Slashdot Mirror
MAPS vs. Gordon Feyck: Who Owns the DUL?
etrnl writes "The spam-l mailing list has an interesting post from Nick Nicholas about a recent lawsuit between MAPS, LLC. and Gordon Fecyk, who had arranged with Paul Vixie to host the DUL with MAPS in 1998. Even more interesting is that Nick was the Executive Director of MAPS who hired Gordon at MAPS in 1999. Notable quote from Nick: 'I find
it extremely ironic that an organization which is currently soliciting donations
to its own legal defense fund would now be using its limited resources to pursue
litigation against a former employee.'"
MAPS wants a temporary restraining order on two separate copyright claims:
first, that Feyck can't use the DUL database, and second, that he can't run a too-similar website (now
down). The bone of contention is that Feyck claims he
bought back
the DUL from MAPS, and
MAPS disagrees.
Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders.
And while I know he's a decent guy, he also tends to be a little too hard-headed for his own good (at least he ws a few years ago). I suspect that some communication here between the parties will clear up a lot of what's going on.
On the other hand, since I know Gordon to be an honest guy, I suspect that the other party is trying to screw him out of what rightfully is his.
Kickstart
I have been a strongly outspoken supporter of MAPS for many years.
When I was with Gordon Fecyk I nearly had a heart attack when Paul Vixie called in 1997 to warn us that we were about to be listed in the MAPS RBL for running unsecured mail servers. But I supported his actions even then. Indeed, his call was very helpful in speeding up the bureaucracy at pacbell.net and getting the unsecured mail servers closed to relaying even more quickly. I appreciated Paul's willingness to work with us on resolving our problems.
Yes, in reputable news sources, acronyms are explained the first time they appear in a story. HTML even has an tag which lets you explain it with a mouseover.
I was thinking the same thing. Is this the type of thing that could set a legal precedent? Or is it more of a drama?
And before you tell me to read it, consider that some of us like to have an idea of what we're reading about before we go off reading articles. In other words, define ur acronyms!
"Derp de derp."
DUL (Dial-up User List) is not a blacklist, though it is often mistaken for such. The DUL is a listing of dynamic ISPs that is used as a filter by subscriber ISPs to prevent direct e-mail from those addresses.
The future isn't what it used to be.
Here's a problem... with no easy way to deal with it.
Over the last few years, the Internet provider for Costa Rica has been targetted by anti-spam types as a spam hoster.
Now.. that's all well and good, but the end result is that
a) The entire country's IP range is on SPEWS
b) Internet is a government run monopoly here.
c) There is no direct way to be removed from SPEWS. You cannot contact them. You cannot explain your situation. (My situation is that we happen to have some IP addresses in this country, and have trouble reaching our customers because of it. We don't spam.)
Now.. I fully support the fact that the Internet is an anarchy, that each individual is free to decide how their network will or will not accept traffic from others, yada yada yada. On that I am firm.
But when it comes to an ISP.. we have a problem. An ISP that subscribes to this, sure, it's their choice, but it's awfully hard to explain to the client that they have to instruct their ISP to stop using this service. And the odds of the ISP stopping? Not likely.
The point is, in theory, it's all fair, in practice, it's a problem.
Did you try clicking the link on "MAPS, LLC"? It's in the story. The linked page also has a link to the DUL.
MAPS = Mail Abuse Prevention System
DUL = Dial-up User List
Anybody have a URL to the post on spam-l? And thank you to those who explained the acronyms to those of us not familiar with them or the dramatis personae...
-jag
http://starboard.flowtheory.net/
If 'the DUL' or, rather, someone utilising the DUL, is preventing him from emailing a second person, that must mean that Taco is using a dialup and has no smtp server of his own to access? That seems more than a bit improbable.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
later,
Jess
I am programmed for etiquette, not destruction!
Sigh. No it's not. (How many times does this need to be said.) The mail server CmdrTaco is trying to email is stopping him. The DUL is just a listing; it does no blocking.
Sender: Spam Prevention Discussion List
From: Nick Nicholas
Subject: COURT: MAPS Sues Former Employee and DUL Founder, Gordon Fecyk
I have been a strongly outspoken supporter of MAPS for many years.
When I was at pacbell.net I nearly had a heart attack when Paul Vixie called in 1997 to warn us that we were about to be listed in the MAPS RBL for running unsecured mail servers. But I supported his actions even then. Indeed, his call was very helpful in speeding up the bureaucracy at pacbell.net and getting the unsecured mail servers closed to relaying even more quickly. I appreciated Paul's willingness to work with us on resolving our problems.
I wanted pacbell.net to use the MAPS RBL, but instead I was instructed by management to compile my own list. I felt my meager efforts could not compare to the quality of the RBL made available by MAPS, but, unfortunately, my own wishes were overruled.
When Paul offered me the opportunity to become Executive Director of MAPS in December 1998, it was an offer I simply could not refuse, and for the next year and a half I was one of the leading cheerleaders for MAPS.
Even though I left MAPS in August 1999, it was an amicable departure. Soon afterwards I was hired as Chief Privacy Officer for a company in the direct marketing industry, and I still continued to defend MAPS against its many critics in that industry.
Last year I decided to write a book about the history of MAPS. My intent was to focus on the companies that sued MAPS and abused the legal system in order to prevent MAPS from exercising its legitimate free speech rights. I wanted to portray Paul and Dave Rand as beleaguered but slightly flawed heroes.
However, my opinion of MAPS was forever changed this past April when it decided to sue DUL founder, Gordon Fecyk, after Gordon attempted to exercise a December 1998 contract he entered into with Paul Vixie in his capacity as MAPS CEO.
My overview of this matter, as well as copies of court documents filed in the case, can be found at the following URL:
http://www.lawsuitinfo.com
It seems that MAPS has learned a great deal from the lawsuits brought against it by Harris Interactive and others, and has adopted the same slimy tactics. In particular, the affidavits filed by Margie Arbon and Anne Mitchell are full of factual errors and material misrepresentations. I will add my commentary on these affidavits at a later date.
A hearing will be held in the Manitoba court tomorrow (5/7). We will add additional info as soon as possible.
