(A Javascript-enabled browser is required to email me.)
Tasty logo & award

Background and opinion on MAPS and ORBS

from TBTF for 2000-07-20

Here are some more background, detail, and informed opinion about the warring spamfighters, MAPS (the Mail Abuse Prevention System) and ORBS (the Open Relay Behaviour-modification System). To comment please visit this Quick Topic forum.
MAPS is a not-for-profit organization that runs the Realtime Blackhole List (the MAPS RBL) and other spam-fighting services for ISPs. The RBL began in 1997 as a list of hosts from which spam originated. It has experienced "mission creep" and now also includes spam-friendly ISPs, spam-neutral ISPs, and anyone who provides services, aid, comfort, or credit-card processing to spammers. MAPS also maintains the Relay Spam Stopper (RSS), a list of spammers' promiscuous relays -- more than 30,000 systems that spammers have provably used in the past to launder vast amounts of unwanted email.

ORBS is an organization that maintains an RBL-like list of known promiscuous relays on the Internet. ORBS builds its list by actively probing mail servers using exactly the same tricks and software holes that spammers exploit. This hair-of-the-dog approach is troublesome on moral grounds, and rankles many network administrators, but it is undeniably effective. I have read estimates that subscribing to the ORBS list will cut out around 90% of the spam an ISP would otherwise receive, while subscribing to the MAPS RBL + RSS will catch 5% - 15%. ORBS lists several hundred thousand open relays; of these, some 92,000 have been open for longer than 30 days and will, presumably, never be closed off.

ORBS says that the MAPS RSS lists only barns from which the horses have already escaped, and claims that the RSS list contains 40% false positives. MAPS cites a big disadvantage of ORBS listing all possible open relays -- apparently spammers mine the ORBS listings to locate and exploit new open relays. Here's Vixie on this downside to the ORBS method:

ORBS sent a series of 14 e-mail transactions checking to see if it would relay third party e-mail. AFTER it was listed in ORBS, spammers were able to find it and started relaying their spam through it. Thanks Alan! Great service! NOT.

In the long-running firefight between these two anti-spam organizations on the newsgroup news.admin.net-abuse.email, an anonymous informant who frequents that forum told me he believes that "most of the sentiment is for MAPS right now." You can dip into the NANAE discussion here.

Finally a sampling of the polarized opinions about ORBS -- three informed views from a current discussion on a private mailing list.

one I tried to work with a Danish colleague who wanted to get some material online. My email provider was wrongly blacklisted by ORBS as spam-friendly, and the Danish site used the ORBS list. This site did not return error messages; it silently absorbed my email, which I assumed was being read. This confusion combined with the language barrier to keep us from getting started on our project for several months.

two Personally, I have seen ORBS as a bunch of blue-nosed vigilantes who come close to being bad as the evil they're fighting. I can't tell which side of 'close' they're on, either. Spam is an abuse of the commons. ORBS have fought this abuse by being abusive of the commons.

three 9 out of 10 spams get dropped due to ORBs matching. They kill more spam than all other filters combined. Having said that, I didn't mind their probes. A lot of people sure got pissed by it though. I understand the anger that comes from being probed, but if you don't relay and you don't want to accept mail from open relays, you shouldn't care. I personally thought it was a good service and appreciated their diligence.

[ TBTF for 2000-07-20 ]


Copyright © 1994-2017 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.

Created 2000-07-19