Slashdot Mirror
Should You Trust MAPS?
"I spent all weekend long trying to get a hold of the people at MAPS, as they don't bother telling you when they are open. When I finally got a hold of someone on Monday morning (not an easy task, mind you!), they told me that they are not open on the weekend, so it would have been *impossible* to resolve this issue quickly. And because I was only a customer of the company who owns these IPs, they would not unblock my subset of IPs. Despite the problem originating from a handful of IP addresses, MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend! I had already made several phone calls and emails to my co-location facility, and they told me they were doing their best to get a hold of someone there. Several emails had been sent, and just as I first experienced, they could not reach anyone at MAPS by phone. When I finally talked to someone at MAPS, he told me that he would not be proactive in the matter by actually phoning my co-locator to work this out.
These people at MAPS thinks themselves quite high and holy, and in some ways they are: many ISPs and the like will bounce emails just because MAPS tells them to. (I've since removed MAPS from my list of RBL servers to check.) As a small-business owner, MAPS can be very hurtful to a business and very uncooperative in helping resolve the issue. I gave them a couple subnets of mine to unblock, but they would not, even though my IPs were not involved in the original complaint.
This experience has certainly made me think twice about who I trust to decide the fate of my incoming email."
Instead of actually working, they've counted 180,210 IPs, either they have nothing to do anymore or are just bored :()
Nobody should trust maps, as they might be out of date, or insecure and flawed.
no?
Starsucks
Whereas I have sympathy for the innocent bystander (as the poster appears to be), and whereas I agree that uncompromising behaviour can be frustrating, the SPAM black hole servers are somewhere between a rock and a hard place...
They can't just block small sections of netblocks (because a spam-happy ISP will just allocate new IP's to their paying spammer customer) - the only way they can police the offence is to ban the block.
They can't just add people back in when they've been blocked either - there has to have been some resolution of the problem, and that has to come from the ISP, at least IMHO. A customer running a website will say anything (especially if they're a scum-of-the-earth-spammer-type customer) to get back online. AN ISP who lies knows their next block will be more permanent...
OTOH, Being unavailable out of hours is
The real problem though isn't MAPS and their attitude, it's the spammers. Get rid of the spammers and you get rid of the need for MAPS. These lowlife internet-scum are where any ire ought to be directed, again IMHO.
A Sony NDA I once signed said that in the event of disclosure of anything under NDA, Sony would seek damages, and that financial reparation may not be sufficient penalty. The point being that the penalty *ought* to have teeth, and atm, the spam penalties do not. If you want less spam on the 'net, you're going to have to accept more regulation of the 'net. Another double-edged sword...
Simon
Physicists get Hadrons!
They are a big pain in the ass for us providers to deal with. But they are also a necessary evil too sometimes. Personally I like the Spamhaus lists much better. And Spamhaus isn't a bunch of assholes so that gets them the cookie in my book.
But in practice, the RBL community has been a bust. The maintainers are often militant and, IMHO, too emotionally attached to the problem. They don't provide a service anymore--they provide a surgeon with a chainsaw. While it's extremely easy to get a site on an RBL, it's often difficult or impossible to get off one. There are exceptions of course, but in general you are a designated spammer until some random magic happens and you manage to get yourself off. (yes, there are procedures, usually on a website, but often removal requests will go unreplied to, and in some cases will error. Sometimes removal works and often it doesn't) And Goddess help you if the previous owner of your IP address was a spammer. (And no, I've never run an open relay.)
I hate spam, but I don't use RBLs anymore. It's too bad, really. They were a great idea, but have been poorly managed. I'm sure someone will post links to the "good" ones, but using them is like reaching for the few good apples in a barrel of rotten ones.
Mox
MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend.
MAPS didn't block you.
MAPS added you to a blacklist.
Some admins have decided to block you based on you being in the MAPS list.
That may or may not be a good decision on the part of the admins.
Its easy to get angry with MAPS, but they're just publishing a list.
It's time to ignore some of the more trigger-happy blacklists. If enough well known businesses and providers end up on these lists and do nothing about it, using these lists to block email becomes infeasible: problem solved. Black lists are useful against a small number of hardcore spammers, no more, no less.
Short Answer: No
Long Answer: Yes
First, they want you to pay for the service. They will consider free usage occasionally, but take it from someone who has submitted five (5) applications for that kind of consideration - and have been flat out ignored - they are not a valid solution anymore, and are just looking to make money with the least amount of effort.
We use them, and they're one tool in the anti-spam arsenal. If your domain gets locked out, there's a good chance that your administrator was non-responsive. They're not foolproof, and they're not well funded. Nonetheless, their record and methodology are well-known. So is their success at getting the attention of admins from tiny domains through to AOL, its subsidiaries, and major corporations.
Yes, it bites when you get black-holed. It's usually (but not always) entirely deserved.
---- Teach Peace. It's Cheaper Than War.
You've discovered the joys of running a site on the modern Internet. These kinds of things will happen; there is very, very little you can do to prevent it. Your best defense against this sort of thing is a general outage contingency plan; whether by thunderstorm, fire, hardware failure, power outage, vengeful backhoe, blacklisting, or stupid admin trick, an extended service outage is an eventuality, not a possibility.
My advice to you? Take some time to lay out an outage response plan, or learn to be satisfied with three nines availability. Don't waste your time getting 'em in a bunch over MAPS and prepare for the next time something like this hits.
Obliteracy: Words with explosions
Despite the problem originating from a handful of IP addresses, MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend! I had already made several phone calls and emails to my co-location facility, and they told me they were doing their best to get a hold of someone there.
That's a little bit unreasonable. If you, one of the customers, was trying to deal with them, it would have been much more reasonable to simply unblock your IP(s). Blocking an entire block due to one single issue (or so it seems) is pretty unreasonable. I'd send them a formal letter of complaint, rather than talk to one of their phone operators.
- dshaw
not after reading this yesterday
btw. no need to type things in all caps. its considered rude, yo.
maybe a form of passive protest is in order here. Since you've been black-balled by these Lords of Spam, you might as well dive into the Spam business. Make whatever money you can selling viagara, cialis soft tabs and penile ejection units, might as well.. around town everybody knows you as the hero-cum-spammer.
When they take you off the list, stop spamming.
I think MAPS should go further and recommend a 1 week penalty (after fix, of course) for all servers which relay SPAM -- just to make sure they're really fixed.
A person is a irresponsible admin if they don't know the entire policy for any RBL they use. The fact that you used them without knowing if they have a clear removal strategy is irresponsible, as is anyone else who uses them.
Want to see every step I took to start my company? http://www.rowdylabs.com/blogs/pitchtothegods
which offer no way to contact them and no way to get off. Others are private lists run by telcos that offer no acknowledgement of the BL or how to get off it. Not an easy task.
MAPS has made some big bloopers over time. They've also done a heck of a lot of good. The founders have had to endure all sorts of attacks, threats on their lives, etc.. and they perservered with their vision.
Are they perfect? Far from it. IMHO, if you weigh the good they've done against the harm they've caused, my view is they are overwhelmingly good.
As for Kelkea, I have no opinion.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Yeah, except it sounds like the submitters IP was not involved in the spam complaint. Its difficult to respond to something you never recieve.
If hunting spammers was legal this wouldnt be a problem at all.. Uh. unless someone thinks you sent them spam due to faked headers etc..
At the very least it should be reasonable to punch someone who buys something from spam. The main problem is the vast and bountiful supply of idiots that make it worthwhile for the spammer bastards to carry on as they do.
Starsucks
You might be better served by doing business with a more reputable ISP. I'm not sure what "a few spam complaints that weren't dealt with quickly enough" means, but I imagine there's a large other side of this story. If your ISP's inability to follow the rules impacts your business, it seems more reasonable to me for you to have taken the matter up with them all weekend long, rather than spending it trying to fix what they screwed up.
Collateral damage is a given when using blacklists. At least MAPS doesn't require you to pay to be de-listed, like SORBS.
We stopped using some blacklist when I was working at netmar a couple of years ago. I remember it being a huge pain for customers.
Of course, we had been saving all our spam since like 1997, and when we fed all the spam (30,000 messages?) into a bayesian filter, it caught most spam. Also, we still used ORDB, as they tend to only target specific kinds of problems (obviously, Open Relay Data Base). That caught a lot, also.
Really, it goes back to the eternal tradeoff for any computer system - ease of use traded for security. Always.
Strike a compromise - don't be overzealous, but take reasonable precautions.
~Will
sig?
What do you do when you find out that a domain that gets used is blacklisted by someone for no reason, and they won't take you off the list unless you give them $250?
-- $G
Uh, that helps absolutely none in this particular case. If you'd bother to read the text, and it wasn't even a full article, some OTHER company/person was responsible for 180,000 IPs getting blocked, including his subnets which had ABSOLUTELY NOTHING to do with it.... His company's customer service had squat to do with it. Neither did his ISP's really...
(\(\
(^v^)
(")")
This is the cute vorpal bunny virus, copy to your sig or runaway, runaway in fear!
I don't reject or accept mail based solely on the opinion of any one RBL anymore, specifically because of problems like this. Each incoming message is scored by SpamAssassin, which checks to see if the sender is on any RBL and adds whatever amount of points I decide. I still give two points to ORDB, but pretty much everybody else only has a fraction of a point these days, because of being overly aggressive. I don't even use SORBS anymore.
this seems to happen a lot. The only thing to be done is get the word out that certain RBLs are unaccountable, and hope that other ISPs stop using them.
"more accessable than MAPS"? You mean have someone who actually answers the phone? Sounds great to me.
The issue with MAPS is that the "YOU" you refer to had NOTHING to do with the spamming, and when they requested to have their IP subnet unblocked (after MAPS was closed over the weekend) they were told
1) No.
2) And no, we will not contact the IP-block-owner to resolve the issue
So whose customer service is lacking here?
RBLs do not block anything. They provide attributes for every IP address, and users of the RBLs can decide the fate of communication with these IP addresses based on the RBL-provided attributes. The effect is similar, but not the same, and there's a big legal difference.
There are no trails. There are no trees out here.
Sue the fuck out of them. What else CAN you do?
There should be some kind of standardization as to why IP ranges are blacklisted.
Not like, "They said they were neo-Nazi's and we've chosen to ban their entire ISP for not removing their page, because we're offended by Nazi's." which could very well happen now.
But more like, "We've received over 500 unique spam complaints about IPs in this range. Company hasn't responded in 5 business days. IP range is now blacklisted until they do something about it and contact us."
Of course, the larger the ISP, the more attempts to contact them could be made. Like maybe two weeks for a large ISP and a week for a smaller or ISP that's in some backwater country.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Some are well maintained, and even automatically maintained. spamhaus and spamcop come to mind. One of the less desirable ones that comes to mind is SORBS, where if they list you in one category you've got to donate $50 to charity, per message, to be delisted. You're an ISP providing smtp to your customers, and you're listed again? Tough.
I work on the helpdesk for a multinational multi billion dollar company and so far in the past half a year something like this has happened twice. They put any e-mail sent from an address ending in @companyname.com on the blacklist.
It is nowhere near where I support things but somewhere along the line they got the blacklist removed both times within 24 hours. I can imagine if it is a company that is less known it would be nowhere near as easy to get done.
-- Any comments seen here are not mine, but a mixture of alchohol and lack of sleep.
I got listed on the DUL, but my class C was not dial-up addresses, I had to contact them and convince them I wasn't a dial-up customer. Unfortunately, they wouldn't talk to me because I never set up reverse dns resolution on my class c, it reversed resolved to my isp. So I had to get my isp to call them and explain that it's not a dial-up list. It all worked out in the end, but it was a painful two days. Now, I actually use the black lists because I was being hit with a tremendous amount of spam, I needed to do something. It was taking more than 4 hours for my mail relay to process the mail. I still don't like them, but they are effective.
How can you blame MAPS when you should be blaming the ISPs and other email administrators for subscribing to a blacklisted that has no checks or balances?
While MAPS (or SPEWS) may be overzealous and entirely destructive in their obsessive quest to stamp out SPAM, it is ultimately the email administrators responsibility for using them. Blame them for not doing their job right.
Feed the need: Digitaladdiction.net
If sending email on weekends is so damned important to your business why do you only have one ISP?
"It is better to let 100 spammers spam, than to block one innocent person's IP address"
-Saint Thomas Aquinas, circa 1423
happened to my girlfriend's work, a charity, operating a clear, double-opt-in newsletter service about their ongoing work... some moron who clearly subscribed to their newsletter decided it was easier to use an automated "report as spam to ORBS" tool then it was to simply reply to the e-mail, click the "unsubscribe now" link, or re-visit the web site and opt-out via the very prominent, very obvious opt-out tool.
ORBS, in turns, blacklisted their mail server as an open relay, and then had the unbelievable nerve to tell my girlfriend that they would lift the ban in exchange for a "donation" so that they could continue to run their service.
While this isn't criminal, it's morally repugnant.
Bottom line, "blacklist" services like ORBS/MAPS are a horrible, misguided and idiotic idea. Case study after research project after real-life experience can attest to this.
bash-3.00$ uname -a
SunOS panda 5.10 Generic sun4u sparc SUNW,Ultra-2
You should never trust any RBL, but if you must, you should pick one which defines a VERY narrow criteria with NO collateral damage.
Time and time again, I see people trying to enforce someone else's terms of service (usually poorly, and without room for any exception), getting blacklisted for non-spam activities (e.g. using a provider that hosts a spammer willingly), etc, etc.
These are attacks on the nature of the Internet as a network of peers.
Spamhaus does a very good job with XBL of listing just systems that are known zombies, relays, etc.
Combined with a decent offender-only list of bulk spam sources (I use dnsbl.antispam.or.id), you get excellent results, with few (none that I've been able to discover through analysis) false positives.
SpamAssassin, of course, makes this a moot point by combining and weighting several sources. I've never seen a false positive from SA as a result of bad blacklist handling (other tests, sure, but not it's DNSBLs). However, you may need some pre-filtering at SMTP time to reduce the load on your spam-filtering system, and that's where the above strategy comes back into play.
What do you do when you find out that a domain that gets used is blacklisted by someone for no reason, and they won't take you off the list unless you give them $250?
Inform the DA of blackmail?
Javascript + Nintendo DSi = DSiCade
..and all because of a few spam complaints that weren't dealt with quickly enough.
I bet complaints will be dealt with a bit quicker next time, won't they? As someone who has had spamming ISPs ignore my complaints, I'm thrilled to see you get jacked up. Next time, get the spammers off your network and keep them off. You are part of the problem and you've seen what it costs. You can choose to continue being part of the problem or you can be part of the solution. Your call.
- Stop spamming or clean up your network (if applicable)
- When you have fixed your problem, politely ask the blacklist to update your listing
- If you really encounter dead ends, then ask sites using the blacklist to discontinue their use of the list.
Remember, the blacklist is just publishing the data. It is up to each mail site administrator whether or not they want to use that blacklist. That's their choice. I run a blacklist myself and am in contact with many other operators. Everyone I am familiar with is eager to prevent errors in their listings, and is responsive to polite requests to remove listings that deserve to be removed (i.e. their network has been cleaned up).then the girlfriend gets all pissy and I have to run into the gas station asking how to get somewhere to someone behind a bunch of steel bars in a city that makes Detroit look like Salt City and buy some fresca and swedish fish for the girl to calm her ass down. By the time I get back she's blacklisted me and won't accept any deliveries, what the hell she's just in it for the money anyway. You definitely can't trust 'em, the blood sucking creatures that lurk in the background looking to take all that is yours and leave you violated and misrepresented.
