Slashdot Mirror

1. Until I ask to be added -- don't contact me.
2. When I ask -- presume it was not me and e-mail me a confirmation request.
3. Only, when such a request comes back affirmative can you add me.

I have no problem any random Linux person sending me hate mail, junk mail, adding my email address to every list server out there, you name it -- that comes with the job, but I don't want my friends to have to deal with the same junk.

First, you should never trust Hotmail or any other large comercial email provider. Most of them will allow spam and even sell lists of users culled by interest groups to advertisers. I'm even told that some of them force you to look at spam while you are getting your mail and even attach spam to your actual message! No one should span their friends that way.

The best solution is to server your own mail and use the Real Time Blackhole List on your email server. That way, most of the garbage is thrown away. If you use the list on top of a secure and stable OS, the chances of your computer being used as a span cannon by third parties are much less. In this way, you can protect your users and the rest of the world from foul people.

Good Luck, Mr. Valentini! I'm sorry so many people people in your office hate each other and that you do not adequately protect your mail servers. Or was it you that sighned everyone up? Oops, it's evil Linux users that did that, sorry again. I'd never say anything without some kind of proof to back it up. Oh well, Debian and RTBHL will fix things up for you.

We may be better off working out our own solutions, but my computer-illiterate parents sure won't be. They can barely check their e-mail. Installing filtering software is definately beyond them.

They will benefit from our solution. Spam filtering is generally more effective at the ISP or infrastructure level. Take a look at the Mail Abuse Prevention System.

User-end solutions can even work for them if it is integrated into the mail reader. "Oh, look honey! AOL 9.0 (gag, puke) has a spam blocker!"

We need people working on the problem, but they need to be programmers and sysadmins, NOT polititians.

What if a law were devised that would not stop legitmate e-mail, but which would stop spam? Unlikely, you say?
...even if the possibility exists that it could block legitimate mail. We have to try.

What are you smoking? And can I have some? I never mentioned legitimate mail.

-

Actually, the Direct Marketing Association loves spam. They see that dead-tree mail is going the way of the dodo, and more communication every day is electronic. They see spam as a wonderful way to increase their reach and simultaneously lower their costs.

They're thinking long-term: in 25 years, they want to be able to legally send anything to anyone, ideally with little or no cost to themselves. Science fiction is replete with examples of this thinking: intelligent door agents or house-bots who spend (too) much of their time filtering what we've come to think of as spam (i.e. unsolicited electronic communication).

The DMA sees the Internet as a "push" medium, with themselves as the prime pusher. "We'll tell you what you need, and want," they say.

In summary, this is sadly not as much a no-brainer for Congress as you'd think or hope. The DMA has been throwing huge money at this problem for years, and will continue to do so. Don't trust Congress to do the Right Thing.

You can also use a mail.com free-for-life mail redriection service. They filter the mail through MAPS RBL This drasticaly cuts down how much spam you get, Im on 2 a week (albeit on a not well know account, but used to be on my webpage and USENET postings).

"Have a place to submit spam incidents, such as a web form. Then process them to look for patterns."

Have you ever tried to run more than a handful of LARTS through a web form? It's a nightmare. I have 1200 pieces of Broadwing.net spam that I need to LART tonight. I don't know how I'd LART all of them via a web form.

Patterns aren't something that the average Joe would pick up on anyhow. Few people noticed that recently more and more spam uses a spoofed From: in the form of BSUser@yourowndomain.tld. If they do want to look for patterns, they could easily view thousands of spam reports in news.admin.net-abuse.sightings. Numerous people post their spam to it.

Provide separate zones for blocking sources of spam, and blocking web sites and ISPs where spammers might be hosting a web page. Not everyone wants to block the latter; I only want to block the source of spam."

Many DNS blacklist authors do just this. MAPS is a good example. You have the DUL which lists dial-up IPs only. The RSS which lists known && abused open relays. The RBL contains ISPs that are known to harbor spammers or at least be neutral to their abuse and ignore abuse complaints. The RBL+ is a combination of those 3. All 4 of those are their own zones. SPEWS lists /24's from which spam originates. Occasionally they'll even list a whole provider that harbors spammers or spamware sites, repeated lies to people that mail abuse@, or are known to bit bucket abuse complaints. relays.osirusoft.com hosts many lists. Individual queries can be made to for any of the lists it hosts or you can transfer them all at once in a big zone file. relays.visi.com is the home of the RSL. It only lists open relays that have been abused, like the RSS and relays.osirusoft.com's base DNSbl. blackholes.2mbit.com is the home of the SBL (Summit Block List), not to be confused with the SBL (Spamhaus Block List) which is hosted by osirusoft. The Summit Block List contains abused open relays and hosts that have been directly involved in spamming. The Spamhaus Block List contains "known spammers, spam gangs, or spam support services" and is "by the same team that maintains the ROKSO database", a list of those spammers.

"Some anti-spammers are on a crusade to maximize collateral damage. I am not. I won't block a whole ISP because of a spammer unless that ISP is making it difficult to isolate and focus on the spammer."

In a small way I agree. I used to feel like you do now. I was very leary about blocking an entire ISP just because of the possibility of lossing legit mail. I quickly came to realize that blocking just a small piece of that ISP that's know to spam wasn't solving the problem. They'd just move elsewhere within that ISP.

"If they corner the spammer operation to a specific static subnet, I'll gladly block that, and I'd want to use a DNS blacklist that is equally focused."

This doesn't accomplish anything in the long term and little in the short term. Sure you block some spam from a spammer for a couple of weeks but they'll quickly figure that out and move to another block. If the ISP facilitates their move then they are supporting spammers. It's an all or nothing deal. You can't have your cake and eat it too.

Personally I block entire ISPs myself, in my personal access lists that are independant of group maintainted DNS blacklists, that are known to harbor spammers and ignore complaints. A perfect example of this is Broadwing.net. I have blacklisted every IP they have registered to them. That includes 3 /14's, a /24, and a /28. That's a lot of IPs. I have never seen anything but spam come directly from them. They harbor Alan Ralsky and many other well known spammers. They ignore spam complaints. They simply don't care. Whenever I LART their spam, I also LART their upstreams because I believe someone there will eventually notice. I know that no one at Broadwing will.

"Some of the anti-spammers are on the wrong crusade and not very many people will follow them."

