Subject: Re: OT: orbz.org - help needed
To: None <netbsd-users@netbsd.org>
From: Shannon <shannon@widomaker.com>
List: netbsd-users
Date: 01/26/2002 18:37:52
On Sat, Jan 26, 2002 at 05:42:51PM +0100, ali (Anders Lindgren) wrote:

> complaints arrive to _you_. After all, the receiver can only reliably
> verify where they got the mail from, and that place will be your server
> (probably along with false claims about you being the sending user).

I don't think a proper header analysis will catch innocents. I've used
spamcop quite a bit and haven't seen it pick out an innocent mail
address or IP yet. It merely tracks the path the email took and seems to
do a good job. I wish it were an open project though, and had a few more
options, and was not a web application.

> > and a lot of normal mail.
> 
> I'm not sure if this is true. 

It blocks some email from people I know, and when I checked the servers
in question not all of them were open relays.  There are errors in
their databases.

It also penalizes a lot of people who cannot help being on a system that
isn't quite right. In some cases they have complained and nothing is
being done about it.

> If a large user-base notice that they can't send mail because their
> domain was black-listed, they tend to bug their system administrator
> to make it not black-listed, which in this case would necessarily mean
> closing down an open relay, which is a Good Thing(tm).

The problem is that so many open relays are in fact totally spam
supported and are in counties where shutting them down is difficult. The
amount of SPAM I get from US relays is down by a factor of 100 or more
in the last 5 years. However, the amount of SPAM I get is up orders of
magnitude more. The vast majority, even if advertising a US company,
comes from overseas now.  Your mileage of course will vary.

The problem with solutions like Orbz and RBL is that they must be
100% accurate or they cause you to lose email.  I spooled filtered
messages to a special folder for testing and there was just too much
legitimate email in there.  I can't afford to lose it.

It seems a hopeless battle at times.

> > the only way of controlling spam is to eliminate the source.
> 
> ..and for all the rest of the world knows, you will be the only reliably
> identifiable source of the spam. 

Are you sure about that?  Most SPAM headers are obfuscated, but in the
end the various MTAs have to leave their mark somewhere in the
headers.

> Forgive me for being pessimistic, but I've seen this over and over and
> over again. We can never get to the actual spammers unless we shut down
> every single open relay on earth first. Unless politicians get a clue
> and outlaw spam altogether, but I haven't seen any flying pigs lately
> in my own country at least.

Agreed... but because this isn't really the solution.  In fact, email
SPAM does less long-term damage than the rest of it.

My personal feeling about SPAM is that in reality, very little has
actually been done about it, especially by the people who really
could stop it.  And, as I said, it the situation is made worse
by the fact that we are spammed constantly, every single day,
in every single media form, by an out-of-control advertising industry.
It's going to be hard to stop SPAM in a world like this.

-- 
shannon@widomaker.com  _________________________________________________
______________________/ armchairrocketscientistgraffitiexenstentialist
 "And in billows of might swell the Saxons before her,-- Unite, oh
 unite!  Or the billows burst o'er her!" -- Downfall of the Gael