Slashdot Mirror
Should You Trust MAPS?
"I spent all weekend long trying to get a hold of the people at MAPS, as they don't bother telling you when they are open. When I finally got a hold of someone on Monday morning (not an easy task, mind you!), they told me that they are not open on the weekend, so it would have been *impossible* to resolve this issue quickly. And because I was only a customer of the company who owns these IPs, they would not unblock my subset of IPs. Despite the problem originating from a handful of IP addresses, MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend! I had already made several phone calls and emails to my co-location facility, and they told me they were doing their best to get a hold of someone there. Several emails had been sent, and just as I first experienced, they could not reach anyone at MAPS by phone. When I finally talked to someone at MAPS, he told me that he would not be proactive in the matter by actually phoning my co-locator to work this out.
These people at MAPS thinks themselves quite high and holy, and in some ways they are: many ISPs and the like will bounce emails just because MAPS tells them to. (I've since removed MAPS from my list of RBL servers to check.) As a small-business owner, MAPS can be very hurtful to a business and very uncooperative in helping resolve the issue. I gave them a couple subnets of mine to unblock, but they would not, even though my IPs were not involved in the original complaint.
This experience has certainly made me think twice about who I trust to decide the fate of my incoming email."
Nobody should trust maps, as they might be out of date, or insecure and flawed.
Whereas I have sympathy for the innocent bystander (as the poster appears to be), and whereas I agree that uncompromising behaviour can be frustrating, the SPAM black hole servers are somewhere between a rock and a hard place...
They can't just block small sections of netblocks (because a spam-happy ISP will just allocate new IP's to their paying spammer customer) - the only way they can police the offence is to ban the block.
They can't just add people back in when they've been blocked either - there has to have been some resolution of the problem, and that has to come from the ISP, at least IMHO. A customer running a website will say anything (especially if they're a scum-of-the-earth-spammer-type customer) to get back online. AN ISP who lies knows their next block will be more permanent...
OTOH, Being unavailable out of hours is
The real problem though isn't MAPS and their attitude, it's the spammers. Get rid of the spammers and you get rid of the need for MAPS. These lowlife internet-scum are where any ire ought to be directed, again IMHO.
A Sony NDA I once signed said that in the event of disclosure of anything under NDA, Sony would seek damages, and that financial reparation may not be sufficient penalty. The point being that the penalty *ought* to have teeth, and atm, the spam penalties do not. If you want less spam on the 'net, you're going to have to accept more regulation of the 'net. Another double-edged sword...
Simon
Physicists get Hadrons!
They are a big pain in the ass for us providers to deal with. But they are also a necessary evil too sometimes. Personally I like the Spamhaus lists much better. And Spamhaus isn't a bunch of assholes so that gets them the cookie in my book.
But in practice, the RBL community has been a bust. The maintainers are often militant and, IMHO, too emotionally attached to the problem. They don't provide a service anymore--they provide a surgeon with a chainsaw. While it's extremely easy to get a site on an RBL, it's often difficult or impossible to get off one. There are exceptions of course, but in general you are a designated spammer until some random magic happens and you manage to get yourself off. (yes, there are procedures, usually on a website, but often removal requests will go unreplied to, and in some cases will error. Sometimes removal works and often it doesn't) And Goddess help you if the previous owner of your IP address was a spammer. (And no, I've never run an open relay.)
I hate spam, but I don't use RBLs anymore. It's too bad, really. They were a great idea, but have been poorly managed. I'm sure someone will post links to the "good" ones, but using them is like reaching for the few good apples in a barrel of rotten ones.
Mox
MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend.
MAPS didn't block you.
MAPS added you to a blacklist.
Some admins have decided to block you based on you being in the MAPS list.
That may or may not be a good decision on the part of the admins.
Its easy to get angry with MAPS, but they're just publishing a list.
It's time to ignore some of the more trigger-happy blacklists. If enough well known businesses and providers end up on these lists and do nothing about it, using these lists to block email becomes infeasible: problem solved. Black lists are useful against a small number of hardcore spammers, no more, no less.
First, they want you to pay for the service. They will consider free usage occasionally, but take it from someone who has submitted five (5) applications for that kind of consideration - and have been flat out ignored - they are not a valid solution anymore, and are just looking to make money with the least amount of effort.
We use them, and they're one tool in the anti-spam arsenal. If your domain gets locked out, there's a good chance that your administrator was non-responsive. They're not foolproof, and they're not well funded. Nonetheless, their record and methodology are well-known. So is their success at getting the attention of admins from tiny domains through to AOL, its subsidiaries, and major corporations.
Yes, it bites when you get black-holed. It's usually (but not always) entirely deserved.
---- Teach Peace. It's Cheaper Than War.
You've discovered the joys of running a site on the modern Internet. These kinds of things will happen; there is very, very little you can do to prevent it. Your best defense against this sort of thing is a general outage contingency plan; whether by thunderstorm, fire, hardware failure, power outage, vengeful backhoe, blacklisting, or stupid admin trick, an extended service outage is an eventuality, not a possibility.
My advice to you? Take some time to lay out an outage response plan, or learn to be satisfied with three nines availability. Don't waste your time getting 'em in a bunch over MAPS and prepare for the next time something like this hits.
Obliteracy: Words with explosions
maybe a form of passive protest is in order here. Since you've been black-balled by these Lords of Spam, you might as well dive into the Spam business. Make whatever money you can selling viagara, cialis soft tabs and penile ejection units, might as well.. around town everybody knows you as the hero-cum-spammer.
