Spam project pulls plug
Open-relay volunteer monitors hang it up
TechWorld.com - The antispam blacklist service The Open Relay Database (ORDB) has pulled the plug after five and a half years because of spammers' growing sophistication.
The ORDB was designed to deal with a technique in which spammers used SMTP proxy servers to flood the Internet with junk e-mail. The project distributed a blacklist of mail servers that allowed third-party -- or "open" -- relays and were thus liable to be used by spammers.
But the list had leveled off at around 225,000 over the past year, and updates had slowed to a crawl, according to the volunteer-run project. "It's been a case of a long goodbye, as very little work has gone into maintaining ORDB for a while," organizers said in a message this week on the project's Web site. "The general consensus within the team is that open relay RBLs [Real-time Blackhole Lists] are no longer the most effective way of preventing spam from entering your network."
The ORDB is essentially a victim of its own success. Five years ago, around 90% of spam was sent through open relays, and now the figure is less than 1%, as a result of blocking lists and Internet service providers disallowing third-party relay.
While the shift has stopped one type of spam distribution, it has also caused inconvenience for users, who were once able to use open relays to, for example, connect to mail servers from different locations. Spammers haven't been deterred and generally now rely on botnets, networks of compromised PCs, to send spam.
The project said users should remove ORDB checks from mailers immediately. As a replacement, the project recommended a combination of graylisting and content-based analysis, such as dspam, bmf or Spam Assassin.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts