SCN: ORBS

[Steve]

x-no-archive: yes

==========================


(Damien Cave, Salon)---Spam fighters all over the world have lost a 
controversial weapon in the battle against unsolicited e-mail. Since 
June 1, the Web site for ORBS -- the Open Relay Behavior 
Modification System -- has been gutted. Visitors to the site now find 
nothing more than a gray blank page and a simple message: "Due 
to circumstances beyond our control, the ORBS website is no longer 
available."  

ORBS's main service was a blacklist of Internet mail servers -- 
computers capable of routing mail across the Net -- that the ORBS 
administrator, Alan Brown, had identified as potentially capable of 
forwarding spam. Now that blacklist is no longer available to 
network administrators, and they want to know why. One popular 
theory mooted on the Net is that Brown closed down the site rather 
than comply with a New Zealand court order demanding that he 
remove two specific ISPs from the blacklist. But Brown, who lives in 
New Zealand, is keeping silent. "I am unable to answer any of your 
questions," he writes in an e-mail. "Sorry."  

Even without an explanation, the demise of ORBS is significant, 
stirring up, once again, an ongoing worldwide debate over how best 
to administer the Internet and mediate the Net's intersection of 
humanity and technology. Questions about ORBS's behavior always 
centered on the problem of how to handle e-mail abuse. But more 
generally, ORBS symbolized the ongoing struggle between the 
Net's tendency to encourage individual freedom and the necessity 
of combating anarchy.  

Ever since the Net moved beyond its roots as a small, open, 
academic community, users have attempted to balance opposing 
forces. Most favor the right to speak out, along with the right to 
privacy; they rail against censorship, but at the same time 
desperately seek the ability to censor unsolicited e-mail by limiting 
spammers' access to their networks.  

ORBS supporters say the blacklist was a fully justified form of 
preventive medicine. Brown saw his mission as identifying every 
mail server on the Net that allowed "open relays" -- in essence, that 
permitted the forwarding of mail from one point on the Net to another 
without any restriction. Spammers love open relays; they employ 
them to hide their identities and funnel out massive amounts of e-
mail for free. But at the same time the open relays bog down the 
system for other customers.  

Brown used simple software agents and diagnostic probes to comb 
the Internet, looking for mail servers configured for open relaying. 
Whenever he found one, Brown would post the Internet protocol (IP) 
address on his list -- even if the address had never been used by a 
spammer. ISPs, systems administrators and everyday citizens who 
configured their computers to block addresses listed on ORBS could 
then close off a spammer's favorite distribution tool even before the 
spammer knew it existed.  

More controversial, Brown also placed on his list servers that 
blocked his probes, whether or not he could ascertain if they had 
open relays. ORBS supporters say such a policy was the only way 
to keep a flood of open-relay-capable servers from pumping spam 
across the Net. The end, they argue, justified the means.  

The immediate impact of the ORBS shutdown could mean more 
spam, says Michael LeFevre, a London technology company 
executive. "I've received four spams since ORBS went down last 
week," he says. "I only received two or three previous to that this 
year."  

But not everyone is sorry to see the site go. ORBS has plenty of 
critics. ORBS wasn't just a useful technology, they say; it was also 
a tool used by a specific person, Alan Brown, an overzealous spam 
fighter who went too far. ORBS's own ISP pulled the plug on Brown 
in 1998 after receiving complaints about the way that Brown used 
probes to test servers for open relays. Although another ISP agreed 
to host ORBS soon afterward, Brown's detractors say that he never 
learned his lesson: He repeatedly insisted that he had the right to 
test servers as often as he wanted.  

"Alan Brown created some nice technology -- nobody faults him on 
that point," says Tom Geller, founder of Suespammers.org, a 
nonprofit group that lobbies for strict spam legislation. "But he used 
it in an irresponsible way, invading others' private networks and 
using others' resources against their stated wishes." He became a 
living contradiction -- a man who, says Geller, "used others' network 
resources to prove that it's wrong to use others' network resources." 
 

