MAPS vs. Gordon Feyck: Who Owns the DUL?

etrnl writes "The spam-l mailing list has an interesting post from Nick Nicholas about a recent lawsuit between MAPS, LLC. and Gordon Fecyk, who had arranged with Paul Vixie to host the DUL with MAPS in 1998. Even more interesting is that Nick was the Executive Director of MAPS who hired Gordon at MAPS in 1999. Notable quote from Nick: 'I find it extremely ironic that an organization which is currently soliciting donations to its own legal defense fund would now be using its limited resources to pursue litigation against a former employee.'" MAPS wants a temporary restraining order on two separate copyright claims: first, that Feyck can't use the DUL database, and second, that he can't run a too-similar website (now down). The bone of contention is that Feyck claims he bought back the DUL from MAPS, and MAPS disagrees. Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders.

fp of the day

all your base are belong to us

Keep on rockin' in the free world!

[Eso]

He could see the truth, and see through your lies.
But for all his power, couldn't foresee his own demise.

I will be born again!

YESS!!! ASCII Goat Lives!

[Big_Ass_Spork]

* g o a t s e x * g o a t s e x * g o a t s e x *
gcccccccccccccccccccccccccccccccccccccccccccccc cg
oc/ccccc\ccccccccccccc\cccccccccccc/cccc\ccccc cco
a|ccccccc|ccccccccccccc\cccccccccc|cccccc|ccc ccca
t|ccccccc`.ccccccccccccc|ccccccccc|ccccccc:c cccct
s`cccccccc|ccccccccccccc|cccccccc\|ccccccc| cccccs
ec\ccccccc|c/ccccccc/cc\\\ccc--__c\\cccccc c:cccce
xcc\cccccc\/ccc_--~~cccccccccc~--__|c\ccc cc|ccccx
*ccc\cccccc\_-~cccccccccccccccccccc~-_\c ccc|cccc*
gcccc\_ccccc\cccccccc_.--------.______\ |ccc|ccccg
occcccc\ccccc\______//c_c___c_c(_(__>c c\ccc|ccc co
accccccc\ccc.ccCc___)cc______c(_(____>cc|cc/cc c ca
tccccccc/\c|cccCc____)/cccccc\c(_____>cc|_/ccc c ct
scccccc/c/\|cccC_____)ccccccc|cc(___>ccc/cc\cc c cs
eccccc|ccc(ccc_C_____)\______/cc//c_/c/ccccc\c cce
xccccc|cccc\cc|__ccc\\_________//c(__/ccccccc |ccx
*cccc|c\cccc\____)ccc`----ccc--'cccccccccccc c|cc*
gcccc|cc\_cccccccccc___\ccccccc/_cccccccccc _/c|cg
occc|cccccccccccccc/cccc|ccccc|cc\cccccccc cccc|co
accc|ccccccccccccc|cccc/ccccccc\cc\cccccc ccccc|ca
tccc|cccccccccc/c/cccc|ccccccccc|cc\cccc ccccccc|t
sccc|ccccccccc/c/cccccc\__/\___/cccc|cc cccccccc|s
ecc|ccccccccccc/cccccccc|cccc|ccccccc| ccccccccc|e
xcc|cccccccccc|ccccccccc|cccc|ccccccc |ccccccccc|x
* g o a t s e x * g o a t s e x * g o a t s e x * [goatse.cx]

Re:YESS!!! ASCII Goat Lives!

[Klerck]

Here is a better one!

* g o a t s e x * g o a t s e x * g o a t s e x * g g o / \ \ / \ o a \ a t `. : t s` \ s e \ / / \\\ -- \\ : e x \ \/ --~~ ~-- \ x * \ \-~ ~-\ * g \ \ .--------.___\ g o \ \// ((> \ o a \ . C ) ((> / a t /\ C )/ \ (> / t s / /\ C) (> / \ s e ( C__)\___/ // _/ / \ e x \ \\// (/ x * \ \) `---- --' * g \ \ / / g o / \ o a / \ \ a t / / \ t s / / \/\/ s e / e x x * g o a t s e x * g o a t s e x * g o a t s e x *

Re:YESS!!! ASCII Goat Lives!

[Big_Ass_Spork]

I bow to your greatness! More study will have to transpire...

I know Gord

[Kickstart70]

And while I know he's a decent guy, he also tends to be a little too hard-headed for his own good (at least he ws a few years ago). I suspect that some communication here between the parties will clear up a lot of what's going on.

On the other hand, since I know Gordon to be an honest guy, I suspect that the other party is trying to screw him out of what rightfully is his.

Kickstart

ME

I own the DULL I am the faggot raper Baba bpoey baba booey.
[INSERT POLITICAL COMMENTARY]

Acronyms Abound

[CmdrTaco+(editor)]

Okay, I understood none of this summary, except MAPS is a corporation fighting Feyck over the DUL. But what is the DUL. And for that matter, what is MAPS- what do they do?

Re:Acronyms Abound

Yes, in reputable news sources, acronyms are explained the first time they appear in a story. HTML even has an tag which lets you explain it with a mouseover.

Re:Acronyms Abound

[NanoGator]

I was thinking the same thing. Is this the type of thing that could set a legal precedent? Or is it more of a drama?

And before you tell me to read it, consider that some of us like to have an idea of what we're reading about before we go off reading articles. In other words, define ur acronyms!

Re:Acronyms Abound

[MiTEG]

MAPS (Mail Abuse Prevention System LLC) is a not-for-profit California organization whose mission is to defend the Internet's e-mail system from abuse by spammers. Their principal means of accomplishing this mission is by educating and encouraging ISP's to enforce strong terms and conditions prohibiting their customers from engaging in abusive e-mail practices.

DUL (Dial-up User List) is not a blacklist, though it is often mistaken for such. The DUL is a listing of dynamic ISPs that is used as a filter by subscriber ISPs to prevent direct e-mail from those addresses.

Re:Acronyms Abound

But what is the DUL. And for that matter, what is MAPS- what do they do?

Did you try clicking the link on "MAPS, LLC"? It's in the story. The linked page also has a link to the DUL.

MAPS = Mail Abuse Prevention System

DUL = Dial-up User List

Re:Acronyms Abound

The DUL is a listing of dynamic ISPs that is used as a filter by subscriber ISPs to prevent direct e- mail from those addresses.

Er.. sorry, that should be dynamic IPs.

Re:Acronyms Abound

[Louis_Wu]

OK, it seems that I need a serious clue-stick. You say: "DUL is not a blacklist", and you then say that it is actually a list used to filter email from certain IP addresses. What forms of filtering would not be defacto blacklisting? For large volumes of mail, I would think that refusing any emails from those IPs would be the only fast method of filtering. Is that not blacklisting? For small volumes, the filter could be porous, but by the very nature of the small mail volume, that means that there would still be a large volume of email swallowed by the bigger providers.

What am I missing?

Re:Acronyms Abound

[Jade+E.+2]

The DUL is not a blacklist in the sense that all mail from the listed IPs is refused. The DUL is used to refuse direct mail from those IPs, but mail relayed through another server is allowed. This prevents someone on a dynamic IP from spamming by directly connecting to the SMTP server of each target address, instead of sending all the mail through an open relay. Legitimate customers simply need to use their ISP's (or a 3rd party) SMTP relay (which presumably has message speed limits on it) to send mail, and it will go through.

Yes, this prevents someone from running their own SMTP relay on a dynamic IP, but it's the only effective way of preventing such direct-to-target-server spam from going through.

Re:Acronyms Abound

[wbmccrea]

It's my understanding that blocking email from IPs that are part the DUL will only block email from people that are running *their own* SMTP server off of their dial up connection. Since most (I'd guess well over 95% of the people that use dial up) people use their ISP's SMTP server to send email, this should not block much useful email.

Re:Acronyms Abound

[TekPolitik]

It's also worth noting that the DUL is the most valuable part of the MAPS services in that it blocks more spam than the other parts. Without it, MAPS will almost certainly lose customers.

Re:Acronyms Abound

This is wrong: MAPS is a limited liability company (LLC).

It is not a not-for-profit. The two are mututally exclusive under California law.

Re:Acronyms Abound

[ZxCv]

So how does it know whether the mail was relayed through a server first? By checking headers? Or does it have to do with the IP of the machine sending the mail? Headers seem like a ludicrous way to do it (too easy to fake), so I would hope thats not it, but this is the first I've ever heard of DUL so I'm not sure.

Re:Acronyms Abound

[mpe]

The DUL is not a blacklist in the sense that all mail from the listed IPs is refused. The DUL is used to refuse direct mail from those IPs, but mail relayed through another server is allowed. This prevents someone on a dynamic IP from spamming by directly connecting to the SMTP server of each target address, instead of sending all the mail through an open relay. Legitimate customers simply need to use their ISP's (or a 3rd party) SMTP relay (which presumably has message speed limits on it) to send mail, and it will go through.

Third party relaying wasn't even in the original SMTP spec. Even though it is now mentioned there is no requirment for any MTA to support either using or acting as a third party relay at all.

Yes, this prevents someone from running their own SMTP relay on a dynamic IP,

It dosn't need to be any kind of relay, a mail originator which conforms 100% with thre relevent RFCs will also be given problems.

but it's the only effective way of preventing such direct-to-target-server spam from going through.

Given the chance most spammers would use a third party relay, including an ISP provided one. Since this protects their identity and their machine. Indeed techniques such as Telegrube are easily defeated by using a third party relay.

Re:Acronyms Abound

[blowdart]

It drops any connections from any IP address within the list. It doesn't check any headers, it just checks the IP address of the connecting machine.

So, for example,

a) if dialup user a sends through an smtp server on dialup user b's box, it gets rejected, as the smtp server is running on dialup space.

b) if dialup user a sends directly to an smtp server using the DUL, it gets dropped again

c) if ddialup user a sends to smtp server on dialup user B, which in turn forwards and relays properly through his ISPs SMTP server, it will get through, as the ISP SMTP server will not be in the DUL.

Re:Acronyms Abound

[weave]

Yeah, this DUL crap prevented me (as a former @home customer) from just using my own sendmail server to send out my e-mails, since the no good piece of flock() @home server was constantly down.

Of course, due to DUL use in some places, my e-mail would bounce when trying to send to them. :(

I'm not really bitter against DUL users. The spam shit is out of hand and you do what you gotta do. It's just one more reason to hate selfish spammers who are ruining the net...

Re:Acronyms Abound

[karmawarrior]

It also has the worst false-positive rate. Typically, most Linux distros I've seen are set up to send their own email rather than rely on a third party email relay to send it. The DUL ensures that machines set up in this default fashion, despite not being set up as relays, will not be able to deliver perfectly legitimate email.

Essentially, for something to be useful against spam it has to reject as much spam as possible while leaving as much legitimate email as possible alone. The DUL may succeed on the first ground, but it fails miserably on the second. It also promotes ignoring RFCs, as relaying was never blessed as the way for ordinary users to send email.

You can reject spam by setting up your mailbox as a softlink to /dev/null. I wouldn't encourage it though, and I wouldn't encourage use of the DUL for the same reason.

Re:Acronyms Abound

[etrnl]

MAPS is a Limited Liability Corp -- NOT a not-for-profit company. You can't be not-for-profit (legally speaking) and an LLC as well.

They like to claim they're not-for-profit, but are not legally based as such.

--etrnl

Re:Acronyms Abound

[schon]

most spammers would use a third party relay, including an ISP provided one. Since this protects their identity and their machine.

I'm sorry, but where did you learn about SMTP?

Most (90%) of the mail servers on the planet will stamp the sender's IP address in the headers - how does this protect the spammer's identity?

Re:Acronyms Abound

[etrnl]

Should have set your sendmail server to send through their servers... so your server would accept it and try to push it through the @home server until it finally got out.

Just tweak the values so it tries for long enough to be able to get the messages out, heh.

--etrnl

Re:Acronyms Abound

It also has the worst false-positive rate.

No, actually it's false-positive rate is almost exactly zero.

The DUL blocks mail from dial-up (and other dynamic) netblocks. It's rare that a static IP address is incorrectly listed.

most Linux distros I've seen are set up to send their own email rather than rely on a third party email relay

So you're saying that a misconfigured machine is the problem of the DUL? Dial-up users should never run their own mailserver without smart-host.

Re:Acronyms Abound

[karmawarrior]

No, actually it's false-positive rate is almost exactly zero.

Well, I assume myself and CmdrTaco are not the only two people having legitimate, non-spam, emails blocked by people using the the DUL. I've had several rejected by Netcom and I assume CmdrTaco has had more than one blocked too from the nature of his complaint, so I'm assuming "Almost exactly zero" is accurate for quite a wide range of "almost exactly".