Gordon may have to sell his car in order to pay his not inconsequential legal bills. Is anyone interested in making a contribution to help Gordon with his legal expenses? If so, please send your contributions to Gordon's attorneys at the following address:
Cassidy Ramsay
385 St. Mary Avenue, 2nd Floor
Winnipeg, Manitoba R3C 0N1
CANADA
Checks or money orders should be made out to Cassidy Ramsay
Be sure to include a note with your contribution stating that it is on behalf of Gordon Fecyk in the Mail Abuse Prevention System v. Fecyk case.
All contributions will be placed in a trust fund by the law firm and used solely to cover Gordon's legal expenses.
Contributors will receive an acknowledgement from Cassidy Ramsay. However, all contributions are covered by attorney-client privilege, and thus the identities of contributors will remain anonymous. Information about contributions *cannot* be obtained by MAPS through the discovery process.
I cannot describe how much it saddens me that it has become necessary for me to bring all of these disturbing facts to light, but I think it is essential for the Internet community to be aware of what MAPS has become. MAPS is no longer devoting its energy to fighting spam and co-operating with others in that fight, but instead is suing a former employee who attempted to exercise his legitimate rights pursuant to a contract with MAPS. I find it extremely ironic that an organization which is currently soliciting donations to its own legal defense fund would now be using its limited resources to pursue litigation against a former employee.
Regards,
Nick
Go on, laugh.
mogorific carpentry experiments
Did anyone else read this as:
'Who the fuck owns the DUL?'
or was it just me...
Maps is used by over 5000 mail servers and ISPs worldwide.
Er.. sorry, that should be dynamic IPs.
http://www.claws-and-paws.com/spam-l/
Search and archives are at:
http://peach.ease.lsoft.com/archives/spam-l.html
But you have to be a subscriber to use the above.
Sig: What Happened To The Censorware Project (censorware.org)
CmdrTaco will have to use a phone.
That is nothing worked until a few days ago. I recommend anybody that has spam problems, can run procmail or is in charge of a mail server running sendmail check out the "Distributed Checksum Clearinghouse" (DCC) at http://www.rhyolite.com/anti-spam/dcc/
It took me some time to get the dcc sendmail milter dccm working correctly but, since I did, this has become my new best friend. Its catching 100% of spam targeted at me and rejecting it.
From what I know about MAPS I think its a needed service to keep ISPs in check. But it seems targeted at attacking the delivers of spam and doesn't seem to provide much to directly protect the recipients of spam mail. DCC is the only solution I've found that accurately prevents spam mail from even being delivered to myself or users. I think this is necessary because if nobody actually receives spam the spammers will starve.
So If you're like me and think spam is a rashy plague that you can't get rid of their is a cream available and it is named DCC. Check it out.
I will never live for sake of another man, nor ask another man to live for mine.
Would that be a chicken bone?
Sig: What Happened To The Censorware Project (censorware.org)
Anyone who has worked with / for / against MAPS knows that they are primarily interested in fighting. Their original purpose was to fight spam, but they're just as into fighting folks they don't like and each other. As far as I can tell, they really don't care *who* they fight, as long as there's lots of name calling and moral outrage involved.
MAPS is a joke. A classic case of the old saying about the pavement on the road to hell, and also a classic case of people thinking there's a technical solution to a social problem.
-b
What am I missing?
Fecyk quotes a PGP signed agreement. Unfortunately, he (or perhaps his mail client) has stripped off the signature itself.
The signature on the argument would carry more weight if he left the signature intact so others could verify it from themselves.
"Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders."
um, no - in this case, use your ISP's mail server.
Problem solved.
Yes, this prevents someone from running their own SMTP relay on a dynamic IP, but it's the only effective way of preventing such direct-to-target-server spam from going through.
It's my understanding that blocking email from IPs that are part the DUL will only block email from people that are running *their own* SMTP server off of their dial up connection. Since most (I'd guess well over 95% of the people that use dial up) people use their ISP's SMTP server to send email, this should not block much useful email.
Nick also posted his message to the Usenet newsgroup news.admin.net-abuse.email. There are some interesting comments in that thread, you can view it here.
Your link is 4-oh-4'ed! oh.. right. lots of college students runnning their own linux boxes at school are using it.... ahhh. but shit.. 5000? arent there a few million hosts out there? 5000 is far less than 1% :)
Brunner Went Down to Florida
By: Gordon Fecyk
Inspired By: Kostadis Roussos' "Devil went down to Sunlab"
Parody of Devil Went Down to Georgia by The Charlie Daniels Band (BMI) Brunner went down to Florida,
He was looking for an ISP.
He was in a bind, 'cause he's off line
And was willing to pay the fee.
When he came across John from MegaPOP
With bandwidth real hot,
And Brunner jumped on the Popsite bench and said,
"Boy, let me tell you what!" I bet you didn't know it
But I'm the king of spam and spew.
And if you care to take a dare
I'll make a bet with you.
Now you run a pretty good server, boy
But give the devil his due.
I'll bet Avalanche Pro against your soul
'Cause you can't stop 'Spamdrew.' The boy said, "My name's Johnny
And it might be a sin
But I'll take your bet, your gonna regret
'Cause I'm the best that's ever been." Johnny, lock your dial-ups and start working them real hard
'Cause hell's broke loose in Popsite
And the devil deals the cards
And if you win you get to stop his new Avalanche Pro
But if you lose, Brunner gets your soul! Then Brunner opened up NT and said,
"I'll start this show."
And fire flew from his fingertips
as he watched his Avalanche load. And he sent his spew across the 'net
But it was blocked with "5-5-6".
Then a band of Chickenboners joined in
And it was blocked again, like this... (instrumental) When Brunner finished Johnny said,
"Well you're pretty good ol' son!
But we work with the Dial-up User List
let me show you how it's done!" Avalanche dead, run DUL run.
Devil's running NT Workstation.
Chickenboner spam spew 5-5-0.
Stop the Devil's junk mail, Go DUL Go! (fiddle solo) And Brunner bowed his head
Because he knew that he'd been beat.
And he tossed his Avalanche Pro
in the trash, and cried "Lawsuite!"
Johnny said, "Devil, just come on back here
If you ever wanna try again.
I done told you once,
You son-of-a-bitch,
I'm the best that's ever been!" He mailed: Avalanche dead, run DUL run.
Devil's running NT Workstation.
Chickenboner spam spew 5-5-0.
Stop the Devil's junk mail, Go DUL Go! (solo finale)
I can't help but look at these databases as a
too-little, too-late patch to a broken
system. My long term average for spam is now 7.2
spams/day -- EVEN with working to try and
prevent it. Why should I have to pay some
company more to track people who spam?
Can someone please present a way to overhaul
the email system so that it works the way it
was intended? Call it something else --
something new -- direct, personal, intentional
communication. (Cripes, they even have
spambots now on IRC and IM too.)
I'm groping here -- but what are the real
steps we can take so that end users
don't need to spend the money/time to defend
against unwanted commercial mail?
I'm thinking along the lines of new rfps for
the way mail servers transport and
authenticate mail / requiring digital signatures
from your ISP / elimination of mail from
spoofed IPs / elimination of all anonymous mail,
even...
where is the hangup in making (i.e. forcing
technologically, not leagally) spam
nonexistant?
The message sent by vixie says that a contract will be drawn up, and outlines some of its features. It is not a contract in itself. Unfortunately, it is very easy to not worry about such things when a business relationship is starting up because everything is fine and you don't want to make the other party feel you don't trust them. Unfortunately if things go bad, all you have left is PGP signed vague emails instead of signed and notarised contracts. IANAL.
From my understanding of the Feist decision, it is quite possible that this list is not even copyrightable. Unfortunately it would take a lot of money to make such an argument, as it would establish new case law. IANAL.
5000 sounds impressive, but there are a hell of a lot more then 5000 mail servers.
MAPS might have a few good points but in my wholly uninformed point of view, they seem to deserve to lose.
To sum up 3 years:
Gordon Fecyk: Hey Paul, here is the DUL - I'll even indemnify you of any damages because of the list.
Paul Vixie: Great - I'll make you the maintainer of the DUL and we'll draw something up saying you can regain ownership of the DUL for $10 (the contract minimum in the US at the time). MAPS will take the good and the bad - all the publicity and all the legal trouble associated with it. When you want to leave, you can take the DUL back for $10.
forward 3 years
GF to Dave Rand/MAPS: I'm leaving. Here is $10. I have a recent copy of the DUL. I own it. You can use it free for a little while and we'll work out a contract after that. I'll even let you have first change to negotiate for it.
MAPS to GF: Lawsuit.
MAPS argues in the lawsuit that GF doesn't own the DUL and even if he did, he couldn't maintain it properly on his own, it causes legal issues with MAPS (privacy issues), saying that he owns it hurts MAPS, etc.
If I was MAPS, I'd be protecting my income sources as strongly as possible. Not having followed the MAPS project/organization much and seeing they still accept donations, I would be worried too.
The right thing to do would be to honour the agreement between Paul Vixie and Gordon Fecyk. If it bankrupts the organization, it is a sad thing but something could be worked out. (eg: cheap licencing - Gordon seems *very* reasonable)
The wrong thing is to fight for your life and not even try to do the right thing first.
Then again, if the DUL is a major source of income for them, I can't seem them caring much about doing the right thing. Morals are nice but survival comes first I suppose.
My morals suggested I check google for a cached version of the DUL and post the link but it looks like google didn't get it in time. Anyone have links?
Jeff
It's quite clearly a pre-contractual negotiation. It clearly doesn't even contemplate acceptance in those terms. If there's no written contract, the thing Gordon points to as a contract would be evidence of what the terms are, but not conclusive evidence. If there's a written contract somewhere else, then unless those terms are in it, Gordon's out of luck.
the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders
Oh my, I didn't realise this problem with DUL was so serious!
It's also worth noting that the DUL is the most valuable part of the MAPS services in that it blocks more spam than the other parts. Without it, MAPS will almost certainly lose customers.
This is wrong: MAPS is a limited liability company (LLC).
It is not a not-for-profit. The two are mututally exclusive under California law.
So how does it know whether the mail was relayed through a server first? By checking headers? Or does it have to do with the IP of the machine sending the mail? Headers seem like a ludicrous way to do it (too easy to fake), so I would hope thats not it, but this is the first I've ever heard of DUL so I'm not sure.
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
In other words, Taco does have an smtp server of his own to access. On his own machine. Like he should. If you're a dialup user, it's beneficial to have an inbound mailbox server somewhere that's always connected, whether it delivers the mail to you by SMTP or POP/IMAP. But no need to do that for outbound.
The reason the DUL is helpful for blocking spammers is not because there's no legitimate reason for a dialup user to run SMTP - it's just that many of the popular clients use a relay so they don't have to handle error messages or hang out trying to deliver to slow servers or delay delivery on temporarily unavailable servers, and that many spammers abuse cheap disposable dialup accounts, but they get booted off of their ISPs' mail servers too fast to make them practical, or rate-limited, so they deliver their own email so they can reach more suckers before being squashed.
Some ISPs block outgoing Port 25 that doesn't go through their servers - really annoying if you've got more than one ISP account, and don't like having to reconfigure your machine just because you're dialing in from work or on the DSL at home instead of the other dialup.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I'd like to block China, Japan and Korea.
Feyck you.
I don't think there will ever be a truly viable technical solution to spam. Spam is not so much a technical problem as it is a social problem. And we all know about trying to cure social problems with technical solutions. It's the same as with digital piracy--implement some new system or some new restriction and those that it was intended to take care of will be the ones that find a way to get around it.
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
The DUL is not a blacklist in the sense that all mail from the listed IPs is refused. The DUL is used to refuse direct mail from those IPs, but mail relayed through another server is allowed. This prevents someone on a dynamic IP from spamming by directly connecting to the SMTP server of each target address, instead of sending all the mail through an open relay. Legitimate customers simply need to use their ISP's (or a 3rd party) SMTP relay (which presumably has message speed limits on it) to send mail, and it will go through.