I say we just grow up, be adults and die.
How often does it need to be said? Spamhausen only react to complaints by their own customers, so complain to your provider (co-location facility). Loudly. And if they won't listen, let your wallet speak up and walk.
1. MAPS finds problem, discovers hosting by co-loc, bans entire co-loc.
2. Very shortly after ban, MAPS is unavailable for contact for 48+ hours.
3. MAPS refuses to unban innocent bystander.
4. MAPS refuses bystander's plea to contact co-loc.
Seems to me that MAPS has several problem. Aside from procedural issues, perceived arrogance, negligence, incompetence. Submitter is right. Overzealous, for sure.
I sure wish they were better. It hurts the users.
Let's see, you were slow dealing with spam complaints. Why should I be sympathetic? This is exactly the kind of thing I expect MAPS to do. The next time you get spam complaints from them you might not put it on the back burner. We need more services like theirs to take an aggresive approach.
Similar service like MAPS, do this ones really more incompetent. They have blocked my dedicated service IP, because one server in the same subnet had spammed once. They have blocked the entire subnet. SpamHaus replied quickly, but never fixed the problem and always reply that they do not have liability, only the ISP that blocks my emails based on their data. Perjury is crime, therefore saying I am a spammer because my IP is in the same subnet of an actual spammer. Imagine saying I don't a country because I don't a guy there. Spamers are responsible, as well as people who block messages by false positive spam flags.
Anything to make spamming less profitable. I personally rather have a couple of spam emails than miss one valid one, but if the rest of the world has to miss a couple of valid emails so I get less spam who cares.
Because we all know that black hole services work!
Oh wait... no they don't.
Anyone who uses a blackhole service as the final decision maker on whether or not to reject mail is a worthless system administrator that is negligent in his or her job. They should not be allowed to administrate systems if that is the case.
The bottom line is, Black hole systems like MAPS/ORBS/etc... don't work as intended, period. Anyone who says differently lives with blinders on, and is totally incapable of accepting reality. Yes, I feel quite comfortable making this blanket statement.
I, thankfully, have never been on the receiving end of this vigalante, worthless system, and my mail servers rarely get rejected for main being misidentified as spam. However, I sympathize greatly with the people that do. Since I am a competent administrator, I am capable of seeing exactly why RBL's don't work; why they have never worked, and why they will never work. Anyone with any competence whatsoever in managing a real, live mail system on the real, live internet (running a mail server from your DSL line does not count) knows exactly why RBLs are useless as final arbitrators.
They can be used just fine in a weighted system, and that's exactly how they should be used... but any system that uses it for final arbitration should be wiped off the face of the internet until such time as the system administrators can get their heads out of thier collective asses and learn how to actually do their job, instead of shucking off their responsibility to these RBL administrators that have a God complex and should be shot on site. They are little better than the spammers they are trying to stop in their zealotry (is that a word?).
I've set up my network and they have blocked me and they refuse to tell me why despite me asking for SEVERAL YEARS.
They will not tell me why my 192.168.1.x network is blocked.
Blackmail my ass. Hey, I just added your IP to my blacklist. Pay me to get off it.
You think you have a case with the DA?
Turns out you're really advertising for MAPS, because prior to this post, I never heard of it and nor did 80% of the slashdot community.
Good advertisement!!
The spam complaints were dealt with, but MAPS nevertheless blocked them.
You try running an ISP/Colo and then apply your same attitude when a rouge customer starts spamming and then you get blacklisted with no ability to get off, despite your best efforts at stopping the spam.
And on a broader front, are you really prepared to trust a company like Kelkea, Inc. (owners of MAPS) to decide what emails gets to you without really knowing how they operate and deal with resolution processes?
I don't trust MAPS in any way whatsoever. However, what does your or my trust have to do with it? Nothing! I don't have any dealings with Kelkea, so this seems like some kind of smear campaign against the company.
Honestly, what is really the issue here? If you are paying for their service and you don't like it anymore, then why do you keep using it? The maintainers include whatever IP addresses they want and, if you find it meets your needs, you keep using it. If your customers aren't getting your email, then they should reconsider whether or not they should use MAPS.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Public blacklisters should be blown away completely. I used to work tech support at a large ISP, which unfortunately had the bad habit of buying out smaller ISPs and melding them into its core. Now, in the process of this the large ISP would relay mail for the domains and IP blocks that were purchased. Quite a number of overzealous blacklisters (blackhole for one) essentially saw our mail exchangers to be 'open-relay', and we only found out about it when someone called to complain that she tried to send pictures of her baby to her mother on AOL and got a nasty email back accusing her of sending spam.
Since our mail servers were not the source of the malfunction, we as support personnel were required to direct the user to complain to the destination that was not allowing her mail to get through. This of course was often a dead-end street for the user, and weeks would go by before any action was taken by the ISP using the blacklist, or the blacklist itself. As a result, we had many unhappy customers that could not send mail to networks that were run by lazy administrators that preferred to let a blacklist determine what could send mail to their network, rather than do their own jobs.
perl -e "eval pack(q{H*},join q{},qw{70 72696e74207061636b28717b482a7d2c717b343 637323635363534323533343430617d293b})"
Given the choice between blocking more spam and blocking fewer legitimate emails, I'd rather settle with blocking fewer legitimate emails. Most RBL maintainers see it the other around. They are full of themselves and are generally unhelpful when they mess up. One or two offenses and they'll block an entire subnet.
Blacklists are good for flagging potential spams, but you never want to blackhole something unless you're absolutely sure.
A rock and a hard place? Nobody's twisting anybody's arms and saying, "Go out and blacklist people!" These are net vigilantes on a power trip, and they're making life difficult for a lot of innocent people who have nothing to do with spam. Those are the people caught between a rock and a hard place.
Never trust a blocking list at face value.
The aim of most of them is an extreme one - of not only eliminating spam, but punishing anyone who has a vague link to spam. The actual definition of a link to spam is solely at the discretion of the list administrator. This can be arbitrary.
Often, the administrator is a power hungry nerd, and refuses to consider that anyone except a spammer could posibly have a different opinion on the matter from them. They have no intention of helping you. Only of demonstrating their supreme power.
Decent admins will be very choosy about what lists they use, and will consider the ones they do use to be a suggestion. Not a definitive statement. Sadly there are too few decent admins around.
MAPS are trigger-happy...
if they smell a spam somewhere, they just block away...
we stopped using them because of this.
now because of these idiots, we have spammers popping up in darkblocks and by time MAPS and others even knows there is spam coming from anywhere in there, the boxes sending the garbage mail are no longer even pingable and up in another block somewhere slinging spam everywhere..
rinse repeat..
so, by using a rbl list, you can block a lot of mail where some spam came from at some distant point a long time ago.. and because of the volume of spam sure, you will block some.. but it is the same effect as turning your mail server for one day per week.. you are going to block some spam, sure.. it is a given..
anime+manga together at last.. in real time.
Go see a lawyer. A consult us usually free and he might just charge a small fee to send a letter to Kelkea Inc. Mention stuff like lost income, puntivtive damages, and the like. I bet you will be off the MAPS list in a heart beat.
And if not. sue their fucking asses.
Supporting World Peace Through Nuclear Pacification
Well, I'd say tough luck buddy. There are way too many Colo/ISP with little or no checking when granting IP address spaces to spammers, hackers, and p0rn punters with stolen credit cards. i.e. Everyone's Internet, ThePlanet, just to name a few. Most RBL's don't block 3 entire class B's just because of a few bad apples. Besides you should never trust one list for RBL, because of the transient nature of these addresses. Anyway it's not MAPS job to straighten out these shitty ISPs, who are the causes of 90% of SPAM, P0rn, Viagra/Vioxx, and domain parking scams on the NET these days.
I compare doing business with these ISPs similar to buy black market goods, just because you get a good price, does not make it moral. Find someone more reputable next time.
I don't... I stop the spam before it leaves my server.. sorry, if you got on a blacklist it's your OWN STUPID FAULT.. lock your servers down better.
Actually, I believe a shotgun would be a very effective weapon against a fly. If you go around all day shooting at a fly with a shotgun and missing, you're drunk.
I figure I should mention an older YRO Article from 2000 that indicts MAPS as censorware. If I had remembered the URL before this story went to press-time, it would have included it.
Now, 5 years later, it looks like the indictment still holds.
I realize this experience is very unnerving and frustrating, but please understand that I'm getting sick and goddamn tired of all the spam in my mailbox. Something has to be done about it, and it won't get done until we hold someone accountible. If your colo service won't hold the spammers accountible, then as far as I'm concerned, we need to hold your colo accountable.
Finding God in a Dog
Spammer, Spamer, Pants on Fire!
If we go thru the history if the ISP and netblock in question, we may find that an infamous spammer has been using it for the last 6 months with no attempt by the ISP to resolv the problem despite many warnings from MAPS and other anti-spam organizations -- or we may find that MAPS went on a wildcat strike.
Given the very vague real data about this dispute, I'd be inclined to tell the complainant that he's probably the customer of a hardened spam provider, and he may be best to find another provider (as unpleasant as the move will be). If we get more than generic information, I may be able to giver more than a generic suggestion.
Usually Usenet death penalties are a last resort. MAPS may seem like they're assholes, but my guess is that they're finding themselves dealing with some assoles of their own (i.e. the offending ISP). In the moment, they can't tell the difference between you, and the offending spammer(s) who triggered this showdown. (( I'll presume, for the sake of argument, that you're not a spammer yourself )).
They're not willing to deal with you because their beef is with the ISP, and that's the only place where the problem can be resolved. They're iconveniencing you because it's probably one of the few tools left that they have to push your ISP to stop inconveniencing the entire internet.
Free Software: Like love, it grows best when given away.
inform the people who actually USE that blacklist that their blacklist operator is a jerk and costing them business. remember.. it's not being on some list whats the problem, the problem is when someone uses that list to deny access from you.
:).
with numerous fake aliases from hotmail
world was created 5 seconds before this post as it is.
If your ISP is too self important to respond to abuse complaints then tough titty if they get their entire IP range blocked.
Get another ISP.
(If at first you don't succeed, do it different next time!)
Your listing doesn't cause it.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Perhaps a good solution to the spam problem is finincial penalties imposed by the ISPs.
When you sign up with an ISP, you are given a contract that says the ISP is allowed to bill you $10 per unsolicited mail complaint that they get about you. It gives the ISP a money inscentive to chase down the spammers, a legal hammer (a contract) to hit them with, and it stops the problem without any heavy handed regulation by congress.
I hereby name this idea the 'MadTigger' solution, declare it copywrited, and give permission to anyone who wants to use it at no charge for all eternity.
HA! I just wasted some of your bandwidth with a frivolous sig!
Here's how it works, remedial version: Someone reports your IP (or a close neighbor) to a RBL, who then adds (usually) a block of IP's to their blacklist, which includes your IP. Now, ISP's who subscribe to this RBL have your IP in a blacklist, and they will often block all mail originating from your IP address. If your customers use any of the ISP's that subscribe to that list - well, guess what? You can't get through to them. Doesn't matter if you have ever dealt with that RBL or not.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Perhaps people should start learning that abuse (spam) reports DO have more weight than they appear.
HOWEVER, sometimes the cause could be one single user abusing his right. In this case, MAPS should have a special flag on "single user" and track the case particularly.
Power + Precision. Currently they only have power.
I'm an admin on another small service who was hit by the same MAPS tantrum. Some people on here seem to be posting comments that illustrate confusion about what went on. In the simplest terms it is this: a large number of IPs were blacklisted by MAPS even though the vast majority of those IPs were allocated to servers with responsible admins that had never sent spam. Many of the IPs in those blocks had been leased to smaller co-lo sites and then leased again to organizations like my own. Apparently, though, the decision was to block all IPs belonging to the highest-level organization; a completely ridiculous decision.
Once more to make it clear: many of the blocked IPs were in no way related to spamming. Please do not respond by saying "you've admitted there was some spam". The truth is that many people were punished because they happen to share the same block.
Say what you want about the need to fight spammers. Any system that produces 180,000 false positives to get one true positive is not useful. MAPS has clearly demonstrated that they are not a useful system for preventing spam.
===== Murphy's Law is recursive. =====
As an IT employee for an Internet advertising company, I used to think that RBL services were extremely effective. Most current advertising companies don't get paid unless they actually provide the advertiser with something of value, namely an acquisition of some sort. Untargeted SPAM never provides solid leads of any sort, and rarely actually results in any sort of customer acquisition. Thus it seems that most publishers, or companies that are trying to drive traffic to these advertisers would not resort to using UCE, as it doesn't make any money for them AT ALL.
Blacklists were great for pointing these EXTREMELY stupid email publishers at. Not only will you not make any money, but you run the risk of putting yourself out of business if you get blocked often enough.
Of course, blacklists don't help when companies that are currently on ROKSO have inside help on removing themselves from SpamHaus. WTF?! One of the publishers that we had worked with (let's just say it rhymes with "Slopped In Teal Pig") got us added to the SBL simply for having been related in some way. That's fine, it's the risk that an advertising company runs for being in this space. Imagine my surprise however, when aforementioned publisher (let's call him "scott") sends an email and gets us immediately removed.
Sooooo...ummm...how does that work? The only analogy I have is the mob boss being able to make our prison system "pardon" anyone he wants whenever he wants. It just doesn't seem right.
Enough from me. I already feel like I've sold my soul due to the line of work I am in. Just goes to show that the "good guys" aren't any better.
Here is something that I haven't seen anyone here suggest to help counter this problem of "unresponsive blacklist maintainers".
Sue them for libel. That's right - libel. Think about it - they are providing (writing) their advice to others and causing damage to someone's reputation. If this isn't a clear case of libel, I don't know what would be.
Yes - IANAL!
Ron Gage - Westland, MI
I use to use MAPS as a black hole and then found myself in the black hole too - for having a out of date version of sendmail. Nothing went through it - just the matter of my sendmail version.
After that, I was like screw MAPS and all these other assholes.
(I did upgrade my sendmail.)
Since then it has been bayesian filtering and while I have to carry the data a while - that is good enough.
Maps has been doing this for years. There's nothing new here. We subscribed to MAPS probably 6 or 7 years ago, and we got listed ourselves and couldn't get any help even though we were a paying customer.
Try this one: http://www.mxrate.com/
The database is updated every 30 minutes 24/7 and delisting takes no more than an hour if there is a problem, but there seldom are. No netblock listing either. Yeah, I work for the company (shameless plug) but this system was designed by real MAPS victims. There is a free public DNS version too.
MAPS are not at fault here, your colo hosts are. If your colo house signs up a new customer, and their logs suddenly show a spike in smtp traffic - it's not MAPS's fault if they don't sit up and take notice. I'll bet there are a ton of people reading this list, who know pretty much instinctively when there's something amis on their LAN/WAN. Spam is not difficult to spot if you're hosting it, let's face it. As a former ISP I speak from experience - we knew within hours if any of our clients hooked up an open relay mailserver (never encountered a spammer but encountered plenty of company admins who didn't know their mailservers were open for relay and needed beating with a clue-by-four). In the end, we blocked outbound smtp altogether and opened it only for people who asked for it AND demonstrated some clue that their mailserver was secured. Your provider (a) did not notice it (and/or ignored it) and worse, (b) apparently ignored the problem until it was too late even after they were advised of it. I'd class them as spam friendly, whether they intended to be or not. Imho, you are righteously annoyed, but with the wrong people.
