Slashdot Mirror
Last Month for Free MAPS
Path: ...!newsfeed.stanford.edu!news.isc.org!not-for-mail
From: Margie <margie@mail-abuse.org>
Newsgroups: news.admin.net-abuse.email
Subject: MAPS Subscription Policy Changes
Date: Thu, 12 Jul 2001 16:45:11 -0700
Organization: Internet Software Consortium
Message-ID: <nidsktsnci3cat0blc31qtanprifmek97v@4ax.com>Effective Midnight 7/31/2001, all non-subscription access to MAPS services will cease. Anyone wishing to transfer or query MAPS data must have a signed contract with MAPS, and have access enabled in our ACL. There are several reasons for this change:
1) The data in the MAPS files belongs to MAPS and is copyrighted. MAPS, RBL, RBL+, DUL and RSS are all service marks of MAPS. MAPS must have the ability to protect its assets from unauthorized use or disclosure by third parties.
2) As MAPS popularity grew, the demand on our resources grew. We have continually upgraded systems, software, and added servers where necessary. The end result is our systems and connectivity are sufficient enough that providers have no incentive to pay for zone transfer subscriptions. When MAPS began to offer paid subscriptions, we believed that allowing access based on the ability to pay would allow the largest percentage of the net to access the services, while permitting MAPS to sustain itself with subscriptions from the large users of the services. What we have found instead is that we are our own worst "competition".
3) The economic conditions in the industry have hit everyone, including MAPS. MAPS' purpose is to stop spam on the internet. That purpose can only be achieved as long as MAPS can maintain itself as a corporation. Like any corporation, that takes income. There is very little debate about the effectiveness of the MAPS lists. This effectiveness saves its users time, bandwidth and other resources as well as giving them an added value to their customers by reducing the amount of spam the customer sees in their inbox. MAPS can simply no longer afford to foot the bill for the bulk of the internet community.
It is not our intent to put the use of the MAPS lists out of reach of the individual or hobby site. We will still offer some reduced fee or free query contracts under limited circumstances.
As usual, please direct requests for contracts to subscription-request@mail-abuse.org, questions and comments to margie@mail-abuse.org and flames to dev/null. ;)
--
Margie Arbon Mail Abuse Prevention System, LLC
Manager, Market and Business Development
margie@mail-abuse.org http://mail-abuse.org
Here are excerpted reader comments from SPAM-L and nanae which I found interesting:
"...people can no longer pass the buck when it comes to effectively blocking unwanted crap; they will have to now assume the responsibility for handling their own E-mail. I actually think that this is going to be a good thing for the long term." (Sam Varshavchik)"...and so dies MAPS. You've just cut your own throats. The effectiveness of MAPS always depended on the number of users, which is now going to be a fraction of a percentage of what it was before." (John Oliver)
"I was under the impression that MAPS want a big number of subscribers, in order to have some force behind them when they educate and negotiate with spammers. Isn't that the reason big spamhausen like UUNet were not blacklisted, since many subscribers would stop using MAPS's tools because of too much collateral damage? Now MAPS is reducing its customer base. But perhaps we can now get eBay, UUnet and Qwest blacklisted, since only a small number of administrators will use MAPS tools..." (Karl-Henry Martinsson)
"...if the RBL listees think the RBL is a bitch, let them see what happens when they get dropped into who knows how many individual filters that won't get reviewed for removals until Hell freezes over. I think there is some serious potential for us to ALL gain from this move." (Jim Higgins)
"Anyway, now that the MAPS RBL user base has been reduced by at least a factor of 10, the mainsleaze spambags are not going to even CARE about MAPS. ... So the mainsleaze spambags are going to let loose on the remaining 92-96%. ... The way I look at it, Joe Sixpack is now going to see more spam than he's ever seen before. I think that a lot of Joe Sixpacks are going to get seriously pissed, and a fair amount of them are going to explore ways to effectively spamproof their INBOXes. This is a GOOD thing." ("Sam")
My own prediction: in the long run, this has no big effect on spam either way. Two things will reduce the hassle of spam, more legislation, or supplanting SMTP with a non-broken mail protocol. Costs have to be attached to sending mail to strangers, either micropayments or risk of jail. As long as mail's dirt-cheap to send, spam will be vying for our attention, scurrying-around clean-up crews notwithstanding.