Third party relaying wasn't even in the original SMTP spec. Even though it is now mentioned there is no requirment for any MTA to support either using or acting as a third party relay at all.
Yes, this prevents someone from running their own SMTP relay on a dynamic IP,
It dosn't need to be any kind of relay, a mail originator which conforms 100% with thre relevent RFCs will also be given problems.
but it's the only effective way of preventing such direct-to-target-server spam from going through.
Given the chance most spammers would use a third party relay, including an ISP provided one. Since this protects their identity and their machine. Indeed techniques such as Telegrube are easily defeated by using a third party relay.
It drops any connections from any IP address within the list. It doesn't check any headers, it just checks the IP address of the connecting machine.
So, for example,
a) if dialup user a sends through an smtp server on dialup user b's box, it gets rejected, as the smtp server is running on dialup space.
b) if dialup user a sends directly to an smtp server using the DUL, it gets dropped again
c) if ddialup user a sends to smtp server on dialup user B, which in turn forwards and relays properly through his ISPs SMTP server, it will get through, as the ISP SMTP server will not be in the DUL.
The laissez fair internet has problems, you feel those problems are more acceptable than the problems caused by the ad hoc solutions ... not everyone agrees.
Spews is a very effective antispam solution, but the damage it causes is often worse than the problem it solves. Here are some of the problems it creates:
1. It blocks whole networks at a time, not just the spamming IP. Yes, this forces ISP's to react to spammers quickly, but how would you feel if you happen to share a class C with a spammer, and your emails get rejected for months while your ISP deals with the spammer and SPEWS? It's like living in a society where you go to jail for the crime your neighbor commits.
2. Spews is supposedly run by professionals, but they're extremely sloppy in their investigation work. People often get listed simply because their domains are used in forged email addresses and/or forged HELO headers. Anyone with a basic knowledge of SMTP knows how easily they can be forged, yet SPEWS frequently blocks domains on that basis alone.
3. SPEWS' philosophy is that once a domain is used for spamming, it's blacklisted forever. A client of ours recently bought a new domain name, but soon afterwards found his IP on the SPEWS blacklist, and his ISP shut down his servers to protect their other customers, simply because the domain was used for spamming by its previous owner. SPEWS doesn't bother to check whether the domain registration date is before or after the spam date.
4. SPEWS is run by a bunch of shady and unaccountable people. Their whois record shows a mailing address in Irkutsk, Russia, and they won't answer any emails. If you are screwed by them, the only way to get yourself removed is to post on a newsgroup and hope some anonymous hacker in Russia is going to care about your situation and deal with it promptly. If you're lucky, you get delisted a few months later, if your ISP hasn't kicked you out by then.
In short, SPEWS fights spam by exerting a heavy burden on innocent people who unknowingly become associated with spammers. Despite the hatred we all have for spammers, I would advise anyone who cherishes the democratic values of our society to stay away from SPEWS.
It's like living in a society where you go to jail for the crime your neighbor commits.
No, its like paying a criminal boss who happens to employe burglars. If you're paying, you're supporting spam. Tough shit.
People often get listed simply because their domains are used in forged email addresses and/or forged HELO headers
Care to offer links or evidence to that?
SPEWS' philosophy is that once a domain is used for spamming, it's blacklisted forever
Utter bullshit. None of the mainstream spam blacklists run on a domain basis. It's done on an IP block basis.
SPEWS is run by a bunch of shady and unaccountable people.
Shady no. It's run by a group of international news admins. Unaccountable, perhaps. But when black lists keep getting sued by spammers, then what else are you going to do.
SPEWS fights spam by exerting a heavy burden on innocent people who unknowingly become associated with spammers
Unfortunately, this is the only way to get ISPs to take notice these days. SPEWS is based on collateral damage. However the fault lies with the ISPs, not spews.
would advise anyone who cherishes the democratic values of our society to stay away from SPEWS
It's my democratic right to use it or not use it. SPAM is not a right. It's not a free speech issue. You do not have a right to communicate with my servers. Oh, and remember, the internet is international. Not all of us hold your consitution so dear.
I would like to block, China, Korea, and Singipore.
Use spews.
Download the data from the APNIC, TWNIC, KRNIC, etc. FTP sites, convert to your mailer's file format, and let it use that to look up each IP address. That's what I do for my Postfix mail servers.
now we need to go OSS in diesel cars
Of course, due to DUL use in some places, my e-mail would bounce when trying to send to them. :(
I'm not really bitter against DUL users. The spam shit is out of hand and you do what you gotta do. It's just one more reason to hate selfish spammers who are ruining the net...
Then Malda oughtta get a fsck'n clue and stop trying to do direct-to-MX from a fsck'n dialup account, for Christ's sake. It doesn't take rocket science to set ones SMTP server to use their ISP's mail gateway.
The DUL isn't "blocking" anything, btw. The receiving mail gateway is doing the blocking--because it doesn't want direct-to-MX from dialup pools.
Y'all may find these handy:
http://www.lawsuitinfo.com
http://www.chickenboner.com/lawsuit/
They both point to the latter URL.
Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders.
That's because he's trying to connect to the coder's ISP's SMTP server directly to send the mail. That SMTP server sees that Rob is coming in from a dialup pool and refuses the mail, as it bloody well should.
Solution: Rob should be using his ISP's SMTP server.
Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders.
Lucky Slash coder. That's one less email sender who's message he'll have to decipher from proto-Pigeon English to the real thing...
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
http://web.archive.org/web/20010619203232/http://w ww.orca.bc.ca/dul/
Fun to see the name change from ORCA.BC.CA DUL to MAPS DUL in progress.
theres also a list of allocated IP blocks here which might help.
It also has the worst false-positive rate. Typically, most Linux distros I've seen are set up to send their own email rather than rely on a third party email relay to send it. The DUL ensures that machines set up in this default fashion, despite not being set up as relays, will not be able to deliver perfectly legitimate email.
/dev/null. I wouldn't encourage it though, and I wouldn't encourage use of the DUL for the same reason.
Essentially, for something to be useful against spam it has to reject as much spam as possible while leaving as much legitimate email as possible alone. The DUL may succeed on the first ground, but it fails miserably on the second. It also promotes ignoring RFCs, as relaying was never blessed as the way for ordinary users to send email.
