Open Relay Behavior-modification System

Last updated December 04, 2022

Open Relay Behavior-modification System (ORBS), created and run by Alan Brown in New Zealand, was one of the first DNS-based Blackhole Lists (DNSBL), a means by which an internet domain may publish a list of IP addresses, in a database which can be easily queried automatically by other computer programs on the Internet. The ORBS list was used to blacklist IP addresses that were open mail relays, third-party mail servers through which spammers can relay their messages and thus attempt to obfuscate the source of the spam.^[1]

Controversy

The ORBS list was controversial for a number of reasons. Many people felt that the methods ORBS employed to scan^{[ citation needed ]} the Internet for open mail servers could be abusive. ORBS used probes to test for open relays without permission, sometimes over and over again. Some claimed that testing of their networks continued even after they asked ORBS to stop, others claimed that relayed spam didn't stop either. In some cases the tests interfered with mail servers, causing delays, especially when those servers were assigned hundreds of IP addresses.

Related to the testing regime, which was excessive in the eyes of a number of email administrators, Brown's policy of adding servers he was unable to test to the list, whether or not they were actually open relays, was also a matter of dispute.^[1] Another complaint was that open relays that had never sent spam^{[ citation needed ]} were listed without notice. False listings on ORBS were also alleged, particularly when Brown was engaged in legal or other dispute against the listed party ^[2]

A website was created in 2001 by Brad Baker called stoporbs.org, to offer assistance to other^{[ citation needed ]} mail administrators who had been listed on the ORBS blacklist for reasons other than open relays. Many administrators felt that by listing servers for other than the reasons advertised (open relays), the list was not reliable for the supposed purpose.

Lawsuits

ORBS was created and run by Alan Brown in New Zealand. It was shut down in 2001 due to Brown's health and money issues and two lawsuits brought by companies listed on ORBS, Xtra and Actrix, which he had refused to remove.^[3] The companies were listed by ORBS because they blocked its probes^[1] and they kept relaying spam. Brown was forced to sell his Internet service provider, Manawatu Internet Services, to cover expenses, and to state that the companies had been listed inappropriately.^[3]

Brown also had a defamation lawsuit brought against him, O'Brien v Brown. The court ruled that Brown made defamatory comments about Patrick O'Brien, CEO of Domainz, which is the .nz domain registrar. The comments were made in the Domainz discussion group. When Brown was offered a chance to apologize, he made additional defamatory comments. Following O'Brien's victory and the awarding of $42,000 to him, Brown claimed that his net worth was only $500, which he said is why he did not have a lawyer^[4]

Aftermath

Several groups had cached the lists, retested the open relays, and replaced ORBS. Running an open relay became even a bigger problem than before. DNSBLs listing open relays got so effective that spammers shifted to insecure proxy servers.

The Internet Society of New Zealand council seats (and subsequently the Domainz board) were filled by "rebel" members in elections in July 2000.^[5] O'Brien departed to run Singapore's Internet registry.^[5]

Related Research Articles

<span class="mw-page-title-main">Open mail relay</span>

An open mail relay is a Simple Mail Transfer Protocol (SMTP) server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users. This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular because of their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.

The Spam Prevention Early Warning System (SPEWS) was an anonymous service which maintained a list of IP address ranges belonging to Internet service providers (ISPs) which host spammers and show little action to prevent their abuse of other networks' resources. It could be used by Internet sites as an additional source of information about the senders of unsolicited bulk email, better known as spam.

A Domain Name System blocklist, Domain Name System-based blackhole list, Domain Name System blacklist (DNSBL) or real-time blackhole list (RBL) is a service for operation of mail servers to perform a check via a Domain Name System (DNS) query whether a sending host's IP address is blacklisted for email spam. Most mail server software can be configured to check such lists, typically rejecting or flagging messages from such sites.

A tarpit is a service on a computer system that purposely delays incoming connections. The technique was developed as a defense against a computer worm, and the idea is that network abuses such as spamming or broad scanning are less effective, and therefore less attractive, if they take too long. The concept is analogous with a tar pit, in which animals can get bogged down and slowly sink under the surface, like in a swamp.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by e-mail

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming).

The Distributed Sender Blackhole List was a Domain Name System-based Blackhole List that listed IP addresses of insecure e-mail hosts. DSBL could be used by server administrators to tag or block e-mail messages that came from insecure servers, which is often spam.

An open proxy is a type of proxy server that is accessible by any Internet user.

The Spamhaus Project is an international organisation based in the Principality of Andorra, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford to refer to an internet service provider, or other firm, which spams or knowingly provides service to spammers.

