Open Replacement For MAPS?

quackPOT asks: "Is there anyone with an open database similar to the MAPS DUL list? Now that MAPS charges for service, I either have to pay (which ain't gonna happen) or deal with the spam from direct client connections from crappy dial-ups. One of MAPS excuses for charging was the overhead cost of network bandwidth/etc/whatever. Why not distribute mirrors to other networks to reduce the amount of strain on their servers?"

Re:Do you need MAPS?

[benedict]

I have found that RSS + RBL + DUL block between 1.5 and 2 messages per user per day.

It's a small sample, though; ~300 users, and all of them explicitly chose to enable MAPS filtering, so the sample was probably somewhat self-selecting.

Re:A centralized blackhole list is important.

[duffbeer703]

Are you affiliated with ORBS? You certainly have the accusatory attitude that they had. I didn't "admit" anything, just stated what happened.

Alot of people blocked mail traffic from sites that appeared in the untestable category. That led common users to believe that we were spammers.

Re:A centralized blackhole list is important.

[duffbeer703]

There is no such thing as an unbiased opinion.

Let me explain again.

We were not running an open relay. ORBS probed us for an open relay and their script encountered some sort of problem that caused it to repeatadly probe our server. We blocked their netblock and found ourselves on the RBL.

Whether or not ORBS calls you a spammer is irrelevant. Being on the RBL puts the public under the impression that you are a spammer.

When we attempted to correct the situation, we were treated very rudely.

Re:A centralized blackhole list is important.

[shario]

But this is exactly why MAPS was created: ORBS was too rude and blocked people just because they didn't want to be tested.

MAPS lists do not include these blocks, but they rely instead on lists of servers that have been used for relaying spam (RSS list), dial-ups (DUL) and actual spam source (RBL).

This is why our company will be paying the pocket money of $1500 for MAPS services and not using the open lists of "some egomaniac", as you put it. Besides, paying for the service lets us demand something for our money, namely that the service works.

A centralized blackhole list is important.

[Nonesuch]

Use of blocking lists does help cut down on spam.

The primary benefit of something like the 'Realtime blackhole list' (RBL) was that it was a centralized resource for the blocking and unblocking of actively exploited open relays.

If a site maintained an open relay, that relay would rapidly end up on the blackhole list, and ISPs using the list would immediately (the whole point of 'realtime') start rejecting spam relayed through that specific host.

More importantly, when the site fixed their open relay, and proved this to the list maintainer, they would immediately be removed from the list. This is a vast improvement over the old way doing things, where each of thousands of sites would manually add known open relays to their own private blocking list, and might never be removed from some of them, depending on the whims of individual admins.

Obviously you are biased due to ORBS having blocked your site. IIRC, ORBS doesn't call you 'spammers' for blocking their probes, they have a distinct category for sites that cannot be tested... if they called you spammers, it was because you sent spam.

Re:A centralized blackhole list is important.

[shokk]

The problem with having the service centralized is that there was a single place to go sue if the company wanted to continue spamming. If a decentralized scheme can be put in place, no one can get sued, no one will be thought of as the big bad mail nazis, and it will all be controlled by individual sites, as it should be.

The downside is that admins would have to go through these lists of domains to see which they want to allow through that are currently blocked. It would also take some time to propagate through the network of hosters, some of which may not care to push the database to other, only to pull it down for their own use. An upside is that you could quickly control the list locally to allow a customer/client through instead of waiting for a central authority to wade through the huge list of adds/changes/removes to get to your request. You could also insert a domain into the web of trust that would start propagating through the net that moment rather than waiting for a central authority to wade through the huge list of adds/changes/removes to get to your request. Sense a theme? =)

OK, since this is all really DNS, we need a way to update an RBL domain back and forth between sites in a trusted fashion. The new versions of named have authentication built in, so a web of trust could be started now. If the updating could be set up in a ring or a web of trust fasion that would update the next site and take from another peer site only meant to update your site (and maybe one other), then it could be closed to a known trusted group of people. A ring scheme has the property of being interruptible like a token ring network, but a web of trust is a more reliable model unfortunately prone to being harder to follow/debug. This way changes are done by someone you know or known by someone you know and a little more familiar.

This way, as an admin for a company, I am blocking a site personally as a representative of the company, rather than as a group making decisions for a large number of individuals/companies whose interests are wholly unknown to you. These rings/webs could be set up to be totally disconnected from each other so that people with special interests can get mailings they don't consider spam, yet block that which they do.

Re:A centralized blackhole list is important.

[Zen+Sandwich]

In an ideal world, then any admin who's the owner of an open relay would be happy to be notified he's got a problem and work quickly to solve it.

In the real world, many SysAdmin's egos just can't cope with others telling them how to run their system. So, they react by doing stupid things like attacking the blacklist maintainers.

And then if your blacklist maintainer has a similar ego problem instead of shrugging off the insult, they make it worse by blacklisting systems that have done nothing wrong except piss them off.