This I have to strongly disagree with. I've been involved in protecting my resources from spam for some time now and have implemented many steps to prevent as much spam from entering my system as possible. I reject just under 1400 known spamming domains. I also reject all mail from a number of providers that harbor spammers as well. I utilize all the lists hosted by Osirusoft, relays.visi.com, blackholes.2mbit.com, and I'm in the process of resubscribing to the RSS and DUL. I even do some filtering on message content which has been incredibly successful. Last week I rejected almost 96,000 pieces of spam on one of my servers. That's pretty darn good. Of the 2400 users on this particular server, I've only had complaints from 3. 3 of them couldn't receive mail from a particular person on the 'Net that wsa being filtered by me. 1 was on an osirusoft list. 1 was attempting to send mail through their mailing list that's run by cybercon.com (a known spam supporter) and mail to subscribers on our end was bouncing. The other was a customer of a customer of Broadwing's. After explaining to them that we couldn't selectively allow mail to just them from the affected host and that we'd have to allow all mail to them unfiltered, they decided to suffer from more spam than miss out on their friend's email. One has changed his mind though. The rest seem to love it. The best advice I can say to you is to keep an open mind about these lists and what they do for us. Not every list is meant for all situations. I personally don't want to use the RBL. In the beginning I was leary about SPEWS. The rest I like. Join news.admin.net-abuse.email and keep up with some of the conversations of the anti-spammers that reside there. A plethora of information and insight can be had with them (I'm there too). good luck!

"Have a place to submit spam incidents, such as a web form. Then process them to look for patterns."

Have you ever tried to run more than a handful of LARTS through a web form? It's a nightmare. I have 1200 pieces of Broadwing.net spam that I need to LART tonight. I don't know how I'd LART all of them via a web form.

Patterns aren't something that the average Joe would pick up on anyhow. Few people noticed that recently more and more spam uses a spoofed From: in the form of BSUser@yourowndomain.tld. If they do want to look for patterns, they could easily view thousands of spam reports in news.admin.net-abuse.sightings. Numerous people post their spam to it.

Provide separate zones for blocking sources of spam, and blocking web sites and ISPs where spammers might be hosting a web page. Not everyone wants to block the latter; I only want to block the source of spam."

Many DNS blacklist authors do just this. MAPS is a good example. You have the DUL which lists dial-up IPs only. The RSS which lists known && abused open relays. The RBL contains ISPs that are known to harbor spammers or at least be neutral to their abuse and ignore abuse complaints. The RBL+ is a combination of those 3. All 4 of those are their own zones. SPEWS lists /24's from which spam originates. Occasionally they'll even list a whole provider that harbors spammers or spamware sites, repeated lies to people that mail abuse@, or are known to bit bucket abuse complaints. relays.osirusoft.com hosts many lists. Individual queries can be made to for any of the lists it hosts or you can transfer them all at once in a big zone file. relays.visi.com is the home of the RSL. It only lists open relays that have been abused, like the RSS and relays.osirusoft.com's base DNSbl. blackholes.2mbit.com is the home of the SBL (Summit Block List), not to be confused with the SBL (Spamhaus Block List) which is hosted by osirusoft. The Summit Block List contains abused open relays and hosts that have been directly involved in spamming. The Spamhaus Block List contains "known spammers, spam gangs, or spam support services" and is "by the same team that maintains the ROKSO database", a list of those spammers.

"Some anti-spammers are on a crusade to maximize collateral damage. I am not. I won't block a whole ISP because of a spammer unless that ISP is making it difficult to isolate and focus on the spammer."

In a small way I agree. I used to feel like you do now. I was very leary about blocking an entire ISP just because of the possibility of lossing legit mail. I quickly came to realize that blocking just a small piece of that ISP that's know to spam wasn't solving the problem. They'd just move elsewhere within that ISP.

"If they corner the spammer operation to a specific static subnet, I'll gladly block that, and I'd want to use a DNS blacklist that is equally focused."

This doesn't accomplish anything in the long term and little in the short term. Sure you block some spam from a spammer for a couple of weeks but they'll quickly figure that out and move to another block. If the ISP facilitates their move then they are supporting spammers. It's an all or nothing deal. You can't have your cake and eat it too.

Personally I block entire ISPs myself, in my personal access lists that are independant of group maintainted DNS blacklists, that are known to harbor spammers and ignore complaints. A perfect example of this is Broadwing.net. I have blacklisted every IP they have registered to them. That includes 3 /14's, a /24, and a /28. That's a lot of IPs. I have never seen anything but spam come directly from them. They harbor Alan Ralsky and many other well known spammers. They ignore spam complaints. They simply don't care. Whenever I LART their spam, I also LART their upstreams because I believe someone there will eventually notice. I know that no one at Broadwing will.

"Some of the anti-spammers are on the wrong crusade and not very many people will follow them."

This I have to strongly disagree with. I've been involved in protecting my resources from spam for some time now and have implemented many steps to prevent as much spam from entering my system as possible. I reject just under 1400 known spamming domains. I also reject all mail from a number of providers that harbor spammers as well. I utilize all the lists hosted by Osirusoft, relays.visi.com, blackholes.2mbit.com, and I'm in the process of resubscribing to the RSS and DUL. I even do some filtering on message content which has been incredibly successful. Last week I rejected almost 96,000 pieces of spam on one of my servers. That's pretty darn good. Of the 2400 users on this particular server, I've only had complaints from 3. 3 of them couldn't receive mail from a particular person on the 'Net that wsa being filtered by me. 1 was on an osirusoft list. 1 was attempting to send mail through their mailing list that's run by cybercon.com (a known spam supporter) and mail to subscribers on our end was bouncing. The other was a customer of a customer of Broadwing's. After explaining to them that we couldn't selectively allow mail to just them from the affected host and that we'd have to allow all mail to them unfiltered, they decided to suffer from more spam than miss out on their friend's email. One has changed his mind though. The rest seem to love it. The best advice I can say to you is to keep an open mind about these lists and what they do for us. Not every list is meant for all situations. I personally don't want to use the RBL. In the beginning I was leary about SPEWS. The rest I like. Join news.admin.net-abuse.email and keep up with some of the conversations of the anti-spammers that reside there. A plethora of information and insight can be had with them (I'm there too). good luck!

"Have a place to submit spam incidents, such as a web form. Then process them to look for patterns."

Have you ever tried to run more than a handful of LARTS through a web form? It's a nightmare. I have 1200 pieces of Broadwing.net spam that I need to LART tonight. I don't know how I'd LART all of them via a web form.

Patterns aren't something that the average Joe would pick up on anyhow. Few people noticed that recently more and more spam uses a spoofed From: in the form of BSUser@yourowndomain.tld. If they do want to look for patterns, they could easily view thousands of spam reports in news.admin.net-abuse.sightings. Numerous people post their spam to it.

Provide separate zones for blocking sources of spam, and blocking web sites and ISPs where spammers might be hosting a web page. Not everyone wants to block the latter; I only want to block the source of spam."

