Paid Advertising
web application security lab

Open Relay Database Is Shutting Down

This link probably won’t work in another week or so, but according to their website the open relay database is shutting down. This is an interesting turn of events. Their reasoning is that people who are running it have found other things to do and that the spammers have changed tactics. There may be some logic fallacy here, let’s think about this for a second.

First of all one of the reasons spammers changed tactics was because it was no longer as effective as it was before. That was due in large part to companies getting on blacklists because they had open relays that they didn’t even know about. So the problem was sort of fixing itself, leaving the spammers with fewer and fewer relays. That did, in fact, make the spammers change tactics. That doesn’t mean that the problem will stay fixed though. Let’s think about how companies use ORDB: when a mail is sent the server does a DNS lookup against with the IP prepended to it, if it comes back as a positive, it means the host is a relay and it shouldn’t send the email.

Now that the open relay database is gone, there are a few funky things that could happen. 1) You could see a delay in processing time with a lot of mail servers that rely on the ORDB domain being up to check their blacklist. Since the server is no longer up, and the DNS entries are going away the lookup will have to fail before it works. Postmasters, it’s time to upgrade. 2) You may start seeing a sharp rise in the amount of relays out in the world, allowing the spammers to move back to their old tactics. 3) The ORDB guys “recommend a combination involving greylisting and content-based analysis (such as the dspam project, bmf or Spam Assassin).” Until that happens you may also see an increase in spam while the postmasters upgrade their systems.

Yes, the ORDB was sort of outdated technology, but that doesn’t mean it wasn’t needed. However, only time will tell what the full impact will be.

2 Responses to “Open Relay Database Is Shutting Down”

  1. Zeeshan Muhammad Says:

    They will be greatly missed, I use to make checks via on many of our systems, including on client’s mail servers.

    Thank you for all your hardwork and may you enjoy 2007 with a little less spam :-)

  2. Jimi Says: provide the same functionality