So you're saying that a misconfigured machine is the problem of the DUL? Dial-up users should never run their own mailserver without smart-host.

No on both counts. The RFCs have never suggested that relaying is the legitimate, "correct", way of sending email. It's nice that ISPs provide relays, it means you can have dumb email clients, but show me the RFC that makes their use compulsory, or even recommends them.

You can't. The RFC does not exist. The DUL provides a means to block email on the basis of a criteria that has nothing to do with spam.

A machine that is configured to deliver its own email when connected to the Internet is correctly configured according to the RFCs. A machine that isn't needs support that is usually there, but doesn't have to be. Punishing users for doing it properly is a poor, inane, idiotic thing to do.

Re:Acronyms Abound

[macdaddy]

Actually in practice I've found the DUL to get the least amount of hits of all of them. Now it does it's job well every so often when a massive amount of direct-to-mx spam hits us, but it's usually fairly low in comparison. As an example, here's my breakdown this week for the provider I consult with:

.....

Well I was going to post our counts for you but the Slashdot Lameness filter decided I shouldn't bother. For us the RSS always gets more hits. I've never used the RBL or any of the other so I can't compare to the other MAPS lists.

PS, It's worth noting that the Slashdot "Lameness filter" is an absolute piece of shit. Whoever wrote it should be flogged with old Sparc keyboards. Thanks for giving us a list of "junk characters" asshole. Feedback is a wonderful thing isn't, dick?

Re:Acronyms Abound

[etrnl]

Just because the RFCs allow it, doesn't mean that it has to be considered "valid". Emails with virii may (though often don't) conform correctly to RFCs, but I'll reject them if I can detect them.

There's two solutions-- get a static IP from your ISP which they have not listed on the DUL-- case solved. Or relay through a static IP which is not listed on the DUL-- case solved. Otherwise, I and many many many other people will reject it, because while it conforms to the RFC, we do not consider it valid.

And apparently, neither does your ISP-- DUL submissions are usually checked vs. the ISP for confirmation.

Re:Acronyms Abound

[karmawarrior]

It's not a matter of it being allowed by the RFCs, is the fact that the RFCs imply it's the RIGHT WAY OF DOING THINGS. The entire concept of relaying only came up in recent revisions of RFC821, and only then as a "This is possible" sense, not a "This is how you're supposed to do it." Nor is your comparison valid: This like rejecting email where someone has issued the HELO command when connecting to your SMTP server, or rejecting any email that arrives via TCP port 25, rather than rejecting email where you see something in the content you dislike.

Regardless, valid email is sent this way, and precious little spam (spam, remember, is meant to be sent to hundreds of thousands of users, something which is pretty much impossible on a DUL.), so your criteria for rejecting emails is not only wrong, but ineffective.

Give it up. Correctly configured machines send email this way. You're rejecting valid email. Your filter does not work as intended, you need a different filter.

Re:Acronyms Abound

[0x0d0a]

Actually, you're wrong. I had false-positives all last summer.

Dial-up users should never run their own mailserver without smart-host

Why the hell not? By running their own mail server without a gateway, they get immediate information about mail sending failures (instead of waiting to check their mail). They can determine what mail-send-failure policies they want to apply (instead of being stuck with their ISP's mail server's policies). They can use mailserver-mailserver encryption over SSL without exposing their mail to the local Carnivore-using ISP.

It's this kind of thinking that's going to wind everyone up using a single (required) mail gateway with port 25 outbound/inbound to other hosts blocked using a propriatary Outlook protocol (if "most people" use Outlook, why not require it?), all web access *required* to go through a proxy ("it's good enough for most people, so why not require it?"), and no other services allowed ("most people just use the Web and email, so why not disallow everything else").

The Internet is a *peer to peer network*. It's not a network where some hosts are intended to have special rights. By using the DUL, you violate the free spirit of the Internet and piss the shit out of every UNIX user out there that can actually handle sendmail or postfix or whatever it is that they're using.

The most entertaining thing I've noticed is that a *mail admin* is the one deciding to go with the DUL. These are the sorts of people who can and do use sendmail without a gateway on their own box. So either they're screwing over people like themselves, the technically capable, or they're just setting up an Exchange server, don't have a clue what they're doing, and are following some web page that's telling them how to "reduce spam".

Re:Acronyms Abound

[frost22]

Just because the RFCs allow it, doesn't mean that it has to be considered "valid". Emails with virii may (though often don't) conform correctly to RFCs, but I'll reject them if I can detect them.

So what? I want to send an email. Somebody refuses that mail although it is neither spam nor elsweher illegitimate.

Ths means he refuses perfectly valid mail. q.e.d.

There's two solutions-- get a static IP from your ISP which they have not listed on the DUL-- case solved. Or relay through a static IP which is not listed on the DUL-- case solved. Otherwise, I and many many many other people will reject it, because while it conforms to the RFC, we do not consider it valid.

Let me bluntly state you are an arrogant asshole. Because you know many of us don't have these choices. If we go through our ISP's relays we have to subject ourselves whatever ludicrous restrictions he puts on this usage, and static IPs are something just not available for an ordinary private citizen in many parts of the world (including the one I live in).

So your "solutions" amount to that french queen's suggestion "let them eat cake". And we all know how that lady ended.

Re:Acronyms Abound

[0x0d0a]

The fact that many people these days happen to use Windows boxes that aren't intelligent enough to run a mail server is a new phenomon. Since time out of mind, UNIX boxes have been happily running their own mail servers, and have had no need of a mail gateway. This is not "incorrect" behavior, as you seem to enjoy implying, this is more traditionally correct than *not* running a mail server. I'm sorry if your experience is with admining a Windows-only network, but you're simply not correct with respect to the entire Internet.

Just because the RFCs allow it, doesn't mean that it has to be considered "valid"

The RFCs define what is a valid email, so yes it does. No one can make you accept it, but if you do not do so you aren't denying an invalid piece of mail -- you're violating standards on your own.

And your "solutions" are not acceptable to many people.

get a static IP from your ISP which they have not listed on the DUL

Not acceptable in many cases. Many ISPs do not provide static IPs, at least without paying more. This also denies you the modicum of privacy that dynamic IPs allow.

relay thorugh a static IP which is not listed on the DUL

Denies the use of end-to-end mailserver encryption, opens you to easy Carnivore poking around, makes it a PITA to remember to change gateways if you move from ISP to ISP, locks you in to your local ISP's gateway's mail delivery failure policy, makes it take longer for delivery failures to reach you (next time you check your mail), prevents you whether the mail is actually in the other person's box or not -- there are *no* time guarantees on how long a gateway will hold on to an email.

I despise the DUL. Every single bounced email I get from the DUL results in a complaint to the offending postmaster.

If the DUL was the only way to block spam, perhaps you'd have some argument, but there are good, *RFC-compliant* alternatives.

Re:Acronyms Abound

[etrnl]

"This like rejecting email where someone has issued the HELO command when connecting to your SMTP server, or rejecting any email that arrives via TCP port 25, rather than rejecting email where you see something in the content you dislike."

So filtering for certain known spamware HELO reponses and rejecting them is breaking RFC compliance? Filtering sendmail with ipchains or libwrap and disallowing connections from certain hosts on port 25 breaks RFC compliance? I think not-- it's a matter of controlling what I want to allow to come into my system.

"So what? I want to send an email. Somebody refuses that mail although it is neither spam nor elsweher illegitimate.

Ths means he refuses perfectly valid mail. q.e.d."

All blacklists will reject some valid mail-- it's something you have to live with if you choose to use them. Or if someone you want to mail chooses to use them.

"I'm sorry if your experience is with admining a Windows-only network, but you're simply not correct with respect to the entire Internet."

Actually, I'm a former OSDN employee, who maintained these servers from the Andover office for several months last year. I've never had an administrative account on an NT/2K/XP box in production use, and I'm happy to keep it that way.

"The RFCs define what is a valid email, so yes it does. No one can make you accept it, but if you do not do so you aren't denying an invalid piece of mail -- you're violating standards on your own."

The RFCs define what is a standard means of communication and how formatting of messages should be done, and how messages should be rejected. The RFCs do not touch on what criterion a mail server administrator should or should not choose to reject on. I refuse direct-to-MX mail from those listed on DUL-like lists. That's my perrogative, because I see a lot of spam coming into my server that way. In doing so, I am violating no standards... unless you'd like to quote me an RFC which says I cannot or should not do so.

Re:Acronyms Abound

[AndroidCat]

Ths means he refuses perfectly valid mail. q.e.d.

Spam is perfectly valid email. (Except when the headers are forged.) Having an open mail relay is perfectly valid. That doesn't mean that they're acceptable on today's Internet.

Hule's mother

Your mom too.

Thank you, Alfred.

[Eso]

Looks like they've finally done away with Comissioner Gordon?

A sad day for the Internet

[The+Karma+Whore+Guy]

I have been a strongly outspoken supporter of MAPS for many years.

When I was with Gordon Fecyk I nearly had a heart attack when Paul Vixie called in 1997 to warn us that we were about to be listed in the MAPS RBL for running unsecured mail servers. But I supported his actions even then. Indeed, his call was very helpful in speeding up the bureaucracy at pacbell.net and getting the unsecured mail servers closed to relaying even more quickly. I appreciated Paul's willingness to work with us on resolving our problems.

Re:A sad day for the Internet

[_Sprocket_]

When you cut&paste a referenced article and try to pass it off as your own... aren't you supposed to include the WHOLE article? Granted, its a long post. I guess just doing the top paragraph (with a tiny modification) is a quick, easy bite to swallow and hook the suckers with mod points, eh?

Proof that "trolling" involves less bridges and more hook-line-and-sinker.

Re:A sad day for the Internet

Paul Vixie should be tried in the Hauge with Pinochet for crimes against humanity. He's be fucking with my internet connectivity for years.

Re:A sad day for the Internet

Sucks to be a suburban white boy, don't it?

Spam?

Dull?

The title seems to say it all.

The writeup sure doesn't say anything.

Speaking of antispam..

[mindstrm]

Here's a problem... with no easy way to deal with it.

Over the last few years, the Internet provider for Costa Rica has been targetted by anti-spam types as a spam hoster.

Now.. that's all well and good, but the end result is that

a) The entire country's IP range is on SPEWS
b) Internet is a government run monopoly here.
c) There is no direct way to be removed from SPEWS. You cannot contact them. You cannot explain your situation. (My situation is that we happen to have some IP addresses in this country, and have trouble reaching our customers because of it. We don't spam.)

Now.. I fully support the fact that the Internet is an anarchy, that each individual is free to decide how their network will or will not accept traffic from others, yada yada yada. On that I am firm.

But when it comes to an ISP.. we have a problem. An ISP that subscribes to this, sure, it's their choice, but it's awfully hard to explain to the client that they have to instruct their ISP to stop using this service. And the odds of the ISP stopping? Not likely.

The point is, in theory, it's all fair, in practice, it's a problem.

Re:Speaking of antispam..

[Technician]

But when it comes to an ISP.. we have a problem. An ISP that subscribes to this, sure, it's their choice, but it's awfully hard to explain to the client that they have to instruct their ISP to stop using this service. And the odds of the ISP stopping? Not likely.
For most ISP's it's a simple choice. Do you want your service to go down frequently due to overloaded connections and mailboxes, or do you want to loose a dissastified consumer while retaining the rest. It's a simple choice for most ISP's.

Re:Speaking of antispam..

[yoyoyo]

SPEWS operates on the principle of collateral damage. If an ISP refuses to remove spammers on their system they expand the listings to include non-spammers.

Basically they want to make it as inconvenient as possible for the ISP's legitamate customers so that the ISP is pressured to change their ways from the inside.

I agree that you're in a difficult situation, but nothing else works.

Re:Speaking of antispam..

[mindstrm]

Again.. I don't accuse spews. Spam is a problem, and everyone is free to decide how to deal with it on their own.

I agree the system works. Unfortunately for anyone doing business in Costa Rica, there IS no competition. You have no choice. None whatsoever, and given the way things work, it's going to take quite a while to actually get changes made.

The other thing is..

This isn't just an ISP in the country.. it's the national (and only) telecom carrier. This is more like UUNET being blacklisted because on some level they sell bandwidth to spammers.

Re:Speaking of antispam..

[ShaunC]

Are you talking about RACSA? This RACSA? The RACSA that brings up more than 13,000 various spam sightings, complaints, and abuse reports in a Google search? Considering that most internet users have little clue on what to do with spam, and the percentage of clued folks actually posting to the news.admin.net-abuse* groups is extremely small, 13,000 is a big number.