Many DNS blacklist authors do just this. MAPS is a good example. You have the DUL which lists dial-up IPs only. The RSS which lists known && abused open relays. The RBL contains ISPs that are known to harbor spammers or at least be neutral to their abuse and ignore abuse complaints. The RBL+ is a combination of those 3. All 4 of those are their own zones. SPEWS lists /24's from which spam originates. Occasionally they'll even list a whole provider that harbors spammers or spamware sites, repeated lies to people that mail abuse@, or are known to bit bucket abuse complaints. relays.osirusoft.com hosts many lists. Individual queries can be made to for any of the lists it hosts or you can transfer them all at once in a big zone file. relays.visi.com is the home of the RSL. It only lists open relays that have been abused, like the RSS and relays.osirusoft.com's base DNSbl. blackholes.2mbit.com is the home of the SBL (Summit Block List), not to be confused with the SBL (Spamhaus Block List) which is hosted by osirusoft. The Summit Block List contains abused open relays and hosts that have been directly involved in spamming. The Spamhaus Block List contains "known spammers, spam gangs, or spam support services" and is "by the same team that maintains the ROKSO database", a list of those spammers.

"Some anti-spammers are on a crusade to maximize collateral damage. I am not. I won't block a whole ISP because of a spammer unless that ISP is making it difficult to isolate and focus on the spammer."

In a small way I agree. I used to feel like you do now. I was very leary about blocking an entire ISP just because of the possibility of lossing legit mail. I quickly came to realize that blocking just a small piece of that ISP that's know to spam wasn't solving the problem. They'd just move elsewhere within that ISP.

"If they corner the spammer operation to a specific static subnet, I'll gladly block that, and I'd want to use a DNS blacklist that is equally focused."

This doesn't accomplish anything in the long term and little in the short term. Sure you block some spam from a spammer for a couple of weeks but they'll quickly figure that out and move to another block. If the ISP facilitates their move then they are supporting spammers. It's an all or nothing deal. You can't have your cake and eat it too.

Personally I block entire ISPs myself, in my personal access lists that are independant of group maintainted DNS blacklists, that are known to harbor spammers and ignore complaints. A perfect example of this is Broadwing.net. I have blacklisted every IP they have registered to them. That includes 3 /14's, a /24, and a /28. That's a lot of IPs. I have never seen anything but spam come directly from them. They harbor Alan Ralsky and many other well known spammers. They ignore spam complaints. They simply don't care. Whenever I LART their spam, I also LART their upstreams because I believe someone there will eventually notice. I know that no one at Broadwing will.

"Some of the anti-spammers are on the wrong crusade and not very many people will follow them."

This I have to strongly disagree with. I've been involved in protecting my resources from spam for some time now and have implemented many steps to prevent as much spam from entering my system as possible. I reject just under 1400 known spamming domains. I also reject all mail from a number of providers that harbor spammers as well. I utilize all the lists hosted by Osirusoft, relays.visi.com, blackholes.2mbit.com, and I'm in the process of resubscribing to the RSS and DUL. I even do some filtering on message content which has been incredibly successful. Last week I rejected almost 96,000 pieces of spam on one of my servers. That's pretty darn good. Of the 2400 users on this particular server, I've only had complaints from 3. 3 of them couldn't receive mail from a particular person on the 'Net that wsa being filtered by me. 1 was on an osirusoft list. 1 was attempting to send mail through their mailing list that's run by cybercon.com (a known spam supporter) and mail to subscribers on our end was bouncing. The other was a customer of a customer of Broadwing's. After explaining to them that we couldn't selectively allow mail to just them from the affected host and that we'd have to allow all mail to them unfiltered, they decided to suffer from more spam than miss out on their friend's email. One has changed his mind though. The rest seem to love it. The best advice I can say to you is to keep an open mind about these lists and what they do for us. Not every list is meant for all situations. I personally don't want to use the RBL. In the beginning I was leary about SPEWS. The rest I like. Join news.admin.net-abuse.email and keep up with some of the conversations of the anti-spammers that reside there. A plethora of information and insight can be had with them (I'm there too). good luck!

"Have a place to submit spam incidents, such as a web form. Then process them to look for patterns."

Have you ever tried to run more than a handful of LARTS through a web form? It's a nightmare. I have 1200 pieces of Broadwing.net spam that I need to LART tonight. I don't know how I'd LART all of them via a web form.

Patterns aren't something that the average Joe would pick up on anyhow. Few people noticed that recently more and more spam uses a spoofed From: in the form of BSUser@yourowndomain.tld. If they do want to look for patterns, they could easily view thousands of spam reports in news.admin.net-abuse.sightings. Numerous people post their spam to it.

Provide separate zones for blocking sources of spam, and blocking web sites and ISPs where spammers might be hosting a web page. Not everyone wants to block the latter; I only want to block the source of spam."

Many DNS blacklist authors do just this. MAPS is a good example. You have the DUL which lists dial-up IPs only. The RSS which lists known && abused open relays. The RBL contains ISPs that are known to harbor spammers or at least be neutral to their abuse and ignore abuse complaints. The RBL+ is a combination of those 3. All 4 of those are their own zones. SPEWS lists /24's from which spam originates. Occasionally they'll even list a whole provider that harbors spammers or spamware sites, repeated lies to people that mail abuse@, or are known to bit bucket abuse complaints. relays.osirusoft.com hosts many lists. Individual queries can be made to for any of the lists it hosts or you can transfer them all at once in a big zone file. relays.visi.com is the home of the RSL. It only lists open relays that have been abused, like the RSS and relays.osirusoft.com's base DNSbl. blackholes.2mbit.com is the home of the SBL (Summit Block List), not to be confused with the SBL (Spamhaus Block List) which is hosted by osirusoft. The Summit Block List contains abused open relays and hosts that have been directly involved in spamming. The Spamhaus Block List contains "known spammers, spam gangs, or spam support services" and is "by the same team that maintains the ROKSO database", a list of those spammers.

"Some anti-spammers are on a crusade to maximize collateral damage. I am not. I won't block a whole ISP because of a spammer unless that ISP is making it difficult to isolate and focus on the spammer."

In a small way I agree. I used to feel like you do now. I was very leary about blocking an entire ISP just because of the possibility of lossing legit mail. I quickly came to realize that blocking just a small piece of that ISP that's know to spam wasn't solving the problem. They'd just move elsewhere within that ISP.

"If they corner the spammer operation to a specific static subnet, I'll gladly block that, and I'd want to use a DNS blacklist that is equally focused."

This doesn't accomplish anything in the long term and little in the short term. Sure you block some spam from a spammer for a couple of weeks but they'll quickly figure that out and move to another block. If the ISP facilitates their move then they are supporting spammers. It's an all or nothing deal. You can't have your cake and eat it too.

Personally I block entire ISPs myself, in my personal access lists that are independant of group maintainted DNS blacklists, that are known to harbor spammers and ignore complaints. A perfect example of this is Broadwing.net. I have blacklisted every IP they have registered to them. That includes 3 /14's, a /24, and a /28. That's a lot of IPs. I have never seen anything but spam come directly from them. They harbor Alan Ralsky and many other well known spammers. They ignore spam complaints. They simply don't care. Whenever I LART their spam, I also LART their upstreams because I believe someone there will eventually notice. I know that no one at Broadwing will.

