Re: Administrative Overheads Arising from UCE
- Date: Wed, 17 Feb 1999 10:02:45 +0100 (MET)
> It doesn't look fair to me. Since they put one (open) relay automatically
> on the black list and of course they notify the hostmaster, it will be
> fair
> to check again from time to time if the problem was fixed
> Wrong:
> a) The *original* procedure was an automated search for open
> relays, but this was later changed to verification of reports
> about open relays; that's still the procedure.
> b) It's not ORBS's responsibility to verify that relays are no
> longer open: that's for the full 100% the responsibility of
> the administrators of that host.
> c) Anyone is free to use or not use ORBS.
there are a few problems with ORBS:
- they do NOT warn responsible people about the fact they are now blacklisted
- they do not take into account any signal/noise rationale
(can you really expect a very busy server never to pass anything
somebody might object to ?)
(zero tolerance is something for the law, not for the technical
implementation IMHO)
- they seem have a very bad open relay test,
even very well protected servers end op on it.
- they do not remove a blacklisted site after a given amount of time
- they are rather obscure, even this lists readers don;t seem to know
all where to find them.
result:
most (not open) relay servers of ISP's are on ORBS and it's nearly
impossible to keep it off, as soon as you have one of your thousands of
emails flagged by somebody as unwanted the ISP relay ends up on the
list without any warning.
my conclusion: using ORBS is IMHO not caring about false positives at all.
Any good technical implementation has to (IMHO)
- warn responsible persosns about the blacklisting (and also the "upstream"
resposible people, they can most often teach the needed stuff to the
downstream)
- keep into account number of mails passed on the server without problems
- decay away after a (short) while automatically (just in case the
warning got lost) [if it's still open it will be added aigain soon enough]
- have a 24/7 manned operation to get immediate removals
(yes, manned, so that you can call them)
- do some decent testing before blacklisting
- have a decent website associated with it at a stable URL
- have "sensors" all over the world to notice spam in progress and stop
it at that time, not afterwards.
of course that's going to take some funding, but it's the only right way imho.
SWA
--
--------- ____ -----
-------- / / / ___ ___ _/_ ------
------- /---- / / / / /___/ / -------
------ /____ /___/ / / /___ / --------
----- ---------
Swa Frantzen tel: +32 70 233909
Senior System Engineer fax: +32 70 233808
EUnet Belgium NV/SA http://www.Belgium.EU.net
Interleuvenlaan,5 B-3001 Leuven