Slashdot Mirror

Gee.... MAPS can't be any more hypocritical there. MAPS' whole reason to be is because they claim spammers are tresspassing on peoples' net connections. Yet, if you ban MAPS, no matter whether you have an open relay *OR NOT*, you are listed as being an open relay.

You seem to be confusing MAPS with ORBS. ORBS does testing for open ralays. MAPS works on the basis of actual SPAM received.
Anomalous: inconsistent with or deviating from what is usual, normal, or expected

There are several ways to send spam, for more information, look at the MAPS website.

One type of SPAM comes directly from a dial-up account to your ISP's mail-server. This type of spam can be prevented if your ISP uses the MAPS DUL (Dialup User List). The idea is that no-one should be using a dynamically assigned IP to send mail, they should forward through their ISP's mail-server. Spammers don't want to do this though, because their ISP's mail-server will keep a very detailed log the messages sent.

Many times spammers will find what is known as an open relay. An open relay is a system which is accepting mail from anywhere and sending mail to anywhere. In the old days (that is, a few years ago) that was common practice. Now that spammers abuse this, any system which is an open relay and has been known to have had spam sent through it and has been reported to MAPS will be placed into the MAPS RSS (Relay Spam Stopper). Again, you must encourage your ISP to use the RSS to filter mail. There is one drawback to the RSS though: it blocks ALL mail from an otherwise legitimate mail-server. However, if the sysadmin of that mail-server gets his act together and stops the open relay, the system will be immediately removed from the MAPS RSS. The sysadmin can even contact MAPS for help, and there are volunteers available to help with server configuration.

The final list is the RBL, which is the one that is being challenged. The RBL is very unlike the other two lists. The RBL exists to stop known spammers. By using the RBL, a sysadmin is really putting his/her trust in MAPS. Personally, I do use the RBL because it does help keep the spam problem down. To get on the RBL, there must be a repeated abuse shown. The reason MAPS wants to add yesmail to the RBL is because they are being bad net citizens by allowing anyone to enter anyones e-mail address to subscribe to one of yesmail's mailing lists. So basically, one of your friends (or enemies) could send them your address and you would start receiving "marketing materials" from them on a regular basis. It is then your responsibility to opt-out of the list that you didn't even opt-in to in the first place!

What MAPS would rather see is for them to send one and only one e-mail to the address that contains further instructions to verify that the e-mail should really be subscribed to the list. If the person who receives the e-mail actually wants to be subscribed, then it is only one extra step for him/her. If the person does not want the e-mail, he/she does not have to do anything because yesmail should never send further correspondence unless requested to again.

Those are the basic facts about what is going on. I am sure several people have submitted yesmail to the RBL. Obviously, there are plenty of MAPS RBL subscribers who want yesmail on the RBL. Note that your ISP must subscribe to the RBL to actually have the e-mail blocked.

Now, for those of you saying that you don't want your ISP to use the services of MAPS, I say, tough shit, take it up with them. Do not forget that it is your ISP's server space and you are merely leasing the rights to use it and have an e-mail account and accesss and so on. If you don't like them filtering by the MAPS lists, then either ask them specifically not to filter your mail (which can be done) or get another ISP. Personally, I think you are crazy if you don't want your mail filtered by the MAPS lists, but to each his own I guess.

Anyway, talk to your ISP about filtering using MAPS and see if they will do it. Mention that it does reduce the load on their server resources because they no longer have to store and transmit mail that you don't want to see anyway!!

This is why there is a sister to the RBL called the DUL which lists dialup accounts, the idea being that they should use their ISPs SMTP server to send mail which the spammers don't want to do...

The truer test of whether this case has any legs will come when MAPS has lawyers in court to defend it. Since it has an open invitation to be sued, one would presume that MAPS will defend itself.

It isn't slander. MAPS provides the rationale for each entry on the RBL. There are five specific acts that will get you on the RBL. They are listed on this web page. All the RBL says is that the people on the list are doing one of these five things. Judgement is then passed by the subscribing ISPs, who choose not to deal with ISPs who are on the list. It's simple, and it isn't slander.

Try joining the MAPS Realtime Blacklist of spammers.

Report the sites listed in the headers to ORBS. If they have open mail relays, ORBS will log them in its database and send a notification to the postmaster. Mail relays which support ORBS will not relay mail coming from unsecured hosts. If the sites are clean, no harm done, ORBS will not flag them.

Finally, you can always work up a procmail script to filter out most spam. Sure, it doesn't keep spammers from using your network resources, but if everyone did it, spamming would be a lot less profitable.