"Some of the anti-spammers are on the wrong crusade and not very many people will follow them."

This I have to strongly disagree with. I've been involved in protecting my resources from spam for some time now and have implemented many steps to prevent as much spam from entering my system as possible. I reject just under 1400 known spamming domains. I also reject all mail from a number of providers that harbor spammers as well. I utilize all the lists hosted by Osirusoft, relays.visi.com, blackholes.2mbit.com, and I'm in the process of resubscribing to the RSS and DUL. I even do some filtering on message content which has been incredibly successful. Last week I rejected almost 96,000 pieces of spam on one of my servers. That's pretty darn good. Of the 2400 users on this particular server, I've only had complaints from 3. 3 of them couldn't receive mail from a particular person on the 'Net that wsa being filtered by me. 1 was on an osirusoft list. 1 was attempting to send mail through their mailing list that's run by cybercon.com (a known spam supporter) and mail to subscribers on our end was bouncing. The other was a customer of a customer of Broadwing's. After explaining to them that we couldn't selectively allow mail to just them from the affected host and that we'd have to allow all mail to them unfiltered, they decided to suffer from more spam than miss out on their friend's email. One has changed his mind though. The rest seem to love it. The best advice I can say to you is to keep an open mind about these lists and what they do for us. Not every list is meant for all situations. I personally don't want to use the RBL. In the beginning I was leary about SPEWS. The rest I like. Join news.admin.net-abuse.email and keep up with some of the conversations of the anti-spammers that reside there. A plethora of information and insight can be had with them (I'm there too). good luck!

here's an idea... would this work? set up a service somewhere so people could submit e-mail addys and ip addresses from spammers. then we could all block those individuals. perhaps this is already done... and perhaps it won't work.

Already done. Check out MAPS and SPEWS.

These systems are primarily designed to be used at a server or router level. However with a bit of work, you can integrate them into procmail.

However, how about the following idea: if a spam relay is not closed within, say, 2 business days, we start using it ourselves... to spam thousands of Chinese email addresses with anti-communist articles from various news sources. I betcha, that relay will get closed down real quick.

SpamAssassin is a mail filter to identify spam.

Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email.

The spam-identification tactics used include:

• header analysis: spammers use a number of tricks to mask their identities, fool you into thinking they've sent a valid mail, or fool you into thinking you must have subscribed at some stage. SpamAssassin tries to spot these.
• text analysis: again, spam mails often have a characteristic style (to put it politely), and some characteristic disclaimers and CYA text. SpamAssassin can spot these, too.
• blacklists: SpamAssassin supports many useful existing blacklists, such as mail-abuse.org, ordb.org or others.
• Razor: Vipul's Razor is a collaborative spam-tracking database, which works by taking a signature of spam messages. Since spam typically operates by sending an identical message to hundreds of people, Razor short-circuits this by allowing the first person to receive a spam to add it to the database -- at which point everyone else will automatically block it.

Once identified, the mail can then be optionally tagged as spam for later filtering using the user's own mail user-agent application.

SpamAssassin requires very little configuration; you do not need to continually update it with details of your mail accounts, mailing list memberships, etc. It accomplishes filtering without this knowledge, as much as possible.

I just wish I had the resources to build a better system. I know what to do to make it; I just don't have the cash to put it together.

At last the RBL is available to search through.

I looked all over the SafeSurf web site and didn't see their block list anywhere.

My step-mother called me frantically the other day because all email to her was being bounced. I did some checking and found that my subnet had been added the the MAPS Dial Up User List . The addition of DUL to the MAPS database means I am treated the same as a spammer even though I am not doing anything wrong.

I reconfigured exim to use my ISPs SMTP server as a smart host and all was well. Until I receive the following message which basically says that my server is an open relay.... Its not... Now my step-mother thinks I am a mail abuser... I can only guess what she think of that...

From: Abuse Investigation Team [mailto:abuse@adelphia.net]
Sent: Friday, October 05, 2001 1:59 PM
To: *
Subject: RE: email problems

Thank you for forwarding this information to us. However, the bounced
message you received indicates that the sender is being blocked due to the
originating IP address being listed in MAPS database. MAPS is a database of
domains and IP addresses that have been found to have either open mail relay
servers or are spam friendly. Adelphia, like many other ISPs, has
instituted MAPS as a means of filtering spam to lower the amount of
unsolicited email that reaches our customers.

Adelphia is unable to unblock the sender of the email. The domain
responsible for the IP address being blocked will need to follow the link in
the bounced message and take the appropriate steps as outlined by MAPS to
have their domain and/or IP address unblocked. For more information
regarding MAPS, please see their website at http://www.mail-abuse.org

Sincerely,

Abuse Investigation Team
Adelphia Communications
1-814-260-3961
abuse@adelphia.net
http://powerlink.adelphia.net/policies.html
http://powerlink.adelphia.net/policies/security_ fa q.html

Sender : *
Date : 10/5/2001 5:48 AM
---

because of MAPS my email began bouncing.

* *

-----Original Message-----
From: Mail Delivery System [mailto:Mailer-Daemon@chase.org]
Sent: Thursday, October 04, 2001 8:13 AM
To: *
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. The following address(es) failed:

*:
(generated from *):
SMTP error from remote mailer after MAIL FROM::
host mx5.dc2.adelphia.net [24.48.57.12]:
553 5.3.0 Open relay - see http://www.mail-abuse.org/

------ This is a copy of the message, including all the headers. ------

Return-path: *
Received: from smtprelay.abs.adelphia.net ([64.8.20.11]
helo=smtprelay3.abs.adelphia.net)
by loki with esmtp (Exim 3.12 #1 (Debian))
id 15p7NF-0001tp-00
for ; Thu, 04 Oct 2001 08:13:09 -0400
Received: from * ([*]) by
smtprelay3.abs.adelphia.net (Netscape Messaging Server 4.15)
with SMTP id GKOJBX02.Q4L for ; Thu, 4 Oct 2001
07:45:33 -0400
From: *
To: *
Subject: test
Date: Thu, 4 Oct 2001 07:44:08 -0400
Message-ID:
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal

test

* *
*

Well, you let enough people take their bite, and you don't have any apple left for yourself. All the bill requires is contact information and some sort of remove link.

Just about every spam has some sort of contact, although that contact is the spam's payload. It's the toll-free phone number that you call to order the toner cartridges. It's the website that you visit to order the herbal viagra. It's the Post Office box that you use to piss money away on useless "credit repair" scams. Or it's the drop-box address on Yahoo/Hotmail/Netaddress/whatever to request more information on the laundry balls.