Until SMTP is replaced, the great spam fight is a bunch of Libertarians trying to solve the tragedy of the commons. A pay-per-view clique seems like a suboptimal solution to me.
It worked great until one of them wanted to send me an e-greetings card for my birthday and submitted my real e-mail address to a greetings card site known for collecting addresses to sell on.
Result ?
I now get about 4 to 5 spams a day in my personal account... go figure :(
IMPORTANT: Educating your friends about your e-mail address system is a must!
When above.net were hassling ORBS last year, Alan Cox mentioned that it was looking suspiciously like Vixie was planning to take MAPS commercial. See the July 17th entry in his diary.
"The invisible and the non-existent look very much alike." -- Delos B. McKown
I have a fairly complicated spam filter set up for my clients, which works something like this:
BCC filter -> MAPS rbl filter -> regex filter
Until fairly recently, the BCC filter was the most effective filter for getting rid of spam. Lately, with the proliferation of DSL, spammers now have the bandwidth to send out one email per recipient, making the BCC filter less effective.
The RBL filter is very ineffective (and yes, it includes the DUL and other lists). Spammers know that a large number of sites use these filters, so they perform "hit and run" spamming, finding open mail relays to rape.
The regex filter is becoming the most effective spam filter.
Not to mention a software package I wrote.
- Sam
The secret to enjoying Slashdot is to realize that it should not be taken too seriously.
We, the recipients of spam, now actually have to pay to NOT receive spam.
Thank you very much spammers, and die.
This is your sig. There are thousands more, but this one is yours.
You could then have a policy on your MTA of:
1) if sender is an authenticated user of this MTA, accept mail
2) if sending MTA is the MX for the FROM address, and if the sending MTA has a key in the domain, accept.
3) If the sending MTA is the MX, but has no key, accept but tag as possible spam.
4) If the sending MTA isn't the MX, reject with a redirect to a webmail bypass URL.
OK, pick it apart guys. Maybe we all can hash together an RFC?
How stupid. I recieve mail @myisp.com and that's my From: address but I send mail using IP services provided by a number of ISPs depending on where I am when I'm sending. When I'm attached to airbridge.net, I use their SMTP servers. When I'm attached to oponline.com, I use their SMTP servers. I *don't* use myisp.com's servers (unless I've telnnetted into my shell account) becuase I'm not using their IP servces. My mail is legit, but my From: address does not match the SMTP server I'm using.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
Here are some up and coming alternatives:
I also have my mail server configured to reject mail from other mail servers that do not have their IP addresses correctly configured and/or delegated in the in-addr.arpa reversed DNS zone. Amazingly, this has cut out almost as much spam as MAPS has. For Postfix users, this can be done with:
While this does end up rejecting a few "legitimate" servers, the number is very small. I suspect that for the most part this works because open relays tend to be the result of "inadequate administration" which can also be the cause of the lack of reverse DNS. If they can't get one of them right, they probably can't get the other right.now we need to go OSS in diesel cars
I've thought of a very simple change to how MTA's work that I believe would correct much of the problem with spam, without requiring any change in how SMTP works.
Assume you are sending a message to me (me@example.com). Your ISP's MTA contacts example.com's MTA and begins to send the message. Once example.com's MTA knows where the message purports to be from, it looks up the MTAs for that domain, and verifies that the connection is actually coming from one of the MTAs listed. If not, bu-bye!
Now, this doesn't address open relays. I don't claim that it does. Open relays are best addressed with education of the alleged sysadmin (perferably with a Board of Education, +5 LART). What it does address is the growing number of spammers using broadband connections to directly spam users.
In effect, this is doing much the same thing as the MAPS DUL, with the following exceptions:
1) It's "opt in" rather than "opt out": a mail sender must take positive action to be able to send mail, rather than their ISP taking action to prevent them.
