A sign of the times that spammers have gotten more sophisticated: The Open Relay Database (ORDB) has shut down after five and a half years of helping organizations -- including Apple, Pacific Gas & Electric, and Vodafone -- check for spammers using SMTP servers.
"The general consensus within the team is that open relay RBLs [real-time blackhole list] are no longer the most effective way of preventing spam from entering your network -- spammers have changed tactics in recent years, as has the anti-spam community," ORDB's developers said on the organization's Website today.
Spammers are increasingly relying on botnets of unsuspecting client machines -- rather than SMTP proxy servers -- to send their payload, so ORDB had basically outgrown its usefulness. "Most ISPs are blocking Port 25 [SMTP] now, so the spam is less likely to come from a rogue SMTP server, and more likely to come from an endpoint," says Dan Blum, senior vice president and research director at the Burton Group.
ORDB housed a blacklist of IP addresses of SMTP servers that were suspected of relaying spam. Organizations that accessed the list could either accept or block email from those IP addresses.
But that list hadn't grown much in the past year or two: According to ORDB data, the number of so-called "open relays" in the database had leveled off at about 225,000 over the past year or so.
Work on the database had been nominal recently, according to its developers. "It's been a case of a long goodbye, as very little work has gone into maintaining the ORDB for a while. Our volunteer staff has been preoccupied with other aspects of their lives," the post said.
"The biggest takeaway here is that this means the [spam] threats we're facing continue to be so very real-time. It's no longer an [IP address] you can identify and shut down in a day," says Ross Fubini, senior director of engineering for Symantec. "The rapid pace [with which] spammers are evolving their attacks is dramatic."
ORDB users should remove ORDB checks from their mailers and look for other spam filtering options, according to ORDB's developers, who recommend greylisting and content-based analysis with services like Spam Assassin, dspam, or bmf.
The nonprofit will shut down its Website on December 31.
Kelly Jackson Higgins, Senior Editor, Dark Reading