Before the scourge of spam, the Net was a less contentious place. 
Until the early '90s, open relays were not uncommon. In fact, they 
were the norm.  

"I remember when you'd get funny looks for running a mail server 
that wasn't an open relay," says "Der Mouse," a Canadian spam-
fighting veteran who refused to give his off-line name. "I remember 
when there was a machine on the Net that was advertised as having 
no password on its administrative log-in. Want a guest log-in? Log 
in and create yourself one. I remember when the Net was a friendly 
and civilized place."  

"Today it is more of an armed camp, suspicious of everyone," he 
continues in an e-mail. "The Net I knew and loved is dead, killed by 
uncivilized greedy incompetents who came barging in, without 
caring that when you barge into a foreign culture it behooves you to 
learn how they do things. This would not have been a problem, 
except that they arrived in sufficient numbers to overload the 
mechanisms that normally would have either brought newcomers up 
to speed on the culture or rejected them; as a result they killed off 
the culture we had, the only culture I've ever seen work based on 
mutual friendship and helpfulness on a large scale."  

Spam signified the death of the original Net culture, Der Mouse and 
others argue. By the mid-'90s, systems administrators started 
fighting it by closing off open relays. Shutting the pipes made it 
harder for, say, employees of a company to log on to their corporate 
network from home, but by limiting who could use the network, 
closed relays also kept spammers out. This, in turn, saved 
companies and individuals money, since open relays essentially let 
anyone borrow servers and bandwidth without having to pay for 
them.  

But some network administrators moved slower than others. So 
ORBS appeared, with a mission to move them along. At first, most 
people on the Net welcomed the service. Open relays were 
sometimes hard to find, and ORBS worked more quickly than other 
spam-fighting lists. The Mail Abuse Prevention System's Realtime 
Blackhole List, for example, acts like an after-the-fact plug. Its main 
list contains domain names that spam has already been sent from, 
and MAPS only adds servers to its list after the system 
administrator of the offending mail server has been given a chance 
to close the hole but hasn't done it.  

ORBS, on the other hand, "tested relays and listed them 
immediately," says William James, a computer consultant in 
Mississippi. "No negotiation, no notice. It was fast. Someone 
running an open relay ran the risk of losing a substantial amount of 
traffic without any notice."  

Over time, however, Brown's pace and intensity started alienating 
the very people who sympathized with his cause. John Oliver, a 
systems administrator in San Diego, remembers butting heads with 
Brown in early 1999. ORBS probes invaded his servers and tested 
them for 45 minutes, over and over again. The probes returned and 
retested a few days or weeks later, "as often and as frequently as 
they saw fit," Oliver says.  

Each day that the tests ran, Oliver's server logs lengthened. He 
received pages and pages of server activity that directly resulted 
from Brown's tests. "It was annoying because since I wasn't running 
an open relay, it was wasting my time," he says. "And, of course, I 
didn't appreciate the implicit accusation that I was an irresponsible 
admin."  

Brown regularly tested servers without any evidence of wrongdoing, 
says Der Mouse. "Let me be precise: He repeatedly 'tested' my 
home mail server, and if he had any reason to think it had ever 
relayed spam, he steadfastly refused to produce it," he says. "He 
also repeatedly did so after I explicitly denied him permission to do 
so."  

MAPS also had a run-in with ORBS. In 1999, MAPS listed ORBS on 
its Realtime Blackhole List, in response to several complaints about 
the way that ORBS was supposedly abusing networks. The group 
removed ORBS and stopped blocking it from its own servers three 
months later, but not before ORBS threw MAPS into its own black 
hole. Even Suespammers.org found itself blocked over a dispute 
with ORBS. Until the day the list died, spam fighters who used 
Brown's list couldn't access the Suespammers site, a major 
resource that might have helped them in their war on unsolicited e-
mail.  

"Alan's problem is that he was so convinced that testing was 
necessary that he felt that anyone who didn't want him testing their 
systems, as often as he wanted to, was somehow just as bad as an 
actual open relay," says Peter Seebach, a systems administrator 
who subscribes to several spam-fighting mailing lists. "This is 
where I drew the line; without any spam coming through a system, 
and with the admin's request that he not test it, he had no business 
hitting systems over and over again. I don't see a meaningful 
distinction between what he did and what script kiddies do with root 
scripts" that attempt to break into a system.  

