A spam cop goes AWOL

The ORBS blacklist, a controversial tool for stopping unsolicited e-mail, is suddenly inaccessible.

Published June 8, 2001 7:37PM (EDT)

Spam fighters all over the world have lost a controversial weapon in the battle against unsolicited e-mail. Since June 1, the Web site for ORBS -- the Open Relay Behavior Modification System -- has been gutted. Visitors to the site now find nothing more than a gray blank page and a simple message: "Due to circumstances beyond our control, the ORBS website is no longer available."

ORBS's main service was a blacklist of Internet mail servers -- computers capable of routing mail across the Net -- that the ORBS administrator, Alan Brown, had identified as potentially capable of forwarding spam. Now that blacklist is no longer available to network administrators, and they want to know why. One popular theory mooted on the Net is that Brown closed down the site rather than comply with a New Zealand court order demanding that he remove two specific ISPs from the blacklist. But Brown, who lives in New Zealand, is keeping silent. "I am unable to answer any of your questions," he writes in an e-mail. "Sorry."

Even without an explanation, the demise of ORBS is significant, stirring up, once again, an ongoing worldwide debate over how best to administer the Internet and mediate the Net's intersection of humanity and technology. Questions about ORBS's behavior always centered on the problem of how to handle e-mail abuse. But more generally, ORBS symbolized the ongoing struggle between the Net's tendency to encourage individual freedom and the necessity of combating anarchy.

Ever since the Net moved beyond its roots as a small, open, academic community, users have attempted to balance opposing forces. Most favor the right to speak out, along with the right to privacy; they rail against censorship, but at the same time desperately seek the ability to censor unsolicited e-mail by limiting spammers' access to their networks.

ORBS supporters say the blacklist was a fully justified form of preventive medicine. Brown saw his mission as identifying every mail server on the Net that allowed "open relays" -- in essence, that permitted the forwarding of mail from one point on the Net to another without any restriction. Spammers love open relays; they employ them to hide their identities and funnel out massive amounts of e-mail for free. But at the same time the open relays bog down the system for other customers.

Brown used simple software agents and diagnostic probes to comb the Internet, looking for mail servers configured for open relaying. Whenever he found one, Brown would post the Internet protocol (IP) address on his list -- even if the address had never been used by a spammer. ISPs, systems administrators and everyday citizens who configured their computers to block addresses listed on ORBS could then close off a spammer's favorite distribution tool even before the spammer knew it existed.

More controversial, Brown also placed on his list servers that blocked his probes, whether or not he could ascertain if they had open relays. ORBS supporters say such a policy was the only way to keep a flood of open-relay-capable servers from pumping spam across the Net. The end, they argue, justified the means.

The immediate impact of the ORBS shutdown could mean more spam, says Michael LeFevre, a London technology company executive. "I've received four spams since ORBS went down last week," he says. "I only received two or three previous to that this year."

But not everyone is sorry to see the site go. ORBS has plenty of critics. ORBS wasn't just a useful technology, they say; it was also a tool used by a specific person, Alan Brown, an overzealous spam fighter who went too far. ORBS's own ISP pulled the plug on Brown in 1998 after receiving complaints about the way that Brown used probes to test servers for open relays. Although another ISP agreed to host ORBS soon afterward, Brown's detractors say that he never learned his lesson: He repeatedly insisted that he had the right to test servers as often as he wanted.

"Alan Brown created some nice technology -- nobody faults him on that point," says Tom Geller, founder of Suespammers.org, a nonprofit group that lobbies for strict spam legislation. "But he used it in an irresponsible way, invading others' private networks and using others' resources against their stated wishes." He became a living contradiction -- a man who, says Geller, "used others' network resources to prove that it's wrong to use others' network resources."

Before the scourge of spam, the Net was a less contentious place. Until the early '90s, open relays were not uncommon. In fact, they were the norm.

"I remember when you'd get funny looks for running a mail server that wasn't an open relay," says "Der Mouse," a Canadian spam-fighting veteran who refused to give his off-line name. "I remember when there was a machine on the Net that was advertised as having no password on its administrative log-in. Want a guest log-in? Log in and create yourself one. I remember when the Net was a friendly and civilized place."

"Today it is more of an armed camp, suspicious of everyone," he continues in an e-mail. "The Net I knew and loved is dead, killed by uncivilized greedy incompetents who came barging in, without caring that when you barge into a foreign culture it behooves you to learn how they do things. This would not have been a problem, except that they arrived in sufficient numbers to overload the mechanisms that normally would have either brought newcomers up to speed on the culture or rejected them; as a result they killed off the culture we had, the only culture I've ever seen work based on mutual friendship and helpfulness on a large scale."

Spam signified the death of the original Net culture, Der Mouse and others argue. By the mid-'90s, systems administrators started fighting it by closing off open relays. Shutting the pipes made it harder for, say, employees of a company to log on to their corporate network from home, but by limiting who could use the network, closed relays also kept spammers out. This, in turn, saved companies and individuals money, since open relays essentially let anyone borrow servers and bandwidth without having to pay for them.

But some network administrators moved slower than others. So ORBS appeared, with a mission to move them along. At first, most people on the Net welcomed the service. Open relays were sometimes hard to find, and ORBS worked more quickly than other spam-fighting lists. The Mail Abuse Prevention System's Realtime Blackhole List, for example, acts like an after-the-fact plug. Its main list contains domain names that spam has already been sent from, and MAPS only adds servers to its list after the system administrator of the offending mail server has been given a chance to close the hole but hasn't done it.

