Slashdot Mirror
Should You Trust MAPS?
"I spent all weekend long trying to get a hold of the people at MAPS, as they don't bother telling you when they are open. When I finally got a hold of someone on Monday morning (not an easy task, mind you!), they told me that they are not open on the weekend, so it would have been *impossible* to resolve this issue quickly. And because I was only a customer of the company who owns these IPs, they would not unblock my subset of IPs. Despite the problem originating from a handful of IP addresses, MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend! I had already made several phone calls and emails to my co-location facility, and they told me they were doing their best to get a hold of someone there. Several emails had been sent, and just as I first experienced, they could not reach anyone at MAPS by phone. When I finally talked to someone at MAPS, he told me that he would not be proactive in the matter by actually phoning my co-locator to work this out.
These people at MAPS thinks themselves quite high and holy, and in some ways they are: many ISPs and the like will bounce emails just because MAPS tells them to. (I've since removed MAPS from my list of RBL servers to check.) As a small-business owner, MAPS can be very hurtful to a business and very uncooperative in helping resolve the issue. I gave them a couple subnets of mine to unblock, but they would not, even though my IPs were not involved in the original complaint.
This experience has certainly made me think twice about who I trust to decide the fate of my incoming email."
They are a big pain in the ass for us providers to deal with. But they are also a necessary evil too sometimes. Personally I like the Spamhaus lists much better. And Spamhaus isn't a bunch of assholes so that gets them the cookie in my book.
There should be some kind of standardization as to why IP ranges are blacklisted.
Not like, "They said they were neo-Nazi's and we've chosen to ban their entire ISP for not removing their page, because we're offended by Nazi's." which could very well happen now.
But more like, "We've received over 500 unique spam complaints about IPs in this range. Company hasn't responded in 5 business days. IP range is now blacklisted until they do something about it and contact us."
Of course, the larger the ISP, the more attempts to contact them could be made. Like maybe two weeks for a large ISP and a week for a smaller or ISP that's in some backwater country.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Some are well maintained, and even automatically maintained. spamhaus and spamcop come to mind. One of the less desirable ones that comes to mind is SORBS, where if they list you in one category you've got to donate $50 to charity, per message, to be delisted. You're an ISP providing smtp to your customers, and you're listed again? Tough.
You should never trust any RBL, but if you must, you should pick one which defines a VERY narrow criteria with NO collateral damage.
Time and time again, I see people trying to enforce someone else's terms of service (usually poorly, and without room for any exception), getting blacklisted for non-spam activities (e.g. using a provider that hosts a spammer willingly), etc, etc.
These are attacks on the nature of the Internet as a network of peers.
Spamhaus does a very good job with XBL of listing just systems that are known zombies, relays, etc.
Combined with a decent offender-only list of bulk spam sources (I use dnsbl.antispam.or.id), you get excellent results, with few (none that I've been able to discover through analysis) false positives.
SpamAssassin, of course, makes this a moot point by combining and weighting several sources. I've never seen a false positive from SA as a result of bad blacklist handling (other tests, sure, but not it's DNSBLs). However, you may need some pre-filtering at SMTP time to reduce the load on your spam-filtering system, and that's where the above strategy comes back into play.
Then your co-lo provider is clueless and you should find another. If they offer 99.9% reliability, you should ask them for a refund for the month.
My ISP follows the rules of the internet just fine. MAPS seems to think they can invent an enforce new rules, even though they are just a private company. If it was Microsoft doing this service the same way, I'm sure you would be singing a different tune. I don't think anyone benefits from private companies inventing rules that everyone is supposed to follow, and punishing hundreds of thousands of innocent customers because one ISP doesn't respond to an email in what they have dictated is a reasonable amount of time.
I in fact did spend my entire weekend talking with the ISP and trying to figure out how I could help the problem, even though I had nothing to do with the cause. But when MAPS activates a blacklist Friday night, after business hours, and then is not open until Monday morning, I hardly think that's fair play. They could have waited until Monday morning when they'd be able to respond to resolution requests, but they didn't. Instead they screwed us all over.