Is what ORBS did really so bad? In essence, ORBS was nothing 
more than a list of servers that Brown checked and decided to block 
from connecting with his network -- which is one suggested recipe 
for spam fighting. Doesn't Brown have the right to protect his 
network by blocking whomever he wants to? Doesn't he have the 
right to publish a list of whom he's blocking?  

People who rail against Brown are ignoring the implications of their 
argument, says "Afterburner," manager of the e-mail abuse 
department for a large ISP. ORBS may have been run "in a 
particularly unethical way," he says, but that doesn't mean that 
Brown should be silenced.  

Rather, everyone should have "the unfettered right to publish" a 
blacklist, regardless of how it is organized, he says. Probes don't 
damage a network, and "nobody is required to use your list if they 
don't want to," he says. "The situation is somewhat analogous to the 
idealized free market: If you put out a list that's worth using, people 
will use it. If you put out a list that is not worth using, people will not 
use it."  

But ORBS doesn't quite fit Afterburner's paraphrase of the libertarian 
ideal. The list was worth using; blocking the servers ORBS listed cut 
down on spam. Yet those who used the list as a tool against 
unwanted e-mail didn't necessarily have to pay the costs, which 
came in the form of ORBS's probes. In other words, Brown's 
approach looks a lot like a spammer's: He invaded others' networks 
without consent, offering benefits without costs.  

Even worse, critics argue, Brown went one step further, blocking 
servers that didn't have open relays, and adding them to a list that 
he knew would keep traffic from them. There is, for example, the Xtra 
Mail lawsuit in New Zealand, which Brown's critics say was a direct 
result of Brown's unethical practices.  

Essentially, Brown added Actrix and Xtra Mail's servers to his 
blacklist after they blocked his probes. He reportedly had no 
evidence that they used open relays. Actrix and Xtra Mail sued, and 
on May 24 they won. The New Zealand High Court ordered Brown to 
remove Xtra Mail's servers from the ORBS database.  

Brown then said that he would comply, but he remained unrepentant. 
"ORBS policy is that if you threaten ORBS you'll be manually 
listed," he said, according to a story in IDG New Zealand. "Telecom 
[Actrix and Xtra Mail's parent company] threatened me with legal 
action for two years."  

Those who have tangled with Brown aren't surprised at his stance. 
And they don't have a problem with his philosophy, or with his 
argument that he has a right to form a policy and block whomever he 
wants. They argue, however, that the policy has to be carried out 
with honesty.  

"The list wasn't what it was purported to be," says Oliver, of San 
Diego. "If you employ a list called the Open Relay Behavior 
Modification System to protect your server from spam, you expect 
that list to block open relays and nothing else. But that isn't what 
you got with ORBS. You got open relays blocked as well as anyone 
who had attracted the personal enmity of Mr. Brown."  

Ultimately, Oliver says, the Net should be glad to see ORBS go 
because it lacked the basic values of the old Internet -- truth, respect 
and freedom. "It's extremely dangerous to support the use of a tool 
when the cost for its use includes the loss of a liberty," he says.  

Still, many of Brown's critics argue that ORBS's technology 
shouldn't go to waste. The list is already mirrored on at least one 
site, and some predict that another administrator -- someone with a 
bit more restraint -- will clean it up and maintain it. If he or she does, 
perhaps that individual, and other technologists, will learn from 
Brown's mistakes, says Geller at Suespammers.org.  

"Any technical endeavor that ignores social aspects is doomed to 
failure," he says. "It's like making soup without liquid."  


Copyright 2001 Salon.com







* * * * * * * * * * * * * *  From the Listowner  * * * * * * * * * * * *
.	To unsubscribe from this list, send a message to:
majordomo at scn.org		In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * *     http://www.scn.org/volunteers/scn-l/     * * * * * * *