Why the Open Relay Data Base lost its relevance

* Lessons learned from the ORDB

The Open Relay Data Base (ORDB) was started in 2001 as a means of combating spam. The database did what its name implies - it listed open relays on the Internet that could be used by spammers to send their stuff. However, the ORDB became increasingly less relevant over time as spammers migrated to using other techniques, most notably botnets, and as work on maintaining the ORDB waned. The ORDB was taken offline in December 2006. (Compare antispam products)

However, on March 25 the ORDB began returning false positives for every IP address in its database – the change was made so that people who still had this blocklist in their database would update their configurations and remove it. The problem was easily addressed by updating the configuration to remove the call to the ORDB, but many users had their e-mail bounced until the problem was fixed.

There are some important lessons that can be learned from this experience:

* Real-time blocklists can provide value in helping to reduce the amount of spam that reaches end users. For example, the ORDB was very effective when open relays were a major problem.

* The ORDB became less relevant over time, largely because it did not morph into something more relevant that would keep up with new spammer tactics.

However, more telling was a notice on the ORDB, explaining why development of the ORDB did not continue – it read, “Our volunteer staff has been pre-occupied with other aspects of their lives.” If the ORDB had charged even modest fees, such as Spamhaus does, then it might have continued as an important tool in stopping spam. After all, if someone will pay you to provide a valuable service, you’re more likely to continue maintaining and updating that service. 

This is not a knock on those in the open-source community who provide valuable tools like Ubuntu, OpenOffice and a host of other great software. Instead, it’s merely an acknowledgement that people will spend more time on projects that make them lots of money and less time on projects that don’t.

Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022