You can reject spam by setting up your mailbox as a softlink to
KMSMA (WWBD?)
Just try dealing with these people, or the many others doing the same thing, and you will understand exactly what I mean.
I don't even want to talk about my dealings with them... just don't feel like talking about it...
Sticking feathers up your butt does not make you a chicken - Tyler Durden
He said "5000 mail servers and ISPs". A DNSBL used by 5000 ISPs is quite impressive when you multiple each ISP by 250,000 customers or more.
> SPEWS is ... run by a group of international news admins.
Do you have any basis for this at all? Does anyone anywhere know this for a fact? That's simply what the folks in NANAE beleive, none of whom have any idea who SPEWS is and beleive it only from reading it on the SPEWS site.
MAPS is a Limited Liability Corp -- NOT a not-for-profit company. You can't be not-for-profit (legally speaking) and an LLC as well.
They like to claim they're not-for-profit, but are not legally based as such.
--etrnl
>Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash
coders.
Awww, poor baby, want a cookie?
Brian Bruns
antispam.2mbit.com - Anti-spam Resources/Services
Brielle
most spammers would use a third party relay, including an ISP provided one. Since this protects their identity and their machine.
I'm sorry, but where did you learn about SMTP?
Most (90%) of the mail servers on the planet will stamp the sender's IP address in the headers - how does this protect the spammer's identity?
MAPS being something DUL is an understatement
BWAHAHAHAHAHa
Should have set your sendmail server to send through their servers... so your server would accept it and try to push it through the @home server until it finally got out.
Just tweak the values so it tries for long enough to be able to get the messages out, heh.
--etrnl
It also has the worst false-positive rate.
No, actually it's false-positive rate is almost exactly zero.
The DUL blocks mail from dial-up (and other dynamic) netblocks. It's rare that a static IP address is incorrectly listed.
most Linux distros I've seen are set up to send their own email rather than rely on a third party email relay
So you're saying that a misconfigured machine is the problem of the DUL? Dial-up users should never run their own mailserver without smart-host.
Me bad, should have said MAIL admins, not news admins. As for evidence, if I said I did, then I'd be a target for discoveries in lawsuits, so obviously no, I don't. Of course the spews admins would know it for a fact.
I believe some day MAPS and DUL will make the major ISPs monopolies of email delivery.
ISPs are consolidating into larger and larger groups of users under a smaller and smaller set of companies.
ISPs help out by blocking port 25 from regular users.
MAPS knocks out the dial in users.
As one message notes, entire countries are blocked from sending email.
MAPS, while a good idea in a growing thriving ISP world, is not a good idea in a shrinking ISP world.
MAPS will destroy the email internet as we know it in a few years.
This isn't in response to the actual article. This is in response to the comments made about the DUL stopping CmdrTaco from mailing one of the slash coders. It really pisses me off when some dumb son of a bitch thinks they have the right to directly send an email from their dialup account. People seem to think that their providers MTA is there for looks. People don't understand that a significant amount of spam can be blocked by only allowing one providers MTA to talk to another. Frankly I think there should be a mandatory MTA registration process like there is for DNS servers. You must register your MTA before you can mail. This would require valid abuse contact information and things of that nature. The 'Net isn't meant to be plug and play. I block 100,000 pieces of spam per week at an ISP I consult with (give or take usually 10k depending on the time of year). I use 6 different DNS blacklists and a lengthy Sendmail access list of spamming domains and netblocks to do this for me. About 2 years ago the DUL was blocking by far the most spam of all the blacklists (for me). Then raping of open relays became really popular and the hits on the RSS rose dramatically. Now the DUL gets on average about 3000 hits per week. Every so often that number will sharply increase because some spammer decided to direct-to-MX spam us. Well we're one of many providers that doesn't take that shit. Hence the DUL. I'm getting sick of ranting here, so I'm done.
Well, I assume myself and CmdrTaco are not the only two people having legitimate, non-spam, emails blocked by people using the the DUL. I've had several rejected by Netcom and I assume CmdrTaco has had more than one blocked too from the nature of his complaint, so I'm assuming "Almost exactly zero" is accurate for quite a wide range of "almost exactly".
No on both counts. The RFCs have never suggested that relaying is the legitimate, "correct", way of sending email. It's nice that ISPs provide relays, it means you can have dumb email clients, but show me the RFC that makes their use compulsory, or even recommends them.
You can't. The RFC does not exist. The DUL provides a means to block email on the basis of a criteria that has nothing to do with spam.
A machine that is configured to deliver its own email when connected to the Internet is correctly configured according to the RFCs. A machine that isn't needs support that is usually there, but doesn't have to be. Punishing users for doing it properly is a poor, inane, idiotic thing to do.
KMSMA (WWBD?)
Well I was going to post our counts for you but the Slashdot Lameness filter decided I shouldn't bother. For us the RSS always gets more hits. I've never used the RBL or any of the other so I can't compare to the other MAPS lists.
PS, It's worth noting that the Slashdot "Lameness filter" is an absolute piece of shit. Whoever wrote it should be flogged with old Sparc keyboards. Thanks for giving us a list of "junk characters" asshole. Feedback is a wonderful thing isn't, dick?
Spammers, like the pondlife they are, have evolved with the internet. The old SMTP standard is inadequate and insecure. Until there is a widespread adoption of ESMTP (ie. POP before SMTP) or something similar is implemented, everyone will be patching up the email security "holes" of open relays with Spews, RBL, etc.
A DNSBL used by 5,000 ISP's is not very impressive at all when most of the ISP's are located in Asshole, Indiana with 400 customers or less.
It's my understanding that blocking email from IPs that are part the DUL will only block email from people that are running *their own* SMTP server off of their dial up connection. Since most (I'd guess well over 95% of the people that use dial up) people use their ISP's SMTP server to send email, this should not block much useful email.
/. after all, I expect a large majority of the population here runs, or has run, their own mail servers. There are many reasons to do so. Security, Control, Convenience. And if it breaks, you not only have the ability but also the permission to fix it.