2) Even if you are on a dynamic IP connection, you can still set yourself up with a domain, and use a dynamic DNS provider to link back to your server. (Whoever, IMHO if you are on dynamic DNS, you really should be going through your ISP's MTA, but....)
3) It allows you to have some idea of who is sending you a message.
Now, I agree that many spammers will just register domains and spam away, but it costs more effort to register a domain than it does to simply get a connection, the domain registrar has some record of who owns the domain, and the "JethroBillyBobTrailerTrash" spammers won't be able to handle setting this up.
You could even extend this to having a public key stored in a text record of the domain, and require that all mail received by an MTA be coded against a valid key. Back to my example: your MTA would retrieve the key for example.com, and code the message against that key and your key. That way, example.com knows that you are the sender of the message. This also has the happy side effect of making it a lot harder to eavesdrop on the message.
You could then have a policy on your MTA of:
1) if sender is an authenticated user of this MTA, accept mail
2) if sending MTA is the MX for the FROM address, and if the sending MTA has a key in the domain, accept.
3) If the sending MTA is the MX, but has no key, accept but tag as possible spam.
4) If the sending MTA isn't the MX, reject with a redirect to a webmail bypass URL.
OK, pick it apart guys. Maybe we all can hash together an RFC?
www.eFax.com are spammers
Is it entirely coincidental that MAPS is starting to charge a subscription fee almost immediately after ORBS was shut down? It seems interesting that as soon as they have no competition they start charging a subscription fee.
Thanks, but no thanks. I'd prefer not to pay for the priviledge of having email erroneously blocked.
Tarsnap: Online backups for the truly paranoid
MS tries to buy you or puts you out of business by stealing your product/idea and then incorperating it into Windows for "Free"
MAPS and the network that it runs routinely and IMHO illegally injected false routes into the global routing table so that ORBS was unavailable so ONLY their "free" service is accessable. See MAPS vs ORBS
MS: is now going with a subscription fee for it's software. All that "free stuff" it added to your OS which may or may not work properly now has to be paid for monthly!
MAPS: With the competition driven into the ground, you suddenly have to PAY for MAPS. (You mean they couldn't mirror those zone files on several servers across many networks that would be willing to do so for free??)
Sad, we see here dishonesty, trickery and stupidity win over the better product, and/or the better idea.
"Science is about ego as much as it is about discovery and truth"
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Then you say "What we need is a decentralized replacement without a central authority. Perhaps a 'web of trust' like PGP where any site can black hole another site on their OWN server, and others will pick up the ban automatically when enough servers they trust do so".
When people say SMTP is broken, the lack of trust management is what they're referring to. The inherent brokenness of SMTP is that it delivers just about anything that shows up on port 25. I agree with you that a distributed trust mechanism is needed.
Unfortunately making it work would take major design of new protocols and massive deployment of new mail servers. It would also take new email clients that people could use to report spam to their mail server. Large mail servers would need massive CPU power to do the necessary public key cryptography.
-- ;-)
Kuro5hin.org: where the good times never end.
There have been numerous well known cases where MAPS created an entire netblock against "spam friendly" ISPs, in an attempt to put pressure on that ISP to change its policy and stop selling bandwidth or other services to spammers. This tactic has the effect of blocking all of that ISPs customers, spammers and legitimate businesses and users alike. Not long ago, slashdot ran a story about peacefire.org and others getting blocked by MAPS.
Your belief that everything listed by MAPS must be spammers is clearly false if examples can be shown where non-spammers have been blocked, and I believe that link above is just such an example.
Even without a hard example, it's a well known fact that MAPS uses large netblocks against entire ISPs who they consider "spam friendly", without any regard for the other innocent bystanders who just happen to be other (unsuspecting) customers of that ISP.
These services would not be worth squat if they did not work as advertised.
It is debatable how effective MAPS is. In this C/net article MAPS blocked very few spams and also blocked many non-spam messages. MAPS was the only spam blocking service among the ones tested that blocked non-spam messages. That C/net ran a test and found MAPS to block a significant number of non-spam messages further shows how naive it is to blindly trust MAPS.