And the people who trust remove lists are either naive or not very bright. Spammers are well-known for using them merely to harvest more addresses to sell. Why would anybody trust them? You might want to look into Rodney Joffe's SafeEPS system. It was intended to be a remove list developed by a known and trusted anti-spammer, and the DMA pretended to be interested. Joffe offered to sell it to the US Direct Marketing Association for one dollar-and the DMA refused. They make their money by forcing their spew on people. Taking away their ability to market to people who don't want it takes away their reason-to-be. SafeEPS, of course, died after that. No spammer is going to use it.

If the gentleman from Texas wants a legitimate spam bill, he needs to think more in terms of opt-in. Opt-in means no marketing email unless you actually REQUEST marketing email. In other words, the whole thing goes only with the permission of ALL of the people involved. Considering that the recipient has to pay to receive the crap, it seems only fair that he should decide just what gets sent to him.

Or we could do something even more sensible and leave Congress out of it. MAPS had something going with their RBL. They're dying now, under the weight of frivolous but expensive lawsuits and a very questionable settlement with Exactis/Experian. However, SPEWS seems to be taking their place. Those two organizations, SPEWS in particular, are doing more to fight spam than even the best new law could hope for.

But the bills referenced in the article above? Somewhere between useless and worse-than-useless.

...given that MAPS and services like it, automatically blackhole email from dynamically served DNS entries...

Making this settlement goes against all their principles...

As noted, unless the agreement is very broad, they can certainly name on their web site the companies they have been compelled not to block...

And, of course, we are still free to choose to accept or reject email from them on our own personal networks.

Sorry, but they are not here, I do not have them at hand. And even if I did, I would not post my IP address -- I'm not stupid.

Er, that would be "my ISP's mail server's address", not "my IP address", unless there's something you're not telling us?

Yeah, yeah, yeah. I know that, OK?

If you know it, please stop making statements which claim the diametric opposite. Around these parts, we call saying something while knowing it not to be true "lying."

But my brother's ISP -- the ones actually using the RBL to block my email -- denied any responsibility and referred me to MAPS.

Exactly how is it MAPS' problem if your brother's ISP has lazy, incompetant tech support people?

If it wasn't for MAPS and the way they and they alone decide who is and is not labled a spammer

MAPS does not decide "who is a spammer." MAPS decides who will be added to the RBL. Your brother's ISP was entirely free to not use the RBL if they disagreed with MAPS' criteria and methods. Your brother, in turn, was quite free to seek out a competing ISP if he disagreed with that trust.

Furthermore, the contention that "they and they alone" make the determination that someone is a spammer is ridiculous: there are upwards of fifteen similar services to MAPS, most of which offer substantially different lists.

and their lack of any appeal process or any form of mediation outside the courts

MAPS has a lengthy appeals process, and one which I have personlly observed them going above and beyond the letter of when working with people.

The problem is, having an appeals process does not mean "we'll take you out if you gripe loudly enough," which is what most people complaining about the process were actually looking for.

Yes, I know they don't actually filter by domain name.

So stop saying that they do. Domain names are domain names. They aren't IP addresses and they aren't netblocks, and they are not strong indications of corporate boundaries. If your ISP had changed its domain name once a day for a month, its netblocks would still have been in the RBL.

This may seem like a trivial distinction to you, but you are substantially misrepresenting the technical facts about the RBL when you repeat this assertion.

To me, personally, over the telephone, they claimed only to block individual IP addresses.

If, in fact, that was said to you, I can only assume that someone at MAPS fucked up. If I worked for them, I'd apologize on their behalf. Since you're refusing to state key facts of this case, it's really hard to know whether to even accept this statement at face value.

MAPS is the sole arbiter of "antisocial behavior"?

As above. MAPS isn't the sole arbiter of anything other than "who gets listed in the RBL". Your brother's ISP was free to not use that list, use that list in a different fashion (tagging instead of blocking), whitelist your brother's account from that list, use a different service's list, or use no list at all.

they did not have any mechanism for me to prove that I was not a spammer and get my IP address taken off the RBL.

Well again, there's a problem here: it's not your IP address. It belongs to your ISP, and it is their responsibility, not yours, to take the proper steps to be delisted if they decide they want to. If they didn't think that was necessary, and it was getting in the way of your communications, pehaps you should have voted with your feet and dollars. Frankly, you were getting ripped off, and the people ripping you off appear to have successfully deflected your anger onto a 3rd party.

Their only solution was for me to change ISPs. That's extortion.

You keep flinging around terms with reckless disregard for their meaning. Extortion implies that MAPS intended to reap some tangible benefit from you, backed up by a threat of violence. The truth is that MAPS had a dispute with your ISP, your ISP choose to ignore it, and you got caught in the fallout. That's not extortion, that's life. It's also unfortunate, but the whole point of a list like the RBL is to make it hard for companies to ignore the spam issue.

What's worse, the entity they claimed was spamming was from another state, in another subnet, but they blocked (excuse me, listed) me because I had the same ISP.

Since you refuse to mention your ISP by name, it's basically impossible for anybody to attach any validity to this claim. But regardless: they did not list you. They listed your ISP. There was no appeals process for you because you don't own the netblocks and you don't set policy at your ISP. Sucks for you, I admit, but that's the nature of the beast. Stop whining and consider giving your money to a responsible company instead.

Sorry, but they are not here, I do not have them at hand. And even if I did, I would not post my IP address -- I'm not stupid.

Er, that would be "my ISP's mail server's address", not "my IP address", unless there's something you're not telling us?

Yeah, yeah, yeah. I know that, OK?

If you know it, please stop making statements which claim the diametric opposite. Around these parts, we call saying something while knowing it not to be true "lying."

But my brother's ISP -- the ones actually using the RBL to block my email -- denied any responsibility and referred me to MAPS.

Exactly how is it MAPS' problem if your brother's ISP has lazy, incompetant tech support people?

If it wasn't for MAPS and the way they and they alone decide who is and is not labled a spammer

MAPS does not decide "who is a spammer." MAPS decides who will be added to the RBL. Your brother's ISP was entirely free to not use the RBL if they disagreed with MAPS' criteria and methods. Your brother, in turn, was quite free to seek out a competing ISP if he disagreed with that trust.

Furthermore, the contention that "they and they alone" make the determination that someone is a spammer is ridiculous: there are upwards of fifteen similar services to MAPS, most of which offer substantially different lists.

and their lack of any appeal process or any form of mediation outside the courts

MAPS has a lengthy appeals process, and one which I have personlly observed them going above and beyond the letter of when working with people.

The problem is, having an appeals process does not mean "we'll take you out if you gripe loudly enough," which is what most people complaining about the process were actually looking for.

Yes, I know they don't actually filter by domain name.

So stop saying that they do. Domain names are domain names. They aren't IP addresses and they aren't netblocks, and they are not strong indications of corporate boundaries. If your ISP had changed its domain name once a day for a month, its netblocks would still have been in the RBL.

This may seem like a trivial distinction to you, but you are substantially misrepresenting the technical facts about the RBL when you repeat this assertion.