Admittedly the split-up of the blacklists into 'really open relays', 'maybe open relays' and 'not open relays, but they annoyed me' at least made it possible for those of us who don't buy into the ego trips on either side to at least make some use of the first list.

Re:A centralized blackhole list is important.

[Farce+Pest]

Then you would have been listed as an untestable netblock or a manual entry for blocking the tester, which you admit is true. This is not the same as being listed as an open relay. Prior to 2001, this would mean a 127.0.0.3 address in relays.orbs.org (127.0.0.2 is an open relay, 127.0.0.3 is a manul entry, IIRC). Starting in early 2001, it would have meant an entry in manual.orbs.org and untestable-netblocks.orbs.org, as opposed to relays.orbs.org.

Why even bother?

[duffbeer703]

Blackhole lists are a massive waste of time.

1. Use of blackholes do NOT stop spam at all.

2. They piss off users when a client/friend/etc happens to be using a server on an RBL.

I also have a problem with the ego-maniacs who run these services who seem to think that they are some sort of 'net police.

My last company was on the ORBS RBL for over a year after we blocked all traffic from their network. One of their discovery scripts screwed up and DOS'd our mail server. Yet we were called spammers for blocking their attack.

Other free methods

[jqh1]

Why not chip in on the spamgourmet project so you can offer users disposable email addresses -- this definitely does kill a lot of spam per user.

Re:Do you need MAPS?

[Zeekamotay]

I'm currently using:

• relays.ordb.org
• or.orbl.org
• inputs.orbz.org
• outputs.orbz.org

With them, I block between 10,000 and 20,000 messages per day -- which is just about the same as what MAPS/ORBS did for me. In the past two years, I've only ever had two complaints of blocking legit sources (they _were_ open relays tho). FWIW, hosting 250 domains, 1500 accounts.

www.orbz.org is worthless.

In my experience, orbz has (at least) one showstopper, which makes it completely useless.

When a relay is submitted for testing, if it's down, it's marked as 'clean', and Orbz refuses to check it again for 30 days... even if you email the Orbz admins and let them know...

Several orbs/maps replacements

[kneecap]

here are some websites for replacements of ORBS and or MAPS

http://www.orbl.org/ Open Relay Black List of Phoenix, AZ
http://www.orbz.gst-group.co.uk/orbs/ Open Relay Block Zone (ORBZ), of Basingstoke, England
http://www.ordb.org/ the Open Relay Database (ORDB), of Aarhus, Denmark
http://www.orbz.org/ Open Relay Blackhole Zones (ORBZ) Nassau, NY

also look at this prior slashdot story about ORBS (Open Relay Behavior-Modification System) forking :http://slashdot.org/articles/01/07/02/1540210.sht ml
here is a list of the DNS zones:
or.orbl.org
relays.ordb.org
orbz.gst-group.co.uk
manual.orbz.gst-group.co.uk
inputs.orbz.org
outputs.orbz.org

Do you need MAPS?

[embobo]

I keep one year's worth of mail logs for my company's mail server. The company is small, with about 1000 email accounts. With a simple grep I found that the RBL blocked 3000 messages in one year. That's about one message every 100 days per user. Obviously, the RBL is virtually worthless for our company, so we didn't pay for a subscription.

If possible you should see how many messages the MAPS services you used blocked for you. Notice that as far as I can tell MAPS doesn't provide any hard data for the success rate of their services. When they were free that wasn't so important but once money enters the equation I need some real eveidence.

Re:Do you need MAPS?

[RevDigger]

I don't know if that is typical. When MAPS closed up, I had about 500 mail accounts and I was blocking about 100 messages per day.

More importantly perhaps, when I first turned MAPS (RBL + RSS) I had about 200 accounts, and I was blocking about 1000/day. After about a week with MAPS lookups on, it trailed off as the spammers realized they were RBLed, and gave up trying, I would assume.

I'd really like to find a reasonable replacement. Not only is MAPS priced a bit beyond my budget, but how current are their lists going to be now that no one actually uses their service?

- H

Re:Do you need MAPS?

[embobo]

Yeah my results may be atypical, or yours may be. We need more data. If an organization didn't know how much spam the MAPS services would block for them we also need some idea of what the independent variables are. For example, I work at a newspaper company and that might affect how much spam we get. It doesn't need to be exact but I would certainly expect to get a rough idea of the value of MAPS before coughing up the dough.

Free for Individuals

[waldoj]

Don't forget that MAPS is free for individuals' mail servers. It only costs if your server is for a business. This sounds wholly reasonable for me.

-Waldo

Re:Free for Individuals

[cperciva]

Don't forget that MAPS is free for individuals' mail servers. It only costs if your server is for a business. This sounds wholly reasonable for me.

Yeah, of course. Because we all know that businesses have lots of money.

Re:Free for Individuals

[waldoj]

Think of it from a practical, not fiscal, perspective: individuals are likely to require many less lookups than many businesses. (Not without exceptions, of course, but it's probably a reasonable generalization.)

-Waldo