I had a meeting with a bunch of important people at my ISP on Monday afternoon, and I was quite satisfied that they were doing everything they could to resolve the problem with MAPS. It was pretty clear that MAPS was being extremely slow or unresponsive, and it took them half a day to come back with a list of "demands" before they would remove the blacklist. My ISP responded quickly and sufficiently, and it still took MAPS several more hours to remove the blacklist.
something like MAPS can't ever work without the occasional listing of a block that doesn't belong there, and the shittier the management of the list the shittier the service you get from it. being unavailable at some hours, ANY HOURS, and pretending to keep a list(that thousands of emails depend on) current is a joke.
on way to react to this is to not take any action at all - a spam prevention system with high number of false positives is an useless one(you may need to explain it to your customers though and direct them to complain to the appropriate person - the one who decided to use maps on some server). if you can't send email to somebody.. use gmail/hotmail or whatever to mail them posing as a customer and telling that you don't like maps and that they just lost a sale because of it... if you don't like them complaining to their nonexistant support is not likely to help you - complain to the people who use their services and think it's pretty cool, at least then there's a possibility of them dumping maps as a way.
the whole way how an address gets to the list is of suspect anyhow:
***************
"After you have read our Guidelines for Reporting Email Abuse and have completed the research necessary, you are ready to submit a nomination to MAPS to have an IP address included on the MAPS RBL.
Start your message with a brief, one paragraph narrative with the details summarized:
"I am nominating a site for listing on the MAPS RBL. I received this spam... I reported it they ignored my report... I confirmed the relay... I called them, and they said... "
Include in-line, all related phone conversation transcripts, copies of the spam with full headers, the abuse report, the response or auto-ack and any other correspondence you received. Additional information should include further documentation of the spam problem, webpage source code, or other necessary information.
An Investigator will review your nomination and contact the owner of the IP address to see if we can resolve the issue. If no response is received, or the responsible parties are unwilling or unable to rectify the problem, a nomination to the MAPS RBL is made. The Investigator creates a nomination that documents the entire Investigation and Notification process. The nomination is entered into the MAPS RBL for certification and approval by Management.
This certification process verifies that the information in the nomination is accurate, and that a reasonable effort to contact responsible parties has been made.
"
***********
even if you DO answer to the accusations it's your word against the accusers and they got NO WAY to find out for sure - it's impossible to tell if you're a spammer or just some guy that some idiot is trying to frame, if you are a real spammer who really owns that ip you're likely to deny it anyhow.
world was created 5 seconds before this post as it is.
The real problem though isn't MAPS and their attitude, it's the spammers. Get rid of the spammers and you get rid of the need for MAPS. These lowlife internet-scum are where any ire ought to be directed, again IMHO.
I disagree. The problem with MAPS is they take the "vigilante with a shotgun" approach to eliminating spam. You get a couple of spam vigilantes that want to cause "the most financial harm possible" to spammers and anyone that associates with spammers, and you have the potential for a lot of abuse.
Just to give you an example, I used to host a couple of vanity domains on a webhost in a colocation facility. A customer of a completely different webhost in the same facility decided to webhost some spammers. This is 3 or 4 degrees of separation from my vanity domains. MAPS decided to blacklist the entire freaking colocation facility until the spam stopped.
That is borderline ridiculous, and their admins have some serious attitude problems. They feel like it's better to penalize many just because a few bad eggs are mixed in. Well, they need to tune their blacklists because I don't trust them.
Philosophical question for you:
If MAPS decides to punish everyone in a colocation facility because a few spammers are customers of a customer in the same facility, how is that any different than Al-Qaeda deciding to punish all of the US on 9/11 for the actions of a few people in the US government?
"When the president does it, that means it's not illegal." - Richard M. Nixon
Well, I think it's pretty damn irresponsible for RBLs to be blocking entire subnet, as tempting as that might be. We had RoadRunner do that to our /23 address space, and we couldn't even find anyone who could do anything about it. I eventually said "Screw you" and refused delivery of anything with "rr.com" on the end of it. A few months ago, the block simply disappeared.
The world's burning. Moped Jesus spotted on I50. Details at 11.
This is a myth.
I'm sorry, but the idea that only blocking known offenders is unworkable has been proven wrong over and over.
I use a combination of greylisting, SPF and a small number of blacklists which have strict non-collateral damage policies.
Today, as an example, on a small personal system I've actively rejected 2576 connections, and allowed 228 messages. Of those 228, 75 were then identified as spam by SpamAssassin. A 97% success rate on a VERY low-bandwidth / CPU first-pass is more than acceptable for almost any application, given that you have a second pass (e.g. SA) which further improves your results to about the 99.9+% level.
The trap that people end up in is thinking that they need their first-pass to be as effective as a stand-along spam filter. Not true. You only need it to be effective enough to reduce the burden on your network and hardware by skimming off most of the incoming spam before it has a chance to consume those resources. If you're a VERY large ISP, then you might need to adopt additional measures (and while I despise the way AOL has done it, for example, I understand their reasons). If you're not one of the 10 largest ISPs in the world, then you are kidding yourself.
I have one user who asked me if mail was broken when I first deployed this. He was concerned because he'd come to think of the steady trickle of spam as a sort of heartbeat.
Indeed. Anyone who uses MAPS to blackhole mail is an idiot, and should have their root privs taken away. Seriously. These sorts of lists are GREAT for greylisting -- increase your spamassasin score by a few points, or something like that.
But anyone who uses MAPS to blackhole servers is lazy and incompetant.
So following your reasoning to a rather ridiculous end, I should block any mail originating from the US (and possibly Canada) because that is apparently where the bulk of spam mail (sorry UCE) comes from.
.plus.com were blocked (UK ISP). Ironically my brother's company use MAPS.
...
I don't think so somehow.
I also had my IP plugged by MAPS in this way as a result of an over zealous vigilante. Large parts of
Fine, I thought, I'll just have a look at the web site and find out what I'd done wrong. I had just compiled up a new Exim MTA with Spamassassin and Sophos but perhaps I'd done something wrong (no it isn't open).
A quick check showed all the links to info I really needed pointing to product info for Kelkea. E-mails resulted in automated responses.
In the past I'd thought of MAPS as one of the good guys, oh well
So, my opinion:
I don't think you should go after an entire block of addresses - it's just not fair to the innocent
Don't use address lists that you can't trust - ie those in the hands of a company that seem to try and impress with the size of their lists (I'm male and a Company Managing Director and I'm not impressed by that sort of size 8) )
If you look after anti spam systems, then don't just tick the boxes (especially if you use say Mailsweeper on Win). Evaluate the lists that you use for blacklists and if you do use lists, then consider how you use them. Most of the responsible ones eg SURBL via Spamassassin means that you score spam according to hand sorting, ie people have spent a great deal of time with huge volumes of spam and ham, creating scores that are justifiable.
I'm off to install DSpam now for a really large customer now - no lists, no scores - just opinion from those who count - THE CUSTOMER (they *know* what is spam wrt them)
A while ago, when the MAPS DUL virus first began to spread, my dad began to have problems delivering his mail from his Linux system on a cable modem. So I contacted MAPS and told them about what I naively assumed they would agree was unintentional collateral damage. Not only did they refuse to take his IP address off the list, they were spiteful enough to contact my dad's ISP and register a complaint about his "unauthorized" server!
It goes without saying that my dad is not a spammer. And we both see to it that his system is properly maintained and configured. All we ever wanted was to exchange email email without depending on his ISP's slow and unreliable mail servers.
MAPS and other spam vigilantes are actually far worse than the spammers they claim to be fighting. No spammer has never prevented me from sending or receiving wanted email. MAPS often does so, and they have to go away. Since they're unlikely to do so on their own accord, our only alternative is to educate the ISPs to not use their services. Openly boycot any ISP who subscribes to the MAPS, and tell them we simply don't want their "help" in blocking email. Patronize the more enlightened ISPs that give you a choice as to how or whether your mail will be spam-filtered.
Seriously, we didn't see this kind of fuss when the USENET community blackholed the entire Comcast cable community for a while, even though I'm certain there were a few innocents out there.
(Hey, the USENET "Death Penalty" was once a serious threat to ISPs.)
There are no workable solutions, whilst e-mail is an unprotected, plain-text, unvalidated, unauthenticated service. There are only attempts to get a compromise that cure a little more often than they kill.
In a way, I like major problems like this, because things are more likely to change under pressure. People are generally lazy, so when there's no need for improvement, there isn't any. Once the system becomes broken enough, that will change. The last thing you want, though, is slow degradation, because people will build up a tolerence and change becomes completely impossible.
This is not my preferred option, and I don't believe it's the option any "free/open source" fan supports. If you're into Linux or any of the *BSDs, the odds are high that if you have an itch, you'll scratch it, rather than deciding your arm should fall off first. On the other hand, if that is what it takes for others to do anything, then maybe we're not doing them any favours if we enable them to overlook the inevitable.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I agree, my first real negative experience with them, was when I was attempting to be proactive. I was setting up an email server and wanted to find out what holes came in the base configuration. I feed it an IP plugged the in-progress server to get back a report, and found my IP address automatically blocked. This address belonged to an active server that was already properly configured but the client didn't have any extra IPs for me to use. There server was down the entire weekend, plus three workdays, before I could get them to remove the ban. Yet, they encourage techs to test a machine and receive a report of security holes. After that, I pretty much put out the word to never use their service to test a machine that's being built.
I hate spam, but their methods pretty much demand a new approach to fighting spam, creating blacklist, and even just testing servers. Their support is horrible and while it guarantees it will hurt a spammer here or there, that's pretty much like shooting in a crowd then stating well at least I killed a bad guy.
The blacklists you need to worry about are the ones that don't tell you that you are on them - the multiple small ones that quietly shut off access to their mail servers, or send email from certain net blocks to /dev/null and never check to see if the spam has stopped. You will never know how many of these your co-lo's spamming customers have annoyed to the extent they just flipped the switch.
Spam has been a big problem for long enough, and the various blackhole lists have been in action long enough, that your ISP or co-lo or whatever should have been aware of the consequences of harboring spammers. One of the " rules of the internet" is that I can refuse to accept email from any domain I don't feel like accepting email from. If I choose to accept the recommendations of MAPS, it's my right to do so ... you and your ISP have no right to tell me I must or must not listen to MAPS or even Fluffy.
And use of that "tool" is plainly wrong, if not outright illegal. You want to blacklist IPs associated with spam problems? Go right ahead. You want to blacklist and entire IP block when you know or should know that there are innocent users of IP addresses in that block? Sounds like an unfair and deceptive business practice to me that in my humble legal opinion violates the Federal Trade Commission Act. You want to use the fact that you've blacklisted innocent parties as "leverage"? Now it definitely sounds like an FTCA violation and even begins to have antitrust overtones.
If my co-loc was taken down like this, and I couldn't get it resolved all weekend, I would have been in court at 9 AM Monday morning and in front of a judge by 9:30. I don't care if my ISP is harboring spammers, when it comes to interfering with MY services, I'd be arguing:
- Tortious interference with contractual relations;
- Unfair and deceptive business practices / unfair competition; and
- Defamation (falsely accusing my domain / IP subblock of harboring spammers).
And that would be just the beginning. There are right and wrong ways of dealing with issues like these. This story, as posted, seems to me to be plainly wrong.Laws affecting technology will always be bad until enough techies become lawyers.
RBL's are a terrible idea. I wouldn't say they are outdated though, mostly because they were always a terrible idea.
/. and posted an email address cringes)
There is nothing easier for a spammer to defeat then a RBL; they just set up a server in their closet and run their own SMTP server. Most DSL and cable connections use temporary IP addresses and you can't RBL Verizon. No spammer is going to co-lo a server to send spam from.
Spam complaints are often ridiculous due to user ignorance. I used to work for a company that send a plain text newsletter to a 100% opt-in mailing list once a month. To receive a mailing a user either had to sign up on the website or via a piece of paper on the front desk. They still would get spam complaints both to themselves and to their ISP.
Half the time they were from people that specifically signed up to get mailings. It wasn't as if we were mailing previous customers or anything, you had to say "please send me your newsletter". Evidently these people either forgot or changed their mind and couldn't be bothered to click the opt-out link at the bottom of the email. Somehow, 9 out of 10 of these people were AOL users, Funny.
