The last vestiges of old-school spam techniques signed off today with the demise of the Open Relay Database (ORDB)

A sign of the times that spammers have gotten more sophisticated: The Open Relay Database (ORDB) has shut down after five and a half years of helping organizations -- including Apple, Pacific Gas & Electric, and Vodafone -- check for spammers using SMTP servers.

"The general consensus within the team is that open relay RBLs [real-time blackhole list] are no longer the most effective way of preventing spam from entering your network -- spammers have changed tactics in recent years, as has the anti-spam community," ORDB's developers said on the organization's Website today.

Spammers are increasingly relying on botnets of unsuspecting client machines -- rather than SMTP proxy servers -- to send their payload, so ORDB had basically outgrown its usefulness. "Most ISPs are blocking Port 25 [SMTP] now, so the spam is less likely to come from a rogue SMTP server, and more likely to come from an endpoint," says Dan Blum, senior vice president and research director at the Burton Group.

ORDB housed a blacklist of IP addresses of SMTP servers that were suspected of relaying spam. Organizations that accessed the list could either accept or block email from those IP addresses.

But that list hadn't grown much in the past year or two: According to ORDB data, the number of so-called "open relays" in the database had leveled off at about 225,000 over the past year or so.

Work on the database had been nominal recently, according to its developers. "It's been a case of a long goodbye, as very little work has gone into maintaining the ORDB for a while. Our volunteer staff has been preoccupied with other aspects of their lives," the post said.

"The biggest takeaway here is that this means the [spam] threats we're facing continue to be so very real-time. It's no longer an [IP address] you can identify and shut down in a day," says Ross Fubini, senior director of engineering for Symantec. "The rapid pace [with which] spammers are evolving their attacks is dramatic."

ORDB users should remove ORDB checks from their mailers and look for other spam filtering options, according to ORDB's developers, who recommend greylisting and content-based analysis with services like Spam Assassin, dspam, or bmf.

The nonprofit will shut down its Website on December 31.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights