Slashdot Mirror
Should You Trust MAPS?
"I spent all weekend long trying to get a hold of the people at MAPS, as they don't bother telling you when they are open. When I finally got a hold of someone on Monday morning (not an easy task, mind you!), they told me that they are not open on the weekend, so it would have been *impossible* to resolve this issue quickly. And because I was only a customer of the company who owns these IPs, they would not unblock my subset of IPs. Despite the problem originating from a handful of IP addresses, MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend! I had already made several phone calls and emails to my co-location facility, and they told me they were doing their best to get a hold of someone there. Several emails had been sent, and just as I first experienced, they could not reach anyone at MAPS by phone. When I finally talked to someone at MAPS, he told me that he would not be proactive in the matter by actually phoning my co-locator to work this out.
These people at MAPS thinks themselves quite high and holy, and in some ways they are: many ISPs and the like will bounce emails just because MAPS tells them to. (I've since removed MAPS from my list of RBL servers to check.) As a small-business owner, MAPS can be very hurtful to a business and very uncooperative in helping resolve the issue. I gave them a couple subnets of mine to unblock, but they would not, even though my IPs were not involved in the original complaint.
This experience has certainly made me think twice about who I trust to decide the fate of my incoming email."
MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend.
MAPS didn't block you.
MAPS added you to a blacklist.
Some admins have decided to block you based on you being in the MAPS list.
That may or may not be a good decision on the part of the admins.
Its easy to get angry with MAPS, but they're just publishing a list.
Uh, that helps absolutely none in this particular case. If you'd bother to read the text, and it wasn't even a full article, some OTHER company/person was responsible for 180,000 IPs getting blocked, including his subnets which had ABSOLUTELY NOTHING to do with it.... His company's customer service had squat to do with it. Neither did his ISP's really...
(\(\
(^v^)
(")")
This is the cute vorpal bunny virus, copy to your sig or runaway, runaway in fear!
Actually, no, that's not what I'm admitting. My co-location provider had some customers that were the problem. And when I talked to them, they said those problem customers were terminated before the blacklist even happened. They didn't respond to MAPS in time, and MAPS took it upon themselves to blacklist 180,000 IPs, affecting innocent people like myself all over the world.
So you admit, that you were relaying SPAM No, read the guy's story again. A) He was not sending spam. B) Someone else at his ISP did send spam through the IPs they get from the ISP. C) His ISP did not respond 'fast enough' for MAPS. What is not clear is what is 'fast enough'. D) MAPS blacklisted him.
Once upon a time, I monitored the SMTP traffic on one of my systems very carefully. I wrote a special-purpose demon that pretended to be an SMTP server, which logged attempts at sending email, but still passed email to postmaster and from specific people (just like the RFCs say it must).
One day, I found a series of attempts at routing email through my server. A whole series of email with RCPT TO's that were off-site. I reported this to the abuse addresses that were responsible for the IP address that was the source.
Now, I expected one of two things to happen: they'd ignore the problem report, or I'd get a "thanks" for pointing out the problem. What I GOT was a cranky response from an anti-spammer telling me it was his GOD GIVEN RIGHT to hammer on my server in any way he saw fit, and a listing for the entire ORGANIZATION in one of the RBL-like listings as "uncooperative". All because I caught him testing my system and reported it.
Needless to say, I no longer bother reporting the routing attempts to anyone. If reporting spam relay tests gets me labelled a spammer and included in blocking lists, fuck it.
AT&T Worldnet also maintains an internal RBL that is very difficult to get off of primarily because there is no documentation on how to get off their RBL! To find out you pretty much have to do a search in Google Groups for some posts to the abuse newsgroups where other admins ask "How the (*&#$&*#$ do I get off the Worldnet RBL?". Another cute trick with the Worldnet RBL is, once you've been blocked you must email your RBL removal petition from an IP/domain outside the blacklisted one as mail sent to their abuse admins will bounce due to the RBL. It's just annoying as all hell if you ask me.
It doesn't matter if it's MAPS, ORBS, SPEWS, Spamhaus, or even AOL; if you administer outbound email, you are likely to be affected by someone protecting their email systems from spam. It is usually not your fault, but if others don't normally get listed frequently, there has to be some reason (unresponsive upstream ISP, something one of your customers or users is doing, a preventable misunderstanding about mailing lists) that got you listed.
If one RBL service has too many false positives, ISPs usually stop using them. MAPS is still in business, so their false positive rate probably isn't absurdly high.
Here are some tips to help email administrators keep their email flowing:
1. Negotiate ahead of time to get your servers whitelisted or registered as a "good" server. This means setting up proper forward/reverse DNS, configuring SPF, possibly registering with one or more "bonded sender" programs, looking at the AOL postmaster FAQ and getting into their whitelist system, etc.
2. Lease yourself a shared or dedicated server (think $25/mo -$60/mo) at another colocation facility that you can use to configure to be a mail relay for your primary mail servers. If delivery fails enough from your primary server, it should requeue the message to go out via your relay, perhaps after you've diagnosed the cause of the blocking complaint.
3. Setup test scripts to periodically poll major DNS RBLs for the status of your IP address and alert you when you're listed. (Perhaps tie this in to automatically activate your relay server in #2).
4. Ask your ISP what their spam policies are and assess your risk to getting mixed up in their other customers' problems. If they aren't vehemently anti-SPAM themselves, consider another provider for your outbound mail. By "vehemently", I mean: They have their own enformcement policies and 24-hour contact escallation policies with each customer, and will shut down customers that are not responsive to handling complaints.
5. If you manage mailing lists, make sure each and every message at the bottom has a link to the proof about how the recipient opted in for the message. (PS: Stop using email to distribute content! It's so, like, 20th-century. If your content is any good, they'll access it regularly via the web or RSS it into their portal.)
-ez
(Disclaimer: I'm the the inventor of DNS RBL. Your misery is partly my fault. Mua ha ha ha.)
Karma: Whore (you look at your score after posting)
The point is it doesn't have to be a spam friendly ISP. All it takes is some server at the colo getting cracked and used for spam. Or some idiot setting up an open relay at the colo because they don't know what they are doing.
Bullshit.
MAPS (and almost every other RBL) won't blacklist an entire ISP for one machine.
They start with one machine (the one sending the spam), and if the ISP does nothing about it, the block starts growing.
See, read the article - they were blocked because of repeated complaints. This is not just one machine.