Members of the ISP-Tech list disagree about ORBZ. Was its scanning of networks worldwide a harmless and necessary act or was it tantamount to criminal activity?

[April 4, 2002]

On the ISP-Tech list in March, TM inquired,

"With the untimely departure of ORBZ, I would like to get everyone's opinion on DNS-based blacklists. Any thoughts?"

Before Battle Creek dropped its lawsuit, some respondents bemoaned the situation:

[MM offered] "I hope some of the big companies that used ORBZ back this guy. He provided a very useful service on the Internet that was in no way harmful to compliant mail servers. This will probably turn out to be another martyr case: once again someone is going to be strung up."

[HY agreed] "I find it ludicrous that spammers don't get prosecuted for stealing your bandwidth and other resources to do their dirt, but some bureaucrat thinks it's okay to prosecute someone who is spending their time and resources to stop spam."

[MT added] "If I was a tax payer in Battle Creek, I would be a bit pissed that my tax dollars didn't buy a new mail server, and are working instead to prosecuting a man who was just trying to help."

Others contended that there's a limit to the legality of such activities:

[DM explained] "Actually, from their perspective, they are trying to prosecute someone that took their entire mail server offline and halted all city government e-mail for over a day. I have been blacklisted by ORBZ even when my server was not an open relay: I feel no grief."

[WW added] "What he did was a criminal act. There is no law that says that mail servers have to be configured a certain way, and he had no legal authority to try to test or probe others' networks."

DS suggested that there may be a compromise solution:

"If we as want something like a blacklist, can we make some rules before testing and listing? What if an e-mail was sent out to postmaster@serverinquestion, stating, 'We have received reports of your server relaying. We would like to test your server within the next 24 hours. You may either reply and allow us to test, or we will add your domain to a list of untestable servers which some postmasters may use as a block list.' That gives the admin a chance to say they'd rather be listed, or to fix it. At least this way, he can clean up his act before his customers' mail starts bouncing."

Others found some holes in DS' idea:

[TM noted] "I agree that an e-mail should be sent out: it would make matters much better, and decrease the threat of legal action. Still, while I know most e-mail programs will set up an alias for the postmaster account, what if the account it is set for is either not checked or deleted?"

[RK added] "This also presumes that the sites in question can read the language the e-mail is written in, that they know what an open relay is, how to test their own server, and how to fix it. This also presumes that it is better to wait until the open relay is actually used to send spam than to seek them out and get them closed. Spammers are running probes 24x7 all over the Internet in attempts to find open relays, so I think waiting for them to get there first and reacting after the fact is no longer a viable strategy."

—End