|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
ORBZ Goes The Way Of ORBS
Regardless of who's to blame, almost everyone agrees that ISPs lost a valuable tool for thwarting spam this week—be it friend or foe—it's a sorry day to see ORBZ go the way of ORBS.
of internetnews.com [March 21, 2002] |
 |
As you may recall, the original Open Relay Behaviormodification System (ORBS), started out in 1999 as a database for tracking simple mail transfer protocol (SMTP) servers that permitted third-party relays. These servers allowed spammers to connect to them and then forward unsolicited commercial e-mail to its ultimate target—our e-mail inboxes.
Once considered a resourceful Internet tool capable of decreasing the volume of spam on the Net, ORBS came increasingly under attack by network administrators whose IP addresses were listed among offending open relays, even though they did not have these spam pathways open on their systems. Some administrators reported that they had to take extreme, costly, and unnecessary measures to regain the ability to send legitimate e-mail over the Internet. Accusations of improprieties abounded, lawsuits were filed, and ORBS became a part of Internet history.
When the ORBS anti-spam database disappeared last June, a plethora of new ORBS-like sites launched around the world. This included the open relay block zone, or ORBZ, for short. It was borne from a rift between ORBS-U.K. Administrator Paul Cummins and former ORBS Manager Alan Brown. Cummins set up ORBS-U.K. using data from the original ORBS list of open relay servers. Brown and Cummins disagreed over the use of the name ORBS, and Cummins started to refer to the new site as ORBZ.
We're using the past tense here today, because Ian Gulliver, ORBZ administrator, informed his flock he was shutting down services late Tuesday evening in an e-mail to members of the ORBZ discussion group.
In his farewell notice, Gulliver told fellow spam warriors that he was shutting down services immediately, rather than turn over documents to the 10th Judicial District Court in Michigan:
|
"Here's the email that those of you with forward sight have been fearing since the inception of ORBZ. As of this moment, ORBZ is shutting down. DNS zones are going to stop resolving, the website will disappear and mail will stop working (so further discussion on this list probably won't work -- use NANAE). I don't want to disappear in silence like ORBS, so I'll try for as much description as possible without compromising my own position. I received an official court notice this afternoon to turn over all information relation to ORBZ accounts. This came from the 10th Judicial District court of the State of Michigan. It appears that ORBZ may be facing criminal charges for denial of service relating to the Lotus Domino issue. I was happy to try to weather any civil issues that may have come up, and I was committed to seeing it through. However, the threat of jail time is too much; I don't believe in this fight quite that much. Thank you all for all your support. I sincerely hope that someone with the goal of carrying on the mission of ORBZ pops up in another country with a less foreboding legal system. Anyone who has copies of the current zones may do with them what they wish. For those of you stuck without good spam filtering, please consider ORDB and SpamCop; they both provide excellent free solutions." |
|
— Ian Gulliver, ORBZ |
Since the court order called for Gulliver to hand over all documents related to ORBZ or terminate operations, Gulliver decided to put the lid on the blackhole listing for good.
Vindicated or victimized?
On the surface, this seems a victory for bulk e-mailing companies and
anti-blacklisting groups whose e-mails are blocked by Internet service
providers and other network operators around the world. By publishing
a list of known IP addresses using open relays, ISPs had either a spam-thwarting
friend, or a vulnerability spotting foe, depending on which side of the
list network administrators fell with ORBZ.
But the issues surrounding the ORBZ closure paint an entirely different picture about what's really going on here.
In its suit file against ORBZ, the City of Battle Creek, Mich. alleges that one of Gulliver's tests designed to validate whether a server is really an open relay or not, caused its Lotus Domino mail servers to crash. Apparently, 1-of-10 e-mail tests routinely conducted by Gulliver accidentally caused Lotus SMTP servers to generate an endless e-mail loop—consuming 100 percent of the servers' computing power until it choked on its own data.
Laurie Akins, newly installed president of the non-profit anti-spam outfit SpamCon Foundation, said the code changes necessary to correct the bug was "trivial," but an error that Gulliver, for one reason or another, was unwilling to correct.
"When you run a blacklist, you need to be responsible and you need to be considerate of the other servers," she said. "The overall impression I'm getting is he knew the bug was there and he just decided he wasn't going to do anything. If his test happened to crash a Lotus server, then it wasn't his fault."
On the other side of the coin, some network administrators blame Lotus developers who were slow to repair a known vulnerability that Gulliver originally reported to Bugtraq back in August 2001.
Tim Jackson, a programmer posting to Slashdot.org about the shuttering of ORBZ, said the entire situation was depressing and an all-too-familiar phenomenon in our high-tech world filled buggy equipment and frequently patched products.
"Of course, if common sense prevailed, it would be the mail server vendor in court for producing insecure mail server software, not a third party for happening to send requests that unintentionally crash poorly-written servers," he posted to the site.
Walter Yurkanin, a lawyer specializing in Internet law at Mahoney, Silverman & Cross Ltd. in Joliet, IL, said it's too bad both parties were not able to come to the table to work out the issues.
"Incidences such as this just create animosity that makes it harder for the process to work the way it was intended. Blacklist owners have to assess what their real motivations are, and if their motivation is not to assist they need to take a look at what makes the process work."
Regardless of who's to blame, almost everyone agrees that ISPs lost a valuable tool for thwarting spam this week—be it friend or foe—it's a sorry day to see ORBZ go the way of ORBS.
— End
| Related articles: | ||
| [Mar. 12, 2002] | FTC Shuts Down 9-11 Spam Scam | |
| [Mar. 8, 2002] | List Server Basics | |
| [Apr. 16, 2001] | MSN Cuts Off Spam and Others | |
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q2 2008 Top U.S. ISPs by Subscriber (Updated 08/29/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers