Fixing ORBS, and spam-proofing open relays.

[Trei, Peter]

Instead of bitching about ORBS (which certainly 
behaves sub-optimally), I'd like to suggest that we 
discuss how a 'better' spam blocklist could  be 
operated.

Who knows - maybe someone could set one up 
to follow good practices. Under the right circumstances, 
high-quality information can drive out bad.

[For the record, I'm not as exercised about email 
spam as are many people - it takes me less time 
each day to trash the electronic junk mail than it 
does to sort out the paper kind, despite an internet 
presence stretching back decades, and posting to both
mailing lists and Usenet with my real address. My 
main objection to spam is that I don't want sexually 
explicit email arriving in my 10 year old daughter's 
inbox].

I'd like to suggest that if ORBS gave a little more 
information about *why* a given site was listed, 
and sites where thus able to implement their own 
policies over what parts of the list to use,
then that would be a far more equitable situation. 

For example, instead of just saying 

'Don't accept mail from X.

...it gave a reason (here is a non-exhaustive list).

* X maintains an unlimited open relay.
* X blocks our attemps to check it.
* Spam has come from X in the last month.
* X maintains an open relay, but the the owner has
   implemented spam throttling measures.

... then the system would be much more acceptable.


-------------------

BTW, I expect that it should be possible to spam-proof an
open relay, by tinkering very slightly with the protocol
implementation.

For example: if a server required a 10 second pause between
successive  RCPT commands, then a message to a
single recipient would pass without problems, but a spammer
trying to send to many people would be blocked.

There are *many* other ways to tinker with the protocol
implementations which would let legitimate users send mail
without difficulty, using normal agents, but which would
make the spammers' life far more difficult.

Peter Trei