MAPS vs. Gordon Feyck: Who Owns the DUL?

etrnl writes "The spam-l mailing list has an interesting post from Nick Nicholas about a recent lawsuit between MAPS, LLC. and Gordon Fecyk, who had arranged with Paul Vixie to host the DUL with MAPS in 1998. Even more interesting is that Nick was the Executive Director of MAPS who hired Gordon at MAPS in 1999. Notable quote from Nick: 'I find it extremely ironic that an organization which is currently soliciting donations to its own legal defense fund would now be using its limited resources to pursue litigation against a former employee.'" MAPS wants a temporary restraining order on two separate copyright claims: first, that Feyck can't use the DUL database, and second, that he can't run a too-similar website (now down). The bone of contention is that Feyck claims he bought back the DUL from MAPS, and MAPS disagrees. Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders.

Re:Acronyms Abound

[MiTEG]

MAPS (Mail Abuse Prevention System LLC) is a not-for-profit California organization whose mission is to defend the Internet's e-mail system from abuse by spammers. Their principal means of accomplishing this mission is by educating and encouraging ISP's to enforce strong terms and conditions prohibiting their customers from engaging in abusive e-mail practices.

DUL (Dial-up User List) is not a blacklist, though it is often mistaken for such. The DUL is a listing of dynamic ISPs that is used as a filter by subscriber ISPs to prevent direct e-mail from those addresses.

Speaking of antispam..

[mindstrm]

Here's a problem... with no easy way to deal with it.

Over the last few years, the Internet provider for Costa Rica has been targetted by anti-spam types as a spam hoster.

Now.. that's all well and good, but the end result is that

a) The entire country's IP range is on SPEWS
b) Internet is a government run monopoly here.
c) There is no direct way to be removed from SPEWS. You cannot contact them. You cannot explain your situation. (My situation is that we happen to have some IP addresses in this country, and have trouble reaching our customers because of it. We don't spam.)

Now.. I fully support the fact that the Internet is an anarchy, that each individual is free to decide how their network will or will not accept traffic from others, yada yada yada. On that I am firm.

But when it comes to an ISP.. we have a problem. An ISP that subscribes to this, sure, it's their choice, but it's awfully hard to explain to the client that they have to instruct their ISP to stop using this service. And the odds of the ISP stopping? Not likely.

The point is, in theory, it's all fair, in practice, it's a problem.

Re:Speaking of antispam..

[yoyoyo]

SPEWS operates on the principle of collateral damage. If an ISP refuses to remove spammers on their system they expand the listings to include non-spammers.

Basically they want to make it as inconvenient as possible for the ISP's legitamate customers so that the ISP is pressured to change their ways from the inside.

I agree that you're in a difficult situation, but nothing else works.

Re:Speaking of antispam..

[mindstrm]

Again.. I don't accuse spews. Spam is a problem, and everyone is free to decide how to deal with it on their own.

I agree the system works. Unfortunately for anyone doing business in Costa Rica, there IS no competition. You have no choice. None whatsoever, and given the way things work, it's going to take quite a while to actually get changes made.

The other thing is..

This isn't just an ISP in the country.. it's the national (and only) telecom carrier. This is more like UUNET being blacklisted because on some level they sell bandwidth to spammers.

Misconception...again

[Dwonis]

Incidentally, the DUL is currently stopping CmdrTaco from directly emailing one of the Slash coders.

Sigh. No it's not. (How many times does this need to be said.) The mail server CmdrTaco is trying to email is stopping him. The DUL is just a listing; it does no blocking.

The SPAM-L post: MAPS Sues Former Employee

[Seth+Finkelstein]

Date: Mon, 6 May 2002 14:40:12 -0700
Sender: Spam Prevention Discussion List
From: Nick Nicholas
Subject: COURT: MAPS Sues Former Employee and DUL Founder, Gordon Fecyk

I have been a strongly outspoken supporter of MAPS for many years.

When I was at pacbell.net I nearly had a heart attack when Paul Vixie called in 1997 to warn us that we were about to be listed in the MAPS RBL for running unsecured mail servers. But I supported his actions even then. Indeed, his call was very helpful in speeding up the bureaucracy at pacbell.net and getting the unsecured mail servers closed to relaying even more quickly. I appreciated Paul's willingness to work with us on resolving our problems.

I wanted pacbell.net to use the MAPS RBL, but instead I was instructed by management to compile my own list. I felt my meager efforts could not compare to the quality of the RBL made available by MAPS, but, unfortunately, my own wishes were overruled.

When Paul offered me the opportunity to become Executive Director of MAPS in December 1998, it was an offer I simply could not refuse, and for the next year and a half I was one of the leading cheerleaders for MAPS.

Even though I left MAPS in August 1999, it was an amicable departure. Soon afterwards I was hired as Chief Privacy Officer for a company in the direct marketing industry, and I still continued to defend MAPS against its many critics in that industry.

Last year I decided to write a book about the history of MAPS. My intent was to focus on the companies that sued MAPS and abused the legal system in order to prevent MAPS from exercising its legitimate free speech rights. I wanted to portray Paul and Dave Rand as beleaguered but slightly flawed heroes.

However, my opinion of MAPS was forever changed this past April when it decided to sue DUL founder, Gordon Fecyk, after Gordon attempted to exercise a December 1998 contract he entered into with Paul Vixie in his capacity as MAPS CEO.

My overview of this matter, as well as copies of court documents filed in the case, can be found at the following URL:

http://www.lawsuitinfo.com

It seems that MAPS has learned a great deal from the lawsuits brought against it by Harris Interactive and others, and has adopted the same slimy tactics. In particular, the affidavits filed by Margie Arbon and Anne Mitchell are full of factual errors and material misrepresentations. I will add my commentary on these affidavits at a later date.

A hearing will be held in the Manitoba court tomorrow (5/7). We will add additional info as soon as possible.

Gordon may have to sell his car in order to pay his not inconsequential legal bills. Is anyone interested in making a contribution to help Gordon with his legal expenses? If so, please send your contributions to Gordon's attorneys at the following address:

Cassidy Ramsay
385 St. Mary Avenue, 2nd Floor
Winnipeg, Manitoba R3C 0N1
CANADA

Checks or money orders should be made out to Cassidy Ramsay

Be sure to include a note with your contribution stating that it is on behalf of Gordon Fecyk in the Mail Abuse Prevention System v. Fecyk case.

All contributions will be placed in a trust fund by the law firm and used solely to cover Gordon's legal expenses.

Contributors will receive an acknowledgement from Cassidy Ramsay. However, all contributions are covered by attorney-client privilege, and thus the identities of contributors will remain anonymous. Information about contributions *cannot* be obtained by MAPS through the discovery process.

I cannot describe how much it saddens me that it has become necessary for me to bring all of these disturbing facts to light, but I think it is essential for the Internet community to be aware of what MAPS has become. MAPS is no longer devoting its energy to fighting spam and co-operating with others in that fight, but instead is suing a former employee who attempted to exercise his legitimate rights pursuant to a contract with MAPS. I find it extremely ironic that an organization which is currently soliciting donations to its own legal defense fund would now be using its limited resources to pursue litigation against a former employee.

Regards,

Nick

Interested in MAPS? Also Check out DCC...

[jwiegley]

I've used the MAPS tools in the past to check that my mail servers are properly configured to reject relays. But for actually stopping the 20-30 spam articles I get per day nothing has worked. (We all know what those dreaded "unsubscribe" "features" really do. don't we?)

That is nothing worked until a few days ago. I recommend anybody that has spam problems, can run procmail or is in charge of a mail server running sendmail check out the "Distributed Checksum Clearinghouse" (DCC) at http://www.rhyolite.com/anti-spam/dcc/

It took me some time to get the dcc sendmail milter dccm working correctly but, since I did, this has become my new best friend. Its catching 100% of spam targeted at me and rejecting it.