ORBS, on the other hand, "tested relays and listed them immediately," says William James, a computer consultant in Mississippi. "No negotiation, no notice. It was fast. Someone running an open relay ran the risk of losing a substantial amount of traffic without any notice."

Over time, however, Brown's pace and intensity started alienating the very people who sympathized with his cause. John Oliver, a systems administrator in San Diego, remembers butting heads with Brown in early 1999. ORBS probes invaded his servers and tested them for 45 minutes, over and over again. The probes returned and retested a few days or weeks later, "as often and as frequently as they saw fit," Oliver says.

Each day that the tests ran, Oliver's server logs lengthened. He received pages and pages of server activity that directly resulted from Brown's tests. "It was annoying because since I wasn't running an open relay, it was wasting my time," he says. "And, of course, I didn't appreciate the implicit accusation that I was an irresponsible admin."

Brown regularly tested servers without any evidence of wrongdoing, says Der Mouse. "Let me be precise: He repeatedly 'tested' my home mail server, and if he had any reason to think it had ever relayed spam, he steadfastly refused to produce it," he says. "He also repeatedly did so after I explicitly denied him permission to do so."

MAPS also had a run-in with ORBS. In 1999, MAPS listed ORBS on its Realtime Blackhole List, in response to several complaints about the way that ORBS was supposedly abusing networks. The group removed ORBS and stopped blocking it from its own servers three months later, but not before ORBS threw MAPS into its own black hole. Even Suespammers.org found itself blocked over a dispute with ORBS. Until the day the list died, spam fighters who used Brown's list couldn't access the Suespammers site, a major resource that might have helped them in their war on unsolicited e-mail.

"Alan's problem is that he was so convinced that testing was necessary that he felt that anyone who didn't want him testing their systems, as often as he wanted to, was somehow just as bad as an actual open relay," says Peter Seebach, a systems administrator who subscribes to several spam-fighting mailing lists. "This is where I drew the line; without any spam coming through a system, and with the admin's request that he not test it, he had no business hitting systems over and over again. I don't see a meaningful distinction between what he did and what script kiddies do with root scripts" that attempt to break into a system.

Is what ORBS did really so bad? In essence, ORBS was nothing more than a list of servers that Brown checked and decided to block from connecting with his network -- which is one suggested recipe for spam fighting. Doesn't Brown have the right to protect his network by blocking whomever he wants to? Doesn't he have the right to publish a list of whom he's blocking?

People who rail against Brown are ignoring the implications of their argument, says "Afterburner," manager of the e-mail abuse department for a large ISP. ORBS may have been run "in a particularly unethical way," he says, but that doesn't mean that Brown should be silenced.

Rather, everyone should have "the unfettered right to publish" a blacklist, regardless of how it is organized, he says. Probes don't damage a network, and "nobody is required to use your list if they don't want to," he says. "The situation is somewhat analogous to the idealized free market: If you put out a list that's worth using, people will use it. If you put out a list that is not worth using, people will not use it."

But ORBS doesn't quite fit Afterburner's paraphrase of the libertarian ideal. The list was worth using; blocking the servers ORBS listed cut down on spam. Yet those who used the list as a tool against unwanted e-mail didn't necessarily have to pay the costs, which came in the form of ORBS's probes. In other words, Brown's approach looks a lot like a spammer's: He invaded others' networks without consent, offering benefits without costs.

Even worse, critics argue, Brown went one step further, blocking servers that didn't have open relays, and adding them to a list that he knew would keep traffic from them. There is, for example, the Xtra Mail lawsuit in New Zealand, which Brown's critics say was a direct result of Brown's unethical practices.

Essentially, Brown added Actrix and Xtra Mail's servers to his blacklist after they blocked his probes. He reportedly had no evidence that they used open relays. Actrix and Xtra Mail sued, and on May 24 they won. The New Zealand High Court ordered Brown to remove Xtra Mail's servers from the ORBS database.

Brown then said that he would comply, but he remained unrepentant. "ORBS policy is that if you threaten ORBS you'll be manually listed," he said, according to a story in IDG New Zealand. "Telecom [Actrix and Xtra Mail's parent company] threatened me with legal action for two years."

Those who have tangled with Brown aren't surprised at his stance. And they don't have a problem with his philosophy, or with his argument that he has a right to form a policy and block whomever he wants. They argue, however, that the policy has to be carried out with honesty.

"The list wasn't what it was purported to be," says Oliver, of San Diego. "If you employ a list called the Open Relay Behavior Modification System to protect your server from spam, you expect that list to block open relays and nothing else. But that isn't what you got with ORBS. You got open relays blocked as well as anyone who had attracted the personal enmity of Mr. Brown."

Ultimately, Oliver says, the Net should be glad to see ORBS go because it lacked the basic values of the old Internet -- truth, respect and freedom. "It's extremely dangerous to support the use of a tool when the cost for its use includes the loss of a liberty," he says.

Still, many of Brown's critics argue that ORBS's technology shouldn't go to waste. The list is already mirrored on at least one site, and some predict that another administrator -- someone with a bit more restraint -- will clean it up and maintain it. If he or she does, perhaps that individual, and other technologists, will learn from Brown's mistakes, says Geller at Suespammers.org.

"Any technical endeavor that ignores social aspects is doomed to failure," he says. "It's like making soup without liquid."

By Damien Cave

Damien Cave is an associate editor at Rolling Stone and a contributing writer at Salon.

MORE FROM Damien Cave

Related Topics ------------------------------------------