To me, personally, over the telephone, they claimed only to block individual IP addresses.

If, in fact, that was said to you, I can only assume that someone at MAPS fucked up. If I worked for them, I'd apologize on their behalf. Since you're refusing to state key facts of this case, it's really hard to know whether to even accept this statement at face value.

MAPS is the sole arbiter of "antisocial behavior"?

As above. MAPS isn't the sole arbiter of anything other than "who gets listed in the RBL". Your brother's ISP was free to not use that list, use that list in a different fashion (tagging instead of blocking), whitelist your brother's account from that list, use a different service's list, or use no list at all.

they did not have any mechanism for me to prove that I was not a spammer and get my IP address taken off the RBL.

Well again, there's a problem here: it's not your IP address. It belongs to your ISP, and it is their responsibility, not yours, to take the proper steps to be delisted if they decide they want to. If they didn't think that was necessary, and it was getting in the way of your communications, pehaps you should have voted with your feet and dollars. Frankly, you were getting ripped off, and the people ripping you off appear to have successfully deflected your anger onto a 3rd party.

Their only solution was for me to change ISPs. That's extortion.

You keep flinging around terms with reckless disregard for their meaning. Extortion implies that MAPS intended to reap some tangible benefit from you, backed up by a threat of violence. The truth is that MAPS had a dispute with your ISP, your ISP choose to ignore it, and you got caught in the fallout. That's not extortion, that's life. It's also unfortunate, but the whole point of a list like the RBL is to make it hard for companies to ignore the spam issue.

What's worse, the entity they claimed was spamming was from another state, in another subnet, but they blocked (excuse me, listed) me because I had the same ISP.

Since you refuse to mention your ISP by name, it's basically impossible for anybody to attach any validity to this claim. But regardless: they did not list you. They listed your ISP. There was no appeals process for you because you don't own the netblocks and you don't set policy at your ISP. Sucks for you, I admit, but that's the nature of the beast. Stop whining and consider giving your money to a responsible company instead.

I don't have the details (specific IP addresses) at hand, but they're on file if needed.

Uh huh. Put up or shut up.

MAPS claimed they did not filter by domain name, just specific IP addresses. As several pro-MAPS people have explained here in /., this is a lie. They do not filter specific IP addresses, they filter whole blocks.

A block of IP addresses is not the same thing as a domain name. You were not lied to by MAPS, although it's entirely possible that a "pro-MAPS" person said something misleading in a comment here. (Plenty of "pro-MAPS" people are as ignorant of how the RBL works as you yourself appear to be; apparently reading the damn documentation is difficult or something. I guess it's a slashdot thing.)

And this bears repeating: MAPS never "filtered" anything. MAPS published a list of IP addresses, which ISPs could, at their discretion, choose to use as a basis for filtering. Some of them bounced mail based on that list, some of them tagged the mail as "possible spam" based on it, some just kept logs based on it, and probably some people used it as a list of mail to allow.

MAPS sent me the IP address they claim was used by a spammer. Guess what? My blocked IP addresses were not even in the same subnet.

Was your IP address in a subnet that was owned by the same entity? Did you look up the listed IP address in their lookup form and read the justification for its listing?

MAPS has always been very clear that they will eventually list all known addresses for a given company if that company persisted in antisocial behavior. This is not, however, "listing a domain name." Domain names are not the same as areas of ownership.

They were not filtering specific IP addresses, or even whole blocks of addresses; they filtered my ISP's domain name.

Did you even try to understand how the RBL's publication mechanism works? The whole system is based on the idea of a mail server (or, in rare cases, a router) querying the RBL servers for the status of a single IP address. It is not possible to list a domain name, because there is no way to ask the rbl.mail-abuse.org server if "example.com" is listed.

But don't take my word for it. Read the damn manuals yourself.

I don't have the details (specific IP addresses) at hand, but they're on file if needed.

Uh huh. Put up or shut up.

MAPS claimed they did not filter by domain name, just specific IP addresses. As several pro-MAPS people have explained here in /., this is a lie. They do not filter specific IP addresses, they filter whole blocks.

A block of IP addresses is not the same thing as a domain name. You were not lied to by MAPS, although it's entirely possible that a "pro-MAPS" person said something misleading in a comment here. (Plenty of "pro-MAPS" people are as ignorant of how the RBL works as you yourself appear to be; apparently reading the damn documentation is difficult or something. I guess it's a slashdot thing.)

And this bears repeating: MAPS never "filtered" anything. MAPS published a list of IP addresses, which ISPs could, at their discretion, choose to use as a basis for filtering. Some of them bounced mail based on that list, some of them tagged the mail as "possible spam" based on it, some just kept logs based on it, and probably some people used it as a list of mail to allow.

MAPS sent me the IP address they claim was used by a spammer. Guess what? My blocked IP addresses were not even in the same subnet.

Was your IP address in a subnet that was owned by the same entity? Did you look up the listed IP address in their lookup form and read the justification for its listing?

MAPS has always been very clear that they will eventually list all known addresses for a given company if that company persisted in antisocial behavior. This is not, however, "listing a domain name." Domain names are not the same as areas of ownership.

They were not filtering specific IP addresses, or even whole blocks of addresses; they filtered my ISP's domain name.

Did you even try to understand how the RBL's publication mechanism works? The whole system is based on the idea of a mail server (or, in rare cases, a router) querying the RBL servers for the status of a single IP address. It is not possible to list a domain name, because there is no way to ask the rbl.mail-abuse.org server if "example.com" is listed.

But don't take my word for it. Read the damn manuals yourself.

Mitchell continued "By reaching this settlement both sides avoid the very real risks associated with going to trial. Furthermore, neither side can take any action against the other without the permission of the Court, and there are substantial penalties provided for a breach of the agreement. And, of course, we are still free to choose to accept or reject email from them on our own personal networks."

They used to say they wanted to get sued, so they could establish precedent that MAPS activities are legal. But they keep settling. What gives? This is not how to establish precedent.

There are always two sides to a PR war. I was wondering why the MAPS URL wasn't in the original article...

Since the article body only referenced the Experian press release, I thought a few people might be interested in the press release from the other side. It reads a little differently, but the gist appears to be the same; opt-in is not required.

That being said, since they went commercial, their value to the community as a whole has been significantly lower. I would recommend people use alternative listings at this point.

Since the article body only referenced the Experian press release, I thought a few people might be interested in the press release from the other side. It reads a little differently, but the gist appears to be the same; opt-in is not required.

That being said, since they went commercial, their value to the community as a whole has been significantly lower. I would recommend people use alternative listings at this point.

It is likely that you have not been blackholed by MAPS's RBL but by MAPS's DUL. The distinction is important.

The RBL is for servers known to be relaying or originating spam and is generated by testing of the server in question.

The DUL is for IP ranges that ISPs submit as "dial-up". This encourages their dynamic IP customers to utilise their SMTP server.