Hope this helps

Absolutely - any system administrator who leaves his relay open for abuse is incompetent.

• How to fix your open relay,
• Why you must fix it,

• What will happen (I mean, after the spammers rape the fsck out of it) if you don't fix it.

But I disagree with you here:

> [ ... ] I don't think they deserve any compensation [ ... ] It's their own fault [ ... ]

While they're dorks for not having secured it, this is just blaming the victim.

Although it's not smart for a woman to walk down a dark alley at 3 in the morning, staggering as if drunk, while wearing a miniskirt and low-cut blouse that doesn't mean "she asked for it" if she ends up raped. (My apologies to rape victims for that example - you're the best example I can think of to explain that "blame the victim" is bogus.)

The incompetence of the admins at Market Visions (whose server, like all open relays, essentially was staggering down a blind alley, sloshed to the gills, wearing a low-cut blouse and hot pink mini...) does not take away from the fact that their property was violated, nor should it, IMHO, detract from their rights to compensation.

(Of course, we're in complete agreement that a more competent admin would have prevented the problem from requiring a lawsuit or criminal charges in the first place. That's why you pay your admins the big bucks -- preventing a breach is always cheaper than cleaning up after one, and a good sysadmin is worth his or her weight in gold.)

Absolutely - any system administrator who leaves his relay open for abuse is incompetent.

• How to fix your open relay,
• Why you must fix it,

• What will happen (I mean, after the spammers rape the fsck out of it) if you don't fix it.

But I disagree with you here:

> [ ... ] I don't think they deserve any compensation [ ... ] It's their own fault [ ... ]

While they're dorks for not having secured it, this is just blaming the victim.

Although it's not smart for a woman to walk down a dark alley at 3 in the morning, staggering as if drunk, while wearing a miniskirt and low-cut blouse that doesn't mean "she asked for it" if she ends up raped. (My apologies to rape victims for that example - you're the best example I can think of to explain that "blame the victim" is bogus.)

The incompetence of the admins at Market Visions (whose server, like all open relays, essentially was staggering down a blind alley, sloshed to the gills, wearing a low-cut blouse and hot pink mini...) does not take away from the fact that their property was violated, nor should it, IMHO, detract from their rights to compensation.

(Of course, we're in complete agreement that a more competent admin would have prevented the problem from requiring a lawsuit or criminal charges in the first place. That's why you pay your admins the big bucks -- preventing a breach is always cheaper than cleaning up after one, and a good sysadmin is worth his or her weight in gold.)

Absolutely - any system administrator who leaves his relay open for abuse is incompetent.

• How to fix your open relay,
• Why you must fix it,

• What will happen (I mean, after the spammers rape the fsck out of it) if you don't fix it.

But I disagree with you here:

> [ ... ] I don't think they deserve any compensation [ ... ] It's their own fault [ ... ]

While they're dorks for not having secured it, this is just blaming the victim.

Although it's not smart for a woman to walk down a dark alley at 3 in the morning, staggering as if drunk, while wearing a miniskirt and low-cut blouse that doesn't mean "she asked for it" if she ends up raped. (My apologies to rape victims for that example - you're the best example I can think of to explain that "blame the victim" is bogus.)

The incompetence of the admins at Market Visions (whose server, like all open relays, essentially was staggering down a blind alley, sloshed to the gills, wearing a low-cut blouse and hot pink mini...) does not take away from the fact that their property was violated, nor should it, IMHO, detract from their rights to compensation.

(Of course, we're in complete agreement that a more competent admin would have prevented the problem from requiring a lawsuit or criminal charges in the first place. That's why you pay your admins the big bucks -- preventing a breach is always cheaper than cleaning up after one, and a good sysadmin is worth his or her weight in gold.)

There's just no arguing with fsckwits like this guy. It's obvious to the vast majority of clear thinking people that this kind of behaviour is anti-social, at minimum. I used to become infuriated by that Spamford Wallace character a few years back when he was generally being an asshole and taunting everyone who disagreed with his conception of acceptable email behaviour. No more, fuck it, life's to short, now I just hit Del.

Unfortunately we have two options. Spam is either made illegal by legislative means, which bugs the net-anarchist types to no end. Or try to continue dealing with spam via the current means, that is, filters, MAPS RBL, etc. I'm not sure which way I lean (which is often where I find myself when the self-righteous right, left, commie, objectivist, whatever types are going at it.)