I believe that there is a misconception herein. You state that by your guess, over 95% of dialup users use their ISPs mail server.
I think your guess is rather high, but it is close enough to be useful.
However, given that this remaining 5% is tech savvy enough to run their own mail servers, I suspect they also send more legitimate e-mail than your average user. An oft quoted figure on university campuses is that 10% of the people use 90% of the available resources. Could not the same thing be happening here?
Second this is
Or, maybe you simply assume that if someone uses dial-up and runs a mail server, they just must not send out "useful" email.
MS BITTERS: (to nurse) (pointing at ZIM) That one has head pigeons. (talking about Dib) The other one is just annoying.
But MAPS just seems too draconian for my taste! I've never liked the idea, as it's just too much of a shotgun approach to the problem. We need something more surgical.
SPAM filtering results in false positives. It's like having emails deleted for you at random.
Then, I discovered ASK (Active Spam Killer). This thing ROCKS!
ZERO false positives. ZERO false negatives. (so far, out of hundreds of junk mails)
In order to use it, you pretty much have to sit at the command prompt on your mail server as a local user, but it's effectiveness is (so far) flawless!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Just because the RFCs allow it, doesn't mean that it has to be considered "valid". Emails with virii may (though often don't) conform correctly to RFCs, but I'll reject them if I can detect them.
There's two solutions-- get a static IP from your ISP which they have not listed on the DUL-- case solved. Or relay through a static IP which is not listed on the DUL-- case solved. Otherwise, I and many many many other people will reject it, because while it conforms to the RFC, we do not consider it valid.
And apparently, neither does your ISP-- DUL submissions are usually checked vs. the ISP for confirmation.
It was a valid observation. Whoever did the mod thing to "troll" needs to take their head out of their ass. That front page article made no sense at all to someone not familiar with the acronyms. If you're gonna use acronyms, you damn well better explain them in the beginning of the article, or you'll appearing be talking out your ass to the vast majority of readers. Example:
New AI breakthrough lowers costs for dairy farmers.
Now, is that about new "smart" milking machines? All the leet geeks reading that headline would be expecting an article about cool wizardry, and the jerk who modded the above post as a "Troll" would be righteously pissed when he found out it was an article about improving bull semen collection. AI was used for "Artificial Insemination" long before electronic computers were a reality.
No, its not DUL preventing our fearless leader from sending e-mail, its the admin of the box using DUL.
This is why I hate things like DUL and MAPS that block everything and are prone to false positives that keep you from even seeing the mail. Stuff like spamassassin can take MAPS and DUL into account and add "spam" score based on that, but at least with spamassasin the mail isn't completely toss away, you at least have the filter it to a "spambox" you look at like once a week for the false positives and/or you can put CmdrTaco on your white list, so he doesn't ever register as spam.
Spamassasin is a much better solution, IMHO.
Is a spammer????
--
Rick B.
MAPS RBL was assembled from user contributions. It would be nothing without the data submitted by thousands of users over the course of several years. I contributed reports to it.
When they got a fat enough database, they changed their tune and wanted to charge me to use the data we researched and gave to them, thinking we were benefitting the whole community. How wrong we were. That was the first death-wheeze as far as I am concerned. This story is just the latest labored breath by what will soon be the corpse of MAPS. And good riddance. They won't be missed.
Edith Keeler Must Die
what is the DUL
The DUL is a fecking stupid POS service set up primarily to screw over the sorts of people that don't use Windows, don't sit behind a corporate firewall and don't shove all their stuff through a corporate mail gateway using Outlook.
The DUL is a system designed so that any mail incoming from any IP know to be a dial-up address is immediately dropped. Needless to say, it's not tremendously popular with those of us who move around from Internet connection to Internet connection and would prefer to just use the mail server on our computer instead of having to remember to change the mail gateway each time we move.
I had a friend that worked at Compaq all summer. They used the DUL, and though I could send mail to *everyone else I knew*, sending mail to him was just throwing mail into a black hole, since I was on a modem and the DUL flagged me. Frankly, I find it tremendously amusing that Compaq is now going under.
The DUL is pretty much designed solely to destroy the peer-to-peer nature of the Internet and force everyone to have an ISP with a mail gateway if they want to even send mail. What's next, requiring Web connections to come from a proxy, because any "worthwhile users" use a proxy and someone else might be just a worm spreading around?
I *hate* the DUL. It's caused me far more misery than all the spam I've ever recieved put together. If MAPS is taking it in the ass, I'm just going to sit here and chortle about it.
May we never see th
It's not a matter of it being allowed by the RFCs, is the fact that the RFCs imply it's the RIGHT WAY OF DOING THINGS. The entire concept of relaying only came up in recent revisions of RFC821, and only then as a "This is possible" sense, not a "This is how you're supposed to do it." Nor is your comparison valid: This like rejecting email where someone has issued the HELO command when connecting to your SMTP server, or rejecting any email that arrives via TCP port 25, rather than rejecting email where you see something in the content you dislike.
Regardless, valid email is sent this way, and precious little spam (spam, remember, is meant to be sent to hundreds of thousands of users, something which is pretty much impossible on a DUL.), so your criteria for rejecting emails is not only wrong, but ineffective.
Give it up. Correctly configured machines send email this way. You're rejecting valid email. Your filter does not work as intended, you need a different filter.
KMSMA (WWBD?)
Actually, you're wrong. I had false-positives all last summer.
Dial-up users should never run their own mailserver without smart-host
Why the hell not? By running their own mail server without a gateway, they get immediate information about mail sending failures (instead of waiting to check their mail). They can determine what mail-send-failure policies they want to apply (instead of being stuck with their ISP's mail server's policies). They can use mailserver-mailserver encryption over SSL without exposing their mail to the local Carnivore-using ISP.
It's this kind of thinking that's going to wind everyone up using a single (required) mail gateway with port 25 outbound/inbound to other hosts blocked using a propriatary Outlook protocol (if "most people" use Outlook, why not require it?), all web access *required* to go through a proxy ("it's good enough for most people, so why not require it?"), and no other services allowed ("most people just use the Web and email, so why not disallow everything else").