The other half they were even more crazy. One time the guy was not even in the mailing list database; we weren't sending him mailings. We even checked with him to see if he had a second address that could be forwarding mail to the one in question but he claimed he had no such mailbox. There was simply no way for us to remove him from the list because he wasn't on it in the first place. Another time, we deduced that someone else had signed up the person in question (the person's last name was recorded in the database as "Assface"). Evidently someone didn't like them very much and had signed them up for every mailing list they could find. Kinda a good method of getting back at someone I suppose. (everyone that has ever flamed anyone on
Laws, RBLs, regulations... all these things are both ineffective and erode our freedom. If you don't want spam there are three things to do: 1) Don't post your email address on the web, use a PHP mailer instead. 2) Don't give out your personal address, use a a "spam" address. My Dad once gave his real address to one of those "win a Segway" things at the mall (he must have been drunk or something), he now gets about 200 spams a day, up from zero. 3) Use an email filter. The good ones don't even use blacklists and work great.
And well... 4) Don't piss someone off that knows your email address.
Cool art gallery, if you're into that sort of thing.
I use DNS blocklists for the simple reason that they work, and they work with a lot less CPU time than content analysis filters such as SpamAssassin.
I don't use MAPS, but my experience with the ones I do use, such as SPEWS and Spamhaus is that it blocks around 90% of my incoming spam with very few false positives. While they continue to produce these results, I will continue to use these filters to manage my incoming mail.
I use SpamAssassin on the remaining 10% of the spam, and it catches most of the rest of them. I could use it on all of them, but it would take too long to check my email if I did that.
It is a bad idea to block email based solely on one RBL, or on multiple RBLs that share databases. Unfortunately, this is how a lot of software was designed, a few years ago - you could only block mail based on an RBL, and it was all-or-nothing.
I'm sympathetic to the original poster, and agree with the parent to some extent. The reason that services like MAPS have to block such broad ranges of addresses is because spammers try to evade them. It's bad that "innocent" addresses are caught in the crossfire, but the RBL administrators also view this as placing pressure on ISPs to stop doing business with the spammers. If your email is blocked because your ISP hosts spammers, you might be motivated to switch ISPs.
But there's another component to the "failure" of RBLs, and it is the fault of the administrators of spam filters: placing total confidence in the contents of an RBL. Some spam filters are configured such that they will block a message simply because the sender is on one RBL. This is not a good practice, in my opinion.
What I do is to use multiple, independent RBLs and assign a weighting to each one. If a message's sending server is listed on an RBL, then it gets that RBL's weighting added to its "spam score". This is added to whatever weighting is assigned by other message contents (trigger phrases, and other behaviors). If the overall weighting reaches a certain threshold, the message is blocked.
This has made RBLs much more effective for me - as one component in a blended solution.
That's completely retarded. His ISP kicked out spamming customers. They're already responsive to spamming complaints.
My employer is extremely paranoid about spammers getting on our network (I work at a data center) and we've gone so far as to turn off entire T1 lines until we can find someone at the other end to shutdown a zombie PC. Yet we still periodically make it onto various blacklists, because people report mailing lists they subscribed to as spam or because we didn't shut off someone fast enough to make the RBLs happy (it's never taken us longer than 24 hours to notice a spammer and shut him down.) In at least 2 cases we were added to a blacklist 2+ weeks after we shut the spammer off.
Going straight to blocking their other customers, without at least trying to contact someone is overzealous. When I see someone spamming our mail servers I will actually try to call his ISP. If I can't get someone, or I get someone and it doesn't stop in 48 hours I block them myself. It's not hard, takes 5 minutes, and keeps everyone happy.
Well, over the next few harrowing days with little or no sleep, I got a crash course in how serious anti-spam people think and work. I was able to get into contact with the SPEWS folks through the more approachable founder of another SPAM blacklist, and got a call, I think at 1 AM, regarding the block.
It turns out I had ignored a bunch of email warnings which had looked to me like poorly worded form letters, and hadn't been handling SPAM complaints with the same dedication I was giving to routing updates, process automation, and other job duties. I had believed Dean Westbury, one of our first customers, over some complainers because he had impressed me early on with the way he dealt with one of his spamming customers. I didn't know, at the time, that he was one of the world's most notorious SPAM kings.
