To filter or not to filter, that is the question now that one of the
Internet’s more popular blacklists, ORBZ, is out
One of three projects created in the wake of one of the first blacklists,
ORBS (a blacklist broken up after a court case in New Zealand), the ORBZ
demise has reopened the debate over methods to slow down the growing number
of spam found in people’s e-mail inboxes.
Bob Bevill, owner of Internet service provider (ISP) World Wide Online in
Arlington, Texas, was an ORBZ subscriber until Wednesday. In only one day’s
time, he said, the increase in spam has already become almost unmanageable
and can be likened to a denial of service (DoS) hack.
“We are now experiencing a huge flood of spam on our servers,” he
said. “Regular e-mail is now either being delayed, or cannot compete to
get access. I must regularly stop and restart sendmail because of the
number of sockets being consumed by spammers hosing up my system. I am
switching from ORBZ to Spamhaus.org today in the hope that this will clear
some of this up.”
It’s no better for ISPs, Web hosts and carriers around the nation, who are
all looking for ways to effectively deliver e-mails without bogging down
their customer’s e-mail boxes.
The issue is broken into two camps: those providers who say they have the
right to block spam at the network level (anti-spam) and those that believe
it’s the customers responsibility and right to determine what should or
shouldn’t be read (anti-anti-spam).
There are a host of content filtering software applications on the market
for customers to use, many which are standard fare with the national ISPs
and Webmail providers, notably EarthLink Inc.
William Walsh, owner of California-based WX Software services, providing
Web hosting and domain registration services, said programs used by Yahoo!
and EarthLink, as well as those provided by the open-source filtering
program at Exim.org, is how spam should be handled — at the customer level.
“ISPs shouldn’t be filtering their customer’s emails,” he said. “Customers
should have the option of deciding what email they want to receive. Many
ISPs feel that it’s their network and their right to make those decisions
for them. I feel that if you’re providing a communications service to
customers you have a responsibility to provide that to them, and give them
the tools to make their own choices.”
Some ISPs don’t look at it that way, saying customers sign up their service
over others specifically for their robust spam filtering service, putting
the entire issue out of their customer’s hands.
“My personal philosophy is it is my email address and I have the right to
allow or deny anyone I choose,” said Sheldon Koehler, owner of Ten Forward
Communications in Port Angeles, WA. “If spammers want to send me e-mail,
they can pay for my internet access. But I choose to block them and spam
is filtered. Spam and virus filtering are two of our most popular reason
people choose us as their Internet provider.”
But IP blocking outfits like ORBZ take the process too far, Walsh said, and
is one of the reasons he has advocated against blacklists for the past 10
years or so.
“Since (blacklist) organizations got started in the early 1990s, I’ve taken
huge exception to what I saw as the broadening of the goals of these
groups,” he said. “I’ve seen the more militant ones, like ORBS and until
recently ORBZ, taking the approach of actively scanning ports by randomly
going down the IP tree. As a network operator, I take real exception to
someone scanning my ports for any reason. I’ve always felt that if (the
blacklists) are actively scanning, they are crossing the line.”
The Open Relay Database (ORDB) was the last of the three blacklist projects
created in the wake of ORBS. According to one of the staff members there,
who chose to remain anonymous,
active scanning isn’t conducted there — only customer complaints will
prompt a test to determine whether a server is acting as an open relay.
“How is it that blacklist takes the choice away from ISP customers?” the
ORDB staffer said. “We provide a list for people to use, we do not force
them to do so in any way. Loads and loads of people use such lists for a
simple reason: they work.”
Anne Mitchell, director of legal and public affairs at the Mail Abuse
Prevention System, doesn’t understand where the complaint that ‘customers
want choice’ comes from, since every indication points to the fact that
customers don’t want spam, regardless of where it comes.
“Customers are the ones who are being hurt by the spam,” she said. “The
reality is there are more ISPs out there that don’t use a (blacklist) than
those that do. It’s a ridiculous assertion that shows the ineffectiveness
of the anti-anti-spam argument. It’s like saying ‘well, you should have
the right to get junk mail you don’t want.'”
According to MAPS figures, managing spam without a blocking mechanism in
place can eat up a provider’s bandwidth — bandwidth better spent
delivering “real” e-mail and Web surfing service — as well as employee
costs involved with dealing with addressing spam concerns to customers,
denial of service attacks, etc. Reports have shown that as much as $40,000
a month is spent at some larger organizations to combat spam.
Carl J. Gnadinger Jr., a network administrator at Louisville Telecom in
Kentucky, said spam was becoming an epidemic before the company switched
to a software solution, with junk e-mail accounting for almost 62 percent
of the e-mail coming through the network.
“From the very beginning, spam started as a headache and grew to epic
proportions quickly,” he said. “Finally it got to where we were spending
at least 30-40 man hours each week tracking that trash down and blocking
the IP’s at the firewall. Within the past several months, we brought
Postini Spam & Virus Filtering on line. I must say that it has helped
tremendously. Now, spam coming through the network has been reduced over 95