For a better explanation of the difference compare these two descriptions RBL and DUL.

marty

It is likely that you have not been blackholed by MAPS's RBL but by MAPS's DUL. The distinction is important.

The RBL is for servers known to be relaying or originating spam and is generated by testing of the server in question.

The DUL is for IP ranges that ISPs submit as "dial-up". This encourages their dynamic IP customers to utilise their SMTP server.

For a better explanation of the difference compare these two descriptions RBL and DUL.

marty

...the RBL, MAPS' database of IP addresses which have been proven to originate or facilitate the sending of unwanted email...

Even without the words "have been proven", this is an bold faced LIE. MAPS has a regular practice of blocking large groups of IP numbers (often an entire ISP), with the intention of disruption to the spammer and many non-spammer customers at that same ISP.

When these non-spammers complain to MAPS that their IP numbers, which certainly don't originate spam and don't facilitate the spammer's activity, have been blocked, the response from MAPS it that these non-spammer need to seek a different ISP.

To even get close to the truth of how MAPS really operates, perhaps it should read:

...the RBL, MAPS' database of IP addresses which may be originating or facilitating unwanted email, or have some loose association with present or prior unwanted email, including unsuspecting users and businesses who happen to be customers at the same ISP as a suspected spammer.

Of course, there's no requirement to tell the truth in a press release... but this lie is about as blantant as Microsoft's recent press releases claiming IIS is attacked because it's the market leader (when apache is the #1 web server by a considerable margin).

Vixie (who runs MAPS) is the CTO of a backbone internet provider (abovenet) which just happens to be one of those who "seek information". They have a regular history of blocking traffic... of course without explicit permission (and usually without even the knowledge) of downstream ISPs and their unsuspecting customers.

This is quite a bit different than end users making an informed decision to subscribe to the "service". Likewise, some ISPs subscribe to MAPS on their user's behalf, sometimes without informing them, and other times while leading them to believe the service doesn't impact non-spam messages.

That database expresses an opinion: in the opinion of MAPS, the networks listed in the database are suspected of passing through or generating spam.

This is true. ...at least true if "passing through" includes lots of unsuspecting non-spam businesses and users who simply connect to those spamming-suspected networks.

The lie is in much of the promotion regarding how accurate these opinions are, and the lack of disclosure regarding the non-spam users who are also intentionally blocked. It's quite questionable how well MAPS blocks spam. At the same time, there is no question that MAPS has been responsible for disrupting non-spam communication time and time again.

For a good taste of the deceptive nature of MAPS, check out their Realtime Blacklist Policy Page. They claim four there are four ways to become blacklisted:

• Spam Origination
• Spam Relaying
• Spam Support Services
• Netblock Inheritance

What that MAPS policy page doesn't clearly explain (or really explain at all) is their regular practice of listing large netblocks, which contain large numbers of non-spammers. It isn't explained that MAPS uses this strong-arm tactic to pressure ISPs that are hosting some spammers by blocking not only the spammer but all of the ISP's unsuspecting non-spam customers.

MAPS's policy page also doesn't explain that there is no notification to these innocent and unsuspecting bystanders that their communication is being intentionally disrupted simply because some other customer at their ISP is sending spam.

MAPS's policy page doens't state that they will refuse to stop discrupting messages to non-spammers when it is brought to their attention that a non-spammer has been affected by a netblock that also contains a spammer. (yes, believe it or not, Vixie/MAPS has a long history of refusing to un-block non-spam users when they complain that they are blocked) It certainly doesn't state that it is their intention to block messages to non-spammers and spammers alike, if they happen to be hosted at an ISP that (in MAPS's rather extreem and un-accountable opinions) isn't working hard enough to stop spam.

Sure, MAPS is entitled to their opinions, and they have the free speech right to share those opinions. Where the line is crossed (IMHO) is:

• Upstream providers, not end users, subscribing to the service... thereby forcing MAPS's rather extreem opinions on end users without giving them a choice.
• Misrepresenting their blacklisting policy to imply that they only target spammers and those directly involved in spam... when in truth they intentionally target unsuspecting non-spammers (and never even notify them) simply because they inadvertently chose the same ISP as a spammer did (and the ISP didn't respond by immediately cutting service to an existing customer who MAPS says is a spammer)

MAP's take on this is here
EXACTIS SUIT AGAINST MAPS DISMISSED October 3, 2001 - REDWOOD CITY, CA - Mail Abuse Prevention System, LLC (MAPSSM) announced today that Experian Emarketing, Inc. (formerly Exactis.com) has dismissed all of the claims which it had previously filed against MAPSSM. "A settlement has been reached in which Experian has committed to requiring their clients to provide them with lists which contain only those email addresses for which they have obtained the addressee's permission to send them email", explained Anne P. Mitchell, Esq., MAPS'SM Director of Legal and Public Affairs. "They have further committed to address and resolve any complaints and concerns which may arise as a result of any mailings they do for either themselves or their clients."

Has anyone stopped to read MAPS' press release? Here's an clip:

"Experian has committed to requiring their clients to provide them with lists which contain only those email addresses for which they have obtained the addressee's permission to send them email."

It appears that MAPS hasn't comprimised its values, it's just made them a little more reasonable. So what's the big deal?

Holy propaganda batman!
-Geoff

Check
http://www.mail-abuse.org/pressreleases/2001-10- 03 .html. It seems that this wasn't such a victory to Experian as they claim.

MAPS has a press release about this as well, located here. It sounds like there was more going on than mentioned in Experian's press release. MAPS says there were months of negotiations, that both sides made comprimises, and that Experian has made "several changes to ensure that only those who want to receive their email receive it, and to respond to concerns from those who don't."

While not getting everything it wanted, it seems MAPS did get something out of the deal, and Experian is playing at least a little bit nicer.

haha! you got flamebaited! serves you right for pretending you know something about MAPS and administration, when you don't know the first thing about it.

please go to MAPS HOME PAGE and read a little bit so you can at least join the conversation without looking like an idiot.

Against telemarketing, it might work.

Against spam, do a keyword search for "Global Remove List".

It's been tried before - run by the spammers, who used it to find valid email addresses and subject them to more spam.

SafeEPS, by Al Joffee, a DMA guy, but otherwise reputable anti-spammer, who figured out how to do it in a way that was privacy-friendly. But nobody else in the DMA wanted that, because it allowed domain-level opt-out.

The DMA was offered SafeEPS for $1.00, but the DMA decided no, better to do it the DMA's way. Which begat the current One True Remove List for spam, namely e-MPS.

(The full SafeEPS/e-MPS story here)

A "global remove list" won't work against spammers for the same reason that government backdoors in crypto won't work against terrorists - because the terrorists won't use backdoored crypto, and the spammers don't give a rat's ass about a government-required opt-out list. (When was the last time you got spammed for anything that wasn't a fraud, con game, quack medicine, or pyramid scheme? That didn't involve "relay rape", or the unauthorized use of third-party open relays? These people are already breaking laws, one more won't stop them.)

