http://www.salon.com/tech/feature/2001/06/08/orbs/print.html # # A spam cop goes AWOL # # The ORBS blacklist, a controversial tool for stopping unsolicited # e-mail, is suddenly inaccessible. # # - - - - - - - - - - - - # # By Damien Cave # # June 8, 2001 | Spam fighters all over the world have lost a # controversial weapon in the battle against unsolicited e-mail. # Since June 1, the Web site for ORBS -- the Open Relay Behavior # Modification System -- has been gutted. Visitors to the site # now find nothing more than a gray blank page and a simple message: # "Due to circumstances beyond our control, the ORBS website is # no longer available." # # ORBS's main service was a blacklist of Internet mail servers # -- computers capable of routing mail across the Net -- that the # ORBS administrator, Alan Brown, had identified as potentially # capable of forwarding spam. Now that blacklist is no longer # available to network administrators, and they want to know why. # One popular theory mooted on the Net is that Brown closed down # the site rather than comply with a New Zealand court order # demanding that he remove two specific ISPs from the blacklist. # But Brown, who lives in New Zealand, is keeping silent. "I am # unable to answer any of your questions," he writes in an e-mail. # "Sorry." # # Even without an explanation, the demise of ORBS is significant, # stirring up, once again, an ongoing worldwide debate over how # best to administer the Internet and mediate the Net's intersection # of humanity and technology. Questions about ORBS's behavior always # centered on the problem of how to handle e-mail abuse. But more # generally, ORBS symbolized the ongoing struggle between the Net's # tendency to encourage individual freedom and the necessity of # combating anarchy. # # Ever since the Net moved beyond its roots as a small, open, # academic community, users have attempted to balance opposing # forces. Most favor the right to speak out, along with the right # to privacy; they rail against censorship, but at the same time # desperately seek the ability to censor unsolicited e-mail by # limiting spammers' access to their networks. # # ORBS supporters say the blacklist was a fully justified form # of preventive medicine. Brown saw his mission as identifying # every mail server on the Net that allowed "open relays" -- in # essence, that permitted the forwarding of mail from one point # on the Net to another without any restriction. Spammers love # open relays; they employ them to hide their identities and funnel # out massive amounts of e-mail for free. But at the same time # the open relays bog down the system for other customers. # # Brown used simple software agents and diagnostic probes to comb # the Internet, looking for mail servers configured for open # relaying. Whenever he found one, Brown would post the Internet # protocol (IP) address on his list -- even if the address had # never been used by a spammer. ISPs, systems administrators and # everyday citizens who configured their computers to block # addresses listed on ORBS could then close off a spammer's favorite # distribution tool even before the spammer knew it existed. # # More controversial, Brown also placed on his list servers that # blocked his probes, whether or not he could ascertain if they # had open relays. ORBS supporters say such a policy was the only # way to keep a flood of open-relay-capable servers from pumping # spam across the Net. The end, they argue, justified the means. # # The immediate impact of the ORBS shutdown could mean more spam, # says Michael LeFevre, a London technology company executive. # "I've received four spams since ORBS went down last week," he # says. "I only received two or three previous to that this year." # # But not everyone is sorry to see the site go. ORBS has plenty # of critics. ORBS wasn't just a useful technology, they say; it # was also a tool used by a specific person, Alan Brown, an # overzealous spam fighter who went too far. ORBS's own ISP pulled # the plug on Brown in 1998 after receiving complaints about the # way that Brown used probes to test servers for open relays. # Although another ISP agreed to host ORBS soon afterward, Brown's # detractors say that he never learned his lesson: He repeatedly # insisted that he had the right to test servers as often as he # wanted. # # "Alan Brown created some nice technology -- nobody faults him # on that point," says Tom Geller, founder of Suespammers.org, # a nonprofit group that lobbies for strict spam legislation. "But # he used it in an irresponsible way, invading others' private # networks and using others' resources against their stated wishes." # He became a living contradiction -- a man who, says Geller, "used # others' network resources to prove that it's wrong to use others' # network resources." # # Before the scourge of spam, the Net was a less contentious place. # Until the early '90s, open relays were not uncommon. In fact, # they were the norm. # # "I remember when you'd get funny looks for running a mail server # that wasn't an open relay," says "Der Mouse," a Canadian # spam-fighting veteran who refused to give his off-line name. # "I remember when there was a machine on the Net that was # advertised as having no password on its administrative log-in. # Want a guest log-in? Log in and create yourself one. I remember # when the Net was a friendly and civilized place." # # "Today it is more of an armed camp, suspicious of everyone," # he continues in an e-mail. "The Net I knew and loved is dead, # killed by uncivilized greedy incompetents who came barging in, # without caring that when you barge into a foreign culture it # behooves you to learn how they do things. This would not have # been a problem, except that they arrived in sufficient numbers # to overload the mechanisms that normally would have either brought # newcomers up to speed on the culture or rejected them; as a result # they killed off the culture we had, the only culture I've ever # seen work based on mutual friendship and helpfulness on a large # scale." # # Spam signified the death of the original Net culture, Der Mouse # and others argue. By the mid-'90s, systems administrators started # fighting it by closing off open relays. Shutting the pipes made # it harder for, say, employees of a company to log on to their # corporate network from home, but by limiting who could use the # network, closed relays also kept spammers out. This, in turn, # saved companies and individuals money, since open relays # essentially let anyone borrow servers and bandwidth without having # to pay for them. # # But some network administrators moved slower than others. So # ORBS appeared, with a mission to move them along. At first, most # people on the Net welcomed the service. Open relays were sometimes # hard to find, and ORBS worked more quickly than other # spam-fighting lists. The Mail Abuse Prevention System's Realtime # Blackhole