I am an email administrator of a large University and we are heading in the direction of purposily choosen to drop legit email.
We have been using RBLs to decide SpamAssassin score to mark the subject line of emails. No email would be dropped and marking of email would only occur if the site was listed in multiple RBLs or other SA rules where triggered.
The option to filter and even drop emails was decided by the end users themselves. This option had been good enough to help address the vocal few that would make a political deal of SPAM about once a month.
Now that the problem has changed from trying to weed out penis enlargement emails to a problem of Phishing emails stealing people's credit card numbers, the political stink about SPAM has become alot messier. The group that was afraid of legit emails being dropped has become very silent and the "offended" groups are now willing to knowingly throw away good email to the bit-bucket if it means one less Phishing scam making it to their Inbox.
The attitude can be summed up by this user's comment:
"The problem has gotten so bad to the point that I can't trust ANY of my email anymore. Let's get it to the point where email is at least *useful* again, and then we can discuss a future where we can address what I missed."
Eventually, systems that automate blacklisting also need to allow for automating whitelisting.
It can take upwards of a week or more for DNS changes to filter through the Internet, so if your business is dependent on Internet connectivity you should just have to close up for a week because MAPS will not unblock your IP range when you are innocent? Who pays for the week your business is down? If it happens again, then what?
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
The answer is simple, if you don't trust RBLs then don't use them, you have that option.
Stop spreading FUD. You obviously don't understand what a DNS RBL is. It has nothing to do with domain names in sender addresses. It's all about client IP addresses. If your IP is in the RBL, you're rejected.
(Yes, RHSBL's can be made to work the way you described, but that wasn't what this article was about.)
I work for an ISP who recently got blacklisted just as the poster did. All of our outgoing SMTP servers got blacklisted even though it was a colo customer sending a majority of the spam. Then, after numerous contacts from our abuse department, we get no response at all.
The problem as I see it is this: MAPS operates on two fronts. They have their customer front, and they have the blocking front. Customers use MAPS because it does cut down on SPAM. ISPs like RoadRunner even use it. On that front, it's a good service. On the back end, though, they aren't responsive, and they aren't really operating responsibly (they don't have to).
In other words, what can you do? MAPS will appeal to customers for a long time, and those who are blocked will have to deal with it.
They are using their own RBL on their mail server.. thats all.. Thats why they never got you message!
What are we going to do tonight Brain?
I disagree with you about excluding his ISP from responsibility here. If MAPS is working the way they should be, then this subnet would not have been blocked unless the writer's ISP had failed to deal with a problem that had been previously reported to them. His ISP's customer service has everything to do with the problem he experienced.
How do people deal with MAPS and other RBL services who will not cooperate or be reasonable?
Lawsuits, generally.
Here come da fudge!
Legal Action.
Online backup with Mozy, sounds like Ozzie, but more!
So your ISP was frantic to resolve a spam complaint on a weekend. DNSBLs aren't perfect, and the guys at MAPS are no angels, but that sounds damn effective to me. You think MAPS is hard to get ahold of? How accessible do you think your ISP would have been if one of its IPs had deluged me with spam over the weekend?
MAPS is being harsh, yes. But too many sysadmins (and now, WAAAAAY too many zombie computer owners) are unwilling to do anything to combat this. So if MAPS blacklisting everyone in an IP block is a way to get the ISP to wake up and deal with the problem on their network, I say more power to them.
I sympathize with this guy's plight (especially since it sounds like he was just a bystander) but his ISP was lax -- and it might have just ignored the whole thing altogether if MAPS hadn't taken action as radical as this. What this really says is that he either needs to demand that ISP enforce stricter no-spam policies or he needs to take his business elsewhere.
I don't have any pity for the few (if any) legitimate users of spam haven networks like Optigate or Genesis II having their e-mails blocked. Spammers are willing to go the extra mile, that's why they're winning.
has anyone tried to get MAPS to blacklist themselves yet?
or maybe ordb to blacklist maps and tit for tat?
I noticed you don't say who your ISP is. Could this be because there's a good reason their IP addresses got listed on MAPS?
If I were you, I wouldn't be railing against MAPS. They're just keeping track of where the spam is coming from. The parties at fault are mail providers who blindly block mail based on the contents of a single blacklist, and very possibly *YOUR ISP*. I would be VERY curious about how your ISP's addresses got listed. The best way to avoid getting your mail blocked is not doing business with spam-friendly ISPs.
I run a mid-sized mail system (~20-30K messages/day), and we do block spam based on RBLs. But any particular message only gets blocked if it gets a very high SpamAssassin score, which means it hit multiple RBLs, and it got a high Bayes score, and probably hit other rules too.
Blindly blocking mail based on a single RBL hit is going to cause trouble, as demonstrated by today's story. With the anti-spam tools available today for free, one would think this practice would have already faded into history. Even if the biggest ISPs get too much mail traffic to make a full SpamAssassin-type analysis of every message practical, you'd think they would at least require hitting multiple low-FP RBLs before blocking mail outright.
include $sig;
1;
This is exactly the reason why I don't use any RBL's on my e-mail server. I'd really like to, it would be nice to cut down on spam. But there are a million lists out there, and it's quite difficult to know who is responsible and who isn't. MAPS is one that I definitely don't agree with though.
This sort of "making a statement" tactic, like blackholing all of AOL or something similar, is all well and good in theory. Except that it doesn't reduce my work! Maybe I don't have to spend as much time on spam because of it, but now I have to figure out why a lot of people can't send e-mails. Some of which, maybe, were even important.
and all because of a few spam complaints that weren't dealt with quickly enough
Define not quickly enough. If we're talking 24-36 hours max is not quick enough then you have a valid complaint. Otherwise you don't. Spam problems need to be handled quickly and I'm sure your provider "has" a no spam policy.
The other question is what has your provider done to fix the problem? Obviously not a lot if your complaining here. I've gotten blocked by my share of RBLs cause of dain bramaged spammers popping on and open relays (years ago). It's not that hard to get unblocked you actually just have to care. Oops probably shouldn't have said that now the secret is out.
It's been said before. If your running a mail server make sure the IP it sits on has a good and responsive abuse department. It saves a whole lot of trouble.
Whilst spam etc and methods to control is always a changing landscape, I cant help but ask what about having a second mail server with a different provider to help combat situations like this. Both mail servers could be setup to talk to each other via a vpn, receive / send email from either end. Inbound email could be routed using MX records, but the outbound queue's (where MAPS would be causing the problem) could all be resent using the alternate path in case of primary path failure due to the primary being on the MAPS list.
I was expecting this to be an article about Doblin's plan for world domination through prescribed psychedelics.
No, I never said that you have to be a customer of an RBL. But he did imply he used it with"(I've since removed MAPS from my list of RBL servers to check.)".
I said he was irresponsible for using them without ensuring their fairness first. I was calling him a hypocrite, and he got just desserts.
He since has contradicted his earlier implication with his direct comment, but I still contend, any Admin who uses untrustworthy RBL's is an irresponsible Admin, who deserves to have this same thing happen to them to show what they're inflicting upon others.
Its sort of like someone who condones lynch mobs, then is suprised to find himself the unjust target of one. It sucks that it happened, but you have to say, from the sidelines, he deserved it in a way.
People who use RBL's of unverified fairness with no/litte due process all deserve this fate (but alas, most won't suffer it because RBL listing can happen to anyone, not just user of RBL's).
Want to see every step I took to start my company? http://www.rowdylabs.com/blogs/pitchtothegods
Seriously, we didn't see this kind of fuss when the USENET community blackholed the entire Comcast cable community for a while, even though I'm certain there were a few innocents out there.
(Hey, the USENET "Death Penalty" was once a serious threat to ISPs.)
There are no workable solutions, whilst e-mail is an unprotected, plain-text, unvalidated, unauthenticated service. There are only attempts to get a compromise that cure a little more often than they kill.
In a way, I like major problems like this, because things are more likely to change under pressure. People are generally lazy, so when there's no need for improvement, there isn't any. Once the system becomes broken enough, that will change. The last thing you want, though, is slow degradation, because people will build up a tolerence and change becomes completely impossible.
This is not my preferred option, and I don't believe it's the option any "free/open source" fan supports. If you're into Linux or any of the *BSDs, the odds are high that if you have an itch, you'll scratch it, rather than deciding your arm should fall off first. On the other hand, if that is what it takes for others to do anything, then maybe we're not doing them any favours if we enable them to overlook the inevitable.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
From experience, it was either way more than a few complaints, some major repeat offenders, or your CO-LO told MAPS to bugger off.
MAPS publishes the lists ... MAPS can't force me, or anyone else, to use their lists. If they cease being useful, they will cease being used. To be blunt, I don't care if YOUR sending is blocked until it becomes apparent that I'm missing emails.
On behalf of many members of the male gender I would say no. We don't trust those lying overpriced pieces of paper. And we don't ask for directions. We rely on our innate sense of direction.
One time, I even made it to Mexico without consulting a map. It took me days but I got there. I learned a lot that I didn't expect from that road trip. Like it's so cold in Mexico that there's moose everywhere. Also the Mexicans tend to pronounce things a bit differently. Like "about" is pronounced more like "aboot". And they tend to say "eh?" a lot. It's far different than the Mexico I read about as a kid.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Put up or shut up, n3c. Give us the IP to judge for ourselves. We'll check the evidence, and probably learn the truth. I bet you don't want that.
Oh, and in your quest to learn to speak and write English, please remember to review the meaning of perjury. In a legal sense (it IS a legal term, BTW) it means knowingly false statements made under oath in a legal proceeding. Nothing of that nature cited here.
Spamhaus is the best in every way. Fewest false positives, due diligence to prevent collateral damage. Your rant reflects on YOU!
This question is the usual spam lies. It cites no specific IP range. It sites no SPEWS records. It doesn't site the owner of the supposed block netblock.
This is the same tactic spam lairs, profiteers, etc use all the time. Even the "180k" blocked IP addresses is an appeal to emotion. There is no question in my mind that whomever posted this is a crooked spam sympathizer.
Cartooney.
All the ISPs that decided to trust MAPS decided to put their recommendations into force. It's not that they've been delegated power from above, it's that they provide a good way to deal with a problem. ISPs should be more careful to look at who they're providing service for, and be as responsive as humanly possible when organizations that act to fight abuse come calling.
For every problem, there is at least one solution that is simple, neat, and wrong.
he's not giving the full story, "a bit of a spam issue". piss off he had 100000000 of spam comingout an unsecured ms exchange server or something, and maps rightly blocked him. i consider it fair punishment for poor administration.
If you mod me down, I will become more powerful than you can imagine....
Sorry, you are correct of course. I did not realize the ISP itself had been slow in responding... my mistake regarding that.
(\(\
(^v^)
(")")
This is the cute vorpal bunny virus, copy to your sig or runaway, runaway in fear!
of US law.m aps-dul-is-wrong.html
1) MAPS is ineffective and inefficient. Spammers simply jump around, especially with the proponderance of spam virii. This breaks any system based on the simplistic view that there is a meaningful correlation between IP addresses and spam.
2) MAPS is demonstrably error prone. They simply don't care that their system produces false positives.
3) MAPS DUL is illegal, at least in the US. It's in violation of "18 U.S.C. 1030 -Fraud and Related Activity in Connection with Computers", because it knowingly transmits information which impairs the availability of systems to protected computers. http://homepages.tesco.net/~J.deBoynePollard/FGA/
"National Security is the chief cause of national insecurity." - Celine's First Law
If your co-lo cannot or will not respond to maps queries, what do they except ?
I put it to you that these people are losers, and will almost certainly get blocked again.
Change co-lo while you can.
I seem to always see the same type of comments about the MAPS/RBL issues. Something I would like to see just once is Yahoo, Hotmail, or one of the other big email hosts getting treated like the small business... Blacklisting yahoo's or hotmail's IP#'s because some lowlife spamemrs are using their email service. I must get 50 or more spam messages in my business inbox from addresses at Hotmail or Yahoo every day :(
First of all I can completely understand your frustration - it's a bastard of a situation. You appearently didn't do anything and was hit hard by MAPS.
:)?
That being said, I think blacklists are a necessary evil. At the university where I currently work (as a student-aid, not responsible for the whole operation) we employ three different blacklists. Why? Becausse they filter out about 2/3 of the mails sent to our users (roughly 2.500-3.000 on a workday). If we didn't remove theese mails, we would be overrun by users complaining. As the situation is now, we only have to deal with the legit mail, that is accidently blocked.
Of course there are alternatives like bayesian filtering, but theese unfortunately take up processing power and storage. It is perhaps an approach we should investigate further, but I must admit we haven't gotten around to it, as the blacklists are serving us fine.
PS. Are you sure you don't have any zombie's on your network segments? Is smtp (both incoming and outbound) firewalled off for all machines (except perhaps mailservers
I find it stunning to see all of these complaints about RBLs from people who apparently consider internet email access vital to their business processes, but have service from only one ISP. Have these people never heard of redundancy????
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Have a smarthost that accepts mail from your ip address preferably through a vpn so the blacklisted ip address will not be shown in the headers. :)
Since blacklisting only affects outgoing mail it's easy
If you emails are THAT important it should be worth having an other server somewhere else just for that purpose.
Or you could try using the co-location company's mail server as smarthost hopefully from a different IP block.
You should always trust your security to outside companies.
Get your Unix fortune now!
It took you people this fricking long to realize that MAPS isn't just a "blackhole list" but an actual black hole of human sense?
MAPS and other overzealous spambots have been prior-restraining and zero-tolerating one-off cases of open relayness since before 1997. And all this time, thousands of ISPs have brain-deadedly blockaded any IP in MAPS, which is rarely updated to current state and has always been dreadfully difficult to correct.
MAPS, ORBS, SpamCop et al have been the most effective examples of the brain-dead zero-tolerance mentality. And the lazy companies that allow them to decide what goes over their network, like so many lazy parents who allow the government to decide what their children watch, turn MAPS into a hopeless stranglehold over communications.
I'm sorry, Spam Sucks, but if you've ever been the collateral damage of one of these lists, or of any other antispam crusader who is both brain-dead and incommunicable, you know just how hopeless it is and how unyielding they are, and how stupid it is to let them have unquestionable control your network.
Terrorists can attack freedom, but only Congress can destroy it.
And boy, did spamhaus roll us over the coals on that one. Our ISP changed providers and bought into one that had a block of IP addresses that used to be owned by a spammer and when the spammer vacated the premises, they weren't nice enough to let Spamhaus know that they had left the neighborhood, and consequently, when we moved in, WHAMMO, blacklisted.
It took a lot of investigation, and then using a different email server to forward all of our email through for a couple of MONTHS to get everything resolved.
And, boy were the Spamhaus people super nice and helpful.
Ocean is land, covered with water.
"I've had to deal with other RBLs and they're a holy pain in the arse. They're not worth the service they provide. They might save a couple of people from recieving some spam, but they're costing others time, money and stress in the process. To make it worse they invariabley have a terrible attitude. They're no better than vigilantes in most cases, and are normally a good demonstration of why vigilantes aren't tolerated in the real world."
Illegal file traders on a "Robin Hood" power trip.
---
"Jennifer Golbeck. Trust networks for email filtering. Virus Bulletin (Spam Supplement), October 2004."
http://mindswap.org/papers/VBArticle.pdf
I know users who deliberately report as spam messages they had explicitly requested to receive. I believe blacklist services should double-check spam complaints from users before including an IP into the black list.
Kinda like capital punishment: Sucks when it's not entirely deserved.
Thank gawd you're not a judge.
RBLs are Considered Harmful, for this exact reason. The admins of these lists can blacklist whoever they want, and they aren't accountable to anybody.
/32's that send you spam. Any more, and you'll catch someone innocent. Which is way worse than receiving spam.
Yes, I know I don't have to use them. I choose my ISP for a variaty of reasons, if they sell to spammers is NOT a consideration I check. I don't care what they do with their bandwidth.
If you don't like it, you can block the
DO NOT trust MAPS. They are in an settlement agreement with a spammer NOT to blacklist them no matter what.
Spamhaus is cleaner, and is more accessible via news.admin.net-abuse.email.
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
No-one ever flew 737s into the world trade towers. ITYM 767s. The ones that landed in the pentagon and the paddock were 757s.
And anyway, WTF does any of this have to do with terrorism? It's a ridiculous link - a way to invoke Godwin without actually mentioning the 'n' word perhaps?
RBLs are advisory. RBLs do not block email. Which parts of this are y'all having so much damn trouble with. The operators of about 8 different RBL lists advise me (in response to a request for information that I initiate) that the MTA that has just contacted me is coming from an IP address that is known to have been used recently by a spammer. I choose to refuse to accept the proposed email delivery from that source on the strength of advice from one or more RBLs. (eight different ones, as it happens, on my home postfix server. It takes a full fifteen seconds for my smtp daemon to answer when you connect 'cos of all the lookups!!!).
Why is it so damn hard to grasp? Realtime Blackhole Lists do not block spam . Administrators and their policies block spam, and they've every right to choose what arrives on their boxes and what doesn't!
The original poster (article) has no right to get upset at anyone for my decision not to accept email from him. All he gets to do is F.O.A.D. Getting his royal whinge frontpage on slashdot is nice for him, but it's not a right or a guarantee.
I find your ideas intriguing and I wish to subscribe to your newsletter.
... there will be collateral damage. Be glad you are only wounded and survive to play again.
And yeah, it sucks to be the little guy caught up in all of this.
Where did you hear this? that's news to me. Please provide backup to your statement.
So, for the semi-informed, semi-tech-literate person, could you say what an RBL is, what's wrong with it, and what other options there are? Thanks.
Shop as usual. And avoid panic buying.
Well, over the next few harrowing days with little or no sleep, I got a crash course in how serious anti-spam people think and work. I was able to get into contact with the SPEWS folks through the more approachable founder of another SPAM blacklist, and got a call, I think at 1 AM, regarding the block.
It turns out I had ignored a bunch of email warnings which had looked to me like poorly worded form letters, and hadn't been handling SPAM complaints with the same dedication I was giving to routing updates, process automation, and other job duties. I had believed Dean Westbury, one of our first customers, over some complainers because he had impressed me early on with the way he dealt with one of his spamming customers. I didn't know, at the time, that he was one of the world's most notorious SPAM kings.
Anyway, he (the SPEWS guy) had me by the balls and he knew it. I told him I'd get on the stick, and accordingly he tentatively lifted the ban on our IP blocks. We made one of our tech guys a mostly-full-time SPAM cop, we continually fine-tuned our AUP to exclude any indirect use of our network for use by spammers, and we started keeping up with the alt.net-abuse.* newsgroups. In short, we became pro-active instead of reactive.
These guys are fanatics. If you're letting any of your customers spam, you are making money off that activity, which makes you complicit. That's the way they think, and when I thought it over myself, I agreed. If these guys at ORBS, MAPS, and SPEWS weren't fighting spam, I think it's likely the problem would be orders of magnitude worse. The best thing you can do for yourself is to align yourself with these yahoos (some of them will continue to hate you forever, for not doing so from the start, but that's life) and make sure you keep up with all the spamhouses and don't let the big spammers onto your network. If you already have some of them, clamp down on them by modifying your AUP until you can kick them off. There are plenty of ways to make money on the net without income from these thieves.
The RBLs don't force anyone to use them. They provide a service (many are free, even) and ISPs use them to cut down on the huge bandwidth and storage costs of unlimited spamming. If you want to keep yourself off them, you need to keep your network clean. The larger you are, the more resources you'll need to devote to that. And if you're just a customer of a hosting facility, you need to get them similarly clued-in or find another facility. It may not be "right" but it's The Way Things Are (TM).
blacklists are extremely useful against all kinds of things:
- hard-core spammers
- trojanned windows machines
- virus-infected machines
- spam-sewers run by idiots, like MCI or Wanadoo
You don't like them, don't use them. What do I care. I have better things to do than read the 400+ spam messages a day (or even scan the spamassassin-tagged subjects) I'd get if I didn't liberally use blacklists.
I used RBLs for quite a long time, until I actually sat down and calculatred how much spamcrap actually made it past the four I used. And then I started checking how much was probably legit, yet blocked as "collateral" damage.
RBLs make no effort to keep up with changes in IP assignments, despite the fact that each day, hundreds of IPs are re-assigned to web masters all over the world. You could be unlucky enough to have your web hosting company assign you an IP that is already blacklisted. You could be screwed right out of the box.
And then there the heinous practice of automatically black Listing dynamically-assigned/dial-up/DSL IP addresses. I won't start ranting about that topic now, though. My blood pressure is already climbing and I'm starting to see everything through a red haze.
The best solutions to spam?
1. Never, never ever buy a product that you have seen in a spam. Not only do not buy it from the spamming vendor, don't buy that product at all from anyone.
2. Use a hueristic spam blocker on the server. Not only is it faster, it's a hell of a lot more accurate. They work a damned site better than the DNSRBLs work. Spend a couple hours pointing one at spam and after that, it pretty much dumps all the spam to dev/null and you never need to deal with it. I use that for my four linux servers with email and also at a work where I have a plugin for to do blocking for MS outlook (Don't tell anyone, but I kinda like outlook 2003).
RBLs and spammers are both born of the same sack of runny horse turds.
"A rock and a hard place? Nobody's twisting anybody's arms and saying, "Go out and blacklist people!""
Well if Java marketing can be labeled as 'shoved down our throats' or 'MPAA/RIAA' marketing of their content can be labeled 'shoved down our throats'? Then what the spammers are doing can be labeled 'arm twisting'.
"These are net vigilantes on a power trip, and they're making life difficult for a lot of innocent people who have nothing to do with spam."
Has there ever been a vigilante that hasn't?
"Those are the people caught between a rock and a hard place."
DRM.
Hosting services need to ask some questions when signing up new customers. Is the customer's DNS infomation valid? Does it match the info associated with the credit card? If the customer claims to be a business, do they have a business license, or a certificate of incorporation, or a fictitious name statement on file, or a Dun and Bradstreet rating? All those things can be checked, often automatically. And they should be.
The whole point of MAPS and the RBL is to provide some overkill and put fear into hosting services, so that they won't host spammers. It's working. Most spammers have to host offshore now, usually in China. "Bulletproof web hosting" is getting harder to find, now that AOL and Microsoft are targeting those companies.
I dropped sorbs from my RBL list a long time ago. I found the best RBLs to be cbl.abuseat.org, bl.spamcop.org and sbl-xbl.spamhaus.org. Since I run my own mail server I also block China, Russia, Nigeria and a number of other countries where I don't know anyone.
cbl.abuseat.org is an entirely automated system based only on their spamtrap so user complaints won't get someone listed and they don't do subnets.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
I manage email for a medium sized enterprise and recently I had to kick and scream to get the blacklists made optional to my service.
Even the large companies that are only offering spam and virus filtering solutions (im not going to name names) have no grasp on the damage they do when they block real business emails with militant blacklists.
I should mention that I work for a service orientated business, and if you do not reply to emails it is bad service. I also must excerise a duty of care to do my best to stop any unsolicited pornographic images reaching staff.
Always happy to tout 99% spam is blocked, you never hear 3% false positives. The hardest part of making a spam solution is ensuring real emails get delivered.
MAPS and the like should wake up and realise the email itself is not more important than the business that is conducted on it.
outweigh the needs of the few, or one.
If you were/are using a provided that allows spam to propigate from its network, then you will fall foul the the bad publicity they gain. And in this case you fall foul to the effects of being with them.
If someone on your provider was trying to exploit MySQL, ssh, etc on my host I would have firewalled the entire subnet from connecting to my network (as I have in many cases).
Your provider is at fault here, not MAPS. If you want to pay someone for hosting that openly supports spamming, be my guest, just don't expect to be welcomed.
Music is everybody's possession.
It's only publishers who think that people own it.
Fuck Beta
~John Lenno
It doesn't matter if it's MAPS, ORBS, SPEWS, Spamhaus, or even AOL; if you administer outbound email, you are likely to be affected by someone protecting their email systems from spam. It is usually not your fault, but if others don't normally get listed frequently, there has to be some reason (unresponsive upstream ISP, something one of your customers or users is doing, a preventable misunderstanding about mailing lists) that got you listed.
If one RBL service has too many false positives, ISPs usually stop using them. MAPS is still in business, so their false positive rate probably isn't absurdly high.
Here are some tips to help email administrators keep their email flowing:
1. Negotiate ahead of time to get your servers whitelisted or registered as a "good" server. This means setting up proper forward/reverse DNS, configuring SPF, possibly registering with one or more "bonded sender" programs, looking at the AOL postmaster FAQ and getting into their whitelist system, etc.
2. Lease yourself a shared or dedicated server (think $25/mo -$60/mo) at another colocation facility that you can use to configure to be a mail relay for your primary mail servers. If delivery fails enough from your primary server, it should requeue the message to go out via your relay, perhaps after you've diagnosed the cause of the blocking complaint.
3. Setup test scripts to periodically poll major DNS RBLs for the status of your IP address and alert you when you're listed. (Perhaps tie this in to automatically activate your relay server in #2).
4. Ask your ISP what their spam policies are and assess your risk to getting mixed up in their other customers' problems. If they aren't vehemently anti-SPAM themselves, consider another provider for your outbound mail. By "vehemently", I mean: They have their own enformcement policies and 24-hour contact escallation policies with each customer, and will shut down customers that are not responsive to handling complaints.
5. If you manage mailing lists, make sure each and every message at the bottom has a link to the proof about how the recipient opted in for the message. (PS: Stop using email to distribute content! It's so, like, 20th-century. If your content is any good, they'll access it regularly via the web or RSS it into their portal.)
-ez
(Disclaimer: I'm the the inventor of DNS RBL. Your misery is partly my fault. Mua ha ha ha.)
Karma: Whore (you look at your score after posting)
So no you shouldn't trust MAPS....
The basic idea of most blacklist implementations is to second-guess both the sender and the recipient. And that's bullshit.
I don't want anyone other than myself filtering my inbound queue. I don't want to filter anyone else's inbound queue. There's just no way I can ever get it right: sooner or later I'll filter out something he would have wanted to see.
I might choose to process my own inbound queue through someone else's blacklist, but that decision should never be made by my ISP, or their upstream connection. Period.
I suppose that is the real question here.
The OP is extremely vague about exactly what IP range is involved. So, I smell a rat up front.
But, for sake of argument: Suppose the IP space had a notorious spammer in residence for a long time. Suppose the owner of that huge space had ignored complaints for a long time. Then, were I MAPS, or SPEWS, or SBL or any other block list, I'd have no qualms at all about dropping the space into a blocklist then leaving for a 2-week vacation.
As for the poster whose outbound email was blocked. I say, tough shit. Get a new provider and get over it.
I'm not a fan of most RBLs. MAPS, luckily hasn't been a problem for me. However, others like Spamcop have.
There is only one list I like, and that's Spamhaus. They are easy to work with when you've been listed, and don't make large blanket listings. As well, they actually investigate the issue before listing you.
You can tell i'm bitter. Mail server keeps getting flagged by Spamcop because the occasional bounce error gets sent, and someone tells them it's spam.
That would probably be a legal option to take against them.
For me, I use hotmail which works great. I get very little spam and havn't lost any e-mails. I can contact anybody without any worries.
But, I also run a private mail server that my contact form makes use of. If someone wants to contact me, they can and there's nothing some third party can do about it. My ISP could block the web-server's port but that's about it and I see no sign of that ever happening. Especially since they did block port 250 after a few months. If they're able to find mail servers on alternate ports and close them off, I imagine they can find http servers on alt ports and close them off as well if they wanted to.
Now I just have the web-server make a connection to the localhost to post the e-mail. I can still get the e-mail remotely through POP3.
If RBLs keep it up e-mail is just going to be relegated to a few trusted services. Imagine only being able to send e-mail to and from other Hotmail users.
E-mail will be no different than on-line chat. You'll only be able to communicate with those using the same service.
Work Safe Porn
I started work at a company about a year ago. The former IT Director couldn't figure out how to make any spam filter work properly (as well as how to make most of the other applicatoins work properly). The owner of the company used a blackberry and always knew his blackberry was working because of spam. Anyways, about 2 weeks after I took over, I implemented several levels of spam filtering before the Exchange server. About 3 hours after I enabled the spam filters one evening, I get a call from the boss saying his blackberry is broken. I eventually figured out that there was nothing wrong with his blackberry, but he was just so use to getting regular spam that he thought his blackberry was broken.
Couldn't being put on a blacklist be considered libel? MAPS is effectivly saying "the folowing IP addresses belong to spamers and aught to be blocked..." If you are not a spamer, but your IP address is on their list, isn't this libel? Couldn't you possibly take them to court, especialy if ISP are blocking you as a result and you are experiencing demonstrable financial losses due to the word of MAPS? I'd be like me telling people "Don't eat at Papa Juan's, they use spam instead of ham on their pizzas." when this is a (known) lie. (ok ok, so this would be slander not libel, but same thing.)
"You saved 1968." - Ms. Valerie Pringle to the crew of Apollo 8
We've dealt with these issues before, just apply the same historical context and move on.
The MAPS mentioned in the OP should not be confused with MAPS, The Multi-Disciplinary Association for Psychedelic Studies. The good MAPS is the one that is fighting for the legalization of MDMA, and other psychedelic drugs. They seem to be winning the fight. www.maps.org
In a word, NO. Anti-spam zealots are about as bad as the spammers they hate. I've had nothing but bad experiences with MAPS -- the guys there think any email that mentions a product is automatically spam, even when it's me writing to a friend about a toy I bought.
The answer is: vote with your feet and don't use MAPS.
I, for one, welcome our new Antichrist overlord.
My issue was with SpamCop but it had the same effect. Since he didn't list his (Since sold to Ironport systems) phone number he was suprised when I called him via his whois listed contact number. It wasn't easy and we were talking about definite opt-in email, which some stupid (l)user was reporting as SPAM. It was very frusterating and caused a huge amount of lost email that generated some very pissed customers.
"Be kind, for everyone you meet is facing a great battle." - Philo of Alexandria -
"There is a list called spamhaus I can't E-mail. Unless you know the individuals, you can't get to them to submit or complain. As much as I don't want to see government run a black list, a government would have checks and balances. These are kids playing God."
4 239
http://www.informit.com/articles/article.asp?p=34
(Below just a sample of the hundreds of purilent messages aimed at ISP's who request entries be removed from these blocklists)
"I have called for entire null routing of all ThePlanet's IPs until they clean up. If the rest of the world did so, the spammers would be gone by sunup. " -- referring to ISP theplanet.com
"you host with the planet of spam, a nasty unrepentant spam haus. They are block on sight here, and will remain so until they go chapter 7. Get a new isp or smart host, as planet of spam ip addresses (all of em) are tarpitted here." - more of the same
"1, 68.22.0.0 - 68.22.63.255, sbc.com / swbell.net / ameritech.net / pacbell.net
I'd say there's just two chances of that: No WAY, and No HOW. But there is perhaps a way to get the whole block unblocked.
Any chance you can talk one of the biggest spam-havens in the universe into totally cleaning up?" -- referring to a collateral blocklisting victims post to news.admin.net-abuse.email subject: "kindly unblock 68.22.232.249"
"yep your screwed, 68.248.0.0/13 is firewalled here for massive unending spam attacks. Smart host your mail or move to a new isp."
"Spews listing S684 (http://www.spews.org/html/S684.html) is out of date, and contains incorrect information.
CWIE should be firewalled at all ISPs until the universe implodes. You've knowingly and deliberately harbored spamemrs since at least 1996, to my *personal* certain knowledge.
FOAD"
">SPEWS, please de-list these Qwest IP addresses. Qwest encourages the responsible use of its networks, systems, services,
On what planet? On this one, Qwest assists spammers and other criminals in relentless abuse. Unplug your servers. Retrain your employees to do something useful like donating their organs.
William R. James"
Point your newsreaders to news.admin.net-abuse.email and observe * "kids playing god"*
A lot of angry people in this thread. I wonder -- if we polled everyone here about whether they'd ever been put on a blacklist and been unable to get off, then mapped it to the pro-RBL/anti-RBL comments, if there'd be a correlation?
Peer1.net did not appropriately respond to their spam complaints, and simply moved known spammers from one IP block to another. It is unknown if they were knowingly harboring spammers (MAPs seems to think so), but the reason MAPs escalated to all of their netblocks was because they could not get the attention of Peer1 with previous attempts, and the best way to get their attention when they are ignoring you is to get every single one of your customer's attention and have them all call you. I emailed MAPs, they didn't respond, I called them and got a human on the phone and they explained this to me. I called Peer1 to chew them out for doing this and will demand that they give me outage credit.
r g,
I rely on RBLs to block a significant amount of spam, however I use conservative ones that the anti-spam community seems to be fairly confident in their abilities, attitude, de-listing policy. They constantly need to be re-evaluated (in fact I need to do that soon) as to their effectiveness, but with this list I have not had a customer complaint about us blocking mail.
list.dsbl.org,
opm.blitzed.org,
relays.ordb.o
cbl.abuseat.org,
NB: MAPs is not listed because they do this sort of thing. While it may sound like I support what they did above, I also am really pissed off because I've got a lot of trouble tickets from people wanting to know why their mail bounced. It is for this reason that I am not using MAPs in my RBL list.
3) Use an email filter. The good ones don't even use blacklists and work great.
Top rated mail filter SpamAssassin does indeed use blacklists by default. But that's only one of a large number of strengths it has.
Ok, I've got mod points here but I have to post.
/end rant
I just have to say that anyone using MAPS or SPEWS or any other high false positive RBL list to outright blacklist servers is just asking for trouble and is indeed not a good mail admin.
You might want to use MAPS or SPEWS or others to help reduce spam in conjuntion with SA or another tool but you can not use them to block the IP's at the SMTP stage, that's just ludacris.
There are RBL's out there with almost zero false positives, use them to block the initial connection and perhaps use MAPS et al to add *points* to the spam rating of the message, but never use them to block outright.
Do aol, google, yahoo etc use them ? No, you'd have to be out of your mind to do that.
Bah, ignorant mail admins bother me just as much as stupid mail admins who continually send me warning messages about how my email to them was bounced because it contained a virus (if you don't get that you shouldn't be admining a mail server).
You NANAE kooks are just pissed that Vixie told you all to fuck off years ago. Spamhaus is run by a moron, you puppy fucker.
...that my server happens to be in the middle of.
This sucks, and they have been unresponsive to whitelisting our machines.
The antidote for misuse of freedom of speech is more freedom of speech.
-- Molly Ivins
I was able to get into contact with the SPEWS folks through the more approachable founder of another SPAM blacklist, and got a call, I think at 1 AM, regarding the block.
What was the name of the "SPEWS" person to whom you spoke?
STOP MISUSING APOSTROPHES, YOU MORONS!!!
I can understand the plight of being blacklisted. I work as an intern for a non-proft company (I swap every three months with another guy, who recently left, because of college. I just started again this week.) We've had our e-mail server blacklisted by the CBL twice in the last month.
From what I can tell, the current sysadmin (our IT department consists of the sysadmin and the intern) went through their automated faith-based removal. That worked for a month, but we got listed again yesterday. I've spent the last two days running all sorts of virus/*-ware tools on the servers themselves to see what, if anything, they have (nothing found.) Using tools like the Open Relay Database, I can't find any open ports. CBL supposedly only lists servers that are being used to send spam by proxy or virus/trojan. I went ahead and removed us from the list again today, and will be spending the rest of the week checking outgoing mail stats to see if anyone is sending an unusually high volume of mail, indicating that they have a virus/trojan.
It's unfortunate that we have a lot of troubles because the last-last boss, who was there for three years, was a total idiot. Unfortunatly, my counter-part wasn't exactly pro-active, either. To those who don't know this: (how could you not?)
No one gets administrative rights.
No one.
My Static DSL IP address is on a spammers blacklist. I have no open relays, and I use a firewall and have fought hard against spammers since spam first started. The last is what particularly irks me: becoming a victim of anti-spam activities even though I have never spammed and are sick of spam myself and having spent hours and hours trying to stop spammers. I have tried to contact the blacklist owners many times - they ignore me. I have contemplated suing but the cost is prohibitive.
So they blocked a whole provider. It isn't the first time. It's happened to many.
In each case, it was because there was persistant abuse, and they was no action to repeated complaints. In each case, the RBL listings caused change at the ISP. Like it, or don't like it, ISPs do not ever like to deal with abuse from their networks.
Netcom. Earthlink. AOL. MSN. You name it. They have all been on the RBL.
In the case under discussion, if I can read between the lines, I'll bet the provider wasn't answering abuse complaints. For a while. I'll bet further that the provider may have even implemented filters on the abuse complaints, to make the ignoring of them easier. I'll bet that they have a history of supporting spammers, and they have actively moved spammers around to avoid "targeted" RBL listings.
Further, I'll bet that the provider knew that the RBL listing was coming, because they had been told about it. I'll bet that they were told that it was going to be implemented by the end of the week, and chose not to fix the problems. I'll bet that their network operations folks didn't try to contact MAPS until monday morning, even though they knew what the problem was, and how to fix it.
I'll also bet that this provider in question now will implement better abuse policies, will (try, for a while, to) stop hosting spammers, and will be more responsive to abuse complaints. Of course, I'll bet that they will stop filtering abuse complaints, too - or at least ones from the known anti-spam community.
I'll bet that the provider in question won't say any of this publically. It has been the case with these type of listings in the past, and it will be in the future. RBL listings are effective to make changes in policy, as has been shown many times.
Should you trust MAPS? Only if you know all of the facts.
. . . the only way to end spam is to begin executing spammers on primetime TV.
Our small ISP has had to struggle repeatedly with SpamCop. I will say that once we finally got some dialog going with SpamCop (which was not very easy to do...) they were very nice and fairly helpful. And the apologised each time and explained what happened (it involves one of our customers, who run their own mail server, with us as a backup MX, actually being a SpamCop customer, and not having configured his account properly, and thus the spam they reported which was delivered through us caused us to get black listed. Yes, he managed to blacklist his own ISP...!)... This happened several times. Several of our customers noticed the blacklisting and were not happy campers.
This is particularly difficult for small ISPs which have to struggle enough already to hang on to our niche.
And it is especially sad for long established ISP such as ourselves, who have been in the business since practically the beginning of the commercially available internet.
The DDoS attacks we've suffered once or twice in the past have not hurt so much as being blacklisted by SpamCop. Being smacked down by "friendly fire" really makes one dispair.
No matter how nice and helpful they were once we finally got them to talk to us, I can't say I will ever be able to trust them.
Previous to that SORBS black listed us several times. Their security scanner for some reason believed that one of our Zope ftp servers, on a non-standard port, was a compromised machine.
We've been innocence each and every one of these times.
I have to admit in some of my emails to SpamCop I was a little bitter. In one I suggested, tongue in cheek, that I was going to start a blacklist blacklist and have their blacklist blacklisted.
In another I couldn't help but must wonder if they aren't some sort of anti-terrorist terrorists...
I don't know the answer. But It's clear from the overwhelmingly negative response here that the issue of innocent victims being blacklisting is widespread, and extremely aggravating.
But no doubt just as spammers will continue to exist, the blacklists, right or wrong, will continue to think they are fighting the good fight. And sysadmins who haven't yet experienced the helpless sinking feeling of being innocently blacklisted themselves will continue to see the blacklist services as an quick and easy answer to one of the biggest and most difficult problems on the internet.
So cautious that they're all but useless. If they blacklisted your colo facility, it was probably after a very long period of fruitless negotiations. Odds are the facility should have been blacklisted years ago.
It's interesting that you don't choose to tell us the affected netblock. Is it by any chance a notorious hellhole vomiting spam into everyone's inbox?
You complain that MAPS wasn't around on the weekend waiting for your call. Tell me, are the spammers in your netblock manning the phones every weekend for complaints?
MAPS and SPEWS happen to quite nicely block a lot of spam.
I don't give a shit about the collateral damage; let those sucker complain to their own ISP who is the problem by not booting the spammers.
Suckers who pay spam-harbouring ISPs are guilty by association so there is no reason why they should not suffer.
The more innocents who squeal thanks to blocklist, the more pressure on the rogue ISPs.
Why is it so difficult for people to get this through their heads?!? MAPS did not block anybody. All they did was put a range of potentially bad IP addresses into a list.
--> I all because of a few spam complaints that weren't dealt with quickly enough
So how about if you do everyone a favor and deal with your spam complaints a little quicker next time?
but my email keeps bouncing.
"Your superior intellect is no match for our puny weapons!"
Sure are a lot of moronisIsms in that post....
Naaa, it couldn't be him, that post is too "coherent" & readable to be from him.
It's hard to figure out the right way to do justice. But the reason that "vigilante" is a bad word is not because ad-hoc or public systems of justice can't do things right. It's because we've learned, the very hard way, that all systems of justice need accountability and checks and balances built into them. Built into them _hard_, from the very start, and impossible to remove. And even then, people find ways to remove them.
The vigilance committees start with the best of intentions. And often they do good, and help the problem. But history knows it doesn't always go that way, and when there are no checks and balances, you pay the price.
Of course, it's not impossible to set up a private justice system that has the right safeguards. But the safeguards are expensive. They deliberately... deliberately are designed to let many guilty people go unpunished. This frustrates people (especially in the spam wars, amazingly.) So people rarely stick to the safeguards.
This is why many people were worried about blacklists like these from the very start, even when they had nothing but the best laid plans.
Has it been over a year since you last donated to the Electronic Frontier Foundation
Soo much FUD and horror stories being thrown arround with no proof(i.e. ip#s or at least the isp's name) I wouldn't be surprised if some spammers are posting here.
What better way to get people to stop using blacklists, aginst them, and have ISPs not be responsible for their spammers/infected users?
Depending on how you look at it, an offender that is just as bad as MAPS is whatever group of dumbshits run the "dynamic IP" lists. For those who don't know, these are supposed to be lists of IP addresses that are dynamically allocated by ISPs, intended for people to use to block incoming traffic to their SMTP servers from those addresses. Now I understand the concept, but install SpamAssassin or something, you retards! Don't bounce my email that's going to your user, doesn't fit a spam profile, and is the first such email your server has ever seen (by hash or however the hell you want to do it) back to me with some stupid fucking error message that I need to relay it through some other server that isn't on whatever you consider to be a dynamic IP address, particularly when that server DOESN'T GIVE A RAT'S ASS IF I'M ROUTING SPAM THROUGH IT OR NOT! Hint: If I route spam through some ISP's SMTP server, it will continue until the ISP figures it out and blocks me. If I send it myself, it will continue until the ISP figures it out and blocks me. About the only thing "positive" it does for spam is speeding up the spam propogation if the spammer is on a low-speed dialup line. Sheesh.
Your colo provider should be the target of your ire, not MAPS.
If you chose to do buisness with folks who are not adamant anti-spammers the chances are greater that you will be impacted by the results of their policy.
I have been kicking spammy ass for years and unless something has changed at MAPS they are on target. They do not list IP's arbitrarily, they only get listed after failure of responsible parties to take proper action.
If your colo has policies they might need an enlightening communique regarding their lack of enforcement of said policies. Let your money do your talking, take your business to someone who does....
Spam Sucks and what sucks even more are irresponsible providers who allow the filth on their systems.
Despaminator
Rick B.
They can't just block small sections of netblocks (because a spam-happy ISP will just allocate new IP's to their paying spammer customer) - the only way they can police the offence is to ban the block.
I'm afraid I have no sympathy with this position whatsoever. Just because a fair solution is too hard to implement, this does not justify imposing an unfair solution.
Sorry, I hate spam just as much as anyone, but I hate institutionalized unfairness even more.
Why is an IP address not just an IP address? Stop being so elitist. IP didn't have a NOBLEMAN/SERF bit in every header last time I checked.
It's lazy ISPs' faults that spammers aren't shut down quickly, thus these blacklists have to take out whole blocks, causing collatoral damage like the original article describes.
The internet was designed to allow PEERS to talk to ther PEERS. It's an equal-opportunity protocol stack, by design. Too bad some people no longer believe in this principle.
ERROR 144 - REBOOT ?
it looks like his personal domain is patrickg.com
soooo, lets see......
host -t mx patrickg.com
patrickg.com mail is handled by 0 poopsmith.retrix.com.
host poopsmith.retrix.com
poopsmith.retrix.com has address 69.90.28.179
whois 69.90.28.179
Peer 1 Network Inc. PEER1-BLK-08
69.90.0.0 - 69.90.255.255
Patrick Gibson PEER1-RETRIX-05
69.90.28.128 - 69.90.28.191
peer1 is a spammy shithole.
1840 complaints in NANAS for peer1 spam sightings.
http://tinyurl.com/6gvqw
and a whopping 37 sbl listings
http://tinyurl.com/52z4z
MAPS is the least of your problems buddy. You need a new isp, and soon. A lot of mail admins (including yours truly) block peer1 on sight.
Lawyers, MBA's, RIAA? A jedi fears not these things!
I can't? Gee, I better remove the thousands of Verizon dial-up and DSLs from my personal RBL. Along with the dial-up/DSL/cable IPs for SBC, YAHOO, COMCAST, UUNET, ALLTEL, and several hundred other providers. The proliferation of compromised home machines has made it impossible to not block such addresses by default.
Verizon's mail servers can get through (although they were blocked when they let KLEZ relay unbridled). Any business with a legitimate mail server can get through. But anything that isn't one of those will be put on hold until I can determine whether or not it fits in the other category. Mostly, the "servers" never try again, but nothing legit gets stopped - just delayed. Our system rejects 90% of the mail thrown at it from dial-up lines. No MAPS involved. And that 90% is the majority of the spam we get...
As for black-listing an entire colocation facility, if your reverse-DNS doesn't come back to something other than the colo IP space, you're going to have a hard time convincing me to pass your mail through. Especially if it's in Boca Raton, FL!
We use limited RBLs. SPAMCOP, one open-relay list, and one open-proxy list. None of these are "loose" - typically, our local filters block a lot more than the RBLs do. And those local lists also handle exceptions, for getting mail from systems that can't seem to stay out of the RBLs.
