a mail server that isn't secured enough and allows people to use it to forward spam, making spam very hard to track and block. ORBS would scan suspect servers to see if they were secure and, if not, add them to its database. Once a server was secured, it would be removed again.

Using a nifty DNS trick, anyone could look up an IP address and check to see if it was currently on the list, allowing you to block mail connections, automatically filter spam or anything else you might like to do. This greatly reduced the amount of spam being received, as well as convincing many slack admins to secure their mail servers so their mail wasn't blocked.

[ blog | cute ]
Looks like the MAPS nazis won (2.33 / 3) (#6)
by delmoi on Mon Jun 11, 2001 at 03:35:39 AM EST

I guess being put in the Realtime Black Hole put to much of a burden on them. I'm sure this is Paul Vixie's proudist moment.
"'argumentation' is not a word, idiot." -- thelizman
Lessons I have learned from this... (3.77 / 9) (#7)
by Tatarigami on Mon Jun 11, 2001 at 04:06:45 AM EST

1) If you decide to offer a service which is controversial to begin with, don't go out of your way to make enemies by shooting off your mouth about the guy in charge of New Zealand's domain name registry in his own public forum.

2) Regardless of whether it's justified or not, manually adding the bandwidth reseller that declined to do business with you last year to the list is going to make people wonder what you're really thinking.

3) Fighting spam doesn't necessarily make you everyone's friend. The head of the securty dept. for the ISP I work for hated the idea of ORBS. She reckoned it was like a shopping list of open relays for spammers, so for people who didn't climb on board the bandwagon, it did more harm than good...

Read all about it! (4.70 / 10) (#8)
by szap on Mon Jun 11, 2001 at 04:47:56 AM EST

On The Register:

segfault also (2.00 / 1) (#10)
by wiredog on Mon Jun 11, 2001 at 10:00:53 AM EST

For a couple of weeks now. Anyone know what happened?

"Anything that's invented after you're 35 is against the natural order of things", Douglas Adams
hmm... (none / 0) (#13)
by enterfornone on Mon Jun 11, 2001 at 07:14:20 PM EST

Perhaps MS has tried to sue them again?

efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
Segfault Downtime (none / 0) (#14)
by strepsil on Mon Jun 11, 2001 at 09:46:06 PM EST

See this comment.

I was wondering the same thing.

[ Parent ]
ORBS UK (3.50 / 2) (#11)
by logic on Mon Jun 11, 2001 at 12:16:20 PM EST

ORBS UK seems to have started up as a response to the ORBS shutdown.

no big loss (3.00 / 1) (#12)
by enterfornone on Mon Jun 11, 2001 at 07:13:46 PM EST

ORBS, like MAPS was a censorware system that was not even remotely useful as a spam blocker. I can't imagine I'll be seeing much more spam because of its demise, since little spam is sent via open relays these days anyway.

efn 26/m/syd
Will sponsor new accounts for porn.
Relayed spam (4.00 / 1) (#15)
by Lionfire on Mon Jun 11, 2001 at 10:33:24 PM EST

Actually, a lot of spam is through open relays. I receive anything from 10 to 25 spam emails a day (and occasionall a lot more), but use procmail and a little perl script I wrote to automatically sort ORBS-detected spam into a separate folder.

The majority of the spam I receive on most days has been (until now) caught by ORBS -- and I rarely had non-spam sorted into my spam folder by accident.

If admins secured their systems, I'm sure spammers would find another way... but at the moment open relays are the easiest way to send spam that's hard to trace.

[ blog | cute ]
[ Parent ]
relayed spam (4.00 / 1) (#16)
by enterfornone on Mon Jun 11, 2001 at 11:11:52 PM EST

I don't use any scripts, but most of the spam I get comes from either webmail or a dialup ISP. Webmail is by far the easiest way to send spam I would think.

I've heard too many horror stories about ORBS (like them blocking entire subnets because of a single open relay on a network) to rely on them for blocking spam. I'd rather get spam and feel safe in the knowledge that no one is blocking anything important from reaching me.

efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
Webmail and horror stories (Count Spamula? :) (4.00 / 2) (#18)
by Lionfire on Tue Jun 12, 2001 at 04:17:10 AM EST

It seems that spam comes from webmail, but that's usually just the reply address (which is most often fake). In fact, since open relays aren't secured, you can't really trust anything in the headers further back than the open relay itself.

As for the horror stories, I'll agree -- no solution is going to be perfect. That's why I don't reject mail; I simply store it in a spam folder that I check every now and then. That way I never miss out an important email being sent through insecure servers. Although, that has been happening less and less over the last year. I only have an important email slip though into my spam folder once every few months.

[ blog | cute ]
[ Parent ]
Help admins close open relays (5.00 / 1) (#20)
by zagor on Tue Jun 12, 2001 at 04:56:37 AM EST

It's a little-mentioned fact that most of the worlds' open relays are open without the administrator's knowledge.