That reminds me. Last week that peahead on zdnet Jesse Burst claimed that MAPS RBL was some newfangled tool that ISP's use to prevent spam. A modicum of research by the ad mongers at zdnet would have revealed the purpose of RBL. What a maroon!

Oh dear oh dear oh dear.

Folks, !Dr. Joe Baptista (that's "not-Doctor") is a long-time net kook/troll/prankster, and this is just his latest desperate plea for attention. Toronto residents have been unfortunatly familiar with his antics for years and years now, and he seems to have recently developed a particular fondness for trying to stir up trouble around DNS issues.

Baptista was last seen threatening to Sue Paul Vixie and MAPS/RBL, but frankly he's a shadow of his former self these days. Way back in tha day, Baptista was a major irritant to the Provincial Government of Ontario, trying to fax bomb them into oblivion.

And let's not even speak of his friend Bob Allisat...

He managed to piss everyone in the list off by saying that (essentially) the problem with the internet was poorly written software such as BIND and Sendmail (actually he is pissed because he was RBLed) to the point where Paul Vixie actually joined the list just to post a couple of messages in response.

(Off-topic note to CmdrTaco et al.: Fix extrans mode or remove it!)

He managed to piss everyone in the list off by saying that (essentially) the problem with the internet was poorly written software such as BIND and Sendmail (actually he is pissed because he was RBLed) to the point where Paul Vixie actually joined the list just to post a couple of messages in response.

(Off-topic note to CmdrTaco et al.: Fix extrans mode or remove it!)

Joe Baptista's domain is on the Realtime Blackhole List for spamming. Check this for full details.

Joe Baptista's domain is on the Realtime Blackhole List for spamming. Check this for full details.

One possible solution to this would be to refuse any unencrypted E-Mail, and set your encryption key to about 4096 bits. It takes about 10 seconds on my PII 300 at work to encrypt an e-mail sized /etc/motd to a 4096 bit key. Joe Random Spammer isn't going to spend the time to encrypt to my key, he's not going to buy the computer hardware and even if he did, encrypting a million messages to a million different keys would take a significant amount of time, making spammer detection and elimination much easier. Your average spammer isn't even going to get your mail bounce with your encryption key in it.


This is certainly a viable solution, but there are easier, less drastic ways of managing your spam level. Once such method is to use a whitelist and a blacklist such as the method described in this perl.com article.

I personally don't use a whitelist/blacklist method, relying instead on the RBL and some anti-spam filters I've acquired. But, if my spam levels get above a certain point, say 2 or 3 p/day*, then I'll hack something up using procmail to implement this.

Cheers!

* - Yes, I realize that to some a mere 2-3 articles of spam per day must seem like sheer heaven to people who have to deal with 5+ p/day. I count myself very lucky my spam level is still maintainable.

do we really _want_ spammers to be regulated, or to even have spam outlawed?

Remember, this would be done by the same people who brought you the DMCA.

It occurs to me that projects like the Real Time Blackhole List or Sendmail's anti-spam configuration options serve the cause a lot better than blanket laws passed by technologically less-than-aware legislators?

It's quite possible that lobbying organizations like DMA actually help the idea of keeping the net free of legislative overkill in the long run...

Comments?

Dialups have a legitimate use for using direct to MX mailers: switching ISP. No one wants to fuck around reconfiguring their smarthost parameter so it's easier to go direct.

Besides the fact AOL can do whatever the fsck they want with their network since it's their property, so can ISPs running mail servers who don't want to accept SMTP directly from dial-up or end user IPs because of all the spam coming from them, refuse SMTP traffic from them. Have a look at the MAPS DUL Rationale for a better explanation.

About that time, our mail server vendor had just
released a new version of their software,
including a fix for the problems ORBS detected.
And it was bargain priced - only $1,500 US to
upgrade to version 4.0!

Perhaps a little off topic, but I continue to be amazed with how many NT sites get taken by gougeware that can't even protect itself against relay theft. The ISP I used to work for used a free mail system for over three years with very few problems and no relay spam incidents. The filter developed for this (Antirelay) blocked all of ORBS' tests successfully.

If you're an NT site visit the IMS support page above and learn how to secure your mail servers and get off of ORBS.

As for AOL, it wouldn't surprise me that they _asked_ for servers to appear on ORBS. I'm still trying to determine why they asked for two IP proxies to appear in the MAPS DUL. Granted there should only be end user SMTP traffic coming from there and they're not mail servers, but AOL users using POPAUTH to access other mail servers are getting snagged because the POP3 connection comes from a different IP than the SMTP connection. SMTP AUTH still works though.

http://www.mail-abuse.org/rss is a "realtime" relay system. If you get a spam that used someone else as a relay, you forward them the IP of the relay, and it gets added to an RBL style list. Only after it's been proven that someone's mail server is being used for spam can it get added, and the turnaround time for off and on this list is very short. Take a look at their FAQ for more info.