Anyway, he (the SPEWS guy) had me by the balls and he knew it. I told him I'd get on the stick, and accordingly he tentatively lifted the ban on our IP blocks. We made one of our tech guys a mostly-full-time SPAM cop, we continually fine-tuned our AUP to exclude any indirect use of our network for use by spammers, and we started keeping up with the alt.net-abuse.* newsgroups. In short, we became pro-active instead of reactive.
These guys are fanatics. If you're letting any of your customers spam, you are making money off that activity, which makes you complicit. That's the way they think, and when I thought it over myself, I agreed. If these guys at ORBS, MAPS, and SPEWS weren't fighting spam, I think it's likely the problem would be orders of magnitude worse. The best thing you can do for yourself is to align yourself with these yahoos (some of them will continue to hate you forever, for not doing so from the start, but that's life) and make sure you keep up with all the spamhouses and don't let the big spammers onto your network. If you already have some of them, clamp down on them by modifying your AUP until you can kick them off. There are plenty of ways to make money on the net without income from these thieves.
The RBLs don't force anyone to use them. They provide a service (many are free, even) and ISPs use them to cut down on the huge bandwidth and storage costs of unlimited spamming. If you want to keep yourself off them, you need to keep your network clean. The larger you are, the more resources you'll need to devote to that. And if you're just a customer of a hosting facility, you need to get them similarly clued-in or find another facility. It may not be "right" but it's The Way Things Are (TM).
I have always thought that the way to combat this is to sue the RBL for libel. Under most jurisdictions, electronic communication is pretty much the same as written. They are saying you are a spammer, resulting in ascertainable damage to your business. There would be no defense of 'truth', and it certainly is not expressing an opinion.
That is only 3 class B subnets. It's actually not that much address space. Not all of those IP's will be active. Far fewer will be both active and assigned to mail servers.
What are we talking about here, a few thousand mail servers, at most?
Of that limited universe, only a subset will have happened to send emails over the weekend to domains that actually refuse inbound connections or delete emails from servers with IP's listed in MAPS. What are we talking about now? A dozen? Two dozen? A hundred at most?
Of that subset, how many emails do you think were actually bounced or discarded versus the more common treatment of simply deferring the connection until the sender's MAPS listing is removed?
The answer is that very few legit emails, if any, would actually have been lost. In most cases it simply would have taken until monday for the emails to get delivered. Not a big deal.
Except for the spammers, of course, who might have lost an entire weekend's worth of mass-spamming. Doesn't that sound like a good tradeoff? It does to me.
The way I see it, MAPS may even be more trustworthy than DNS itself, now that Verisign's SiteFinder "service" is on the loose, doung its part to befuddle web surfers and spam blockers alike.
If you are a co-location customer, and your IP address gets black-listed, I think it's your responsibility to put pressure on the co-lo facility to resolve the problem. All of the people on these black-listings must not care if they've let it go this long.
Also, just because you're listed on these pages doesn't necessarily mean you are the one causing the problem. A non-profit for whom I do server administration got listed on a bunch of these lists. The cause was some spammer stealing content from their site, and including the URL to this non-profit in the email. SpamHaus just finds all domains listed in the email, looks up information on everything it finds, and blacklists ensue. When this happened, I had to fight with both Peer 1 and SpamHaus to convince them we had nothing to do with the spam, which we didn't. (Peer 1 acted too quickly if you ask me, as they blocked one of our IP's listed in the report almost immediately.) What should have happened and what didn't is that SpamHaus should only be looking at the servers through which the spam travels. Had they done that, the non-profit with whom I'm involved would have never been included in the blacklist. Instead, only the originating mail server and any open-relays would have been affected.
RBLs don't block mail. Their users do. Nobody has to use it. They use it because it keeps the spam away.
MAPS is apparently not a list of spam sources, it is a list of places that sent spam and their associated blocks. They do that so the legitimate customers will call their ISP and demand they stop the adjacent spammers.
FWIW that is how the spews.org blacklist works. First lists only spam sources. Then if the spamming continues increases the pressure on the ISP to dump their spammers by causing pain to the legitimate customers of that ISP (if any). Course some ISPs have no legitimate customers......
Which explains perfectly why the OP couldn't get removed, only his ISP could. Oops.
.