The Internet is a *peer to peer network*. It's not a network where some hosts are intended to have special rights. By using the DUL, you violate the free spirit of the Internet and piss the shit out of every UNIX user out there that can actually handle sendmail or postfix or whatever it is that they're using.
The most entertaining thing I've noticed is that a *mail admin* is the one deciding to go with the DUL. These are the sorts of people who can and do use sendmail without a gateway on their own box. So either they're screwing over people like themselves, the technically capable, or they're just setting up an Exchange server, don't have a clue what they're doing, and are following some web page that's telling them how to "reduce spam".
May we never see th
Ths means he refuses perfectly valid mail. q.e.d.
Let me bluntly state you are an arrogant asshole. Because you know many of us don't have these choices. If we go through our ISP's relays we have to subject ourselves whatever ludicrous restrictions he puts on this usage, and static IPs are something just not available for an ordinary private citizen in many parts of the world (including the one I live in).
So your "solutions" amount to that french queen's suggestion "let them eat cake". And we all know how that lady ended.
The fact that many people these days happen to use Windows boxes that aren't intelligent enough to run a mail server is a new phenomon. Since time out of mind, UNIX boxes have been happily running their own mail servers, and have had no need of a mail gateway. This is not "incorrect" behavior, as you seem to enjoy implying, this is more traditionally correct than *not* running a mail server. I'm sorry if your experience is with admining a Windows-only network, but you're simply not correct with respect to the entire Internet.
Just because the RFCs allow it, doesn't mean that it has to be considered "valid"
The RFCs define what is a valid email, so yes it does. No one can make you accept it, but if you do not do so you aren't denying an invalid piece of mail -- you're violating standards on your own.
And your "solutions" are not acceptable to many people.
get a static IP from your ISP which they have not listed on the DUL
Not acceptable in many cases. Many ISPs do not provide static IPs, at least without paying more. This also denies you the modicum of privacy that dynamic IPs allow.
relay thorugh a static IP which is not listed on the DUL
Denies the use of end-to-end mailserver encryption, opens you to easy Carnivore poking around, makes it a PITA to remember to change gateways if you move from ISP to ISP, locks you in to your local ISP's gateway's mail delivery failure policy, makes it take longer for delivery failures to reach you (next time you check your mail), prevents you whether the mail is actually in the other person's box or not -- there are *no* time guarantees on how long a gateway will hold on to an email.
I despise the DUL. Every single bounced email I get from the DUL results in a complaint to the offending postmaster.
If the DUL was the only way to block spam, perhaps you'd have some argument, but there are good, *RFC-compliant* alternatives.
May we never see th
"The DUL" isn't stopping you from mailing anybody. The thing stopping you from emaling your unnamed slash coder is the fact that his ISP has chosen to block mail based on the DUL. If this is such a pain in the ass, one or both of you should vote with your dollars and feet: either he should move to an ISP that doesn't use the DUL, or you should stop being a cheap bastard and trying to run a mail server from a dynamic IP address.
Why is trolling a bad thing when done in comments, but apparently entirely acceptable when done by editors in story submission addenda?
News for Nerds. Stuff that Matters? Like hell.
Windows is used by a lot more than that, but that doesn't make it not suck from a technical perspective.
May we never see th
I would say that IF you are filtering with the DUL, you should
However, I do agree that the best solution is to use your ISP's mail server, and have your box set to forward the mail to your ISP's server - they (by definition) have better connectivity than you do, and their mail server can be trying to deliver the mail while you are installing a new kernel or whatever would cause your machine to reboot.
Ideally, distros would have this be a part of the normal setup - when you install any MTA, it should ask you if you want to forward your outbound mail to a different server.
www.eFax.com are spammers
Read this Link to see what the scum that sell spam software have to say about spamming
http://Lenny.com
Well, I have a static IP, like most ADSL IPs in Spain, but that didn't prevent MAPS to list the whole network in DUL (read the fine print: they make no difference between static or dynamic ip).
They're so arrogant fascists that they didn't even bother to reply to my request to remove my IP from the list. They didn't bother they blocked users who couldn't put the least pressure on their ISP (since there's no alternative). We were lucky that a friend of a friend at the ISP (then only one you can get ADSL connections from, BTW) put the right pressure to the MAPS dickheads so that they had to remove the ISP from the DUL list.
Others aren't so lucky, besides, just because one has nothing more than a dynamic IP she shouldn't be considered a second class netizen.
Hey, if you'll pay for that (at spanish rates) I'll be happy to buy my own T1.
Though I didn't suffer for long the problem associated with DUL (I, like everyone using ADSL in Spain, was on the DUL for a couple of days), I feel the pain for everyone else that's suffering beacause of this neonazis.
I'm sitting here too waiting for them to take it in their ass, and hope that will give'm a lot of pain.
Regarding CmdrTaco's "problem"
It really pisses me off when some dumb son of a bitch thinks they have the right to directly send an email from their dialup account.
It's possible for CmdrTaco to insist that people he talks with on a regular basis recieves mail from him. He can also configure a mail server at Andover (or any of his friends' servers) to always accept mail from him and use it to relay his mail (hopefully spammers don't find out what that network is and do the same).
It's also possible for people to just stop using e-mail to communicate. Got a project people need to work on? Setup a private web-based mail system. Everyone logs in to a common website and sends messages internally related to a project. Even better, use a threaded one-to-many conferencing system like Slash.
If you don't like spam, stop using e-mail. My main mailbox sits at the end of probably the most restrictive filtering system on the net, and I still get spam and viruses sent to me.
Regarding MTA registration
Frankly I think there should be a mandatory MTA registration process like there is for DNS servers. You must register your MTA before you can mail. This would require valid abuse contact information and things of that nature.
Instead of mandatory MTA registration for all mail servers (Hey! Verisign pioneered registered certificates for Web servers, hmm...) perhaps it's better to start other lists of servers that get an explicit "allow" like 1) "These are the mail servers of my friends", or 2) "These are servers on the Better Mail Server Bureau list becausee they adhere to policies that help stamp out spam and are accountable."
It all comes down to "who do you trust"? Back when the Internet started, everyone was like-minded and trusted others not to screw up the network. Now the circle of trust is much much smaller.
