Home page logo
/

nanog logo nanog mailing list archives

RE: Stealth Blocking
From: "David Schwartz" <davids () webmaster com>
Date: Wed, 23 May 2001 19:47:54 -0700



I'm actually not advocating blocking all open relays. I am advocating
blocking all spammers, whether they have open relays or not. There are
actually open relays that a spammer can never use, because the open relay
site uses MAPS RBL. The are collateral damage, with ORBS. Show me
how such a
site can be used by a MAPS RBL'd spammer. BTW, yet another reason to use
MAPS RBL.

        That's about the only thing you said that I don't agree with. Use of the
MAPS RBL does not make an open relay any less prone to abuse. Use of the
MAPS DUL will make an open relay less prone to abuse; however, there are
many dial up accounts that are not in the DUL. Nothing stops a spammer from
hopping between these dial up accounts.

        If you say, "well, those dial up accounts should be in the DUL", I'll
partially agree with you. But the DUL is largely opt-in. If the provider
doesn't want to opt in, then it's the open relay that's the problem.

        If you say, "well those dial up accounts should be in the RBL", then I
won't agree with you. Let's not forget that the RBL is a blackhole list.
It's unreasonable to blackhole provider A because his customers are using
someone else's open relay. This is especially the case if the open relay
makes it any harder to track the actual origin of the spam (say by not
putting the source port in the forwarded email). It won't help much if
provider A has a good anti-spam policy if someone else is enabling his
customers to spam.

        I am firmly convinced that an open mail relay is a hazzard to the community
at large. I don't wish to receive email from them, whether or not they've
yet been used to forward spam. While this does cause some collateral damage,
I submit that it's the unavoidable type of collateral damage. In practice,
the only ethical way to discover an open relay is for it to be used to
forward a spam, so in practice there's no distinction.

        In fact, I would not have really minded if ORBS had continued their
practice of probing for open relays. I personally didn't feel that it was
ethical, but I don't believe it itself caused any major problems. My break
with ORBS occured when they started listing sites that were not confirmed
open relays. If ORBS was still a list of only confirmed open mail relays,
I'd probably filter on it right now. (While ethically opposed to the way the
data was gathered, I don't see any ethical problem with using it. Much like
some data that was collected by Nazi medical 'experiments'. While I
certainly don't condone the experiments, the means with which the evidence
was gathered isn't grounds to dismiss the evidence.)

        I think we've both made our positions clear, so I'm going to stop this
thread unless you say something unbelievably radical.

        DS



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault