Fixing ORBS, and spam-proofing open relays.
Trei, Peter
ptrei at rsasecurity.com
Wed Jun 13 07:28:55 PDT 2001
Instead of bitching about ORBS (which certainly
behaves sub-optimally), I'd like to suggest that we
discuss how a 'better' spam blocklist could be
operated.
Who knows - maybe someone could set one up
to follow good practices. Under the right circumstances,
high-quality information can drive out bad.
[For the record, I'm not as exercised about email
spam as are many people - it takes me less time
each day to trash the electronic junk mail than it
does to sort out the paper kind, despite an internet
presence stretching back decades, and posting to both
mailing lists and Usenet with my real address. My
main objection to spam is that I don't want sexually
explicit email arriving in my 10 year old daughter's
inbox].
I'd like to suggest that if ORBS gave a little more
information about *why* a given site was listed,
and sites where thus able to implement their own
policies over what parts of the list to use,
then that would be a far more equitable situation.
For example, instead of just saying
'Don't accept mail from X.
...it gave a reason (here is a non-exhaustive list).
* X maintains an unlimited open relay.
* X blocks our attemps to check it.
* Spam has come from X in the last month.
* X maintains an open relay, but the the owner has
implemented spam throttling measures.
... then the system would be much more acceptable.
-------------------
BTW, I expect that it should be possible to spam-proof an
open relay, by tinkering very slightly with the protocol
implementation.
For example: if a server required a 10 second pause between
successive RCPT commands, then a message to a
single recipient would pass without problems, but a spammer
trying to send to many people would be blocked.
There are *many* other ways to tinker with the protocol
implementations which would let legitimate users send mail
without difficulty, using normal agents, but which would
make the spammers' life far more difficult.
Peter Trei
More information about the cypherpunks-legacy
mailing list