[of course it helps that 20-30% of the spam is directed at addresses on our system that have never been valid, or haven't been valid since 1995, so we can lock those IPs out bothering to investigate further.]
2. You say that your list is 100% opt-in. Any anti-spammer will tell you that isn't good enough - it needs to be double-opt-in with confirmation. And besides, it doesn't matter what you say - spammers lie.
3. RBL's are perfect for eliminating the usefulness of the email system for commercial use - this is the entire point of the anti-spam movement. If email is only useful for informal, friend-to-friend communications and useless and unreliable for things like order confirmations, newsletters and other commercial stuff, they have won.
See? You must be new to this.
So why bother trying to convince you of the error of your ways?
When a blacklist sends a notification to your ISP, it's of the form "we will blacklist all your IPs unless you resolve this matter within $TIME_PERIOD." But if you do get on the blacklist and complain, the response is "we don't blacklist people, our customers blacklist people based on our advice."
Can't have it both ways, I'm afraid.
One of the less desirable ones that comes to mind is SORBS, where if they list you in one category you've got to donate $50 to charity, per message, to be delisted. You're an ISP providing smtp to your customers, and you're listed again? Tough.
If they even bother to respond at all. I've tried multiple times to get my static-IP server off the "dynamic" list, both by requesting directly and by having my ISP (which owns the IP space) contact them, and they have done absolutely nothing. I've ended up having to block ISPs that use the list (hi, Earthlink, Netcom) just to avoid people sending me mail I won't be able to respond to.
And on a broader front, are you really prepared to trust a company like Kelkea, Inc. (owners of MAPS) to decide what emails gets to you without really knowing how they operate and deal with resolution processes?
There's a reason I stick to Spamhaus as the sole RBL at work (and at home) - professionalism. They spell out criteria and rationale clearly on their website. They list only IPs, rather than blindly blocking entire netblocks or domains. The delisting policy is incredibly liberal by default, but temper that by tracking repeat offenders. And (this is where a _lot_ of lists fall down) they assign a TTL to every entry and automatically expire the entries even if the owner doesn't report a resolution.
We block millions of messages a day based on the SBL/XBL lists and have, to date, recieved only one query from a client about why a particular message was blocked, and it turned out the recipient had a worm outbreak that got them places on the XBL. The block had been lifted before it even made it to our support team.
...is that eventually they'll decide the ultimate "upstream" -- ICANN -- is at fault, and they block /0.
You're doing what's called "taking an analogy too far."
The reasons why bans on British and Canadian beef are legal in the places such bans are legal is not analogous to the way antispam blocklists operate, first of all.
Secondly, unlike restaurant reviews, blocklists are executed automatically. As soon as (or shortly after) an RBL operator blacklists a subnet, mail servers across the network will start blocking mail from those addresses, without human intervention, reflection or review.
Don't you think a blocklist operator wrongs someone if he purports to run a blocklist that identifies spammers, yet nevertheless intentionally blacklists networks or addresses which he knows are comprised largely of innocent bystanders?
Here's a hypothetical for you:
What if I operated a credit bureau, which purports to identify people who don't pay their bills. I know that when I make an entry about someone, it will have an automatic and unreviewed impact on that person -- such as loan denials, interest rate increases or demand loans being called in.
Don't I wrong someone if I intentionally blacklist someone in my system who I know is innocent? What if -- to teach people a lesson that they should pay their bills on time -- I blacklist the families, or acquaintances and roommates, of people who didn't pay their bills?
What if the people who use my credit bureau don't know that this is my practice? What if they do, yet others rely on the people who use my credit bureau and they're not aware of how the decisions are made?
When I set up broadband service at my office there was exactly ONE company who would provide it to our location. No choice.
Around here if you're too far from the telco company office it's cable or you do without broadband. Cable doesn't give you a choice of ISPs
The IP block had to be destroyed, so it could be saved
How do people deal with the credit agencies and other personal information collecting companies who will not cooperate or be reasonable? And on a broader front, are you really prepared to trust a company like Choicepoint to decide what privacy intrusions get notified to you without really knowing how they operate and deal with resolution processes?"
"On a scale from 1 to 10, people are stupid"
Scratch MAPS and SPEWS. Spews lists the entire /20 that my /27 lurks in because of *one host* that never sent out ANY email at all (the A record points to a host that was accused of spamming, but curiously the only Google result is for the domain itself. Nothing in net-abuse at all.hmmm..) and there is no mechanism for removal. Fortunately, I can smarthost my mail through a partner ISP, but still...
/32 was accused of spamming. Let's blackhole the whole /18 that it's in! approach is really *not* the way to do things.
MAPS & SPEWS both have a very bad track record, IMO. The "blow up the house to kill the roaches" of "Hey, a
Also, I worked for a company that's on the Spamhaus ROKSO list now. I have offered to give them up to date information since most of what they have is simply out of date, but they seem to have no interest in having correct information whatsoever. If they don't want to keep the ROKSO list up to date, what good is Spamhaus? Why bother?
SpamAssassin with the SURBL setup dings more spam than the whole collection of RBLs ever have.
We used ORBS, MAPS, Spamhaus and a few others, a while back, to simply deny connections to anyone in their database.
After John started complaining about some of his contacts not being able to reach him because of the blacklists, I quickly learned that RBL's are a "Bad Thing" (tm) when used to outright reject the sender.
Instead what we now do, is simply add headers to anything that is coming from an RBL site, and mark it as Spam.
That way, no mail is really lost, and people have gotten used to going going through their spam mailboxes from time to time...
Complaints from staff about lost emails have gone way down since.
-Xian
Look around the Bay Area here - Hurricane Electric is in SPEWS. ServePath is in SPEWS. 365 Main is in SPEWS.
Practically *every colo provider in the area* is in SPEWS or MAPS! It's NOT just a matter of "go find another one."
Also, you can't just ask for a refund. Chances are, you've signed yourself into a contract and you cannot just bow out of it because your IP block is listed in SPEWS. That's a great way to get yourself sued for breach of contract. Gotta love our legal system.
I have been using RBLs for several years and found MAPs to be the most useless. At times its listed mys server because someone spoofed the source address in the email.
I have since removed the MAPS servers from my rbl list and stick with spamhaus (which ive never had a problem with in several years) and if someone i know gets blocked its normally a pretty easy process to get unblocked. I also use dsbl and ordb of which stop a fair bit of spam at the door.
Originally I would reject all messages from RBL hosts with a 421 and provide them with an error based on the RBL that blocked them. I have since changed that to a 500 series error. All in all the amount of spam being recieved across several thousand is about 10% of what it was previously.
With the server doing well over a million emails every week thats a fair percentage. The load that would cause on spam assassin often makes it difficult NOT to use rbls.
What I mean by the subject line is: suppose you are a customer of a very spam-friendly *COUGH*UUnet*scum* ISP/NSP. Then you eventually will or may fall into the range of a public or (even worse) private list, or lists. A couple of points to propose:
1) The money you are paying your service provider is directly funding a business that sustains the purveyors of spam. The spammer also writes a check to their (your) ISP. Obviously they must not care too much for you as a customer if they're happy to take the spammers' money also. In fact, it may appear that the spammers' money is MORE important. Usually entries in some RBL's escalate when complaints to abuse desk go ignored.
2) Imagine that there weren't RBL's, such as the SBL, XBL, MAPS, et al. People never consider that blacklists are also providing a service to the person being blocked. Yes, you heard me right. Imagine that instead of going to one or two entities to get removed from thousands of blacklists, you had to contact, by piecemeal, all of the thousands of individual administrators on the net that are filtering your netblocks because of your abusive neighbors, and only as you discover them.
(If you disagree, don't mod me down, reply).
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
After all, the term "opt-in" once meant that the recipient had actually opted in to the list. Then it meant "we're lying about the user having opted in to the list."
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I had a similar thing happen to me. While I didn't run a special daemon designed to catch spamming attempts, I did notice a big bunch of weird entries in my logs; I checked where they were coming from - turned out to be an IP registered to Schlund + Partner - and then contacted Schlund about it, as I assumed that one of their customers was trying to use my mail server as a relay.
I got an answer the next day, and it turned out that it was, in fact, Schlund themselves who had done this - not to spam, I presume, but to check whether my system was an open relay. Why that is any of their business I don't understand, but OK - I can live with it, as the worst thing it did was eat up logfile space.
However, what really bugged me was the attitude of the person who got back to me - "arrogant jerk" does not even begin to describe it. What it essentially came down to was "I'm better than you, so shut up, and BTW, my penis (i.e., the servers I'm administrating, the pipe they're connected to etc.) is bigger than yours, too".
I lost a *lot* of respect for Schlund that day, and in fact, until today, I will not do any business with them. Well, not that I would anyway, but it at least gives me a certain satisfaction to know that they're on my own personal blacklist, at least.
quidquid latine dictum sit altum videtur.
So what do you do? They're all useful as SpamAssassin weights, or for filters that decide which messages get the full-blast SpamAssassin treatment and which ones don't, because most of them do have some information about the likelihood of a given source being a spammer, even if you don't want to trust some of them not to get lots of false positives. MAPS is, IMHO, in this category.
They're also useful for greylists, at least until spamware authors figure out how to work around greylists. After all, a false positive isn't a big problem for a greylist, because real mailers will keep trying. They can also be useful for teergrubes, if you're running the kind that does eventually accept messages eventually as opposed to junking them entirely.
As far as 4) goes, I've been on Usenet since 1981, and mainly using one email address for some noisy mailing lists for almost a decade. Waaaayyyy too late for that one :-)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Some blocklist implementations tell the sender's MTA they've been blocked, so the MTA can give the sender some useful information about the problem. Some blocklist implementations trash the sender's email silently, because if the sender _is_ a spammer, that feedback would let them listwash and verify which addresses were valid and can be sold for more money.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I had a server blocked by some really dumb anti spam site a while back, there was an open formmail on some customer's site, we recieved a complaint, we found it, we deleted it, I think in all we got 2 spamcop complaints and one complaint from a person so obviously there wasn't -that- much spam sent before we were notified and nuked the formmailer.
Time between us recieving the -first- complaint and the script being nuked from the server? Minutes, not even half an hour. It's not like we ignored the problem and allowed it to fester.
Well we ended up on some spam list that (get this) requires you to make a $50 donation to some charity to get off the list! Oh and it gets better, they listed 3 charities, 2 of them didn't work because they wanted NOTHING to do with this spam list after they were dossed, attacked, hounded, and overall just harassed for these bozos listing them on their site. The 3rd charity? Some legal defense fund, via PAYPAL for... the owner of the site!!
Well the -1- server blocking email because of that list I just contacted them and pointed them at this podunk little anti spam site and they quit using them and email went through and all was well.
Months later, 4 or more, we're STILL listed on that damned spam site. I could care less.
Spews and maps are just making it so any serious sysadmin/network/provider can NOT use them for RBL blocking, they're just overzealous.
I use spamcop, ordb, blitzed, and spamhaus quite regularly on a variety of servers, the "false positives" are low, and I rarely hear of someone legitimately not able to send email to anyone I host.
--- www.f-theocean.com
You could for example report the ISP that is dropping your e-mail because your ISP is incorrectly listed...
Logi - I can do anything, but not everything.
Firstly, by calling MAPS "out of date, or insecure and flawed" is flawed logic -- if that statement were true, then MAPS just wouldn't get the wide-spread usage that it does. The fact that many SMTP server administrators are using the MAPS database to block known spammers indicates that their criteria for listings is one that these administrators agree with.
Secondly, the MAPS database has criteria that is in many ways similar to other DNSBLs (MAPS is a "DNSBL"), while it also differs greatly from many others. If you take the time to understand even the most popular DNSBLs in use today (see http://www.openrbl.org/ for a short list of approximately 30), then you'll see that the criteria varies widely -- some list only single IPs, some list entire netblocks, some list internet domain names, etc., and then the reasons for being listed and de-listed add even more complexity to any sort of a comparison.
Thirdly, each SMTP server is governed by different policies, and the administrators/owners of those systems are the ones who decide which criteria (or no criteria) is appropriate for reducing/eliminating spam. So to assume that a DNSBL is somehow controlling eMail on the internet is completely incorrect -- it is the SMTP server administrators who are in control of their own systems, and have every right to choose to use "delegation of authority" (and can just as easily stop using a DNSBL). A competent administrator can usually make such policy decisions take effect in a matter of seconds, and is accountable only to the users who pay them for spam-free eMail service.
Anyway, waving a big red flag around in an attempt to gain sympathy from others is always a complete waste of time because DNSBL operators generally have a reputation for not making exceptions to their rules (that's why people tend to trust and rely on them). This is an example of good management (and it's not really suprising because good management skills tend to come from those with a strong sense of clarity; one of the most essential requirements for running a successful DNSBL).
The main point of a DNSBL is to put pressure on ISPs who don't take the spam problem seriously. If your eMail is blocked because your IP address is listed in a DNSBL, then the very best course of action you can take is to demand that your ISP get the listing resolved (and provide a discount until your eMails are no longer blocked), or switch to a better ISP who does take the spam problem seriously (or just put up with it the way it is).
If your ISP directs you to complain to the DNSBL operator, then they're probably just trying to avoid dealing with it themselves. This is the kind of problem that only your ISP can resolve by terminating their spamming customers' accounts, so why should you have to do the dirty work and put your own reputation at risk for their screw-ups?
The fact of life is that as long as there are spammers, there will be spam fighers, and a good number of those spam fighters will operate DNSBLs. Practically all eMail software natively supports DNSBLs these days because customers demand it, and trying to change a DNSBL just because it's inconvenient to you isn't going to help anyone in the long run.
Eventually, the internet will become divided into two factions, the spam-friendly, and the anti-spam, if more people don't fight back (I believe it's already happening to some extent today). Take a look at this article for a more complete view on this slowly-growing split:
Good-Bye to middle-class ISPs
http://www.inter-corporate.com/spam/classes.html
To become a spam-fighter, an excellent place to get involved is in NANAE, a public newsgroup called "news.admin.net-abuse.email" where many spam-fighters (and a few idiots, clowns, stalkers, etc.) post regularly. Many victims of spam (including those who find their eMail blocked) also regularly ask for help, and there are many helpful people t
Not. If users complain to me saying their email bounced because on of our IP's is blacklisted by then i tell them exactly this: "Complain with the provider that's hosting the email server and makes use of this list.". Seriously. Contacting some obscure company that's probably run by a geek in his mom's basement is definately not worth the time.
These companies think they're helping the internet, but in fact they're making it worse. Why on earth would any sysadmin make use of a list to block emails, when this list is not even being maintained by him/her???
My opinion: if you have to depend on somebody else to compile a blacklist for you, you are lazy and shouldn't be running a mailserver in the first place.
From a pragmatic point of view: I would not reject messages based on information from a single source. Spamassassin uses several criteria to detect spam, including, if you want to, several RBLs, and calculates a score based on all of these. Of course, this is computationally more expensive and happens at a later stage in mail processing so that it will usually be too late to reject a message, it may have to be only tagged or discarded.
I don't think blacklisting should be the standard solution. it does not work very well and is to much of a weapon, which means that you allow someone else to police you. I don't like giving my rights to someone else very much. There is too much change of blackmailing and abuse and this is mentioned quite often in this thread.
What i don't get is that there seems to me to be such a simple, elegant solution to this whole spam thing.
Make mail wait.
If you want to send 1 mail to 1 person it takes 1 second.
Every other person you want to send this same mail to takes a second longer.
Send 1 mail to 10 people and it wil take 1+2+3+4+5+6+7+8+9+10= 55 seconds so roughly 1 minute.
No problem. Who cares.
Send 1 mail to 1000 people it will take about a week.
Instant end to spam.
And on the off chance you want to invite everyone to your wedding via email: ok. Uncle Ziggy will be miffed he gets the invitation so much later then Aunt Anne, but it will get there.
You can talk about the figures of course. I don't know what fair use of email should be.
I don't get why all the ISP's that say they hate spam so much never tought of trickling the mail like this. I'm pretty sure it will work, if the isp's and mayor mailrouters would do this.
Won't cost too much cpu crc' ing and pauzing emails i think.
Will save a hell of a lot of bandwidth and annoyance.
From my home system's logs: number of messages blocked by which dnsbl number of messages blocked by bl.spamcop.net 32 number of messages blocked by relays.ordb.org 0 number of messages blocked by sbl.spamhaus.org 2 number of messages blocked by dnsbl.sorbs.net 26 number of messages blocked by cn.countries.nerd.dk 3 number of messages blocked by tw.countries.nerd.dk 3 number of messages blocked by br.countries.nerd.dk 3 number of messages blocked by hk.countries.nerd.dk 4 number of messages blocked by kr.countries.nerd.dk 9 Granted, a blacklist isn't ideal but it's the only defense I have against spammers. Now, I'm wondering, which netblock is the OP complaining about?
So I don't see any problem with these spam blacklists, it hasn't hurt me a bit!
I don't remember if it was MAPS that I ended up on.. but the problem was that I opened up a web-based proxy server (or something, I dont remember, it was a while ago)... I didn't realize at the time that it could be used to forward mail. One of the RBLs picked up on this, and banned my server's IP. When I tried getting off the list, the web form to do this sends a confirmation email to postmaster@[the results of their reverse dns lookup], which ended up going to Rackshack, the server hosting company, rather than to me.
Ugh, was frustrating.
Also, my old company had a problem with one of these RBLs -- there was a spammer somewhere on our subnet or something at one point. We had such a hard time getting off the lists.
Ugh, was frustrating.
Hell, have them talk to the police.
Best Slashdot Co
I don't care if a customer of a SPAM-friendly ISP gets blocked.
You are paying towards criminal activity (cf donating to middle east charities that *may* have links to Al Qaeda), so you are partly responsible for those criminal activities.
Now, if you are having problems with being blocked, you now DO care if there are spammers on your ISP customer list. They are directly affecting your work.
A spammer will pay a lot for a guaranteed connection, so a SPAM-friendlt ISP gets more money for what they produce, and can then reduce the per customer charges. You are indirectly benefiting from criminal activity. Isn't that aiding and abetting (the abbetting is getting benefit, correct)?
I used to run a fairly popular email server for a small hosting company i "whipped up" with a fair bit of effort with a friend or two.
e s-omg-openssh... it's easy to see why)
:)
We used EV1Servers (aka Rackshack.net at the time). They were cheap, reliable, and their tech support worked for us.
I implemented a fairly good custom qmail solution using perl, a nice exec tree and some bespoke auth scripts in it.
It was flawless... Or so I thought....
I neglected to use the same true/false errorlevel ('return to shell code', or whatever the bourne jargon is) in the qmail-smtpd exec'er... therefore the previous install of some LWQ stuff had the tcp server db accept and forward mail from anywhere! (nargh!)
After 24 hours we were on 2 major RBLs and I didnt notice the err of my ways (to probe rather than be probed) untill we'd sent out serveral thousand mails...
(this also explains why the queue was HUGE and kept filling so quickly)
I managed to get off one RBL by using their automated open-smtp server check via some CGI. We passed with flying colours and were off that RBL before the end of the week.
I sent an email to the other RBL. Now, this other RBL is a 'private' RBL and "DOES NOT" (yep, in big bold letters all over their site) remove people. Once you're on, you're on.
I kindly explained the error I had in my script that inadvertantly led to our mail host being the great door to the spam sky.
The RBL host explained to me that it was not my server that was targetted, but the whole of EV1. I should have guess - but i didnt... the only time I'd run the RBL checks was _after_ my comprimising db was in place.
Little did I know that the entirety of EV1 was blacklisted. (imho quite right too, we got arpjacked by an adjacent out-of-the-plesk/ensim-box-install-with-not-updat
The RBL host explained this in a nice tone, and also explained that he would not remove me. Now, I was suprised he returned my email - the site did say not to try and contact them.
I replied thanking them for their time and hospitality. I was sincere and still feel the same way... I am, after all, an English Gentleman, first and foremost - the last of a dying breed.
I resigned to being blacklisted on a quasi-popular 'private' RBL.
I recieved an email, no more than 12 hours after my thank-you. It went along the lines:
----
>> thankyou for your time and effort. You didnt have to do this, yet you did. Thanks!
You did not have to thank me for that either. As a mark of respect I have removed your RBL entry.
----
Wootle etc
So kids, be nice to the mail and RBL admins out there!
Matt
WHo or what is this ORBS you are talking about?
1: ORBS.ORG hasn't existed for nearly 4 years
2: If ORBS.ORG listed a site as an open relay then it was tested and failed the open relay tests (If it was listed as a spam source that's a different matter)
3: ORBS.ORG never asked anyone for money
Define "quickly enough". If it's been more than 48 hours and the spammers are still there, that's too slow.
To make matters worse, they put this in effect either late Friday night, or early Saturday morning -- hours during which MAPS is not available for contact! (Mon-Fri, 9-5 only) How do people deal with MAPS and other RBL services who will not cooperate or be reasonable?
By not having a spam/virus transmisison problem. Works for me.
And on a broader front, are you really prepared to trust a company like Kelkea, Inc. (owners of MAPS) to decide what emails gets to you without really knowing how they operate and deal with resolution processes?"
Yes.
"I spent all weekend long trying to get a hold of the people at MAPS, as they don't bother telling you when they are open.
Their web forms are always open.
When I finally got a hold of someone on Monday morning (not an easy task, mind you!), they told me that they are not open on the weekend, so it would have been *impossible* to resolve this issue quickly.
Impossible without using their web forms, that is.
And because I was only a customer of the company who owns these IPs, they would not unblock my subset of IPs.
Lets see, you are a customer of the people with the problem, you are not in the loop with your ISP as to exactly what actions have been taken, you don't know exactly what customers were involved, nor any of the sensitive details someone is going to want to know when there has been a massive spam run. Gee, that's too bad poor baby.
Despite the problem originating from a handful of IP addresses, MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend!
Never heard of snowshoe spamming? You live in a cave? News flash, many responsible systems admins block far more than just a /19. Many block /7's and /6's on private block lists.
I had already made several phone calls and emails to my co-location facility, and they told me they were doing their best to get a hold of someone there. Several emails had been sent, and just as I first experienced, they could not reach anyone at MAPS by phone.
See link to web form above.
When I finally talked to someone at MAPS, he told me that he would not be proactive in the matter by actually phoning my co-locator to work this out.
See above about having "standing".
These people at MAPS thinks themselves quite high and holy, and in some ways they are: many ISPs and the like will bounce emails just because MAPS tells them to. (I've since removed MAPS from my list of RBL servers to check.) As a small-business owner, MAPS can be very hurtful to a business and very uncooperative in helping resolve the issue.
If you are a business owner and fail to understand exactly why email is not a garenteed delevery system, and your business depends on email, then you are very stupid and deserve to go broke.
I gave them a couple subnets of mine to unblock, but they would not, even though my IPs were not involved in the original complaint.
And spammers NEVER lie. They NEVER pose as someone else. They ALWAYS tell everybody what IP ranges they intend to use in their spam run two weeks before thay use it.
This experience has certainly made me think twice about who I trust to decide the fate of my incoming email."
Good for you. Now, when you get finished thinking about that, think about how you can make your small business profitible when you can't use email. It's obvious to me that you fail to understand what went wrong, who is to blame for it, and what to do about it.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
SA can query blacklists (and does in its default config) but, it uses those as an indication. If maps or xbl blocks an address, but all other indicators are saying it is not spam, SA will not mark the mail as spam normally. Of course you can configure that differently if you feel like it.
At any rate, rbls should only be used as one of the possible indicators for spam, none of the rbls is perfect or even uptodate, and reöying on them as the main or even only indicator for spam is just a very good way to block legitimate mail, while the effect on stopping spam is not even close to 70% (at least on the mail servers that I run, which serve a few hundred users each)
XBL seems to be one of the more usefull ones among the rbls, rbls aiming purely at dynamic/home IPs seem to be utterly useless in practise.
Worst idea ever. A few admin jobs ago, my company's IPs ended up on one of them (was it ORBS? I wanna say it was). I don't think it's still around, but I later found out it was one of the more popular ones but it was run by some guy out of his parent's basement. Once you're on one, it's a very short time before you're on them all. But, I shouldn't have been on any as from the moment that mail server was connected to the Internet, I used SMTPAuth for mail sending. There was no way you could send mail without a username/password. I finally tracked down who'd put us on the list, and there was no way to contact them (again, some guy in his parent's basement), so you had to use their automated utility to get off their lists. Everytime I ran it, the thing would tell me "SMTPAuth required, not a spammer". But, my IP wouldn't be removed. Instead, and this was the best part, it would list it as ANOTHER confirmation that we were spammers. It took over a month to get off this stupid list, be thankful it only took you a few days.
RBLs are the most useless, stupid, assinine idea ever to gain wide acceptance. All of the evidence proves that. Spam continues and continues to rise every day, despite all of the "hard work" put in by RBL groups. Fuck you idiots, you're not making anything better, you're only making life worse. Every mail admin I've met has had some kind of anecdote about an RBL fucking up and wrongly putting them on a list, it's time to stop using them and find a REAL solution to spam.
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
I once worked for a company that had a problem similar to the original poster's. We had a Sprint Frame Relay and somebody on a nearby subnet was spamming.
Contacting the MAPS people was like pulling teeth, they refused to cooperate and were extremely rude to boot. In the end, we were affected for nearly 5 days until Sprint finally fixed whatever needed fixing.
These email activists are like the pricks who drive 55mph in the passing lane... bunch of self-aggrandizing jerks. They accomplish little or nothing, yet create alot of hassle for legitimate people & businesses.
Conformity is the jailer of freedom and enemy of growth. -JFK
It requires gathering evidence, but once you prove they are Spam friendly, you sue them for a refund. By hosting Spam they are not providing you with the ability to send email to anyone subscribing to MAPS. Therefore they are not fullfilling the implied parts of the contract and you deserve a refund.
Contact a lawyer of course, but it should work.
That is the way... And it is good.
The RBL is a sledgehammer; brought down on an ISP.
If an ISP tolerates SPAMMERS for longer than a set time (I think serveral milliseconds is reasonable, but I could be a bit over the edge), the ISP looses email connectivity. Period.
No network effect for you! And ALL of your customers.
If it is important, and you know me, send it to another account -- you know, the ones that don't check -- or phone, or use regular mail.
If you run a "list", reconsider. It may not work well. Publish the information on the web instead (use pull technologies, not push). In the post-spam world, push is reserved for people who really want it. Who actually invest in it (setting up their own servers, and buying blackberries/cell-phones etc).
If SPAMMERS take over machines on a Cable ISP -- block the whole damn thing! Yes, Gran and Gramps may get upset, and that IS the point. (oh, you say, RBLs already DO THIS! Damn straight).
180,000 IP block, or 10x that; it is a sledgehammer. Use it. Hell, our local DSL provider (Bell Symaptico) COMPLETELY blocks port 25 out-going AND in-coming. And that's the way it is. [they avoid the sledgehammer, by making it impossible to be hit. Good for now, and when we win over the SPAMMERS, they can be more reasonable].
This is a war, kids, and its not finished yet.
If you are discomforted -- blaim the SPAMMERS. Fucking bottom-feeders.
Ratboy
Just another "Cubible(sic) Joe" 2 17 3061
Hear, hear.
There are numerous problems with the usual RBL approach that are understood in most other contexts:
- collective responsibility with people you've never met (if you happen to share the same ISP)
- damaging misrepresentation (if the RBL claims you're a spammer because your ISP gets blacklisted and important communications are blocked as a direct result, or through outright damage to your reputation)
- failure to provide an adequate means of clearing up a problem caused with good intentions (a common issue with many services, particularly beloved of government departments)
and the list goes on.I've recently dealt with RBL types twice, in completely separate incidents. My employer's entire network got blocked on one occasion, along with a few thousand others. The original spam was genuine, but when you've got an ISP with 100,000s of subscribers, expecting no-one to ever abuse them by sending spam from their servers is rather optimistic. The best they can realistically do is close down whoever is doing it promptly, and they have to be careful not to be abusive in doing that since damaging an innocent customer faced with a malicious accusation (e.g., someone who sends out a genuinely opt-in mailing list and has the records to prove it) is equally unacceptable.
The other one was even better: my home ISP, a popular and generally fairly sensible lot, got their mail servers blocked. Following the information in the "you've been blocked" bounce message showed that the RBL claimed to have sent notification to the ISP's abuse address some several days before blocking them. Then, of course, "we don't reply to mails sent to this e-mail address" kicked in on both sides. The abuse address auto-replied acknowledging the message and saying it would receive a reply from a real person within five days. This was apparently ignored by the RBL systems, which activated the block sooner than that without further warning. In any case, that was all from the RBL site; the ISP staff claimed they didn't have anything more than about six hours before the block went active and half a million customers started ringing their support lines.
As I see it, there are two morals to this story:
IMHO, all of the above should be subject to sufficiently draconian penalties that staying in the ISP RBL business is outright financially unviable if the rules are repeatedly broken. Stuff not regulating the Internet; this is a simple solution to a major problem that affects everyone using it. When an industry demonstrates clearly that it can't regulate itself effectively and the public suffers as a result, official regulation is required for the good of everyone concerned.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
And no, it doesn't work. You wander right into the grey area of the courts saying "What is spam" - and since SPEWS and MAPS will list entire netblocks because some moron subscribes to newsletters and can't figure out the "unsubscribe" feature, I'd be wasting my time AND money. Then when the suit gets thrown out, I'd be liable for their legal fees as well.
It's just not financially viable.
MAPS sucks. SPEWS sucks. Nobody should bother using them, unless they're the "it's MY server, *I* will decide what I want!" types that are running a little Red Hat box at home. For business? SPEWS/etc are a horrible idea. I stopped using them years ago and haven't looked back.
The reason resnet is blocking IRC is more likely many viruses use it to coordinate DDOS attacks. Whether or not they should block your freedom to access it legitimately is another matter =\
You can try connecting with IRC+SSL (they may have blocked that too, though). Many of the popular IRC clients support this, but relatively few servers do. [Not to plug, but you can test SSL via: irc.editingarchive.com:6697, <a href="http://www.mirc.co.uk/ssl.html">MIRC's site</a> also has a list of SSL supported servers.]
Its your ISP's responsibility to quickly handle incidents like this. If your ISP doesn't have an abuse email address and quickly process it, then they deserve what they get.
Yes, blacklists have the power. They may be righteous about it too, but in my experience they were very responsive as long as you respond to the emails they send.
If your ISP didn't respond, then you need to consider changing ISP's to one that is going to be able to provide continuous service by responding to complaints. As long as they respond and commit to investigating, their IP's won't all be blocked. That is the only way SPAM is ever going to stop.