Do you recognize the name Ralsky? There's less than 6000 Google hits for him. 13,000 is a big number.

RACSA has a spam problem. They need to fix it. Until they do, they're going to be running what amounts to a big LAN.

Shaun

Re:Speaking of antispam..

[Senior+Frac]

c) There is no direct way to be removed from SPEWS. You cannot contact them. You cannot explain your situation. (My situation is that we happen to have some IP addresses in this country, and have trouble reaching our customers because of it. We don't spam.)

I'll put it quite bluntly.

The reason there's no avenue to "explain your situation" is because none of the rest of us on the internet give two shits about Costa Rica's connectivity. Straight up.

You could launch Costa Rica to the moon, and it would take me 12 years to notice my World Atlas was a little bit lighter.

The lame argument that "we can't force our [national] ISP to be responsible" is total bunk. Consider all our email blocks to be documentation you can use to explain to RACSA of why reform is needed. Bad political decisions on your part is not going to make me pay for delivery of more spam.

Re:Speaking of antispam..

[Jah-Wren+Ryel]

Pay the extra dollars and get yourself an IP tunnel. Hook the other end up to a non-blackslisted network and voila, no more problems, except that your wallet is a lot lighter and the whole setup is more fragile. But, that's the point after all.

Re:Speaking of antispam..

[blowdart]

c) There is no direct way to be removed from SPEWS.

Bullshit. Or are all those SPEWS: messages in news:news.admin.net-abuse.email figments of my imagination?

From the spews faq

Q41: How does one contact SPEWS?

A41: One does not. SPEWS does not receive email - it's just an automated system and website, SPEWS and other blocklist issues can be discussed in the public forums mentioned above. The newsgroup news.admin.net-abuse.email (NANAE) is a good choice, and Google makes it quite easy to post messages there via the Web as M@ilGate does via email. Note that posting messages in these newsgroups & lists will not have any effect on SPEWS listings, only the discontinuation of spam and/or spam support will. Be aware that posting ones email address to any publicly viewable forum or website makes it instantly available to spammers. If you're concerned about getting spammed, change or "mung" the email address you use to post with.

So sort your spam problem, then post in nane once its sorted. Until then, don't expect a lot of us to accept your crap.

Re:Speaking of antispam..

[_Sprocket_]

Now.. I fully support the fact that the Internet is an anarchy, that each individual is free to decide how their network will or will not accept traffic from others, yada yada yada. On that I am firm.

Actually, I would characterize the Internet as more a "community" than "anarchy". It works via a network of relationships. It does have standards - but they are really more related to technical issues and ensuring the continued functionality of that community. The community is always open to new members. But if one member wishes to behave in a way that goes against the community's standards, they will find themselves eventually ostracized. And they have only themselves to blame.

But when it comes to an ISP.. we have a problem. An ISP that subscribes to this, sure, it's their choice, but it's awfully hard to explain to the client that they have to instruct their ISP to stop using this service. And the odds of the ISP stopping? Not likely.

The ISP shouldn't have to stop using this service. You're putting effort in the wrong direction. The direction to go is YOUR ISP. Government or not, your challenge is to collect some references and explain the situation. Get them to understand that their actions are effectively cutting themselves off from the Internet.

You are the one with the sociopath in your family and its your problem to deal with. Not the community's.

Re:Speaking of antispam..

> a) The entire country's IP range is on SPEWS

Bull - discussed in Usenet and Spam-L list. Large sections of RACSA were listed, not the whole country.

> c) There is no direct way to be removed from SPEWS

Bull - places seem to be removed all the time. Why? BECAUSE THE GET RID OF THEIR SPAMMERS!!

> My situation is that we happen to have some IP addresses in this country

BFD! SPEWS is used to filter email. Get some IP addresses anyplace that is not listed. We have Aisan ISPs who use us for email servers. Go to a US ISP, one in Europe... you don't need to email out of your own country anymore.

Yes, you'll have to pay a bit more, but that's the price you pay for RACSA isn't it?

(mootish point as the Costa Rican government recently passed new regulations that allow RACSA to nuke spammers right away - SPEWS works don't it!)

Re:Speaking of antispam..

[mjh]

I agree that you're in a difficult situation, but nothing else works.

I disagree with this assessment. There are at least two other things that work, and IMHO work better. The first is spamassassin, and the second is TMDA. I use both of these in series. And I've not received a single spam in my inbox since January (when I started using them). I used to get 20-30 per day. Now I'm down to zero.

I don't know how well SPEWS works. But I've used other RBL type systems and they always, at some point or another failed, and could sometimes fail big - where I suddenly start getting hundreds of spam from a non-listed IP. The two systems above can fail, but on a single instance, single email at a time. When they fail, they fail small.

IMHO, SPEWS, RBL, and any other IP based list systems are antiquated technology in comparison to spamassassin and TMDA. But YMMV.

$.02

Re:Speaking of antispam..

um... i guess you are trolling? i don't like responding to trolls so assume this is not a response, i just don't want you giving other people the wrong ideas:

it says in the description of spamassassin that it uses ordb.... but ordb is an rbl

it says in the description of tmda that it also uses a blacklist as part of its arsenal.

like the man said, nothing else works.

Re:Speaking of antispam..

[ErikZ]

So let me get this straight. There's one ISP. They're on SPEW because of spam problems.

Why don't they fix their spam problems and get off SPEW? It's ONE ISP!

Awwww. Now no one wants to talk to them because they won't fix their spam problems. Cry me a river.

Re:Speaking of antispam..

"Pay the extra dollars and get yourself an IP tunnel. Hook the other end up to a non-blackslisted network and voila, no more problems, except that your wallet is a lot lighter and the whole setup is more fragile. But, that's the point after all."

Actually it's not. That would be the path of most resistance and the reason SPEWS is not working as it should in Costa Rica. They have no viable and easy choice so nothing gets solved. Read the posts again.

In fact what this will lead to is people using free email accounts (more spam for all) and a further segmenting of the net via geographic region.

And before people point to outsourcing email services as a solution, remember the spammers are already doing it or else SPEWS has been proven ineffective in stopping Costarican spam while pissing off a countries populance as a side effect.

Re:Speaking of antispam..

"Why don't they fix their spam problems and get off SPEW? It's ONE ISP!"

Easy because as they fix one spammer another takes it's place. What part of only one ISP in the entire country did you not get? Couple this with the fact that it only takes one customer with a vulnerable machine (linux, windows, mac, bsd ect.) and you have another vulnerable point for a spammer to exploit. Oh so they should stop allowing customers to run email servers. Remeber they are the only ISP for individuals and business. Maybe they should errect the great firewall of China while they are at it.

"Awwww. Now no one wants to talk to them because they won't fix their spam problems. Cry me a river."

I weep for you because your ignorance is quite plentiful.

Re:Speaking of antispam..

[Rik+van+Riel]

Again.. I don't accuse spews. Spam is a problem, and everyone is free to decide how to deal with it on their own.

I agree the system works. Unfortunately for anyone doing business in Costa Rica, there IS no competition. You have no choice. None whatsoever, and given the way things work, it's going to take quite a while to actually get changes made.

I guess that just means you have to find a way to put pressure on your ISP to get the spammers removed from your network, otherwise you'll slowly get disconnected from the internet.

Connecting to my server is not a right, it's a priviledge. If an ISP hosts too many spammers it'll end up in SPEWS and I won't allow connections from it.

My server, my rules. Your ISP, your money, your rules. If enough ISPs block all trafic from RACSA(sp?) maybe they will find a reason to terminate the spammers. It worked for other ISPs, just google and see how many ISPs already kicked off the spammers now hosted by your ISP.

Re:Speaking of antispam..

[mjh]

No, I'm not trolling. I'm quite serious. I think that RBL's are not as effective at their job of blocking spam as TMDA and spamassassin. If you think that spamassassin is just an rbl, then you've misunderstood it. If you think TMDA's blacklist makes it an rbl, then you've misunderstood it.

Spamassassin is an email heuristic system that takes ordb (and other rbl's) under advisement. But it is not the final say. It also uses vipul's razor as an advisor, but again it's not the final say. Spamassassin has hundreds of different tests that it performs to determine whether or not an email is a spam. Only a few of which are rbl based tests.

TMDA is a system that doesn't depend on any RBL (Realtime Blackhole List). And contrary to your understanding, it's primary mechanism is NOT a blacklist, it's a whitelist. It's a completely different technology than an RBL. Even if you do use it with a blacklist, it's based on email addresses not IP addresses. So if you spam me, and I blacklist you, your brother on the same email server can still send me email.

I stand by my original claim. RBL's are antiquated technology in comparison to TMDA and spamassassin. They paint too broad of a brush stroke, blocking many people who you want to receive email from, while failing to block many others who you don't want to receive email from.

Re:Speaking of antispam..

[Erik+Fish]

Amazing how there are plenty of other large ISP's that manage to run reletively spam-free operations. In a situation where there is no other option for connectivity it should be even easier than in a situation where the spammers can simply jump to another ISP.

All this government-operated ISP has to do is hire a few people to work an abuse desk, create some web sites with info on how to secure a variety of mail servers (in the native tongue), serve notice to the people responsible for the misbehaving servers and then stop routing traffic for any address that keeps spamming after X Day. They may also have to play whack-a-mole for a while as the truly clueless try to dodge by bumping their servers to different addresses but not for too long.

So the spammer is a customer of a customer? Not a problem. This too can be solved by not routing traffic. Stop routing enough traffic and the customer will be on their very own intranet (something which neither the spammer nor any of the legitimate customers will pay for). Sooner or later the customer will come around to your point of view ("hosting spammers is an extremely bad idea").

See? Problems like this are very simple to solve when those at the top have a sincere desire to solve them. SPEWS exists to assist in creating that desire.

Re:Speaking of antispam..

[monkeydo]

Hey Asshole. You just agreed with him. he said "There is no direct way to be removed from SPEWS."

And your quoting from the SPEWS FAQ confirms that to be correct.

Then you said, "So sort your spam problem, then post in nane once its sorted. Until then, don't expect a lot of us to accept your crap." But he already told you he doesn't SPAM. The problem is that SPEWS has blocked his entire country because they operate on the theory of putting a bunch of people in the same boat as the spammers with the (completely misguided) hope that someone else will then take care of the spammers.

This guy works for a company that can't send mail to anyone on an ISP that uses SPEWS, and yet he has no probelm with SPEWS. He just wants them to stop blocking his non-spamming netblock.

You seem to be under the impression that only spam originating netblocks are blocked by SPEWS. Consider your delusion to be corrected.

Re:Speaking of antispam..

[blowdart]

Posting somewhere that is read is a direct method of contacting spews. It's just not email, which is what most would consider direct.

As for blocking his country, TOUGH SHIT. I block Korea and China for exactly the same reasons, nothing but spam originates from there.

And remember, SPEWS doesn't block people, the mail administrators that use SPEWS as a trusted source block it.

As for your delusional comment, no, SPEWS blocks on spam, spam support services (ie. hosting web sites) and general spam idiocy. Unfortunately, it seems to be the only way to get some people to take notice. SPEWS is the equivilant of the Usenet UDP, which worked rather well on large American ISPs in the early 90s.

Re:Speaking of antispam..

[mindstrm]

SOrry, no. They are also a national carrier.

Is it UUNET's responsibility to filer spam? No, it's not. They may have some policies.. but you would not block UUNET because they sell bandwidth to ISPs who are spammers.

Re:Speaking of antispam..

[Erik+Fish]

"you would not block UUNET because they sell bandwidth to ISPs who are spammers"

Want to bet I wouldn't?

Often spammers and spam-friendly ISPs have very close relationships with national carriers. This has to be dealt with somehow and in some cases this may be the only way to get the national provider's attention.

Re:Speaking of antispam..

[dills]

Simple technical solutions:

1) Costa Rican end user wants to send mail to grandma: Get a hotmail account.

2) Costa Rican business who wants to be able to send and recieve mail freely: host your website in the states for dirt cheap, and setup your mail server to relay all mail through your webhosts mail server.

The Government may have a monopoly on the Internet in Costa Rica, but that doesn't mean you have to use their mail servers. So what if you can't send it from your own network on your own IPs; count it as one of the many reasons you wish you lived in America.

Re:Speaking of antispam..

[topham]

Obviously you haven't been paying attention the the recent details of Microsoft trying to charge people for using Hotmail... They keep sending me mail informing me I should (for various reasons) elect to pay for their service.

You should try dealing with services in a country other than your own, even for neighbors with close ties it can be a royal pain in the ass (Canada and the U.S. in my case). Never mind that the exchange rate puts a significant damper on things. (Ironic twist: I can buy most music cheaper in Canada than you can in the U.S., but the Canadian dollar is worth a fraction of the U.S. dollar...)