I suspect that time will shortly prove that MAPS is in fact "not worth squat". Such questionable effectiveness coupled together with blocking legitimate emails isn't great from a free service, but when you're paying your expectations change.
PJRC: Electronic Projects, 8051 Microcontroller Tools
I've seen the fall of Usenet (information to noise ratio is now about 1-10 in most groups) and the raise of spamming...
Do i get spam on my e-mail account? - Nope.
How?
I have three e-mail accounts:
- One for my friends and my informal humor mailing lists and official stuff (note: subscriptions to banana-girls-with-big-breasts.com sort of sites does not count as official). I never put this address in any public forum (that includes
/.).
- The other one is at work. I only use it for work related stuff. When i change companies this one changes but my friends can always get me through the other one (for all the other ones, well - if you don't have my personal e-mail that means i don't want to hear from you again). I never publish this one in public forums.
- The last one is my public e-mail. I'll look at it maybe once a week. I'll use it publicly (although i still refrain myself from using it "as is" in Usenet - beter transform it so that humans can understand the real one but not e-mail address collection programs). Registration to any moderatly crappy site involves using this one. For extra crappy sites i just create a new one in Hotmail.
So, after all my gloating about my own cunningness, what's the conclusion:Number of spams per-month = zero
Number of spams per-month = zero
Number of spams per-month = about 10 to 20
Levels of privacy!!!
Set up e-mail accounts the same way as you set up your life: friends; work; everybody else
It works!
It's been rumored that if you don't continue to pay your subscription fee MAPS will put your site on the list. And send you emails until you do!
Twitter.com/TrentonHyatt
Effective Midnight 7/31/2001, all non-subscription access to MAPS services will cease. Anyone wishing to transfer or query internet data must read the rest of this mail.
Send us and the following 6 people on the ACL list 1 DOLLAR. Then add your name to the ACL list and send it to everyone you know. you get rich in a few days day and receive no more spam at the same time!
Some testimony of users :
"i did not pay ...and so dies . You've just cut your own throats. The effectiveness of MAPS always depended on the number of users, which is going to be paid out now. If you do not pay MAPS and the world arroudn will die (John Oliver) ,
"MAPS want a big number of subscribers....aministrators will use MAPS ..." (Karl-Henry Martinsson)
"This is a GOOD thing." (Sam)
Margie "mail" Arbon. Abuse Prevention System, TM Manager, Market and MAKE MONEY FAST Development.
OK, correct me if I am wrong, but the data in MAPS are built up from a lot of user-submissions reporting open relays and spammers etc.
So how come it is OK for MAPS to claim copyright and charge for access to community-submitted data, but NOT OK for CDDB to do exactly the same thing?
 --
People should not be afraid of their governments - Governments should be afraid of their people.
... MAPS will start sending out email to random people, explaining how their services can reduce the spam problem on their email servers. It'll probably be almost as bad as when the emails for "system security" clog up and crash the mail server...
IBM had PL/1, with syntax worse than JOSS,
IBM had PL/1, with syntax worse than JOSS,
And everywhere the language went, it was a total loss...
For more than a year, ORBS claimed that MAPS wanted to go commercial. MAPS consistently denied this. Now, as soon as ORBS is gone...
I think the question i would like to answer is did MAPS have an effect ? i mean the level of spam does not seem to have decreased at all and i think it has grown - the major ISP and web services providers - @home, Yahoo etc dont want to know about it - they may block email accounts of bulk mailers but in my expereince they dont.
The other side of the coin in this message is that MAPS have costs as well, the maintenance of servers, databases and net bandwidth costs require money and staffing and that inevitable means costs. They have obviously now found it neccesary to continue and try and recoup them with the subscritption method.
I personally find it a usefull tool and will likely pay for access under the subscription plan but others wont, thats a choice thing.
After all they are a company and as such as they say they need to pay the bills.
Support them with subcriptions if you want to help combat spam or dont use the service - i think its a fair comment - not everything can be free as life costs money
Thats my 2 cents anyway
I refuse to argue with Anonymous Cowards - if you want a discussion get an account....