I've noticed a lot of multiple-step spam coming out of AOL recently, and wondered why it was worse than usual - now I know. :) This won't help me a great deal, since I don't use ORBS, but it's good to see them taking action. I think that the MAPS RSS would list the open servers, though, if they were reported.

For spam filtering at my site, I use two services: the MAPS RBL, which lists the IP address blocks of repeat and unrepentant spammers, and the MAPS RSS, which lists any still-open relays that have been spammed through.

MAPS RSS is different from ORBS in that spam must have been sent through a server at least once for it to be listed - you won't get listed in the RSS if you just block relay tests from them. ORBS is somewhat less "polite," and I don't use them because of the larger number of false-positive spam-blocks.

I'd use the MAPS DUL, which is a list of IPs used for modem pools (which should always be using their ISP's SMTP servers), but I can't get Sendmail to allow relaying from DUL-blocked IPs that should be otherwise allowed to relay through me (customers of mine using DRAC POP-before-SMTP). Anyone?

More information on MAPS services is available at http://www.mail-abuse.org/ (not affiliated, etc.).

We use three spam lists:

RSS
DUL
RBL
The RSS is a toned down version of ORBS; it only lists relays that have been used to spam, which makes it easier to explain the problem. The DUL blocks any direct from dialup spam. The RBL blocks blackhole sites. The main problem with ORBS is that it is harder to explain (with RSS you can say 'spam _has_ been sent through this server'), and it blocks a lot more sites, which makes it hard to handle on anything larger than a personal mail machine.

We use three spam lists:

RSS
DUL
RBL
The RSS is a toned down version of ORBS; it only lists relays that have been used to spam, which makes it easier to explain the problem. The DUL blocks any direct from dialup spam. The RBL blocks blackhole sites. The main problem with ORBS is that it is harder to explain (with RSS you can say 'spam _has_ been sent through this server'), and it blocks a lot more sites, which makes it hard to handle on anything larger than a personal mail machine.

I am trying to convince my superiors to let me start refusing mail based on ORBS and MAPS RBL queries, but denying a large volume of legitimate mail (as the case would be with AOL on the ORBS list)...

FYI, this would still be the case even if AOL were not in the ORBS database. ORBS lists quite a lot of servers that mostly deliver legitimate mail, sometimes on the basis of pretty obscure relay tests and often even if the relay is not actively being abused by spammers. The ORBS philosophy, as far as I can tell, is essentially that it's okay to throw out a few babies as long as you get rid of the bathwater.

I would put more trust in the MAPS RBL, DUL and RSS databases as more responsibly run systems: while not as aggressive as MAPS, much less likely to discard legitimate correspondence. For many sites, that is of paramount importance.

I am trying to convince my superiors to let me start refusing mail based on ORBS and MAPS RBL queries, but denying a large volume of legitimate mail (as the case would be with AOL on the ORBS list)...

FYI, this would still be the case even if AOL were not in the ORBS database. ORBS lists quite a lot of servers that mostly deliver legitimate mail, sometimes on the basis of pretty obscure relay tests and often even if the relay is not actively being abused by spammers. The ORBS philosophy, as far as I can tell, is essentially that it's okay to throw out a few babies as long as you get rid of the bathwater.

I would put more trust in the MAPS RBL, DUL and RSS databases as more responsibly run systems: while not as aggressive as MAPS, much less likely to discard legitimate correspondence. For many sites, that is of paramount importance.

I am trying to convince my superiors to let me start refusing mail based on ORBS and MAPS RBL queries, but denying a large volume of legitimate mail (as the case would be with AOL on the ORBS list)...

FYI, this would still be the case even if AOL were not in the ORBS database. ORBS lists quite a lot of servers that mostly deliver legitimate mail, sometimes on the basis of pretty obscure relay tests and often even if the relay is not actively being abused by spammers. The ORBS philosophy, as far as I can tell, is essentially that it's okay to throw out a few babies as long as you get rid of the bathwater.

I would put more trust in the MAPS RBL, DUL and RSS databases as more responsibly run systems: while not as aggressive as MAPS, much less likely to discard legitimate correspondence. For many sites, that is of paramount importance.