Global Remove Lists have been tried since 1997. Every one has been a spec-fucking-tacular failure.

Anyone who believes that a "national opt out" list for spam" is a viable solution in 2001 - has about as much credibility on the issue as Osama Bin Laden would if applying for the Nobel Peace Prize.

Spews set itself up in a way that makes it hard to sue and harder to serve. It's not exactly incorporated, and most if not all the principals are unknown.

FWIW, spammers have tried suing blocklist operators before. MAPS has, thus far, beaten pretty much every legal challenge against them, although the latest one with Media3 came to a somewhat questionable settlement. At least in the US, the precedent is in favor of the blocklist operators.

As for suing the providers...I frankly don't know. If my own ISP managed to get itself listed, I'd consider suing them for failing to enforce its AUP and therefore interfering with my service.

Spam mail is getting very bad, personally I cant wait until Congress rules on it. In the meantime you have to do something, right? In my opinoin two really great sites that cover this are here and here. The first one has some vey useful tools that may help, the second is basically a how to. As for your question, What you probably need is some anti-relaying filters. Perhaps the best site for your problem is here. They have some pointers on how to secure your current mail(Qmail in your case) system against third-party relay. Along with Qmail they cover other mail systems including pmdf and Dmail. Hope I could help

There is no reason, howe ver, that you can't use the perscribed servers. All it's changing is a few IP addresses in a "Received" header that no one is ever going to look at anyway. It's really not a big deal unless your ISP can't keep their servers alive. And if that's the case, why are you with them in the first place?

There's nothing stopping you from POPing mail into your client from every server you can imagine (POP3 service runs on port 110, not 25), and your "From" and "To" fields are set clientside, and will remain unchanged. In the end, there is sure to be some adjustment, but likely little loss in functionality.

If this is not a feasible solution for you, perhaps it is time to consider upgrading to a commercial internet account, they start around $70 a month, and you can run your own non-port-25-filtered mail server (I don't know that Prodigy sells business accounts anymore, but most national ISPs, including us, do.

What the DUL is, is a list of networks that are dial-ups, which mail servers can then reference. Dial-up users are then automatically denied access. This is meant to somehow cut down on spam. Personally, I find it very annoying. Here's the end-user info for the DUL

I had AT&T@Home in the fall of 1999. During that time, home.com got onto the MAPS RBL for failing to shut down open SMTP relays. That got their attention! To demonstrate good faith to MAPS, they conducted a campaign of probing customer machines on port 25 and sending nastygrams to people running servers. Their response to the present incident makes much more sense.

IMPORTANT: Your email, of which a copy is attached, has NOT been delivered. In order to ensure that emails to this account are not unsolicited/spam, you must first reply to this email, in the format: "Robert Wayne, a friend of your sister Nichole's" (In other words, characters that specify your name, a comma, characters that specify a description of you.)
You will then immediately be mailed back the actual email account, to which you should address any future email. If you want it to be delivered, you must also resend the email that generated this autoreply, which you will find attached.
To avoid having to go through this process in the future, use the account name you will receive in your reply to this email.

The offical notice is now on MAPS.

Incidently, the cost for most ISPs would equate to about $0.05 per user per year.

According to http://mail-abuse.org/rbl+/:

In query mode, the cost is US$1,500 per year for sites with up to 1,000 users; each additional 500 users will be priced at US$750 per year.

That works out to not less than US$1.50 per user per year.

Part of the problem is that it is based on number of users. ISPs which are doing mail forwarding to end customer systems (generally businesses on DSL or T1 links, and often with some tight firewalls and tunnels) have no user base in the forwarding mail server. They simply cannot work from this kind of pricing structure since their service is volume and domain based, not user based.

A responsible and level-headed version of ORBS is very possible and quite welcome to me.

You're talking about RSS, right?

RSS has the same stated goal as ORBS - to allow people to block open relays if they so choose. But RSS is run by different people and is run much more responsibly. They do not probe IP blocks looking for open relays. They wait until someone submits a piece of spam with full headers. Then they check the relay listed in the spam to see if it is indeed open. If so, a human looks at it and blocks it. Once the open relay has corrected the problem, the RSS people take them off the list.

I believe ORBS also blocks anyone who does not allow their probing. RSS is blocked by ORBS, for example. I've also heard people say that it is very hard to get off the ORBS list. None of this is true of RSS.

Why do open relays matter for anyone except the people operating them? If there were no open relays then spammers would just send direct to recipient's mail servers. Of course, the DUL would like to stop that, but that's a fucking joke if you ask me (an annoying joke too, more than once I've had mail bounced just because I run my own MTA instead of using my ISP's).

• All you need to do is set up DNS and sendmail on a P-75, register a domain, and you're golden.

Eventually, Wientzen called me and we had a series of unproductive discussions about the matter. You can forget about ever changing the DMA's mind on the subject of spam. If they ever let go of the "opt-out" advertising model, they would lose their reason for existence. They must cling to it, because it is the model they have established in the snail-mail world, and if they ever accepted the premise of "opt-in" in the e-mail world (I and I alone have the right to control my inbox.), it would threaten their position in the snail-mail world.

There is very little in this world that makes me want to advocate the use of senseless violence; the Direct Marketing Association is one of those things. Its leadership is composed of evil slugs, and in my opinion, no harm that could befall them would be too dire.

However, I suspect that we will end up being forced to boycott companies that are members of the DMA until such time as the organization embraces true verified-opt-in-only e-mail legislation. It's going to be a long and gritty process to defeat these bastards.

Eventually, Wientzen called me and we had a series of unproductive discussions about the matter. You can forget about ever changing the DMA's mind on the subject of spam. If they ever let go of the "opt-out" advertising model, they would lose their reason for existence. They must cling to it, because it is the model they have established in the snail-mail world, and if they ever accepted the premise of "opt-in" in the e-mail world (I and I alone have the right to control my inbox.), it would threaten their position in the snail-mail world.

There is very little in this world that makes me want to advocate the use of senseless violence; the Direct Marketing Association is one of those things. Its leadership is composed of evil slugs, and in my opinion, no harm that could befall them would be too dire.

However, I suspect that we will end up being forced to boycott companies that are members of the DMA until such time as the organization embraces true verified-opt-in-only e-mail legislation. It's going to be a long and gritty process to defeat these bastards.

So what we are left with is no ORBS and this law. Hmmm. Expensive and lengthy litigation...instant and automated blocking, litigation or blocking, litigation or blocking. Tough choice, but I think I'd rather have the automated form of protection. Thank goodness we still have MAPS. The arm of the law can no longer keep up with the fast daily pace of the Internet. Does any of this still constitute speedy trial anymore?