Don't be mad at the blacklists- be mad at your ISP. Your ISP is the one who is supporting spam and not taking complaints seriously. I learned the hard way that when blacklists email you about complaints, you need to respond quickly. I worked for a company that had an opt-in mailing list and we got blacklisted when someone complained about it. I forwarded a copy of our mailing showing the unsubscribe link and pointed them to the signup form that has the option to subscribe/unsubscribe and they quickly lifted the ban.
Was it a pain to deal with? Yes. Is it a necessary pain? Yes.
These online vigilantes need to go... What makes them a governing body on the Internet? What is even more pathetic is the people who subscribe to these lists. I know we all hate spam however shouldn't we be more concerned with the paper spam that fills up our normal mailboxes?
Could you try again in English? And I didn't start this analogy stuff, it was the other guy. If you want to reject analogies, reject his restaurant analogy too.
So what? If I build a system that detonates a pipe bomb as soon as FOX news broadcasts "The O'Reilly Factor", does that make FOX liable for damages caused by the explosion? I think not--it's the person who sets up the automation that's liable.
Likewise, if you want to sue someone for blocking your e-mail based on RBL information, without any human review, sue the person who set up the automation--i.e. the owner of the mail server.
Guess what? Credit bureaus already report verifiable lies about people, and there's apparently not a damn thing the average joe can do about it. I know this, because I've been lied about by a credit bureau. I ended up having to convince the company that was using the inaccurate information that it was inaccurate.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
MAPS isn't doing anything wrong, they simply gather findings and make them available to their subscribers. They exist to serve the interests of those subscribers, not the interests of some random nobodies who wish to send mail to those subscribers. MAPS is under no obligation to provide 24/7 assistance to the ``unfairly'' blacklisted domains. What exactly would be the business case for doing that? Who would pay those operators who wake up at 3:30 a.m. on a Saturday to service a complain?
MAPS subscribers are aware of its limitations and problems and, guess what, they don't care and use the blacklist anyway! A MAPS user doesn't care that some random nobody sometimes gets ``unfairly'' blacklisted and is unable to contact them for an entire weekend. They care most about not getting spam and are glad that MAPS is so strict. In other words, the subscribers share the same values as the MAPS operators! If MAPS were to change the way it operates, those users might well switch to some other service that follows the original policies. MAPS users even accept that sometimes they won't be able to talk to other MAPS users because of the same problem you are having. Yet they remain MAPS users. Therefore, they will hardly be sympathetic to your case.
So basically, your complaint boils down to the existence of difficult people who have very particular rules about being talked to because they don't want to be bothered. The system by which they share those rules with each other isn't what's standing in your way here.
I very much agree with your analysis of spam blocking (analyzing mail contents) vs blacklisting (analyzing mail sources, what MAPS is about) and that the former merely creates more spam.
However, I stopped using MAPS myself already in 2001 when they changed their terms into a subscription service and prohibited public disclosure of their listings (since I work at a university, where "someone told us to" is simply not good enough an answer when somebody asks why we insist on rejecting legit mail from particular sources).
I can also understand the frustrations of someone being inconveniently blacklisted, and MAPS certainly isn't above making mistakes. However, if a network has indeed been listed by mistake, the proper entity to bring this up with is the MAPS subscriber, not MAPS themselves. Anybody using a blacklist to reject inbound mail should provide an "emergency" point of contact (say, a web form or an unblocked postmaster address) so that they can receive notification of potential problems. It will be up to them to evaluate the claims, make exceptions or forward the feedback to MAPS as appropriate. MAPS offers support to their subscribers only, not to the general public or even to listed ISPs.
I have maintained a DNS-based blacklist myself, not meant for public use but still available for public inspection, and I received numerous complaints from people finding their own IP addresses listed by me, even as they could provide no evidence as to my list being the reason for their bounced mail in the first place! Appearantly, some blacklist subscribers don't care to inform each sender why their particular message has been rejected, but they rather return a static error message saying "here is a database of 500 blacklists, go complain to the maintainers and demand to be removed" or something to that effect...
I wouldn't mind seeing my own mail rejected due to a blacklisting. Either that's because my ISP is doing something wrong, in which case I want to be notified, or it's because the person I'm trying to talk to is using a poor blacklist, in which case I can either notify that person or drop him from my address book. It may seem drastic at that very moment, but in the long run it should send a clear message to everybody that network abuse will not be tolerated.
The point he's making is that your post was wrong in the first place. As you posted:
Your initial post is self-contradictory. If you had a 100% opt-in system, then nobody on the list would have been able to be signed up without them confirming it. That's what "opt-in" means. Just having a web page with a textbox to stick an email address into is not "opt-in", because, as you yourself discovered, somebody else can sign up other people to your list. You have to confirm email addresses before actually spamming them in order to be able to call yourself "100% opt-in".
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Well, well:
my recommendation to you:
switch providers ASAP.
One spam complaint, or 'a couple' of complaints not being followed up does not bring anyone into a blackhole list.
RBL lists and spam tagging services (spamcop, spamhaus, etc.) are a very good thing: they keep in check those who want to take more for themselves than they have the right to.
Your hosting provider did not get into the RBL for 'one or two' spam complaints 'not dealt with fast enough':
it takes a couple of independent complaints, each backed up with full spam emails, including all headers. I am not sure how many MAPS requires to see before acting, but I would guess it is not one alone.
MAPS also works with providers before swinging the big axe.
Spammers do good bandwidth, and I guess your provider is cashing for GB/month.
Maybe they did not prevent spammers from signing up again, so the spammer could actually 'poison' a ouple of different subnets. Maybe there were several different spammers operating successfully off your hosting provider.
Switch to a different provider now.
You are probably working with one of the 'spam friendly' ones, who actually advertise that, and hide spam hosts with all kinds of 'no traceroute', no lookups, etc.
Just check, there's more to it than you think, and than your provider tells you.
Calling the list or spam tagging service is the wrong approach.
You should have called your provider, who should have given you immediately an address outside of the blackholed ranges. Sure, that takes a while to trickle through the Internet, but is still faster than waiting for a resolution of the blackhole listing issue.
Did your provider do that?
Was your provider available?
Did they send you to MAPS?
If they sent you to MAPS then they know what they are doing and just try to give MAPS unjustified grief by directing 100s of customers to their phones. And that's spam too.....blocking someones phone lines this way...
Go get your money back.
da micha
So what? If I build a system that detonates a pipe bomb as soon as FOX news broadcasts "The O'Reilly Factor", does that make FOX liable for damages caused by the explosion? I think not--it's the person who sets up the automation that's liable.
Again, that's not how antispam blocklists work.
The people who make the lists are fully aware of how the lists are used. When people invented blocklists, this is how they intended them to be used. When MAPS launched their own list, this is what they had in mind. Ergo, when compiling the list, RBL operators were fully aware of the consequences to those added to the list.
It's the fact that RBL operators are not at arm's length that makes the difference. Even if O'Reilly knows that by going on air, someone will get blown up, he won't owe the same duty of care as an RBL operator because the RBL operators worked with the mail administrators to create the blocking apparatus in the first place. They constructed a system, guided its use, yet want to be held unaccountable for the very effects they set out to acheive.
Likewise, if you want to sue someone for blocking your e-mail based on RBL information, without any human review, sue the person who set up the automation--i.e. the owner of the mail server.
I'm not really talking about suing anybody. What I'm trying to address is this conception that RBL operators owe nobody anything. It isn't true. They knowingly contribute to actions that effectively wrong innocent people.
Why was Napster shut down? It wasn't because they directly wronged recording companies. It was because they vicariously did so and contributed to others doing so.
They didn't infringe on copyright themselves, but they effectively did because of the way they operated their network (or so the reasoning went).
Now, look at RBL operators. They purport to run a system that does X. They instruct people who use their system to use it a particular way. Subsequently, they go ahead and list individuals despite that they didn't do X, knowing that because of the way blacklists are used, it'll have an effect Y. You're telling me that the RBL operator didn't contribute to Y?
What if I'm in charge of Windows Update. I know that by placing something on Windows Update, it'll automatically download and run on millions of computers. So, I put up an OS update up that prevents userland programs from communicating with particular subnets/addresses on the Internet. You're telling me I've wronged no-one because people initially opted into Windows Update?
Guess what? Credit bureaus already report verifiable lies about people, and there's apparently not a damn thing the average joe can do about it. I know this, because I've been lied about by a credit bureau. I ended up having to convince the company that was using the inaccurate information that it was inaccurate.
That's right, they do, and it's wrong. QED.
I contend that it isn't. Now, do you have any argument other than mind-reading proof-by-repeated-assertion?
It was because they built a system designed to help me do something illegal. RBLs have built a system designed to let me block e-mail from you. My blocking e-mail from you is not illegal, because it's my goddamn server. Property rights trump your supposed right to have your message received, as the junk fax laws have shown.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
I whole-heartedly support MAPS and RBLs in general, and generally view with great suspicion anyone who argues against them, including the article submitter who is NOT running an opt-in system - any system that accepts blindly email addresses and starts spewing junk mail to them is almost as bad as full-blown spammers IMHO.
It has been proven many times in the past that MAPS's "shotgun" like approach is the ONLY way to get a large majority of ISPs to actually DO something about spam.
They generally do NOT "shotgun" until an ISP has just blatantly refused to do anything about it.
It was because they built a system designed to help me do something illegal.
Well, that's neither here nor there. It's not important whether or not blocking email islegal in order to answer the question, "Do RBL operators have some responsibility for what they do?" Just like it's not relevant whether or not arbitrarily turning people down for loans is legal (it is) when considering the case of the malicious credit bureau.
RBLs have built a system designed to let me block e-mail from you. My blocking e-mail from you is not illegal, because it's my goddamn server. Property rights trump your supposed right to have your message received, as the junk fax laws have shown.
Oh, sure. Nobody disputes that. You can block email from anyone and everyone you want. On my servers, I use RBLs in conjunction with SpamAssassin for so-called "greylisting" too.
The "problem" stems from the fact that end users (grandma at AOL, &c) typically have no control over the situation in the first place: they're entirely at the mercy of their ISPs, mail administrators and antispam vigilantes.
My point is that RBL operators don't get away with having no responsibility for their impact on the mail infrastructure. The most militant antispammers claim they can do whatever they want w/o considering its effect on others. That's arrogant and wrong on its face and policy based on such nutjobbery is just as destructive to the purpose of function of the Internet messaging system as spam itself.
There is a lot of noise here about "RBLs are good" or "RBLs are bad" and it totally misses the point about MAPS. MAPs is the grandaddy RBL, and I used it myself back in the day, before they started charging for it. When Vixie was running it, sure he was a crazy bastard, and sure he would occasionally block for what were arguably net.political reasons, but it was professionally run. It was obvious how you got on, and there was an open, obvious process for getting off. Anyway, at some point they got sick of running MAPS (who could blame them) and sold it off.
MAPS is now completely broken. It is a janky half-assed operation, run by half-assed cluebies. It is no longer professionally run, in any sense. True story:
We see in our mail log that mail from us is being rejected by certain servers because it is in MAPS. Of course we jump on this. We move a lot of mail. We run an honest shop, and don't send spam. We don't want to be on any RBLs. And if there is any spam sneaking through our network, we want to stop on it.
At the new MAPS web site we can look up our listing (good!) and see that it has been listed with a lot of other IPs at our hosting facility. They have an example spam, but it is clearly not from us. Ok...
We find their delisting page. It reads something like, "If you want to be delisted, give us a call, or email us or y'know, something, and we'll see what we can do..." Ok, that is a paraphrase, but there are no rules posted, no automated submission, no automated retesting, just "give us a call." Huh?
We we dash off some emails, "why are we listed and how do we get delisted?" and the boss calls them on the phone. After a couple calls, and much haranguing, they say they have an email from our particular IP in one of their spam trap addresses. Well this worries me, is there spam getting through somewhere?
My boss convinced the guy at MAPS to send him a copy of the email from the spam trap. Obviously this sets off alarms for me. Divulging a message caught in a spam trap is crazy. A spammer could easily sneak tell-tales in there that would reveal the trap address. It is unprofessional and demonstrates a lack of understanding of what a spam trap is. But this was just the tip of the iceberg. These jokers would prove themselves even less professional shortly.
We get the message and they have "sanitized" the To address in the headers and body. Or they attempted to, anyway. In fact we use VERP on the many mailing lists that we manage, so the To address is encoded in the envelope-from. So if we send from me@here.com to you@there.com, the envelope-from is set to:
me+you=there.com@here.com
That way if we get a bounce or a complaint, we can quickly determine the real address, and skip trying to figure out any alias chains or forwarding out at the destination.
But anyway, there is the real To address, plain as day. So unprofessional. The email *did* come from our mail server. We sent it on behalf of a customer who's web site we host. They have a busy ecom site, and they occasionally send emails to their customers. It's commercial email to be sure, but hardly unsolicited. You can opt in or out when you buy stuff, or any time thereafter. But wait, what's this customer up to, I wonder? Have they snuck some questionable email addresses into their list?
No, the email address had actually been used to buy something(!!) from our customer in the past. Aahhh! What? Clearly MAPS' new owners have no idea what spam trap addresses are, or how to handle them. Oh, it gets better.
The boss whois-es the domain, gets the contact info, and picks up the phone. He gets ahold of the owner and asks him if he had use that email address in the past (yes!), if he'd made a purchase from our customer (yes!). Then this guy starts slagging on us, talking about spam like he's an expert, even mentions MAPS. Turns out, in fact, he owns MAPS.
Un-fucking-believable.
Anyway, we make a bunch more calls and d
Then there's no question. You have to verify yourself to send mail period.
If I really am talking out of my ass...explain it to me with respect so I'll at least pull my ears out to listen.
And yes, even you women.
If I really am talking out of my ass...explain it to me with respect so I'll at least pull my ears out to listen.
They even block IRC Chat! Not just DCC, but you can't even chat. Now DCC has legitmate reasons to be blocked, but chatting? Let me tell you that you can get more info from IRC than you ever could from yahoo (which they allow).
Thanks to 'Classic' Napster and all the P2P applications and websites that sprang up since then, the media content industries (basically ALL the companies in the RIAA / MPAA organizations) have SUCCESSFULLY convinced ISPs that ANY sort P2P internet activity is (basically) breaking the law regardless of content being transferred (legal or not). Due to this ISPs 'nuckle under' and disable such possible activity.
IRC DCC broken?
No problem, they can 'chat' their files to each other using uuencoding or BASE64 coding (or yEnc if that is workable). It'll take longer, but all that was accomplished was an inconvenience in time for the two parties sharing file(s) -- THE FILE(S) WERE STILL SHARED!
The point is, the only way to truly stop 'media piracy' is to turn off the Internet.
Of course, it is highly unlikely that will happen. There is too much at stake already.
The best way to stamp out 'piracy' (really copyright infringement) is for the content industries to make their products too cheap to bootleg and readily available. The target market the content industries cater to have grown acustomed to low prices thanks to WAL-MART. It is in the content industries best interest to simply price their product low enough that they make their profit on high volume purchases by millions of people. They are big enough and have the infrastructure to do it. Otherwise, the current cat and mouse game between the content industry and the 'media pirates' will continue indefinitely.
The only ones this approach won't affect are the ultra hardcore 'media pirates' who wouldn't buy the stuff anyway and are content with their collection of purloined digital booty.
If the content industry REALLY wanted to make a difference, they should crack down on those who infringe their propery for a profit. Perhaps then, the noncommercial infringers might see their efforts and aid them by ACTUALLY going out and buying legitimate copies of the products being infringed to support them.