Alan Brown Story

Alan Brown took over ORBS.ORG after it was kicked out of Canada. Brown used ORBS for revenge against ISPs that he didn't like, even though they did not operate Open Relays. He then used the ORBS blacklist to block anyone who displeased him--reasons that frequently had nothing to do with spam. He was sued by two ISPs over false listings. He lost. ORBS was shutdown. Brown moved on to SPEWS and SORBS.NET.

In the late 1990's, it was discovered that ORBS and Osirusoft and some other Open Relay Blacklists were giving information to spammers or abusers.

Dean Anderson conducted tests by setting Cisco access-lists to log syn packets to port 25 in a large block of address space (130.105/16 and 198.3.136/21 and 199.128.172/21). Anderson has been associated with these blocks off and on since 1989. Then he setup non-production relays on previously unused addresses, and submited the "open relays" to different blacklists. The blacklist would scan the submitted IP address, perform its tests, and label the IP as "open relay". Without further scanning, the relay would begin getting abused. Somehow, abusers got the IP from the blacklist. This result was announced on spam-l.

A very interesting thing happened afterwards. Abuser began scanning the /24 (255 ip addresses) surrounding the "open relay" before conducting abuse. However, it was pointed out the 65000 IP addreses in a /16 (130.105.0.0) are not scanned. But if the relay is put on a separate /24, then one can still show that these lists were giving information out to abusers.

We noted that only open relay blacklists were scanning for open relays. How did abusers get this information? Of course, it could be the case that the blacklists are just "sloppy" with their information. Merely getting out to abusers doesn't mean they intended to help abusers.

But, we also found that the abuse of AV8 Internet open relays wasn't abused by commercial companies. No real products or services were being sold, or promoted. Sometime the text was amusing: Requests for Warp Drive Engine repair quotes and such amusing nonsense. The abuse sometimes looked commercial, but a careful investigation always led to a dead end: No real product, no real service. Nothing. No commercial value whatsover. This is when we began paying more attention to talk of "mailbombing" by anti-spammers. What is mailbombing? Well, its pretty hard to distinguish from spam. Ordinary people might still consider it spam. So, in that sense, the anti-spammers conducting mailbombing are in fact, spammers.

And then another funny thing happened. In August 2003, most of the Open Relay blacklists shutdownOpen Relay Blacklists shutdown. See also Monkeys.com shutdown When the Osirusoft blacklist shutdown, it did so "impolitely", by blocking all email everywhere. This revealed rather quickly who had been sucked in. For example, all email to the FTC was blocked for a day. Monkeys.com also impolitely blacklisted the world Then, open relay abuse dropped off to nearly nothing. One would think that if commercial emailer's were using open relays, then they would need to start scanning for open relays. No such source appeared. Until recently, in 2005. SORBS started scanning. I don't think we have ever been scanned by SORBS previously. In March 2005, after not having observed even a potential abuse for a year, we had a rash of abuse from an ISP in China called chinanet.cn.net and an ISP in Uraguay called Anteldata Uruguay. Interesting. Nearly all of this abuse was blocked by our relay monitoring software. We queued hundreds of megs of email, which had to be deleted.

So, I think we can now confidently conclude that Open Relay Blacklists are responsible for Open Relay abuse.

Of course, they call it mailbombing The rest of us call it spam. Mostly, people don't really care too much that it has no commercial value. Well, if we are trying to figure out who is responsible and how to fix the problem, we do.

So then another interesting thing happened: A book was published called Spam Kings. It detailed a sordid history of spammers and anti-spammers working together sometimes, and working to screw each other at other times. Two of SPEWS operators worked for a spammer, making sure that spam wouldn't be blocked. Then they went back to SPEWS, where they were accepted back. And then they worked for the spammer again. And back to SPEWS. Quite the soap opera. But it definitely shows the character of the so called "anti-spammers". Really, it is just about extorting money from whomever they can get it from.

So another interesting thing happened during this time: The CAN-SPAM act was passed. The CAN-SPAM act essentially legalized spam so long as some rules were followed. Commercial emailers jumped on pretty fast. But then, CAN-SPAM is essentially the same as the IEMCC proposal made in the mid 1990's, but Sanford Wallace's Cyberpromo and AGIS, an ISP for regulating spam. So of course the commercial emailers support it. A feature in the IEMCC proposal that is missing from CAN-SPAM is a header identifying spam as spam for easy filtering. One would think anti-spammers would've jumped right on that, problem solved. But led by Paul Vixie, they didn't. Well, that was a bad decision, but it isn't what I want to bring to attention. A project called SPF was proposed in 2004, and was rapidly adopted by commercial spammers. For a while, this gave us a label on genuine commercial spam. If it had an SPF record, it was probably spam. Well, a site that compares a hand-sorted corpus of about 60,000 messages per week with various blacklists and other tools, including SPF, found that only 6 percent of the total spam email was SPF. Assuming this is mostly genuine commercial email, there is a possibility that 94 percent of spam is actually non-commercial abuse, generated by mailbombers. Very interesting, indeed. Of course, this is an ceiling, and so the real percent is probably not quite that high, but it is probably much higher than previously thought. We have noticed that quite a bit of spam is non-compliant with CAN-SPAM, but it is hard to get numbers on exactly how much is genuinely commercial and how much is mailbombing.

News and comments on Alan Brown Defamation cases

Some Email showing Brown lying and defaming people