I personally know Gord, can't say he's a friend of mine, but I don't hate him either. I just dislike his politics when it comes to SPAM.

I'd rather see the judge in this case declair the whole list void and deny either party from using it. :>

I had dinner with Gord back in about 1998 just after he relocated to Manitoba from B.C. and we discussed the DUL. I didn't like the fact that during the discussion he indicated that my server, running attached to a cablemodem, would be on his list. At the time my Internet provider was having problems sending mail, my solution was to setup my Linux box (firewall, etc) to send outgoing mail. (Relaying explicitly PREVENTED) For me it was the perfect solution, Shaw/@home was not having significant problems receiving mail. Even if there mail server was down mail intended for me would eventually make it through, outgoing mail was an issue because my Windows based mail program would not try repeatedly to send mail. (And I liked what I was using).

My solution allowed me to continue using the software I wanted to use, and I didn't have to go overboard trying to configure sendmail. (That program is almost scary, but thats a discussion for another day).

The amusing, to me, thing about the DUL list is that any provider that feels they should use the list should, in that view, filter outgoing traffic intedned for port 25. Thereby making it impossible for their users to send the same type of email they are filtering on incoming. If all providers which used DUL did that there would probably be less span, and even less of a need for DUL, and it would be *OBVIOUS* your ISP was the issue. Not the ISP at the other end you have no control of.

Personally I find the various balcklists on the net for dealing with SPAM amusing. They don't work 100%, and as such they (in my mind) discourage a proper solution to the problem as they limit it, without remivng it. Enough spam gets through that spammers continue with it, and providers don't get fed up to the point of declaring all out war on SPAM.

Re:Speaking of antispam..

Well, which do you prefer?

1. A bunch of providers and private operators add the IP blocks to their deny lists. Eventually the government of CR brings in a legitimate ISP, but has no way to identify all of the private block lists. Of those that they can identify, many do not want to go to the trouble of tracking down and removing the CR addresses.
2. The same bunch of providers and private operators use SBL, SPEWS or the like to control their blocking. Eventually the government of CR brings in a legitimate ISP, and the entries are removed by SPEWS et al. Without any special effort, that whole bunch of providers and private operators starts accepting traffic from CR again.

The point is, in practice, it's a problem for CR instead of being a problem for the recipients of the CR spam. I prefer it that way. If it's a problem for CR, they know how to resolve it. Depending on whom you believe, the resolution may be in progress now.

Re:Speaking of antispam..

This is more like UUNET being blacklisted because on some level they sell bandwidth to spammers.

And that would be bad because?

Re:Speaking of antispam..

[rodgerd]

Reading 101: You'll note Costa Ricans have only one ISP, a government protected monopoly. Where are the consumers going to go?

Re:Speaking of antispam..

[Technician]

Where are the consumers going to go?
Those who abuse the system? I hope they would go offline ;-)

The post?

[rainmanjag]

Anybody have a URL to the post on spam-l? And thank you to those who explained the acronyms to those of us not familiar with them or the dramatis personae...

-jag

Re:The post?

[tbetz]

There is a SPAM-L web archive, but it's only available to registered SPAM-L members. The identical message was posted to news.admin.net-abuse.email, and is available to all.

who cares

MAPS isn't supported/used enough for anyone to give a shit and utilize it. Blah. Next!

Re:who cares

[Jon_Katz+(Paranoid+F]

Maps is used by over 5000 mail servers and ISPs worldwide.

Re:who cares

thats a drop in the bucket, cock gobbler.

Re:who cares

Your link is 4-oh-4'ed! oh.. right. lots of college students runnning their own linux boxes at school are using it.... ahhh. but shit.. 5000? arent there a few million hosts out there? 5000 is far less than 1% :)

Re:who cares

[0x0d0a]

Windows is used by a lot more than that, but that doesn't make it not suck from a technical perspective.

Wrong!

Gordon could ont have bought the Dul, as he was already off the maps project before he claimed he acquired it. Also, Maps Llc is a profit organization, their leader is salaried.

Re:Wrong!

did you bump your knee on your chin as you wrote your post? for all you know Gordon could have bought your mother.

WHEN!!!

OK... i'm starting to get a little pissed. what the fuck is holding up base-config 1.33.18 from getting into woody. One would think that debian would prefer people to actually *test* the install *before* releaseing 3.0

This is soooooooo fucking lame.

Why is Taco trying to directly email him anyway?

[Arker]

If 'the DUL' or, rather, someone utilising the DUL, is preventing him from emailing a second person, that must mean that Taco is using a dialup and has no smtp server of his own to access? That seems more than a bit improbable.

what are they trying to do?

[Provincialist]

Not personally knowing any of the participants, but aware of the issues involved, I had always been willing to give them the benefit of the doubt. Blacklists are a good technical solution to the social problem that is spam. While I knew there was some animosity between the old MAPS and the old ORBS, I had always assumed that regardless of egotism, they were doing basically the right thing. Certainly, when ORBS was sued by that spammer I was sure the judge had screwed up. [or was it MAPS that got sued? I forget; it may have been both of them] But this current action really leads me to question the motives of MAPS. Spam is only helped when someone who has spent so long fighting it is prevented from using his tools and from developing more tools. It seems that egotism or something very like it has now caused MAPS to do the wrong thing, and that's very unfortunate.

later,
Jess

Misconception...again

[Dwonis]

Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders.

Sigh. No it's not. (How many times does this need to be said.) The mail server CmdrTaco is trying to email is stopping him. The DUL is just a listing; it does no blocking.

Re:Misconception...again

thanks for splitting conceptual hairs, ass wipe

Re:Misconception...again

[Senior+Frac]

It's an important distinction when the collateral damage victims go whining to the press.

It reminds everyone that the administrator of the machine receiving the emails has chosen to use that list maintainer's recommendations as possible spam sources, and that they should be blocked.

Without subscribers, all spam source listings are toothless. This isn't some evil government agency blocking your email on the sly. It's sharing of information, and only as good as the maintainer's policies and reputation.

Re:Misconception...again

[tunah]

Jeez, read between the lines! 'Directly Emailing', 'Direct marketing by email' what's the difference?

Re:Misconception...again

[Ioldanach]

Jeez, read between the lines! 'Directly Emailing', 'Direct marketing by email' what's the difference?

Well, there's the obvious, "marketing"... I.e., Direct marketing by email necessarily involves marketing (and by extension, most if not all spam goes here). Directly Emailing is a superset which includes the previous category, but if I work at a company with a T1 and send an e-mail to my friend, chances are I just Directly Emailed him, since my company's SMTP server connected to my friend's SMTP server. So you're reading way too much between the lines.

Re:Misconception...again

And the DMCA doesn't stop anyone from copying anything. The courts do.

And guns don't kill people....

Shut your semantic spewing pie hole. The DUL does effectivly block people. If I publish something with the sole purpose of you to use it to the detriment of others, I am as guilty of their detriment as you are.

Re:Misconception...again

[macdaddy]

Unfortunately Dwonis, we keep having to say it. I get really frustrated when some user thinks we're filtering their mail for them and they want me to stop. I always reply with the same piece of information. I tell them how many pieces of spam I've filtered from reaching their inbox since the beginning of the year. That always works. You'd be surprised how many there are per person. Oddly enough I've been using this same account for years and post it everywhere. I only get a tiny handful. The spammer's must have a "don't fsck with these people" list of something. ;)

Re:Misconception...again

[duffbeer703]

Cancer, gunshots and drowning doesn't kill you.

You die when your heart stops and oxygen stops getting to your brain.

Re:Misconception...again

[Anomie-ous+Cow-ard]

has chosen to use that list maintainer's recommendations as possible spam sources

Unfortunately, their list of "possible spam sources" is about the same as a radical feminist's idea of "possible rapists"...

Re:Misconception...again

[ddyer-bennet]

Yeah, yeah. That's the legal cover, and I suppose it's important for that purpose.

The DUL is recommending blocking email to the guy.

debian is garbage

see subject for details on this post!

I find this funny

Hi.

I'm twenty five years old, and up until two weeks ago, I was a virgin. Too
many celibacy had worn my self-esteem down to the point where I was finally
willing to pay for sex. I'll spare you the details of the event, as this is
not what I am writing about.

After having completed the act, the prostitute whose services I had rented
immediately exclaimed that something had felt weird. With no particular
ceremony, she grabbed my now-flaccid member and subjected it to an intense
examination, while biting her thumbnail in consternation.

After a brief period, she informed me that my penis was deformed, in her
professional opinion. I had spent my entire life without ever seeing another
man urinate, so I was not aware that the output usually emits from the end
of the head, not the underside, where mine does.

I'd like to know if I should seek the advice of a doctor or plastic surgeon?
Is this the sort of thing that can, or even should be corrected? I've lived
with it for twenty five years, and it hasn't bothered me. Is there really
any reason to worry about this?

Re:I find this funny

[Bitter+Old+Man]

This poor man is in dire need of help, and you callous, self-righteous homosexual Communist hippie moderators mark him as a troll. You long-haired, disgusting, inhumane sons of bitches. Feyck you all!

The SPAM-L post: MAPS Sues Former Employee

[Seth+Finkelstein]

Date: Mon, 6 May 2002 14:40:12 -0700
Sender: Spam Prevention Discussion List
From: Nick Nicholas
Subject: COURT: MAPS Sues Former Employee and DUL Founder, Gordon Fecyk

I have been a strongly outspoken supporter of MAPS for many years.

When I was at pacbell.net I nearly had a heart attack when Paul Vixie called in 1997 to warn us that we were about to be listed in the MAPS RBL for running unsecured mail servers. But I supported his actions even then. Indeed, his call was very helpful in speeding up the bureaucracy at pacbell.net and getting the unsecured mail servers closed to relaying even more quickly. I appreciated Paul's willingness to work with us on resolving our problems.

I wanted pacbell.net to use the MAPS RBL, but instead I was instructed by management to compile my own list. I felt my meager efforts could not compare to the quality of the RBL made available by MAPS, but, unfortunately, my own wishes were overruled.

When Paul offered me the opportunity to become Executive Director of MAPS in December 1998, it was an offer I simply could not refuse, and for the next year and a half I was one of the leading cheerleaders for MAPS.

Even though I left MAPS in August 1999, it was an amicable departure. Soon afterwards I was hired as Chief Privacy Officer for a company in the direct marketing industry, and I still continued to defend MAPS against its many critics in that industry.

Last year I decided to write a book about the history of MAPS. My intent was to focus on the companies that sued MAPS and abused the legal system in order to prevent MAPS from exercising its legitimate free speech rights. I wanted to portray Paul and Dave Rand as beleaguered but slightly flawed heroes.

However, my opinion of MAPS was forever changed this past April when it decided to sue DUL founder, Gordon Fecyk, after Gordon attempted to exercise a December 1998 contract he entered into with Paul Vixie in his capacity as MAPS CEO.

My overview of this matter, as well as copies of court documents filed in the case, can be found at the following URL:

http://www.lawsuitinfo.com

It seems that MAPS has learned a great deal from the lawsuits brought against it by Harris Interactive and others, and has adopted the same slimy tactics. In particular, the affidavits filed by Margie Arbon and Anne Mitchell are full of factual errors and material misrepresentations. I will add my commentary on these affidavits at a later date.

A hearing will be held in the Manitoba court tomorrow (5/7). We will add additional info as soon as possible.

Gordon may have to sell his car in order to pay his not inconsequential legal bills. Is anyone interested in making a contribution to help Gordon with his legal expenses? If so, please send your contributions to Gordon's attorneys at the following address:

Cassidy Ramsay
385 St. Mary Avenue, 2nd Floor
Winnipeg, Manitoba R3C 0N1
CANADA

Checks or money orders should be made out to Cassidy Ramsay

Be sure to include a note with your contribution stating that it is on behalf of Gordon Fecyk in the Mail Abuse Prevention System v. Fecyk case.

All contributions will be placed in a trust fund by the law firm and used solely to cover Gordon's legal expenses.

Contributors will receive an acknowledgement from Cassidy Ramsay. However, all contributions are covered by attorney-client privilege, and thus the identities of contributors will remain anonymous. Information about contributions *cannot* be obtained by MAPS through the discovery process.

I cannot describe how much it saddens me that it has become necessary for me to bring all of these disturbing facts to light, but I think it is essential for the Internet community to be aware of what MAPS has become. MAPS is no longer devoting its energy to fighting spam and co-operating with others in that fight, but instead is suing a former employee who attempted to exercise his legitimate rights pursuant to a contract with MAPS. I find it extremely ironic that an organization which is currently soliciting donations to its own legal defense fund would now be using its limited resources to pursue litigation against a former employee.