Our small ISP has had to struggle repeatedly with SpamCop. I will say that once we finally got some dialog going with SpamCop (which was not very easy to do...) they were very nice and fairly helpful. And the apologised each time and explained what happened (it involves one of our customers, who run their own mail server, with us as a backup MX, actually being a SpamCop customer, and not having configured his account properly, and thus the spam they reported which was delivered through us caused us to get black listed. Yes, he managed to blacklist his own ISP...!)... This happened several times. Several of our customers noticed the blacklisting and were not happy campers.
This is particularly difficult for small ISPs which have to struggle enough already to hang on to our niche.
And it is especially sad for long established ISP such as ourselves, who have been in the business since practically the beginning of the commercially available internet.
The DDoS attacks we've suffered once or twice in the past have not hurt so much as being blacklisted by SpamCop. Being smacked down by "friendly fire" really makes one dispair.
No matter how nice and helpful they were once we finally got them to talk to us, I can't say I will ever be able to trust them.
Previous to that SORBS black listed us several times. Their security scanner for some reason believed that one of our Zope ftp servers, on a non-standard port, was a compromised machine.
We've been innocence each and every one of these times.
I have to admit in some of my emails to SpamCop I was a little bitter. In one I suggested, tongue in cheek, that I was going to start a blacklist blacklist and have their blacklist blacklisted.
In another I couldn't help but must wonder if they aren't some sort of anti-terrorist terrorists...
I don't know the answer. But It's clear from the overwhelmingly negative response here that the issue of innocent victims being blacklisting is widespread, and extremely aggravating.
But no doubt just as spammers will continue to exist, the blacklists, right or wrong, will continue to think they are fighting the good fight. And sysadmins who haven't yet experienced the helpless sinking feeling of being innocently blacklisted themselves will continue to see the blacklist services as an quick and easy answer to one of the biggest and most difficult problems on the internet.
In this day and age, anyone with any sense who has a legitimate need to run a mail server on a dynamic address also relays through their ISP's mail servers and bypasses blocks like that anyway.
Except that doing that takes away one of the big advantages of running your own mail server, a lack of limits on outgoing attachments. Now, depending on ISP, this may or may not be a big deal, but in 2005, a 2MB attachment limit is rather small.
I personally like running my own e-mail server for several reasons, one IMAP + webmail if I want.
Two, I don't have to change my e-mail address every time I move from college back home for the winter, or when I transferred colleges or go on to Grad School, or change my parents e-mail when we changed ISP's last year or just today to DSL.
Three, buy using my own PC, I can use the free dydns service to have a practically unlimited mailbox size (well 50GB, but...) unlimited e-mail addresses, aliases etc for free as opposed to paying for hosting monthly.
Also, in terms of flat out buying e-mail service, I've found running my own server to be either the equal or better in terms of reliability. For free to me, as I have the PC and net connection regardless of the third party e-mail service.
I personally hate the blocks that spammers and others are forcing on us ligitimate users who want to actually use their PC for stuff. VNC blocks piss me off, because the resnet staff tell me it's a security vulnerability. Well, VNC is free for me to use, I can't afford, nor do I have any desire to pollute my system with the shit of PC Anywhere. I also don't believe PC Anywhere has a Java client you can use from any PC like TightVNC does.
They started blocking things like TOR. FTPS, SSH. I tried to explain to them that SSH is far from unsecure/unauthenticated. I said if they allowed SSH I could then tunnel VNC over that and it wouldn't bother anyone.
They even block IRC Chat! Not just DCC, but you can't even chat. Now DCC has legitmate reasons to be blocked, but chatting? Let me tell you that you can get more info from IRC than you ever could from yahoo (which they allow).
And if you are an astalavista.net member, you can't even use the Java IRC Client.
Anyways, I really get pissed off over the thought that we NEED to have companies being the server to us clients. I think P2P has shown that people are capabile of being PEERS in the internet, like it was designed to be.
And moreso, they(the resnet, or ISPs) consider that users should be second class citizens for whatever reason. Heck, most of the listed "servers" wouldn't touch the bandwidth usage of Kazaa or Bittorrent.
Opera, Proxomitron-Grypen,GPG 0x0A1C6EE3
Why is an IP address not just an IP address? Stop being so elitist. IP didn't have a NOBLEMAN/SERF bit in every header last time I checked.