Help them! Complain about every spam you get, manually or using a script such as spam.pl that parses the mail headers, looks up the administrative address of the relays and sends a polite informational mail to it.

I do it for every single spam that lands in my inbox, and it helps. Every so often, I get responses from thankful admins (yes, real people) that didn't know their system was being exploited. One down, a thousand to go. But since I started this (about a year ago) my spam diet has shrunk to just a couple of spams per week. And it feels good not to be powerless.

[ Parent ]

Opt-in mail (4.00 / 1) (#17)
by Znork on Tue Jun 12, 2001 at 02:53:38 AM EST

ORBS actually worked fairly well, at least for me.

However, Im switching over entirely to opt-in mail. Anything not on my pre-approved list will be automatically junked.

[ Parent ]
interesting statistics on the ORBS database (5.00 / 1) (#19)
by ErikSchorr on Tue Jun 12, 2001 at 04:21:25 AM EST

After downloading the ORBS promiscuous relay database, I took it upon myself to start checking each of the listed relays myself. There are just over 90,000 relays listed, and I've only scanned about 34,000, but so far, only 11,600 of them are truely promiscuous.

To make things a little clearer, 34,000 connections have been attempted so far. Connections to about 4200 have timed out (no connection was established). Of the successful connections, 11600 have been determined promiscuous. Of these, 5800 respond with a greeting containing the word "Microsoft" :)

And of the list of verified promiscuous relays, about 800 were in the 212.* (northwestern europe) netblock, 800 in the 194.* (western europe) block, and 1400 in the 210.* (asia-pacific region) block.

Anyway, the fact that so far, only about ONE THIRD of the relays listed in ORBS is actually promiscuous (to be fair, give or take the 4200 that were unreachable, and it's still a large percentage), it's obvious they weren't too up-to-date on either maintaining and re-validating the list on a regular basis, didn't think it was necessary to remove "fixed" promiscuous relays, or the most likely and most popular, they were in fact adding mailservers arbitrarily, regardless of their promiscuity.

Regardless, the number of unpromiscuous relays in their list of "promiscuous" relays is staggering. It's no wonder they got so much heat.

-Erik Schorr
-Jesus is coming - GET HIM A TOWEL

GCS/E/IT/CC d- s+: a- C++$ UBLO++++$ P++> L++(++++) E--- W- N++ o? K+ w O M-- V- PS+ !PE Y+ PGP+ t- 5- X R- tv+ b DI++ D+ G e+> h> r> y+>
Did you try every iteration? (none / 0) (#21)
by eightball on Tue Jun 12, 2001 at 08:21:48 AM EST

There are many ways of getting past the filters try to close a relay. Just doing a 'MAIL FROM: somewhere/RCPT TO: somewhere' does not conclusively prove that it is not a relay.

I have seen several that passed that initial test, but then allowed something like:
RCPT TO: <"noone@somewhere.tld">

As far as truly clean mail servers. Perhaps they were upgraded or replaced. Who should be responsible the previously negligent party or an informal monitoring service? (real question not rhetorical)
Maybe if they had a clean up process, you would have servers spending 'a month dead for anti-ORB purposes', which would give them life afterwards.

In any case, we know IPV6 will solve all of our masquerading problems (just kidding)

[ Parent ]
different sender/recipient addresses were used (none / 0) (#22)
by ErikSchorr on Tue Jun 12, 2001 at 08:58:34 AM EST

the sender and recipient addresses were both different for each email. The domain I used in the sender/recipient addresses were the same, though, pointing to a subdomain i use exclusively for tracking this sort of thing, as well as fake "remove" addresses, where the sender of a remove request just gets added to another person's email list.

I protect the identity of the domain I use for this because I don't want people proactively blocking it and skewing my results :)

GCS/E/IT/CC d- s+: a- C++$ UBLO++++$ P++> L++(++++) E--- W- N++ o? K+ w O M-- V- PS+ !PE Y+ PGP+ t- 5- X R- tv+ b DI++ D+ G e+> h> r> y+>
[ Parent ]
Testing open relays (none / 0) (#24)
by Lionfire on Wed Jun 13, 2001 at 04:12:32 AM EST

Well, the ORBS databases that are now available are at least 30 days old -- that alone is going to affect your results. It's true that many servers were only on the list for a matter of days before their sysadmins fixed them and they were removed.

However, you must also remember that ORBS tested a number of different security holes that allowed relaying. If the website was still around, I'd point you at their testing procedures... but I guess I can't now... :(

[ blog | cute ]
[ Parent ]
AOL anti-spam efforts (4.00 / 1) (#23)
by Delirium on Wed Jun 13, 2001 at 02:41:06 AM EST

Interestingly, AOL maintains its own separate list of open relays, which they will continue to use (they have already successfully defended themselves against several lawsuits over it). You can search the list here, but unfortunately it does not appear to be possible to retrieve the entire list, so this isn't useful for other people to use as a blacklist.

ORBS is dead?! | 24 comments (20 topical, 4 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!