List, for example, acts like an after-the-fact plug. # Its main list contains domain names that spam has already been # sent from, and MAPS only adds servers to its list after the system # administrator of the offending mail server has been given a chance # to close the hole but hasn't done it. # # ORBS, on the other hand, "tested relays and listed them # immediately," says William James, a computer consultant in # Mississippi. "No negotiation, no notice. It was fast. Someone # running an open relay ran the risk of losing a substantial amount # of traffic without any notice." # # Over time, however, Brown's pace and intensity started alienating # the very people who sympathized with his cause. John Oliver, # a systems administrator in San Diego, remembers butting heads # with Brown in early 1999. ORBS probes invaded his servers and # tested them for 45 minutes, over and over again. The probes # returned and retested a few days or weeks later, "as often and # as frequently as they saw fit," Oliver says. # # Each day that the tests ran, Oliver's server logs lengthened. # He received pages and pages of server activity that directly # resulted from Brown's tests. "It was annoying because since I # wasn't running an open relay, it was wasting my time," he says. # "And, of course, I didn't appreciate the implicit accusation # that I was an irresponsible admin." # # Brown regularly tested servers without any evidence of wrongdoing, # says Der Mouse. "Let me be precise: He repeatedly 'tested' my # home mail server, and if he had any reason to think it had ever # relayed spam, he steadfastly refused to produce it," he says. # "He also repeatedly did so after I explicitly denied him # permission to do so." # # MAPS also had a run-in with ORBS. In 1999, MAPS listed ORBS on # its Realtime Blackhole List, in response to several complaints # about the way that ORBS was supposedly abusing networks. The # group removed ORBS and stopped blocking it from its own servers # three months later, but not before ORBS threw MAPS into its own # black hole. Even Suespammers.org found itself blocked over a # dispute with ORBS. Until the day the list died, spam fighters # who used Brown's list couldn't access the Suespammers site, a # major resource that might have helped them in their war on # unsolicited e-mail. # # "Alan's problem is that he was so convinced that testing was # necessary that he felt that anyone who didn't want him testing # their systems, as often as he wanted to, was somehow just as # bad as an actual open relay," says Peter Seebach, a systems # administrator who subscribes to several spam-fighting mailing # lists. "This is where I drew the line; without any spam coming # through a system, and with the admin's request that he not test # it, he had no business hitting systems over and over again. I # don't see a meaningful distinction between what he did and what # script kiddies do with root scripts" that attempt to break into # a system. # # Is what ORBS did really so bad? In essence, ORBS was nothing # more than a list of servers that Brown checked and decided to # block from connecting with his network -- which is one suggested # recipe for spam fighting. Doesn't Brown have the right to protect # his network by blocking whomever he wants to? Doesn't he have # the right to publish a list of whom he's blocking? # # People who rail against Brown are ignoring the implications of # their argument, says "Afterburner," manager of the e-mail abuse # department for a large ISP. ORBS may have been run "in a # particularly unethical way," he says, but that doesn't mean that # Brown should be silenced. # # Rather, everyone should have "the unfettered right to publish" # a blacklist, regardless of how it is organized, he says. Probes # don't damage a network, and "nobody is required to use your list # if they don't want to," he says. "The situation is somewhat # analogous to the idealized free market: If you put out a list # that's worth using, people will use it. If you put out a list # that is not worth using, people will not use it." # # But ORBS doesn't quite fit Afterburner's paraphrase of the # libertarian ideal. The list was worth using; blocking the servers # ORBS listed cut down on spam. Yet those who used the list as # a tool against unwanted e-mail didn't necessarily have to pay # the costs, which came in the form of ORBS's probes. In other # words, Brown's approach looks a lot like a spammer's: He invaded # others' networks without consent, offering benefits without costs. # # Even worse, critics argue, Brown went one step further, blocking # servers that didn't have open relays, and adding them to a list # that he knew would keep traffic from them. There is, for example, # the Xtra Mail lawsuit in New Zealand, which Brown's critics say # was a direct result of Brown's unethical practices. # # Essentially, Brown added Actrix and Xtra Mail's servers to his # blacklist after they blocked his probes. He reportedly had no # evidence that they used open relays. Actrix and Xtra Mail sued, # and on May 24 they won. The New Zealand High Court ordered Brown # to remove Xtra Mail's servers from the ORBS database. # # Brown then said that he would comply, but he remained unrepentant. # "ORBS policy is that if you threaten ORBS you'll be manually # listed," he said, according to a story in IDG New Zealand. # "Telecom [Actrix and Xtra Mail's parent company] threatened me # with legal action for two years." # # Those who have tangled with Brown aren't surprised at his stance. # And they don't have a problem with his philosophy, or with his # argument that he has a right to form a policy and block whomever # he wants. They argue, however, that the policy has to be carried # out with honesty. # # "The list wasn't what it was purported to be," says Oliver, of # San Diego. "If you employ a list called the Open Relay Behavior # Modification System to protect your server from spam, you expect # that list to block open relays and nothing else. But that isn't # what you got with ORBS. You got open relays blocked as well as # anyone who had attracted the personal enmity of Mr. Brown." # # Ultimately, Oliver says, the Net should be glad to see ORBS go # because it lacked the basic values of the old Internet -- truth, # respect and freedom. "It's extremely dangerous to support the # use of a tool when the cost for its use includes the loss of # a liberty," he says. # # Still, many of Brown's critics argue that ORBS's technology # shouldn't go to waste. The list is already mirrored on at least # one site, and some predict that another administrator -- someone # with a bit more restraint -- will clean it up and maintain it. # If he or she does, perhaps that individual, and other # technologists, will learn from Brown's mistakes, says Geller # at Suespammers.org. # # "Any technical endeavor that ignores social aspects is doomed # to failure," he says. "It's like making soup without liquid."