ORBS (Re: Scanning)

E.B. Dreger eddy+public+spam at noc.everquick.net
Sun May 27 20:09:56 UTC 2001

> Date: Sun, 27 May 2001 15:22:09 -0400
> From: Steve Sobol <sjsobol at NorthShoreTechnologies.net>

[ snip ]

> Someone else, perhaps Roeland, mentioned that MAPS is a lot more 
> deliberate than ORBS is. Also mentioned was the fact that that can 
> be viewed either as a good thing or a bad thing depending on your 

That would have been myself...

> point of view. It's true. Some people like the more aggressive stance
> ORBS takes. Some people don't like the apparent abitrariness (if that's
> a word) of some of the ORBS listings.

...and I also stated that nobody forces one to use MAPS or ORBS as-is.
I've never heard much of an argument, let alone a solid one, against this.

As much as I'd love to strong-arm providers into fixing their open relays,
I whitelist acceptable MXes, and often contact the admin in question.  The
dearth of clueful admins who don't run open relays makes it difficult at
best to refuse mail from all ORBS-listed MXes.

Hence, I submit that "MAPS + ORBS + manual whitelist" is better than any
alternative, particularly the "MAPS + !ORBS + whack-a-mole blacklist".

And anybody who claims that MAPS kills most of the spam isn't running much
of an MX.  I deliberately have sendmail check MAPS (all three) _before_
any ORBS.  If MAPS truly stopped most spam, then ORBS would yield mostly
false positives... and it just ain't so.



Brotsman & Dreger, Inc.
EverQuick Internet Division

Phone: (316) 794-8922


Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.  Do NOT
send mail to <blacklist at brics.com>, or you are likely to be blocked.

More information about the NANOG mailing list