Relays, Blacklists, and Laws (was: spam-tools?)
- Date: Mon, 18 Jun 2001 17:38:11 +0200 (MET DST)
Sabri Berisha sabri@localhost commented:
>> Port scanning is in violation of some telecommunication laws and even more
>ORBS did not portscan. ORBS has tested mailservers which have been
>nomitated by third parties who had reasons to think those servers were
I agree in general, though a case could be made for not even allowing
the mere probing of port 25 on a host that is not meant to receive
mail (say, if mail was received _from_ that host). Now, I think that
would be an utterly rigid and counterproductive position on the part
of the host owner, but rather than challenging laws making it illegal
to probe port 25 for relaying under any circumstances, I'd simply
refuse e-mail from any hosts covered by that jurisdiction. If they
absolutely don't want me to talk to their computers, I won't do that.
That includes absolutely not answering their computers calling us.
So far, my list of hosts that, for legal reasons, are off limits for
relay testing, is empty. If you know of an IP address range that
should be in this list, please let me know. It's an opt-in list. ;-)
>ORBS did not block you. Site administrators who choosed to use ORBS did.
Exactly. All communication is subject to the conditions of the
recipient. Even if ORBS' policy is flawed, it is the choice of
the recipients to decide whether to use ORBS or not. I could
decide to refuse e-mail from hosts with the letter Z in their
domain names if I like, and it's not up to any potential sender
of e-mail to sue anybody for providing an exhaustive list of
mail relays with the letter Z in their domain names.
>And as I said before; if ORBS did not granted you a 30 day period to fix
>your problems prior to fixing it; that's a *bad* thing and against their
My mail server was reported to ORBS once (due to an obscure relay
hole depending on UUCP !-path syntax). I don't recall receiving
an advance warning, but I was rather notified when it was already
listed as a relay. Checking their records, it looked as if they
had waited 30 days before notifying me, but I will not rule out
that the warning was sent but lost by us (yes, postmaster mail
goes directly to my mailbox). I could not find any evidence of
spam sent via our relay, either in ORBS records or in my own logs
at the time of the probe. I closed the relay hole, confirmed it
as closed to ORBS, and the listing was removed within a couple of
days. I never noticed any bounced mail due to our ORBS listing,
and I didn't consider it a major issue. I even thanked them for
notifying me at all, even though I thought they overdid it.
This was back in 1999, and I had more pressing things to do than
argue with ORBS over their notification procedures. Within a
month, the relaying server was taken out of operation anyway due
to it running a non-Y2K-compliant operating system version. We
have never used ORBS ourselves, and their sudden disappearance
recently showed it to be a good decision not to rely on them for
our e-mail security. We rely entirely on MAPS and local blocking
Now, I'm definitely concerned about MAPS being legally threatened
in the way that forced ORBS to give up, and I intend to block mail
from any ISP demonstrating a willingness to harass MAPS or others
who serve us. A legal injunction against MAPS to make them stop
listing a particular IP address, whether justified or not, is a
threat to our computer security, and I couldn't care less about
the opinion of a U.S. or N.Z. judge in this matter. It's as if
someone would sue our local security officers in order to be able
to move around unhindered on our premises at night; we obviously
wouldn't tolerate that from any outside party. We decide who gets
access to our resources; nobody else can decide that for us, ever.
If we have hired the wrong security guards, tell us, not them.
In this respect, the spammers demonstrate the same kind of attitude
as the masked vandals who went berserk in Gothenburg City during the
EU summit - blaming the duly appointed police officers for provoking
the disturbances by their mere presence. The police was there only
because we asked them to protect property and public order. Anybody
having trouble with that should come argue with us, not with them.
But instead, restaurants, shops and banks ended up being "spammed"
with pieces of pavement. That's way beyond RBL time.
Anders Andersson, Dept. of Computer Systems, Uppsala University
Paper Mail: Box 325, S-751 05 UPPSALA, Sweden
Phone: +46 18 4713170 EMail: andersa@localhost