It's lazy ISPs' faults that spammers aren't shut down quickly, thus these blacklists have to take out whole blocks, causing collatoral damage like the original article describes.
The internet was designed to allow PEERS to talk to ther PEERS. It's an equal-opportunity protocol stack, by design. Too bad some people no longer believe in this principle.
ERROR 144 - REBOOT ?
And on a broader front, are you really prepared to trust a company like Kelkea, Inc. (owners of MAPS) to decide what emails gets to you without really knowing how they operate and deal with resolution processes?
There's a reason I stick to Spamhaus as the sole RBL at work (and at home) - professionalism. They spell out criteria and rationale clearly on their website. They list only IPs, rather than blindly blocking entire netblocks or domains. The delisting policy is incredibly liberal by default, but temper that by tracking repeat offenders. And (this is where a _lot_ of lists fall down) they assign a TTL to every entry and automatically expire the entries even if the owner doesn't report a resolution.
We block millions of messages a day based on the SBL/XBL lists and have, to date, recieved only one query from a client about why a particular message was blocked, and it turned out the recipient had a worm outbreak that got them places on the XBL. The block had been lifted before it even made it to our support team.
I had a similar thing happen to me. While I didn't run a special daemon designed to catch spamming attempts, I did notice a big bunch of weird entries in my logs; I checked where they were coming from - turned out to be an IP registered to Schlund + Partner - and then contacted Schlund about it, as I assumed that one of their customers was trying to use my mail server as a relay.
I got an answer the next day, and it turned out that it was, in fact, Schlund themselves who had done this - not to spam, I presume, but to check whether my system was an open relay. Why that is any of their business I don't understand, but OK - I can live with it, as the worst thing it did was eat up logfile space.
However, what really bugged me was the attitude of the person who got back to me - "arrogant jerk" does not even begin to describe it. What it essentially came down to was "I'm better than you, so shut up, and BTW, my penis (i.e., the servers I'm administrating, the pipe they're connected to etc.) is bigger than yours, too".
I lost a *lot* of respect for Schlund that day, and in fact, until today, I will not do any business with them. Well, not that I would anyway, but it at least gives me a certain satisfaction to know that they're on my own personal blacklist, at least.
quidquid latine dictum sit altum videtur.
I'm already relaying via ISP - the only problem is that I have to use my ISP email address as my from address.
Ah, bummer. Makes sense, though. From their perspective, anyhow. Cuts down on shenanigans.
I'd rather use my own address as a from address so that I'm not locked in due to inability to switch email providers.
Well, I don't want to sound like a shill, so I won't mention my favorite fowarding service again. I'm sure that Google can tell you about other email forwarding services, though. Some are free, and some are pretty nominal in cost.
Really, there is no reason not to grant static IPs to all DSL users - that gets around the whole dynamic IP situation. However, the ISPs want to make money, and there is no law saying that we have to make it easy on them.
Well, I understand your pain, but there's more to the story than just corporate greed. Even if ISPs did assign static IPs, I don't think much would change in terms of blocklists. Personally, I would still reject mail coming from known DSL/Cable space, regardless of whether or not it's dynamic. The reason is as I stated previously: 99.9% of mail originating from that kind of space is going to be from zombied PCs. It's not worth it to me to increase the burden on my mail servers by going past the step of checking the address against lists of known DSL/Cable addresses.
Think about what must happen whenever a busy ISP's mail server receives a connect request... One of the first things my servers do is check to see if the client is in a pool of known DSL/Cable addresses. If it is, the connection is dropped and the server is immediately freed up to attend to other requests. If I started doing things like checking for SPF records (when I know the client is very likely a PC on a DSL/Cable connection), my servers would begin to suffer. Should I add more servers to the cluster just so that I don't accidentally drop the occasional legitmate email from someone playing with Postfix at home?
I'm not saying that I'm happy about the situation. In fact, I hate that spammers have ruined the relaxed atmosphere of the Golden Olden Internet. Unfortunately, just as people lock their cars and houses, we have to accept that there are lots of sociopaths on the Internet who will take advantage of whatever they can to make a buck.
A host is a host from coast to coast...
Unless it's down, or slow, or fails to POST!