Regards,

Nick

Re:The SPAM-L post: MAPS Sues Former Employee

[Citizen+of+Earth]

Even though I left MAPS in August 1999, it was an amicable departure. Soon afterwards I was hired as Chief Privacy Officer for a company in the direct marketing industry

Darth Vader switched careers as well.

Re:The SPAM-L post: MAPS Sues Former Employee

[0x0d0a]

You have *got* to be kidding. The DUL getting shut down is the best thing for the Internet that's happened in a long time. They've blocked legitimate mail more times than I can count, and pissed me off more than Microsoft. Go back to blocking spam in an RFC-compliant manner, thank you very much.

This story is very DUL

[wackybrit]

Go on, laugh.

At first glance

Did anyone else read this as:

'Who the fuck owns the DUL?'

or was it just me...

Re:At first glance

It was just you, your retarded eyes and your retarded brain thinking anyone would care.

SPAM-L mailing list info, FAQ and archives

[Seth+Finkelstein]

Information about the SPAM-L list can be found at:

http://www.claws-and-paws.com/spam-l/

Search and archives are at:

http://peach.ease.lsoft.com/archives/spam-l.html

But you have to be a subscriber to use the above.

Sig: What Happened To The Censorware Project (censorware.org)

no Linux content

There's nothing linux specific about this setup. He could very well be running FreeBSD. Actually, he would be better off running FreeBSD.

Imagine that...

CmdrTaco will have to use a phone.

Interested in MAPS? Also Check out DCC...

[jwiegley]

I've used the MAPS tools in the past to check that my mail servers are properly configured to reject relays. But for actually stopping the 20-30 spam articles I get per day nothing has worked. (We all know what those dreaded "unsubscribe" "features" really do. don't we?)

That is nothing worked until a few days ago. I recommend anybody that has spam problems, can run procmail or is in charge of a mail server running sendmail check out the "Distributed Checksum Clearinghouse" (DCC) at http://www.rhyolite.com/anti-spam/dcc/

It took me some time to get the dcc sendmail milter dccm working correctly but, since I did, this has become my new best friend. Its catching 100% of spam targeted at me and rejecting it.

From what I know about MAPS I think its a needed service to keep ISPs in check. But it seems targeted at attacking the delivers of spam and doesn't seem to provide much to directly protect the recipients of spam mail. DCC is the only solution I've found that accurately prevents spam mail from even being delivered to myself or users. I think this is necessary because if nobody actually receives spam the spammers will starve.

So If you're like me and think spam is a rashy plague that you can't get rid of their is a cream available and it is named DCC. Check it out.

Re:Interested in MAPS? Also Check out DCC...

[johnfoobar]

the link is 50,000 times more useful is we can click on it.

http://www.rhyolite.com/anti-spam/dcc

Re:Interested in MAPS? Also Check out DCC...

[mjh]

Also checkout spamassassin. It scans all emails and applies heuristics to the email to decide whether or not it thinks it's a spam. Each heuristic has a score. By default, any total score above 5 marks the email as a spam.

But here's the cool part. Spamassassin doesn't do anything with it. It simply marks it as a spam. Then you can use something like procmail to decide what to do with it. Me, personally, I store it into a folder called SPAM. I then configure my imap server (courier imapd) to treat that mailbox as a trashcan, and automatically delete anything in it older than 14 days.

This allows me to check if there are any stragglers that get through, but also allows me to forget about it for a couple of weeks at a time. Spamassassin has been tuned to avoid false positives. I've been using spamassassin for months. During that time, I've not had a single email that was not a spam get marked as a spam. I've had emails that were spams get marked as non-spam (false negative). Which, if there's going to be an error, that's the kind I want. I'd hate to call a real email spam, have it sent to my SPAM mailbox and automatically deleted before I read it. The good news is that not a single false positive has occurred, although a few false negatives have occurred.

So I've started using another tool to help deal with spam. It's called TMDA. It's somewhat more complex to setup and use than spamassissin. But a brief description is that it acts like an email firewall. Outgoing messages can be replied to, but incoming messages require that a person prove that they are a person. After which they'll be allowed unrestricted access to send me email.

TMDA is much more exact than spamassassin, which is mostly complicated guessing. It successfully blocks every spam that spamassassin lets through. However, TMDA is also much more complex from an end user perspective. So it might not be for everyone. For example, I only use spamassassin on my wife's account - not TMDA because she's made it clear to me that she doesn't want to learn how to use it. I personally use both of them at the same time, and I've been 100% spam free for months. I used to get 20-30/day.

$.02

Re:Interested in MAPS? Also Check out DCC...

[Skapare]

I want to keep spam from even so much as entering my server. How can DCC help in that case? I don't see how, being as I don't have the content to check against DCC with. Now if this check can be done during the SMTP delivery of the content, and be used to force a failure of delivery, well maybe that would work. Is this doable? Last time I looked at the DCC site, it wasn't even close to this.

Re:Interested in MAPS? Also Check out DCC...

[gmhowell]

Just set this up the other day on my personal system. And so far, it works. Granted, it's only been a few days, but I'm ready to change my procmail filter to point to /dev/null instead of /home/me/mail/checkifthisisreallyspam

Re:Interested in MAPS? Also Check out DCC...

dccm, the sendmail milter will do it. Just tell dccm to reject the mail. Now, technically, the data will be sent to the server- but after the end of the DATA sent by the client, bulk mail will get a 5xx go away message rather than a 2xx ok message. so yea, it rejects during the SMTP session, if that's what you want.

Re:Interested in MAPS? Also Check out DCC...

[Skapare]

Yes, that would do the job of keeping the mail on the server, and giving a 5XX to the spamware or the open relay. Any word on a Postfix version?

Re:Interested in MAPS? Also Check out DCC...

[boyprogrammer]

they have a command line interface, dccproc- It's fairly trivial (speaking from experience) to setup postfix to run mail through it. Not the most efficent way to do it, as you would start a new dccproc process for each message, but it's probably still faster than sendmail.

Re:Interested in MAPS? Also Check out DCC...

[Skapare]

These things should be done by dlopen(), dlsym(), call a specific function to filter/check data, and dlclose() ... instead of fork() and execve(). I've already discovered that dynamic web pages built from shared object files run much faster on the server than corresponding CGI even with the CGI program written in C.

In-joke: "The bone of contention is that ..."

[Seth+Finkelstein]

[This joke will only make sense to people following the spam jargon]

The bone of contention is that ...

Would that be a chicken bone?

Sig: What Happened To The Censorware Project (censorware.org)

What a surprise... they're unpleasant people!

[brooks_talley]

Anyone who has worked with / for / against MAPS knows that they are primarily interested in fighting. Their original purpose was to fight spam, but they're just as into fighting folks they don't like and each other. As far as I can tell, they really don't care *who* they fight, as long as there's lots of name calling and moral outrage involved.

MAPS is a joke. A classic case of the old saying about the pavement on the road to hell, and also a classic case of people thinking there's a technical solution to a social problem.

-b

Re:What a surprise... they're unpleasant people!

[blueHal]

So very very very true. Wish I had moderator points to give you your props, brooks_talley.

I had an email exchange once with one of em, and I've never seen such animosity before or sense. It was terribly disturbing. I'm glad this is coming out and the community is reacting with disgust.

Re:What a surprise... they're unpleasant people!

Most of the anti-spam lists are really unpleasant to deal with, especially if you get listed by mistake. They seem to be under the impression that they are GODS and their systems are utterly foolproof. Spamcop is especially bad because it's so easy to abuse. (Don't like someone? Just forge a few spam reports coming from their IP and send them to Spamcop.)

PGP signed message?

[dmiller]

Fecyk quotes a PGP signed agreement. Unfortunately, he (or perhaps his mail client) has stripped off the signature itself.

The signature on the argument would carry more weight if he left the signature intact so others could verify it from themselves.

DUL 'stopping mail'?

[sloanster]

"Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders."

um, no - in this case, use your ISP's mail server.

Problem solved.

Re:DUL 'stopping mail'?

[HD+Webdev]

Using the ISP's mail server for directly emailing solves the problem?

IANARS, but that wouldn't be directly emailing would it?

Related discussions in Usenet

[PEN15]

Nick also posted his message to the Usenet newsgroup news.admin.net-abuse.email. There are some interesting comments in that thread, you can view it here.

chickenboner spam spew 5-5-0

Brunner Went Down to Florida
By: Gordon Fecyk
Inspired By: Kostadis Roussos' "Devil went down to Sunlab"
Parody of Devil Went Down to Georgia by The Charlie Daniels Band (BMI) Brunner went down to Florida,
He was looking for an ISP.
He was in a bind, 'cause he's off line
And was willing to pay the fee.
When he came across John from MegaPOP
With bandwidth real hot,
And Brunner jumped on the Popsite bench and said,
"Boy, let me tell you what!" I bet you didn't know it
But I'm the king of spam and spew.
And if you care to take a dare
I'll make a bet with you.
Now you run a pretty good server, boy
But give the devil his due.
I'll bet Avalanche Pro against your soul
'Cause you can't stop 'Spamdrew.' The boy said, "My name's Johnny
And it might be a sin
But I'll take your bet, your gonna regret
'Cause I'm the best that's ever been." Johnny, lock your dial-ups and start working them real hard
'Cause hell's broke loose in Popsite
And the devil deals the cards
And if you win you get to stop his new Avalanche Pro
But if you lose, Brunner gets your soul! Then Brunner opened up NT and said,
"I'll start this show."
And fire flew from his fingertips
as he watched his Avalanche load. And he sent his spew across the 'net
But it was blocked with "5-5-6".
Then a band of Chickenboners joined in
And it was blocked again, like this... (instrumental) When Brunner finished Johnny said,
"Well you're pretty good ol' son!
But we work with the Dial-up User List
let me show you how it's done!" Avalanche dead, run DUL run.
Devil's running NT Workstation.
Chickenboner spam spew 5-5-0.
Stop the Devil's junk mail, Go DUL Go! (fiddle solo) And Brunner bowed his head
Because he knew that he'd been beat.
And he tossed his Avalanche Pro
in the trash, and cried "Lawsuite!"
Johnny said, "Devil, just come on back here
If you ever wanna try again.
I done told you once,
You son-of-a-bitch,
I'm the best that's ever been!" He mailed: Avalanche dead, run DUL run.
Devil's running NT Workstation.
Chickenboner spam spew 5-5-0.
Stop the Devil's junk mail, Go DUL Go! (solo finale)

Re:chickenboner spam spew 5-5-0

it's funny mod it up.. God whats wrong with you people?

on really fixing email

[drDugan]

I can't help but look at these databases as a
too-little, too-late patch to a broken
system. My long term average for spam is now 7.2
spams/day -- EVEN with working to try and
prevent it. Why should I have to pay some
company more to track people who spam?

Can someone please present a way to overhaul
the email system so that it works the way it
was intended? Call it something else --
something new -- direct, personal, intentional
communication. (Cripes, they even have
spambots now on IRC and IM too.)

I'm groping here -- but what are the real
steps we can take so that end users
don't need to spend the money/time to defend
against unwanted commercial mail?

I'm thinking along the lines of new rfps for
the way mail servers transport and
authenticate mail / requiring digital signatures
from your ISP / elimination of mail from
spoofed IPs / elimination of all anonymous mail,
even...

where is the hangup in making (i.e. forcing
technologically, not leagally) spam
nonexistant?

Re:on really fixing email

[AnotherBlackHat]

Can someone please present a way to overhaul the email system so that it works the way it was intended?

I think the email system is already working the way it was intended.
Near instant delivery at near zero cost.

What you probably want is a system that overhauls email so that it works the way you want.
I.e. you only get email that is of interest to you.
Although there are several things that improve on the current situation, (Spam Wolf,
Spam Assassin, Vipul's Razor...)
IMO, the only long term solution is digitally signed email to identify friends,
and a large fee for unknowns.
The fee could be real cash, or hash-cash, or a donation to charity,
or held in escrow, but the principle is the same -
make it cost a lot to send email to people you don't know.

-- Spam Wolf, the best spam blocking vaporware yet!

Re:on really fixing email

[Penguinoflight]

People have suggested ways that will work, in fact, I've even suggested ways that will work! The stupid lazy programmers complain about bandwidth and too many processes and call you names. A system to stop spam would be hard to run, and that's why there aren't any now. (My ISP uses a dul, but I get PLENTY of spam.)

I don't think there are many people that spam per message sent, what we need to do is block by domains, not ip addresses, and anything that doesn't resolv gets blocked. It would work, but it would probably be too expencive, unless the lazy administrators are just lying to me.

Boo fucking hoo

[1234567890zxcvbnm]

Cry me a fucking river. Does this mean I won't be able to arrange my next Costa Rican kiddie sex tour by email? Damn.

Maybe you should move to a civilized country; one that doesn't rely on bananas and postage stamps for its whole GDP.

Get a contract

[cameldrv]

The message sent by vixie says that a contract will be drawn up, and outlines some of its features. It is not a contract in itself. Unfortunately, it is very easy to not worry about such things when a business relationship is starting up because everything is fine and you don't want to make the other party feel you don't trust them. Unfortunately if things go bad, all you have left is PGP signed vague emails instead of signed and notarised contracts. IANAL.

Not copyrightable

[cameldrv]

From my understanding of the Feist decision, it is quite possible that this list is not even copyrightable. Unfortunately it would take a lot of money to make such an argument, as it would establish new case law. IANAL.

Re:like he said...who cares

5000 sounds impressive, but there are a hell of a lot more then 5000 mail servers.

Quick summary

[enigma48]

MAPS might have a few good points but in my wholly uninformed point of view, they seem to deserve to lose.

To sum up 3 years:

Gordon Fecyk: Hey Paul, here is the DUL - I'll even indemnify you of any damages because of the list.

Paul Vixie: Great - I'll make you the maintainer of the DUL and we'll draw something up saying you can regain ownership of the DUL for $10 (the contract minimum in the US at the time). MAPS will take the good and the bad - all the publicity and all the legal trouble associated with it. When you want to leave, you can take the DUL back for $10.

forward 3 years

GF to Dave Rand/MAPS: I'm leaving. Here is $10. I have a recent copy of the DUL. I own it. You can use it free for a little while and we'll work out a contract after that. I'll even let you have first change to negotiate for it.

MAPS to GF: Lawsuit.

MAPS argues in the lawsuit that GF doesn't own the DUL and even if he did, he couldn't maintain it properly on his own, it causes legal issues with MAPS (privacy issues), saying that he owns it hurts MAPS, etc.

If I was MAPS, I'd be protecting my income sources as strongly as possible. Not having followed the MAPS project/organization much and seeing they still accept donations, I would be worried too.

The right thing to do would be to honour the agreement between Paul Vixie and Gordon Fecyk. If it bankrupts the organization, it is a sad thing but something could be worked out. (eg: cheap licencing - Gordon seems *very* reasonable)

The wrong thing is to fight for your life and not even try to do the right thing first.

Then again, if the DUL is a major source of income for them, I can't seem them caring much about doing the right thing. Morals are nice but survival comes first I suppose.

My morals suggested I check google for a cached version of the DUL and post the link but it looks like google didn't get it in time. Anyone have links?

Jeff

The problem is, Gordon's "contract" isn't

[TekPolitik]

It's quite clearly a pre-contractual negotiation. It clearly doesn't even contemplate acceptance in those terms. If there's no written contract, the thing Gordon points to as a contract would be evidence of what the terms are, but not conclusive evidence. If there's a written contract somewhere else, then unless those terms are in it, Gordon's out of luck.

Re:The problem is, Gordon's "contract" isn't

[TekPolitik]

Of course there's more - there doesn't appear at any stage to be a transfer of ownership to MAPS, so it appears unlikely that MAPS *ever* owned the DUL. It appears what they got when they hired Gordon is his services plus the use of the DUL.

So here's what needs to be shown: (1) by MAPS, an unequivocal statement by Gordon assigning ownership of the DUL to MAPS; (2) by Gordon (but only if MAPS can show (1)), a contract granting him the option to buy back.

Neither of these things appears to have been shown.

I think Gordon should make a counter-claim for the $10 as money paid under a material mistake of fact.

Hold everything

the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders

Oh my, I didn't realise this problem with DUL was so serious!

Feyck you

[Bitter+Old+Man]

Yes, you read that right, you feycking idiots. Feyck the whole lot of you feyckers. Feyck off!

Because that's how Unix email works

[billstewart]

Taco's probably using a Linux system, with some popular Mail Transfer Agent like Sendmail or Postfix or [3 or 4 others] that are smart enough to be able to deliver mail without needing help, like just about any other Unix machine since we started using domain names in the mid-1980s. If you're on the DUL, your main net connection is probably dialup or DSL or cable modem, so you're a MERE LUSER instead of owning a T1 all your own, but so what? You've got a computer with a Real Operating System, and there's no need to pretend you're a Windows-using couch potato that's running a mail client too dumb to deliver its own email - even if you are running a dumb client, sendmail on 127.0.0.1 fixes that problem.

In other words, Taco does have an smtp server of his own to access. On his own machine. Like he should. If you're a dialup user, it's beneficial to have an inbound mailbox server somewhere that's always connected, whether it delivers the mail to you by SMTP or POP/IMAP. But no need to do that for outbound.

The reason the DUL is helpful for blocking spammers is not because there's no legitimate reason for a dialup user to run SMTP - it's just that many of the popular clients use a relay so they don't have to handle error messages or hang out trying to deliver to slow servers or delay delivery on temporarily unavailable servers, and that many spammers abuse cheap disposable dialup accounts, but they get booted off of their ISPs' mail servers too fast to make them practical, or rate-limited, so they deliver their own email so they can reach more suckers before being squashed.

Some ISPs block outgoing Port 25 that doesn't go through their servers - really annoying if you've got more than one ISP account, and don't like having to reconfigure your machine just because you're dialing in from work or on the DSL at home instead of the other dialup.

Re:Because that's how Unix email works

[User+956]

Taco's probably using a Linux system, with some popular Mail Transfer Agent like Sendmail or Postfix or [3 or 4 others] that are smart enough to be able to deliver mail without needing help, like just about any other Unix machine since we started using domain names in the mid-1980s.

Ok, but that isn't stopping Taco from getting a free yahoo/hotmail/myrealbox account, and emailing the "unreachable" Slash code developer from there. The DUL won't affect those free email services, and Taco obviously has a functioning web browser.

What's the fucking problem? Oh wait, Taco's a stubborn ass. As are you.

I guess free email isn't l33t enough for you L1nuX h4X0R3Z, even though it's FUCKING FUNCTIONAL.

Typical.

Re:Because that's how Unix email works

Taco's probably using a Linux system, with some popular Mail Transfer Agent like Sendmail or Postfix or [3 or 4 others] that are smart enough to be able to deliver mail without needing help, like just about any other Unix machine since we started using domain names in the mid-1980s.

And? I don't see the problem. Sendmail, as well as Postfix does offer something called a Smart Host.

This means that all mail is sent via SMTP from your local box to the smart host, which can be your ISP's mail relay or the box running slashdot, in Taco's case.

Re:Because that's how Unix email works

[Hard_Code]

Right, some random free email address is JUST what I trust when communicating with coworkers.

Re:Because that's how Unix email works

[arkanes]

It's not just dialup - my cable modem IP (at least one of them anyway, it's dynamic) is in the DUL list. It was a minor pain in the ass, but sending outgoing mail via my own machines is a convenience, not a neccesity.

Re:Because that's how Unix email works

[0x0d0a]

And "smart hosts" (mail gateways) are quite annoying. If you move from ISP to ISP like I do (from college to home multiple times a year) you always have to remember to switch the gateway. Your retry send policy is locked to the ISP's chosen policy. You only find out about mail sending errors next time you check your mail, not when sending it. You can't use end-to-end mailserver encryption. You're asking for a Carnivore invasion of privacy. Finally, you're buckling under to the sorts that are trying to stop the Internet from being a reliable peer-to-peer system...with a required mail gateway, the mail admin has successfully brought your sending email anywhere to a single point of failure.

How do I figure out IP blocks for entire countries

I'd like to block China, Japan and Korea.

Hey

[Bitter+Old+Man]

Feyck you.

it will never be nonexistent

[ZxCv]

I don't think there will ever be a truly viable technical solution to spam. Spam is not so much a technical problem as it is a social problem. And we all know about trying to cure social problems with technical solutions. It's the same as with digital piracy--implement some new system or some new restriction and those that it was intended to take care of will be the ones that find a way to get around it.

RFCs are not gospel

The laissez fair internet has problems, you feel those problems are more acceptable than the problems caused by the ad hoc solutions ... not everyone agrees.

Spews is a solution worse than the problem itself

Spews is a very effective antispam solution, but the damage it causes is often worse than the problem it solves. Here are some of the problems it creates:

1. It blocks whole networks at a time, not just the spamming IP. Yes, this forces ISP's to react to spammers quickly, but how would you feel if you happen to share a class C with a spammer, and your emails get rejected for months while your ISP deals with the spammer and SPEWS? It's like living in a society where you go to jail for the crime your neighbor commits.

2. Spews is supposedly run by professionals, but they're extremely sloppy in their investigation work. People often get listed simply because their domains are used in forged email addresses and/or forged HELO headers. Anyone with a basic knowledge of SMTP knows how easily they can be forged, yet SPEWS frequently blocks domains on that basis alone.

3. SPEWS' philosophy is that once a domain is used for spamming, it's blacklisted forever. A client of ours recently bought a new domain name, but soon afterwards found his IP on the SPEWS blacklist, and his ISP shut down his servers to protect their other customers, simply because the domain was used for spamming by its previous owner. SPEWS doesn't bother to check whether the domain registration date is before or after the spam date.

4. SPEWS is run by a bunch of shady and unaccountable people. Their whois record shows a mailing address in Irkutsk, Russia, and they won't answer any emails. If you are screwed by them, the only way to get yourself removed is to post on a newsgroup and hope some anonymous hacker in Russia is going to care about your situation and deal with it promptly. If you're lucky, you get delisted a few months later, if your ISP hasn't kicked you out by then.

In short, SPEWS fights spam by exerting a heavy burden on innocent people who unknowingly become associated with spammers. Despite the hatred we all have for spammers, I would advise anyone who cherishes the democratic values of our society to stay away from SPEWS.

Re:Spews is a solution worse than the problem itse

[blowdart]

It's like living in a society where you go to jail for the crime your neighbor commits.

No, its like paying a criminal boss who happens to employe burglars. If you're paying, you're supporting spam. Tough shit.

People often get listed simply because their domains are used in forged email addresses and/or forged HELO headers

Care to offer links or evidence to that?

SPEWS' philosophy is that once a domain is used for spamming, it's blacklisted forever

Utter bullshit. None of the mainstream spam blacklists run on a domain basis. It's done on an IP block basis.

SPEWS is run by a bunch of shady and unaccountable people.

Shady no. It's run by a group of international news admins. Unaccountable, perhaps. But when black lists keep getting sued by spammers, then what else are you going to do.

SPEWS fights spam by exerting a heavy burden on innocent people who unknowingly become associated with spammers

Unfortunately, this is the only way to get ISPs to take notice these days. SPEWS is based on collateral damage. However the fault lies with the ISPs, not spews.

would advise anyone who cherishes the democratic values of our society to stay away from SPEWS

It's my democratic right to use it or not use it. SPAM is not a right. It's not a free speech issue. You do not have a right to communicate with my servers. Oh, and remember, the internet is international. Not all of us hold your consitution so dear.

Re:How do I figure out IP blocks for entire countr

[LWolenczak]

I would like to block, China, Korea, and Singipore.

Re:How do I figure out IP blocks for entire countr

Use spews.

Re:How do I figure out IP blocks for entire countr

[Skapare]

Download the data from the APNIC, TWNIC, KRNIC, etc. FTP sites, convert to your mailer's file format, and let it use that to look up each IP address. That's what I do for my Postfix mail servers.

CmdrLuser?

Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders.

Then Malda oughtta get a fsck'n clue and stop trying to do direct-to-MX from a fsck'n dialup account, for Christ's sake. It doesn't take rocket science to set ones SMTP server to use their ISP's mail gateway.

The DUL isn't "blocking" anything, btw. The receiving mail gateway is doing the blocking--because it doesn't want direct-to-MX from dialup pools.

MAPS vs. Gordon Fecyk Lawsuit Info Site

Y'all may find these handy:

http://www.lawsuitinfo.com

http://www.chickenboner.com/lawsuit/

They both point to the latter URL.

Rob should be using his ISP's SMTP server

[alexburke]

Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders.

That's because he's trying to connect to the coder's ISP's SMTP server directly to send the mail. That SMTP server sees that Rob is coming in from a dialup pool and refuses the mail, as it bloody well should.

Solution: Rob should be using his ISP's SMTP server.

Re:Rob should be using his ISP's SMTP server

[PigleT]

Duh. Yet another "oh look the DUL is wonderful" idiot.

Hint: No it's not. Any ISP that actively blocks its users from receiving mail just because they have some stupid carpet-ban of a rule that "all dialup users are evil" will never receive a penny of support from me, for censorship grounds.

Wake up, smell the coffee - settling for using some isp-provided "smart"host is pandering to the DUL. Die die die.

Re:Rob should be using his ISP's SMTP server

[alexburke]

Why the hell should dialup users do MX lookups themselves? Dialup users should send their outgoing mail via SMTP to their ISP's mail server and let it do the work.

There is almost never a legitimate reason for dialup clients to be doing direct delivery of mail!

Re:Rob should be using his ISP's SMTP server

As an admin at one of those ISP's you talk about I can say we honestly don't want money from people who are too ignorant of spam-problems to insist on pointless things like being able to use their dynamic IP pool (which is easily accessible to any spammers by buying a dialup account for peanuts) just so they can send mail from i4ms0g0dd4ml33t.ath.cx.

Unfortunately not many ISP's give a shit about the internet like we do and many here (UK) don't bother with the DUL.

Re:Rob should be using his ISP's SMTP server

[Fez]

There is almost never a legitimate reason for dialup clients to be doing direct delivery of mail!

What if you're on a braindead ISP (Such as Verizon) and there's not really another valid choice (For DSL) and they block all e-mail that doesn't come "from" your Verizon-supplied e-mail address?

I agree that using a dialup/DSL/cable hosted computer as a mail server is generally a bad idea, but there are legitimate uses.

Of course one can always relay mail to a third-party SMTP server using TLS, too.

Re:Rob should be using his ISP's SMTP server

[frost22]

There is almost never a legitimate reason for dialup clients to be doing direct delivery of mail!

Hogwash. My ISP places a number of restrictions on my use of his Mail Relay (among them encoding my customer number in the headers - say goodbye to pseudonymous mail - an upper limit of mails / day and stuff like that.) I don't like these restrictions. My ISP has a monopoly. No choice for me to get broadband from somehwere else.

Doo yoo reely whant emale phrom CmdrTaco?

[WIAKywbfatw]

Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders.

Lucky Slash coder. That's one less email sender who's message he'll have to decipher from proto-Pigeon English to the real thing...

Re:Doo yoo reely whant emale phrom CmdrTaco?

[rodgerd]

I think you meant "pidgin".

Of course, I suppose that could be irony at work...

www.orca.bc.ca/dul/ was archived by alexa

[blowdart]

http://web.archive.org/web/20010619203232/http://w ww.orca.bc.ca/dul/

Fun to see the name change from ORCA.BC.CA DUL to MAPS DUL in progress.

Re:How do I figure out IP blocks for entire countr

[pacman+on+prozac]

theres also a list of allocated IP blocks here which might help.

not funny

[Ender+Ryan]

Really, this is the most insightful post I've ever seen regarding these people. I was planning to post nearly the exact same thing, and I certainly didn't mean for it to be funny.

Just try dealing with these people, or the many others doing the same thing, and you will understand exactly what I mean.

I don't even want to talk about my dealings with them... just don't feel like talking about it...

Re:like he said...who cares

He said "5000 mail servers and ISPs". A DNSBL used by 5000 ISPs is quite impressive when you multiple each ISP by 250,000 customers or more.

Re:Spews is a solution worse than the problem itse

> SPEWS is ... run by a group of international news admins.

Do you have any basis for this at all? Does anyone anywhere know this for a fact? That's simply what the folks in NANAE beleive, none of whom have any idea who SPEWS is and beleive it only from reading it on the SPEWS site.

Awww

[bruns]

>Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash
coders.

Awww, poor baby, want a cookie?

Brian Bruns
antispam.2mbit.com - Anti-spam Resources/Services

Re:Awww

[0x0d0a]

I think the parent post pretty much sums up anti-spam sorts.

I dislike spam, but I've seen so much more *crap* from anti-spam sorts that I'm starting to wish that they didn't exist.

I especially hate server-side spam filtering, because it means that I have to trust the spam-fighting ability of some mail admins to never falsely block good mail. Why? I can set up my own (better) client-side solutions with procmail than they're going to. Much better that way.

Re:Awww

[bruns]

Maybe Taco's friend should stop using his dialup for e-mail and get either a static IP dialup or DSL/Cable/whatever rather then complaining? Or heres an even better idea - why doesn't his friend use his provider's mail server for outgoing mail? Interesting idea eh?

The DUL does exactly what it says it does - block dialups. Its not like its false advertising.

I have no remorse/care for people who don't understand the concept of blacklists and why they are used/needed. Taco consistantly shows his ignorance for things, and I'm sick of it.

DUL is a understatement

MAPS being something DUL is an understatement

BWAHAHAHAHAHa

Re:Spews is a solution worse than the problem itse

[blowdart]

Me bad, should have said MAIL admins, not news admins. As for evidence, if I said I did, then I'd be a target for discoveries in lawsuits, so obviously no, I don't. Of course the spews admins would know it for a fact.

MAPS making ISPs Email Monopolies?

[nn43]

I believe some day MAPS and DUL will make the major ISPs monopolies of email delivery.

ISPs are consolidating into larger and larger groups of users under a smaller and smaller set of companies.

ISPs help out by blocking port 25 from regular users.

MAPS knocks out the dial in users.

As one message notes, entire countries are blocked from sending email.

MAPS, while a good idea in a growing thriving ISP world, is not a good idea in a shrinking ISP world.

MAPS will destroy the email internet as we know it in a few years.

Re:MAPS making ISPs Email Monopolies?

[Erik+Fish]

Actually MAPS is on it's way out. It lost a lot of support when it started charging and this lawsuit isn't likely to win it any friends.

SPEWS is the current favorite because unlike MAPS it doesn't pussy-foot around trying to "educate" spammers and their hosts.

Beyond any of this though, MAPS only blocks those who spam and (in the case of the DUL) those who are trying to use their dial-up lines to send e-mail directly (rather than going through a mail server on a static IP). While MAPS has in the past shown favoritism towards large companies (giving them ridiculous amounts of time to clean up), they don't block small companies because they're small.

So no, Chicken Little: The sky is not falling.

Re:MAPS making ISPs Email Monopolies?

Yes, and I saw MAPS with a rifle on the "grassy knoll" in '64!

...rumors say they were seen running from the Cape after the challenger explosion...

: MAPS will destroy the email internet as we know it in a few years.

Only for spammers like you bud, for people who use email properly, MAPS, SPEWS, ORDB, SBL, etc etc will SAVE it.

Now remember, when making the tinfoil hat - shiny side out.

CmdrTaco

[macdaddy]

This isn't in response to the actual article. This is in response to the comments made about the DUL stopping CmdrTaco from mailing one of the slash coders. It really pisses me off when some dumb son of a bitch thinks they have the right to directly send an email from their dialup account. People seem to think that their providers MTA is there for looks. People don't understand that a significant amount of spam can be blocked by only allowing one providers MTA to talk to another. Frankly I think there should be a mandatory MTA registration process like there is for DNS servers. You must register your MTA before you can mail. This would require valid abuse contact information and things of that nature. The 'Net isn't meant to be plug and play. I block 100,000 pieces of spam per week at an ISP I consult with (give or take usually 10k depending on the time of year). I use 6 different DNS blacklists and a lengthy Sendmail access list of spamming domains and netblocks to do this for me. About 2 years ago the DUL was blocking by far the most spam of all the blacklists (for me). Then raping of open relays became really popular and the hits on the RSS rose dramatically. Now the DUL gets on average about 3000 hits per week. Every so often that number will sharply increase because some spammer decided to direct-to-MX spam us. Well we're one of many providers that doesn't take that shit. Hence the DUL. I'm getting sick of ranting here, so I'm done.

Re:CmdrTaco

[Rupert]

Where do I register my DNS server? It's at 192.168.192.8

Re:CmdrTaco

[kmellis]

As others have already pointed out, using relays to send mail as the preferred method is not in the RFCs, and it shouldn't be.

Given the cost/benefit analysis and the low number of people running their own servers that aren't spammers, I agree that it makes sense to use the DUL. Still, that doesn't make it any more "fair" to those legitimate netizens that are being blocked. And there certainly is no justification for being angry with them. It's just one more bit of basic functionality of the 'net that is taken away from the end user as a result of egregious exploitation of that functionality by a few opportunists. If you keep trying to deal with these vandals in successive ways that generate collateral damage, eventually the collateral damage is going to add up to an amount that is unacceptable. Thus, such solutions are a temporary fix, at best; and, at worse, delay the implementation of real solutions.

Re:CmdrTaco

[jo42]

> Where do I register my DNS server? It's at 192.168.192.8

Remove lower garments, squat down, insert middle finger into sphincter.

Re:CmdrTaco

[frost22]

It really pisses me off when some dumb son of a bitch thinks they have the right to directly send an email from their dialup account

It really pisses me off when some dumb son of a bitch thinks he has the right to tell me what to do with my computer.

It really pisses me off when some dumb son of a bitch thinks his personal pet peeve (here: spam prevention) is so much more important than everything else that the whole world has to be changed to accomodate his wishes.

And finally, it really pisses me off when said dumb son of a bitch not only entertains all these delusions but also fails to think what kind of internet he creates in pursuit of his goals, with second class citizens under strict and draconian ISP rule.

Frankly I think there should be a mandatory MTA registration process like there is for DNS servers

There is no such thing as a "mandatory DNS server registration process". Whoever pays you for consulting is royally wasting his funds.

Evolution

[mixbsd]

Spammers, like the pondlife they are, have evolved with the internet. The old SMTP standard is inadequate and insecure. Until there is a widespread adoption of ESMTP (ie. POP before SMTP) or something similar is implemented, everyone will be patching up the email security "holes" of open relays with Spews, RBL, etc.

Re:like he said...who cares

A DNSBL used by 5,000 ISP's is not very impressive at all when most of the ISP's are located in Asshole, Indiana with 400 customers or less.

not block much useful email?

[d_vader]

It's my understanding that blocking email from IPs that are part the DUL will only block email from people that are running *their own* SMTP server off of their dial up connection. Since most (I'd guess well over 95% of the people that use dial up) people use their ISP's SMTP server to send email, this should not block much useful email.

I believe that there is a misconception herein. You state that by your guess, over 95% of dialup users use their ISPs mail server.
I think your guess is rather high, but it is close enough to be useful.
However, given that this remaining 5% is tech savvy enough to run their own mail servers, I suspect they also send more legitimate e-mail than your average user. An oft quoted figure on university campuses is that 10% of the people use 90% of the available resources. Could not the same thing be happening here?
Second this is /. after all, I expect a large majority of the population here runs, or has run, their own mail servers. There are many reasons to do so. Security, Control, Convenience. And if it breaks, you not only have the ability but also the permission to fix it.
Or, maybe you simply assume that if someone uses dial-up and runs a mail server, they just must not send out "useful" email.

Don't tell, ASK!

[mcrbids]

I've been fighting SPAM for years. I've complained to numerous ISPs, I've done untold numbers of traceroutes and the like to identify parent networks, and the whole gig.

But MAPS just seems too draconian for my taste! I've never liked the idea, as it's just too much of a shotgun approach to the problem. We need something more surgical.

SPAM filtering results in false positives. It's like having emails deleted for you at random.

Then, I discovered ASK (Active Spam Killer). This thing ROCKS!

ZERO false positives. ZERO false negatives. (so far, out of hundreds of junk mails)

In order to use it, you pretty much have to sit at the command prompt on your mail server as a local user, but it's effectiveness is (so far) flawless!

Re:Don't tell, ASK!

Ironically, this reads a lot like one of those over-eagerly written spam emails. ;)

Re:Don't tell, ASK!

Yeah - so? It's a Procmail auto-whitelist?

Sure, works for some people, but for businesses who don't want to hassle customers and prospective clients, bouncing back a "you may be a spammer, jump though this hoop to prove you're not" message just does not fly.

Also, for this to work all spam must be delivered into your system before procmail gets at it. If you pay for bandwidth, that sucks. With DNSBL systems the spam never makes it in the front door.

But with that, ASK looks okay for those who want to do this.

Troll?!?

It was a valid observation. Whoever did the mod thing to "troll" needs to take their head out of their ass. That front page article made no sense at all to someone not familiar with the acronyms. If you're gonna use acronyms, you damn well better explain them in the beginning of the article, or you'll appearing be talking out your ass to the vast majority of readers. Example:

New AI breakthrough lowers costs for dairy farmers.