From what I know about MAPS I think its a needed service to keep ISPs in check. But it seems targeted at attacking the delivers of spam and doesn't seem to provide much to directly protect the recipients of spam mail. DCC is the only solution I've found that accurately prevents spam mail from even being delivered to myself or users. I think this is necessary because if nobody actually receives spam the spammers will starve.

So If you're like me and think spam is a rashy plague that you can't get rid of their is a cream available and it is named DCC. Check it out.

What a surprise... they're unpleasant people!

[brooks_talley]

Anyone who has worked with / for / against MAPS knows that they are primarily interested in fighting. Their original purpose was to fight spam, but they're just as into fighting folks they don't like and each other. As far as I can tell, they really don't care *who* they fight, as long as there's lots of name calling and moral outrage involved.

MAPS is a joke. A classic case of the old saying about the pavement on the road to hell, and also a classic case of people thinking there's a technical solution to a social problem.

-b

Re:Acronyms Abound

[Jade+E.+2]

The DUL is not a blacklist in the sense that all mail from the listed IPs is refused. The DUL is used to refuse direct mail from those IPs, but mail relayed through another server is allowed. This prevents someone on a dynamic IP from spamming by directly connecting to the SMTP server of each target address, instead of sending all the mail through an open relay. Legitimate customers simply need to use their ISP's (or a 3rd party) SMTP relay (which presumably has message speed limits on it) to send mail, and it will go through.

Yes, this prevents someone from running their own SMTP relay on a dynamic IP, but it's the only effective way of preventing such direct-to-target-server spam from going through.

Because that's how Unix email works

[billstewart]

Taco's probably using a Linux system, with some popular Mail Transfer Agent like Sendmail or Postfix or [3 or 4 others] that are smart enough to be able to deliver mail without needing help, like just about any other Unix machine since we started using domain names in the mid-1980s. If you're on the DUL, your main net connection is probably dialup or DSL or cable modem, so you're a MERE LUSER instead of owning a T1 all your own, but so what? You've got a computer with a Real Operating System, and there's no need to pretend you're a Windows-using couch potato that's running a mail client too dumb to deliver its own email - even if you are running a dumb client, sendmail on 127.0.0.1 fixes that problem.

In other words, Taco does have an smtp server of his own to access. On his own machine. Like he should. If you're a dialup user, it's beneficial to have an inbound mailbox server somewhere that's always connected, whether it delivers the mail to you by SMTP or POP/IMAP. But no need to do that for outbound.

The reason the DUL is helpful for blocking spammers is not because there's no legitimate reason for a dialup user to run SMTP - it's just that many of the popular clients use a relay so they don't have to handle error messages or hang out trying to deliver to slow servers or delay delivery on temporarily unavailable servers, and that many spammers abuse cheap disposable dialup accounts, but they get booted off of their ISPs' mail servers too fast to make them practical, or rate-limited, so they deliver their own email so they can reach more suckers before being squashed.

Some ISPs block outgoing Port 25 that doesn't go through their servers - really annoying if you've got more than one ISP account, and don't like having to reconfigure your machine just because you're dialing in from work or on the DSL at home instead of the other dialup.

Re:Acronyms Abound

[karmawarrior]

It also has the worst false-positive rate. Typically, most Linux distros I've seen are set up to send their own email rather than rely on a third party email relay to send it. The DUL ensures that machines set up in this default fashion, despite not being set up as relays, will not be able to deliver perfectly legitimate email.

Essentially, for something to be useful against spam it has to reject as much spam as possible while leaving as much legitimate email as possible alone. The DUL may succeed on the first ground, but it fails miserably on the second. It also promotes ignoring RFCs, as relaying was never blessed as the way for ordinary users to send email.

You can reject spam by setting up your mailbox as a softlink to /dev/null. I wouldn't encourage it though, and I wouldn't encourage use of the DUL for the same reason.