ORBS: Another Vigilante Group
Bob Allisat
bob at fcn.net
Fri Nov 20 19:52:28 UTC 1998
I guess we have another vigilante
delusional on the network with these
juvenilles and their "open relay"
so-called testing. I wonder if other
persons on this list have had their
systems attacked in a similar manner
to our servers? I also wonder what
damage this does to the perception
of the network increasingly spiralling
into a mere collection of random acts
by arbitrary mentally incapable hackers.
Bob Allisat
Free Community Network _ bob at fcn.net . http://fcn.net
http://fcn.net/allisat _ http://fcn.net/draft
---------- Forwarded message ----------
Date: Fri, 20 Nov 1998 11:39:28 -0800
From: orbs at auto.dorkslayers.com
To: bob at fcn.net
Subject: your E-mail to orbs at auto.dorkslayers.com
Thank you for sending mail to ORBS.
You will not receive another response, other than this message,
from ORBS unless your message contains:
1) A request for our DNS transfer-mode agreement.
2) A request for updates to our web site.
3) Information of interest regarding a relay that my site says
is closed but you have verified is not.
4) Other information of direct interest to the site maintainer
(like lists of open relays, etc.)
5) A request for a manual test of one or more servers that
you maintain to verify that you have indeed fixed your open
relay. I may take a while to respond, if I haven't gotten back
to you in a week, poke me again. You can just remove your
server from the list via the web page, if it's still open
it will be re-added and you will receive another blocking
notification.
6) Details of the relay prevention measures in place on your
server, that can be verified from outside, if you are asking
to be removed from our list but your server still fails a simple
relay test. Note that these should include the inability to
send to more than 5 recipients per message, or an exponential
time delay on a per-recipient basis, of substantial enough
duration to deter spammers. Note that if I unblock you due
to such measures and subsequently receive proof of spam
received via your server, that you will be blocked again until
you completely disable relay.
All other messages will be discarded unanswered, unless I'm
bored, which doesn't happen often. Note that abusive or
threatening messages may be posted to various anti-spam forums,
at my discretion.
Your question or statement is most likely addressed below.
-----
ORBS Frequently Asked Questions
Q) Help! My E-mail is being blocked and I don't understand
the error messages or what's going on.
A) Talk to whoever runs your mail server, they have a
problem that needs to be fixed. Yes, really, regardless
of what they tell you (this includes Netcom users).
Q) I have fixed my open relay, please take me off your list.
A) Please use our web site tools as instructed in the
notification message. Our resources are limited and we
cannot spend time doing things for which there are
automated tools.
See: http://www.dorkslayers.com/orbs/closed1.cgi
Q) Ok, already, my relay's fixed but you keep trying to
send test messages through it.
A) Sorry, for reliability sake, our test program tests
every 6 hours for 3 days unless a test makes it through.
The tests will stop after that time and no one will be
able to submit your IP address for further testing without
manual intervention on our part.
Q) I've removed my closed relay using your web page but
sites are still blocking my mail.
A) It can take up to 6 hours for changes made to the database
to make it into the ORBS zone and be propogated to all
subscriber sites. Sorry for the delay.
Q) How do I know you're not a spammer or hacker?
A) Post a query to SPAM-L, spamtools, or
news.admin.net-abuse.email. We are well known in the
anti-spam community and others will vouch for what we do.
Q) We use Spamshield which lets our users relay but stops spammers.
A) No, it doesn't. I used to accept this but received
numerous examples of spam received via Spamshield-protected
servers. Check out POP before SMTP instead, it actually
works.
Q) ORBS made a mistake. Our server doesn't permit relay,
or there is no mail server at the address you've blocked.
A) You'd be surprised how often I hear this. Let me assure
you, there has been no mistake. Your server will not be
placed on the list unless my 'bot successfully injects an
E-mail message into the IP address you were told about,
and that E-mail message makes it back out to the testing
address. No exceptions. Of the dozens of systems people
have told me I've made a mistake on, not one has been valid.
I will no longer respond to these messages.
Q) I know our server is open, but I can't fix it yet. Please
don't publish the address or spammers will use it.
A) I don't "publish" the addresses on the list. The list
is made available as a DNS zone that can be queried by
servers before they accept mail from anywhere. If they
find that the remote address is present in the zone, they
may choose to reject the message, they may choose to add
a Header field telling the recipient that the remote server
is on the list, or they may do nothing. In any case, they at
no time have access to the contents of the list.
Q) I don't understand why I have been placed on your list,
and I am the administrator of my mail server.
A) You are not qualified to administer your mail server.
Hire someone who is. Give them the message we sent you and
point them to our web site.
Q) I don't know how to close my relay, help me.
A) Check out http://www.dorkslayers.com/orbs/blockedadmin.cgi
There are links at the bottom of the page to sites with that
information. We also list some consultants who may be
able to help you. You can also do a web search for relay
restriction and related terms, there are lots of resources
out there. If you use a commercial MTA, call your vendor
or access their support resources.
Q) My current MTA cannot restrict relay.
A) Unplug it. Spend $49.00 on a RedHat CD and install it.
Q) I'm going to sue you if you don't take me off your list.
A) Be my guest. Since mail can't be blocked by my list
directly (the recipient must choose to use my list to
block mail), liability really belongs to those using my list.
(and yes, either the recipient of your message or their system
administrator has _chosen_ to use the ORBS list to block
mail).
US courts have consistently upheld that recipients have the
right to block based on whatever criteria they choose.
Also, your server gets on my list for one reason only - it
permits third-party relay. This is tested prior to your
server being placed on the list. Consequently, my
listing your server is a statement of fact, since I only
claim that your system has failed a relay test, and
cannot be considered libellous.
You would be better advised to spend the money on a consultant
who can close your open relay for you.
Q) I need to run an open relay for my remote users. Please
take me off your list.
A) No. Check out authenticated SMTP, POP before SMTP or POP
XMIT.
If MSN and Geocities can finally fix their relays, so can you.
Q) I've fixed my relay and reported it to your list, but my
mail's still being blocked.
A) If the web page reports that you are no longer on our list,
it may still take a couple of hours to make into the DNS system.
Sorry for the delay.
Q) Please send me details of the spamming incident which
resulted in our being added to your list.
A) I cannot. I don't have that information.
Q) Who reported my relay to your site?
A) I don't record that information.
Q) Who gave you the authority to play God or to police the
Internet?
A) I don't. I provide a free service that many sites find
valuable, a service which helps them combat a huge problem -
relay spam. Many ORBS users have written to tell me that
ORBS is their single most effective tool for stopping
spam. You can't argue with success.
Q) Why should we take you seriously with a name like
Dorkslayers, or with invalid InterNIC contact info?
A) Why should I care if you take me seriously? It's your
E-mail.
----
Bob Allisat
Free Community Network _ bob at fcn.net . http://fcn.net
http://fcn.net/allisat _ http://fcn.net/draft
More information about the NANOG
mailing list