Now, is that about new "smart" milking machines? All the leet geeks reading that headline would be expecting an article about cool wizardry, and the jerk who modded the above post as a "Troll" would be righteously pissed when he found out it was an article about improving bull semen collection. AI was used for "Artificial Insemination" long before electronic computers were a reality.

This is why I hate MAPS and DUL

[Ark]

Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders.

No, its not DUL preventing our fearless leader from sending e-mail, its the admin of the box using DUL.

This is why I hate things like DUL and MAPS that block everything and are prone to false positives that keep you from even seeing the mail. Stuff like spamassassin can take MAPS and DUL into account and add "spam" score based on that, but at least with spamassasin the mail isn't completely toss away, you at least have the filter it to a "spambox" you look at like once a week for the false positives and/or you can put CmdrTaco on your white list, so he doesn't ever register as spam.

Spamassasin is a much better solution, IMHO.

CmdrTaco,

[Grand+Facade]

Is a spammer????

--

MAPS == Intellectual Property Pirates

[kindbud]

MAPS RBL was assembled from user contributions. It would be nothing without the data submitted by thousands of users over the course of several years. I contributed reports to it.

When they got a fat enough database, they changed their tune and wanted to charge me to use the data we researched and gave to them, thinking we were benefitting the whole community. How wrong we were. That was the first death-wheeze as far as I am concerned. This story is just the latest labored breath by what will soon be the corpse of MAPS. And good riddance. They won't be missed.

Re:MAPS == Intellectual Property Pirates

Ooh, just like Slashdot wanting to charge us all subscription fees to read our own postings!

The DUL *sucks*

[0x0d0a]

what is the DUL

The DUL is a fecking stupid POS service set up primarily to screw over the sorts of people that don't use Windows, don't sit behind a corporate firewall and don't shove all their stuff through a corporate mail gateway using Outlook.

The DUL is a system designed so that any mail incoming from any IP know to be a dial-up address is immediately dropped. Needless to say, it's not tremendously popular with those of us who move around from Internet connection to Internet connection and would prefer to just use the mail server on our computer instead of having to remember to change the mail gateway each time we move.

I had a friend that worked at Compaq all summer. They used the DUL, and though I could send mail to *everyone else I knew*, sending mail to him was just throwing mail into a black hole, since I was on a modem and the DUL flagged me. Frankly, I find it tremendously amusing that Compaq is now going under.

The DUL is pretty much designed solely to destroy the peer-to-peer nature of the Internet and force everyone to have an ISP with a mail gateway if they want to even send mail. What's next, requiring Web connections to come from a proxy, because any "worthwhile users" use a proxy and someone else might be just a worm spreading around?

I *hate* the DUL. It's caused me far more misery than all the spam I've ever recieved put together. If MAPS is taking it in the ass, I'm just going to sit here and chortle about it.

Jamie: please get a life.

[Doktor+Memory]

"The DUL" isn't stopping you from mailing anybody. The thing stopping you from emaling your unnamed slash coder is the fact that his ISP has chosen to block mail based on the DUL. If this is such a pain in the ass, one or both of you should vote with your dollars and feet: either he should move to an ISP that doesn't use the DUL, or you should stop being a cheap bastard and trying to run a mail server from a dynamic IP address.

Why is trolling a bad thing when done in comments, but apparently entirely acceptable when done by editors in story submission addenda?

DUL side-effects...

[wowbagger]

I unwittingly caused a flame on WineHQ because of the DUL - my ISP had implemented filtering, and I did not know it, and one of the other users of WineHQ tried to contact me and got rejected.

I would say that IF you are filtering with the DUL, you should

1. Tell your users
2. give them a chance to opt-out
3. Set up a (properly secured) webmail form to shunt around the block
4. set your mail server to send the URL for that webmail in the rejection message

However, I do agree that the best solution is to use your ISP's mail server, and have your box set to forward the mail to your ISP's server - they (by definition) have better connectivity than you do, and their mail server can be trying to deliver the mail while you are installing a new kernel or whatever would cause your machine to reboot.

Ideally, distros would have this be a part of the normal setup - when you install any MTA, it should ask you if you want to forward your outbound mail to a different server.

If you wanna know what spam software sellers say

[LennyDotCom]

Read this Link to see what the scum that sell spam software have to say about spamming

Re:These assholes block even static IPs

Well, I have a static IP, like most ADSL IPs in Spain, but that didn't prevent MAPS to list the whole network in DUL (read the fine print: they make no difference between static or dynamic ip).
They're so arrogant fascists that they didn't even bother to reply to my request to remove my IP from the list. They didn't bother they blocked users who couldn't put the least pressure on their ISP (since there's no alternative). We were lucky that a friend of a friend at the ISP (then only one you can get ADSL connections from, BTW) put the right pressure to the MAPS dickheads so that they had to remove the ISP from the DUL list.
Others aren't so lucky, besides, just because one has nothing more than a dynamic IP she shouldn't be considered a second class netizen.
Hey, if you'll pay for that (at spanish rates) I'll be happy to buy my own T1.

Re:I'm sitting here with you brother

Though I didn't suffer for long the problem associated with DUL (I, like everyone using ADSL in Spain, was on the DUL for a couple of days), I feel the pain for everyone else that's suffering beacause of this neonazis.
I'm sitting here too waiting for them to take it in their ass, and hope that will give'm a lot of pain.

CmdrTaco, registering MTAs, alternatives

[ziegast]

Regarding CmdrTaco's "problem"

It really pisses me off when some dumb son of a bitch thinks they have the right to directly send an email from their dialup account.

It's possible for CmdrTaco to insist that people he talks with on a regular basis recieves mail from him. He can also configure a mail server at Andover (or any of his friends' servers) to always accept mail from him and use it to relay his mail (hopefully spammers don't find out what that network is and do the same).

It's also possible for people to just stop using e-mail to communicate. Got a project people need to work on? Setup a private web-based mail system. Everyone logs in to a common website and sends messages internally related to a project. Even better, use a threaded one-to-many conferencing system like Slash.

If you don't like spam, stop using e-mail. My main mailbox sits at the end of probably the most restrictive filtering system on the net, and I still get spam and viruses sent to me.

Regarding MTA registration

Frankly I think there should be a mandatory MTA registration process like there is for DNS servers. You must register your MTA before you can mail. This would require valid abuse contact information and things of that nature.

Instead of mandatory MTA registration for all mail servers (Hey! Verisign pioneered registered certificates for Web servers, hmm...) perhaps it's better to start other lists of servers that get an explicit "allow" like 1) "These are the mail servers of my friends", or 2) "These are servers on the Better Mail Server Bureau list becausee they adhere to policies that help stamp out spam and are accountable."

It all comes down to "who do you trust"? Back when the Internet started, everyone was like-minded and trusted others not to screw up the network. Now the circle of trust is much much smaller.

Another good place to filter spam is at the mailbox level. My mail server hypothetically accepts e-mail from everyone. Messages from people in my address book go straight to my Inbox. Mail from everyone else goes into my junk inbox. I have mechanisms that easily allow me to add addresses to my address book. Spam becomes less annoying becasue I don't have to deal with it while reading the mail I care about.

Email is antiquated

Instead of putting people on mailing lists, subscribe them to bulletin boards. Mail clients get replaced with web browsers. Sending mail becomes posting on your own bulletin board and giving me a URL (/w messenger) to read it.

The architects of Usenet2 had a great idea in that people posted messages on their servers and interested people would have to fetch the articles to read them. If you have popular content, the effect could be similar to SlashDotting. Smart people would enable caching for larger reader communities. Instead of broadcasting trash everywhere, people would pick up the content they want. The economics of spam would dissappear. Applied to email, spammers would merely send me headers. It would be up to me whether I wanted to pick up their "content". I might filter headers similar to how I limit my Instant Messager alerts to friends.

Aside

Can't we all just get along? Ok, perhaps we can't. We'll just go off and limit our interactions to the people we like (or can at least tolerate). That's what people have done in the past, and that's what people will continue to do. Laziness in the implementation of Internet e-mail today just makes it harder for us to keep out the people we don't want to interact with. This "everyone in the world can send me e-mail" concept is much overrated. It was novel in the 80's and 90's. People who can't e-mail me now (I live mostly behind a MAPS firewall) can pick up the phone and call me or reach me through a friend or find me via a spam-friendly free e-mail account.

-z

Re: CmdrTaco, registering MTAs, alternatives

[elemental23]

He can also configure a mail server at Andover (or any of his friends' servers) to always accept mail from him and use it to relay his mail (hopefully spammers don't find out what that network is and do the same).

Not a problem. Just use SMTP AUTH. He'll can authenticate to his off-site server (at Andover or wherever) and will be able to send mail with no problem, yet any unauthorized person will not.

IT's easy

[mindstrm]

for an armchair activist like yourself to say this, but reality is quite a bit different.

You might think it's so simple, but I guarantee you have no idea what things are really like.

The ISP has no motivation to change; they are a monopoly. They get the business regardless of what they do or do not do. The ISP is the national carrier. You can't set up a second ISP, you can't get bandwidth from somewhere else.

OH! Wait! LEt me get this straight.

By your logic....
Why aren't France Telecom and alter.net on the list? After all, they sell us the bandwidth. Why? Because they are main carriers.

This is not like an ISP being blacklisted.. this is like an entire national carrier being blacklisted.

Wow.

[mindstrm]

Did you not read what I said?

I support completely your right to filter out what you want. Absolutely. I also support the right of lists like spews to exist.

My problem is just that we *can't* pressure ICE/RACSA. There is no competition. There is no way to financially impact them. They don't WANT our money. They have as much business as they can handle already.

Believe me, if we had a choice, many businesses here would go with someone who does not support spam. We would gladly shop with our dollars, and put pressure on the company.

But with a government enforced monopoly that is *absolute*, there's basically fuck all we can do to pressure them.

It's your server, your rules. Feel free to block the entire country.

And my ISP is not RACSA. It's ICE. (ICE is the telco, RACSA is the domestic ISP., We get our bandwidth from ICE directly)

No.

[mindstrm]

Actually, I'm not, though it may be confused IP-wise with ICE.

I deal with ICE directly.. the national telco.
I am not a racsa customer.

IF you think spews turns this into a big lan.. you are sadly mistaken. It has an effect, yes, but only a minor one overall (currently)

Re:spam software link

[bobv-pillars-net]

Cool; I registered my spamtrap, spam@pillars.net on their site and instantly got another class-C on my blocking list.

CAn anyone explain the POINT?

What I dont understand - what is the point? why bloack dynamic IPs. They are dynamic. Meaning a user can reconnect and have another one. So, now an innocent user tries to mail someone directly, and gets refused. What is the point??

Use the Force Gordon, use the Force!

Just so the readers of this post don't take me for a complete Anonymous Coward, I am in fact Gordon's former employer, no - not that one - the one previous to his latest "Former Employer", the people that provided Gord with the platform from which DUL was first propogated out into cyber-space - Yes! that's it, orca.ca.ca! Any way, I just want to post my thoughts and best wishes to Gord on his Quest against the "evil ones".

Give 'm hell Gordo' give 'm hell.

There are two sides to every story...

and there are two sides to the story of the Censorware Project.

Sig: What REALLY Happened to the Censorware Project

There are two sides to every story...

and there are two sides to the story of the Censorware Project.

Sig: What REALLY Happened to the Censorware Project

There are two sides to every story...

and there are two sides to the story of the Censorware Project.

Sig: What REALLY Happened to the Censorware Project

screw cmdrtaco

what is he, too poor to afford an internet connection with e-mail? Give me a break.

Re:If you wanna know what spam software sellers sa

That's just one. Go to SpamSites and see about 400 of these vermin.

Wrong!

[tweakt]

Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders.

No, the slash coder's ISP is stopping Cmdr Taco's email from being delivered. It's *NOT* the DUL/MAPS thats doing it. Don't blame the blacklist for blocking people, blame people who use the blacklist to block people.

Here's a novel idea... use your ISP's smtp relay to send email. DUL tracks blocks of dialup/customer IPs. Normally emails DO NOT originate directly from these addresses to the final destination unless something fishy is going on, or the customer runs their own mail server. At either rate, simply route your outbound mail through your ISPs smtp server and your fine.

Wow, how hard was that?

Taco's setup is indistiguishable from a spammer's

Taco's setup as you described it is thus indistiguishable from that of a spammer's, and the DUL is doing its job exactly as it was designed to do. Taco can get around it easily, by simply using the SMTP host that his dialup provider has provided for him. Alternatively, the coder that he's trying to reach could lobby her ISP to not use the DUL, but that would be counter productive, as the coder would then have to deal with the increase in received spam if she were successful.