Yes, there is a lot of streaming content in Real Networks format out there. However, the company has hardly behaved particularly well: they never released specifications for their format as they had originally promised, and their closed source player has transmitted private information back to their servers.

Not to mention that they are among the top two or three corporate spammers. Not only do they harvest addresses, but according to reliable regular posters on news.admin.net-abuse.email, Real Networks has been caught performing "dictionary" attacks against mailservers. That's basically picking a domain and attempting to send spam to every combination of characters that looks like it might possibly be a deliverable address in that domain: alice@example.com, bob@example.com, charlie@example.com, and so on. The load on other people's mail servers is tremendous, and of course by definition it's unsolicited. (If you'd wanted their advertising, they wouldn't have to guess your address, would they?)

MAPS, a service known for being rather conservative about who gets listed as a spam source, has had Real Networks on their RBL (sort of a voluntary spam filter service) for months. I don't know of any other "legitimate" company that's been RBLed for more than a couple of weeks.

Long story short, besides all their other faults, Real Networks is an unrepentant corporate spamhaus. It's too bad Red Hat has gotten into bed with them.

If you are getting large volumes of e-mail spam from @home and no response from their abuse dept, why not start working towards getting them in the RBL? See here for details on the procedure.

That would be the MAPS RBL. http://mail-abuse.org/rbl/

Ok, ok... I'm an idiot. There is a link just a few posts down. Realtime Blackhole List.

dufke
-

Please note that no one has successfuly sued the Realtime Blackhole List, either.

This sounds easy to hook into MAPS Realtime Blackhole List (a realtime list of mail abusers). All mail systems should be configured to reject mail from hosts appearing in the RBL. Configuring Apache to do similar would be easy, but would generate an enormous amount of extra traffic for each web server (currently, each lookup in the RBL consists of a DNS lookup into the RBL domains). Surely large sites could work out a better distribution mechanism (they could use an eBGP4 subscription and do caching locally).

--

This sounds easy to hook into MAPS Realtime Blackhole List (a realtime list of mail abusers). All mail systems should be configured to reject mail from hosts appearing in the RBL. Configuring Apache to do similar would be easy, but would generate an enormous amount of extra traffic for each web server (currently, each lookup in the RBL consists of a DNS lookup into the RBL domains). Surely large sites could work out a better distribution mechanism (they could use an eBGP4 subscription and do caching locally).

--

According to this story, MAPS threatened to put NSI on the RBL list because of the unsolicited email NSI was/(is?) sending to its domain registrants.

I think you've got your answer as to why NSI doesn't help with BIND. Buncha greedy bastards.

--
A host is a host from coast to coast...

One is that it is not easy to get into the RBL. First, someone who has received spam from your site needs to write up a nomination. It has to include not only a record of the spam itself, but also a description of attempts that they have made to contact your site, explain the problem and to resolve it.

If repeated attempts to resolve the problem with the site fails, then MAPS will consider the RBL nomination. An RBL staffer or volunteer will follow up and try to explain the gravity of the situation with the responsible people at your site, and will make it clear what an RBL listing means. Only at that point is it possible to add a site's network to the RBL.

The RBL is just about the most fastidiously maintained abuse tracking system on the Internet. In fact, that is the chief reason that it is used so widely -- a network doesn't get on the RBL unless it has proved itself to be really irresponsibly run.

The other salient point is that participation in the RBL is voluntary. No site is required to use MAPS' abuse lists. They do so because they need to block spam and find that MAPS fills that need.

Ultimately your complaints are better directed at your mother's ISP, for using the RBL, and (most of all) at your own ISP, for failing to run their systems responsibly. Blaming MAPS is like blaming Ralph Nader for making your seatbelt too tight.

Signal11 is talking about MAPS' Dialup User List, which helps a mail server identify a connection directly from a dialup IP at a remote site. Because legitimate users generally send mail through their ISP's own mail server, mail coming direct from a dialup account is almost always spam.

You need to learn about smarthosts (or whatever the equivalent is if you're using a trendy new MTA). If you route all of your mail traffic through your ISP's mail server, instead of connecting directly to remote MXes, your mail won't be blocked by dialup lists like the MAPS DUL. End of problem.

YEAH. RIGHT...

This is from a company who spewed ads from their servers and is so far still on the MAPS RBL for doing it. It's already been proven that Real Networks will gather and spew out anything and everything. Real Networks has a security problem on the scale of the Goths invading Rome durring it's downfall.

Love the technology. Don't love the problems tacked onto it.

---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack