Today the Open Relay Database (ORDB) announced that it will shut down by the end of the year. From the ORDB website:

"We regret to inform you that ORDB.org, at the ripe age of five and a half, is shutting down. It's been a case of a long goodbye as very little work has gone into maintaining ORDB for a while."

ORDB has been used to collect the IP addresses of so-called open SMTP relays - mail servers that allow people to send e-mails without prior authorization. Open SMTP relays have in the past been the major source of spam mail. System administrators used to use the ORDB database information to selectively block or pre-filter e-mail from known relays.

The nature of spam has changed substantially in the last few years however. Spammers now prefer to use P2P botnets that are controlled by Trojans like Spamthru. Secureworks analyzed Spamthru in October:

"SpamThru uses a custom P2P protocol in order to share information with other peers including the IP addresses and ports and software version of the control server, template servers, and all the peers they each know about. Control is still maintained by a central server, but in case the control server is shut down, the spammer can update the rest of the peers with the location of a new control server, as long as he/she controls at least one peer."

The SecureWorks team has since concluded that more than 73.000 PCs worldwide are controled by Spamthru.

Now anti-spam activists are thinking about beating the spammers with their own weapons. The idea: P2P tools are supposed to block spam better than solutions that rely on centrally maintained databases. Many users are having high hopes for the Okopipi project - a P2P anti-spam tool that is going to be based on Gnunet.

Okopipi is thought to be a P2P replacement for Bluefrog - a community-based, but centrally administered anti-spam project that was run by a company called Blue Security. Bluefrog shut down this May after being bombarded by a massive Denial of Service attack that also briefly knocked out Typepad.com and other websites.

The Okopipi development has stalled recently, but the developer promises to revive his effords early next year:

"I'm working on a prototype, but my work is almost at a standstill until (most likely) February. But by then I should have plenty of time for this work."



Tags: , , , , , , , , , , , , , , , ,