SORBS is a list of e-mail servers suspected of sending or relaying spam. It has been augmented with complementary lists that include various other classes of hosts, allowing for customized email rejection by its users.

Xtra was a brand used by New Zealand telecommunications provider Spark for its Internet service provider subsidiary from 1996 to 2008. At its inception, Xtra provided only dial-up Internet access, but began providing ADSL service in 1999.

The Abusive Hosts Blocking List (AHBL) was an internet abuse tracking and filtering system developed by The Summit Open Source Development Group, and based on the original Summit Blocking List (2000–2002). Its DNSBLs were shut down on Jan 1, 2015 and now appear to be blacklisting the entire Internet.

Context filtering is an anti-spam / mail policy method that does not deal with the contents of the mail but rather uses the context of the SMTP connection to decide whether a mail will be accepted or not.

A challenge–response system is a type of spam filter that automatically sends a reply with a challenge to the (alleged) sender of an incoming e-mail. It was originally designed in 1997 by Stan Weatherby, and was called Email Verification. In this reply, the purported sender is asked to perform some action to assure delivery of the original message, which would otherwise not be delivered. The action to perform typically takes relatively little effort to do once, but great effort to perform in large numbers. This effectively filters out spammers. Challenge–response systems only need to send challenges to unknown senders. Senders that have previously performed the challenging action, or who have previously been sent e-mail(s) to, would be automatically whitelisted.

In networking, a black hole refers to a place in the network where incoming or outgoing traffic is silently discarded, without informing the source that the data did not reach its intended recipient.

SURBL is a collection of URI DNSBL lists of Uniform Resource Identifier (URI) hosts, typically web site domains, that appear in unsolicited messages. SURBL can be used to search incoming e-mail message bodies for spam payload links to help evaluate whether the messages are unsolicited. For example, if http://www.example.com is listed, then e-mail messages with a message body containing this URI may be classified as unsolicited. URI DNSBLs differ from prior DNSBLs, which commonly list mail sending IP addresses. SURBL is a specific instance of the general URI DNSBL list type.

Not Just Another Bogus List (NJABL) was a DNS blacklist.

The Mail Abuse Prevention System (MAPS) is an organization that provides anti-spam support by maintaining a DNSBL. They provide five black lists, categorising why an address or an IP block is listed:

A Dial-up/Dynamic User List (DUL) is a type of DNSBL which contains the IP addresses an ISP assigns to its customer on a temporary basis, often using DHCP or similar protocols. Dynamically assigned IP addresses are contrasted with static IP addresses which do not change once they have been allocated by the service provider.

Since Internet users and system administrators have deployed a vast array of techniques to block, filter, or otherwise banish spam from users' mailboxes and almost all Internet service providers forbid the use of their services to send spam or to operate spam-support services, special techniques are employed to deliver spam emails. Both commercial firms and volunteers run subscriber services dedicated to blocking or filtering spam.

References

1 2 3 Cave, Damien (2001-06-08). "A spam cop goes AWOL". Salon.com. Archived from the original on 2015-03-23. Retrieved 2020-02-24.
↑ Foreman, Michael (29 May 2001). "Court forces ORBS to remove Xtra e-mail from blacklist". The New Zealand Herald . Retrieved 1 November 2011.
1 2 McCarthy, Kieren (2001-06-05). "ORBS' death: Alan Brown replies". The Register . Archived from the original on 2017-08-10. Retrieved 2020-02-24.
↑ "Brown, O'Brien and Domainz (NZ, 2001)". Caslon Analytics. Archived from the original on 2006-12-06. Retrieved 2020-02-24.
1 2 "O'Brien vs Brown". Radio New Zealand. Archived from the original on 2007-09-29. Retrieved 2020-02-24.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[awol-1] 1 2 3 Cave, Damien (2001-06-08). "A spam cop goes AWOL". Salon.com. Archived from the original on 2015-03-23. Retrieved 2020-02-24.

[NZ_Herald_191406-2] Foreman, Michael (29 May 2001). "Court forces ORBS to remove Xtra e-mail from blacklist". The New Zealand Herald . Retrieved 1 November 2011.

[reply-3] 1 2 McCarthy, Kieren (2001-06-05). "ORBS' death: Alan Brown replies". The Register . Archived from the original on 2017-08-10. Retrieved 2020-02-24.

[4] "Brown, O'Brien and Domainz (NZ, 2001)". Caslon Analytics. Archived from the original on 2006-12-06. Retrieved 2020-02-24.

[RadioNZ-5] 1 2 "O'Brien vs Brown". Radio New Zealand. Archived from the original on 2007-09-29. Retrieved 2020-02-24.

[1]

[2]

[3]

[4]

[5]