Another good place to filter spam is at the mailbox level. My mail server hypothetically accepts e-mail from everyone. Messages from people in my address book go straight to my Inbox. Mail from everyone else goes into my junk inbox. I have mechanisms that easily allow me to add addresses to my address book. Spam becomes less annoying becasue I don't have to deal with it while reading the mail I care about.
Email is antiquated
Instead of putting people on mailing lists, subscribe them to bulletin boards. Mail clients get replaced with web browsers. Sending mail becomes posting on your own bulletin board and giving me a URL (/w messenger) to read it.
The architects of Usenet2 had a great idea in that people posted messages on their servers and interested people would have to fetch the articles to read them. If you have popular content, the effect could be similar to SlashDotting. Smart people would enable caching for larger reader communities. Instead of broadcasting trash everywhere, people would pick up the content they want. The economics of spam would dissappear. Applied to email, spammers would merely send me headers. It would be up to me whether I wanted to pick up their "content". I might filter headers similar to how I limit my Instant Messager alerts to friends.
Aside
Can't we all just get along? Ok, perhaps we can't. We'll just go off and limit our interactions to the people we like (or can at least tolerate). That's what people have done in the past, and that's what people will continue to do. Laziness in the implementation of Internet e-mail today just makes it harder for us to keep out the people we don't want to interact with. This "everyone in the world can send me e-mail" concept is much overrated. It was novel in the 80's and 90's. People who can't e-mail me now (I live mostly behind a MAPS firewall) can pick up the phone and call me or reach me through a friend or find me via a spam-friendly free e-mail account.
-z
for an armchair activist like yourself to say this, but reality is quite a bit different.
You might think it's so simple, but I guarantee you have no idea what things are really like.
The ISP has no motivation to change; they are a monopoly. They get the business regardless of what they do or do not do. The ISP is the national carrier. You can't set up a second ISP, you can't get bandwidth from somewhere else.
OH! Wait! LEt me get this straight.
By your logic....
Why aren't France Telecom and alter.net on the list? After all, they sell us the bandwidth. Why? Because they are main carriers.
This is not like an ISP being blacklisted.. this is like an entire national carrier being blacklisted.
Did you not read what I said?
I support completely your right to filter out what you want. Absolutely. I also support the right of lists like spews to exist.
My problem is just that we *can't* pressure ICE/RACSA. There is no competition. There is no way to financially impact them. They don't WANT our money. They have as much business as they can handle already.
Believe me, if we had a choice, many businesses here would go with someone who does not support spam. We would gladly shop with our dollars, and put pressure on the company.
But with a government enforced monopoly that is *absolute*, there's basically fuck all we can do to pressure them.
It's your server, your rules. Feel free to block the entire country.
And my ISP is not RACSA. It's ICE. (ICE is the telco, RACSA is the domestic ISP., We get our bandwidth from ICE directly)
Actually, I'm not, though it may be confused IP-wise with ICE.
I deal with ICE directly.. the national telco.
I am not a racsa customer.
IF you think spews turns this into a big lan.. you are sadly mistaken. It has an effect, yes, but only a minor one overall (currently)
Cool; I registered my spamtrap, spam@pillars.net on their site and instantly got another class-C on my blocking list.
The Web is like Usenet, but
the elephants are untrained.
So filtering for certain known spamware HELO reponses and rejecting them is breaking RFC compliance? Filtering sendmail with ipchains or libwrap and disallowing connections from certain hosts on port 25 breaks RFC compliance? I think not-- it's a matter of controlling what I want to allow to come into my system.
All blacklists will reject some valid mail-- it's something you have to live with if you choose to use them. Or if someone you want to mail chooses to use them.
Actually, I'm a former OSDN employee, who maintained these servers from the Andover office for several months last year. I've never had an administrative account on an NT/2K/XP box in production use, and I'm happy to keep it that way.
The RFCs define what is a standard means of communication and how formatting of messages should be done, and how messages should be rejected. The RFCs do not touch on what criterion a mail server administrator should or should not choose to reject on. I refuse direct-to-MX mail from those listed on DUL-like lists. That's my perrogative, because I see a lot of spam coming into my server that way. In doing so, I am violating no standards... unless you'd like to quote me an RFC which says I cannot or should not do so.
What I dont understand - what is the point? why bloack dynamic IPs. They are dynamic. Meaning a user can reconnect and have another one. So, now an innocent user tries to mail someone directly, and gets refused. What is the point??
Just so the readers of this post don't take me for a complete Anonymous Coward, I am in fact Gordon's former employer, no - not that one - the one previous to his latest "Former Employer", the people that provided Gord with the platform from which DUL was first propogated out into cyber-space - Yes! that's it, orca.ca.ca! Any way, I just want to post my thoughts and best wishes to Gord on his Quest against the "evil ones".
Give 'm hell Gordo' give 'm hell.
Spam is perfectly valid email. (Except when the headers are forged.) Having an open mail relay is perfectly valid. That doesn't mean that they're acceptable on today's Internet.
One line blog. I hear that they're called Twitters now.
what is he, too poor to afford an internet connection with e-mail? Give me a break.
That's just one. Go to SpamSites and see about 400 of these vermin.
No, the slash coder's ISP is stopping Cmdr Taco's email from being delivered. It's *NOT* the DUL/MAPS thats doing it. Don't blame the blacklist for blocking people, blame people who use the blacklist to block people.
Here's a novel idea... use your ISP's smtp relay to send email. DUL tracks blocks of dialup/customer IPs. Normally emails DO NOT originate directly from these addresses to the final destination unless something fishy is going on, or the customer runs their own mail server. At either rate, simply route your outbound mail through your ISPs smtp server and your fine.
Wow, how hard was that?
Taco's setup as you described it is thus indistiguishable from that of a spammer's, and the DUL is doing its job exactly as it was designed to do. Taco can get around it easily, by simply using the SMTP host that his dialup provider has provided for him. Alternatively, the coder that he's trying to reach could lobby her ISP to not use the DUL, but that would be counter productive, as the coder would then have to deal with the increase in received spam if she were successful.