When they take you off the list, stop spamming.
which offer no way to contact them and no way to get off. Others are private lists run by telcos that offer no acknowledgement of the BL or how to get off it. Not an easy task.
MAPS has made some big bloopers over time. They've also done a heck of a lot of good. The founders have had to endure all sorts of attacks, threats on their lives, etc.. and they perservered with their vision.
Are they perfect? Far from it. IMHO, if you weigh the good they've done against the harm they've caused, my view is they are overwhelmingly good.
As for Kelkea, I have no opinion.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Yeah, except it sounds like the submitters IP was not involved in the spam complaint. Its difficult to respond to something you never recieve.
If hunting spammers was legal this wouldnt be a problem at all.. Uh. unless someone thinks you sent them spam due to faked headers etc..
At the very least it should be reasonable to punch someone who buys something from spam. The main problem is the vast and bountiful supply of idiots that make it worthwhile for the spammer bastards to carry on as they do.
Starsucks
You might be better served by doing business with a more reputable ISP. I'm not sure what "a few spam complaints that weren't dealt with quickly enough" means, but I imagine there's a large other side of this story. If your ISP's inability to follow the rules impacts your business, it seems more reasonable to me for you to have taken the matter up with them all weekend long, rather than spending it trying to fix what they screwed up.
We stopped using some blacklist when I was working at netmar a couple of years ago. I remember it being a huge pain for customers.
Of course, we had been saving all our spam since like 1997, and when we fed all the spam (30,000 messages?) into a bayesian filter, it caught most spam. Also, we still used ORDB, as they tend to only target specific kinds of problems (obviously, Open Relay Data Base). That caught a lot, also.
Really, it goes back to the eternal tradeoff for any computer system - ease of use traded for security. Always.
Strike a compromise - don't be overzealous, but take reasonable precautions.
~Will
sig?
What do you do when you find out that a domain that gets used is blacklisted by someone for no reason, and they won't take you off the list unless you give them $250?
-- $G
Uh, that helps absolutely none in this particular case. If you'd bother to read the text, and it wasn't even a full article, some OTHER company/person was responsible for 180,000 IPs getting blocked, including his subnets which had ABSOLUTELY NOTHING to do with it.... His company's customer service had squat to do with it. Neither did his ISP's really...
(\(\
(^v^)
(")")
This is the cute vorpal bunny virus, copy to your sig or runaway, runaway in fear!
There are no trails. There are no trees out here.
There should be some kind of standardization as to why IP ranges are blacklisted.
Not like, "They said they were neo-Nazi's and we've chosen to ban their entire ISP for not removing their page, because we're offended by Nazi's." which could very well happen now.
But more like, "We've received over 500 unique spam complaints about IPs in this range. Company hasn't responded in 5 business days. IP range is now blacklisted until they do something about it and contact us."
Of course, the larger the ISP, the more attempts to contact them could be made. Like maybe two weeks for a large ISP and a week for a smaller or ISP that's in some backwater country.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Some are well maintained, and even automatically maintained. spamhaus and spamcop come to mind. One of the less desirable ones that comes to mind is SORBS, where if they list you in one category you've got to donate $50 to charity, per message, to be delisted. You're an ISP providing smtp to your customers, and you're listed again? Tough.
How can you blame MAPS when you should be blaming the ISPs and other email administrators for subscribing to a blacklisted that has no checks or balances?
While MAPS (or SPEWS) may be overzealous and entirely destructive in their obsessive quest to stamp out SPAM, it is ultimately the email administrators responsibility for using them. Blame them for not doing their job right.
Feed the need: Digitaladdiction.net
If sending email on weekends is so damned important to your business why do you only have one ISP?
Actually, no, that's not what I'm admitting. My co-location provider had some customers that were the problem. And when I talked to them, they said those problem customers were terminated before the blacklist even happened. They didn't respond to MAPS in time, and MAPS took it upon themselves to blacklist 180,000 IPs, affecting innocent people like myself all over the world.
happened to my girlfriend's work, a charity, operating a clear, double-opt-in newsletter service about their ongoing work... some moron who clearly subscribed to their newsletter decided it was easier to use an automated "report as spam to ORBS" tool then it was to simply reply to the e-mail, click the "unsubscribe now" link, or re-visit the web site and opt-out via the very prominent, very obvious opt-out tool.
ORBS, in turns, blacklisted their mail server as an open relay, and then had the unbelievable nerve to tell my girlfriend that they would lift the ban in exchange for a "donation" so that they could continue to run their service.
While this isn't criminal, it's morally repugnant.
Bottom line, "blacklist" services like ORBS/MAPS are a horrible, misguided and idiotic idea. Case study after research project after real-life experience can attest to this.
bash-3.00$ uname -a
SunOS panda 5.10 Generic sun4u sparc SUNW,Ultra-2
You should never trust any RBL, but if you must, you should pick one which defines a VERY narrow criteria with NO collateral damage.
Time and time again, I see people trying to enforce someone else's terms of service (usually poorly, and without room for any exception), getting blacklisted for non-spam activities (e.g. using a provider that hosts a spammer willingly), etc, etc.
These are attacks on the nature of the Internet as a network of peers.
Spamhaus does a very good job with XBL of listing just systems that are known zombies, relays, etc.
Combined with a decent offender-only list of bulk spam sources (I use dnsbl.antispam.or.id), you get excellent results, with few (none that I've been able to discover through analysis) false positives.
SpamAssassin, of course, makes this a moot point by combining and weighting several sources. I've never seen a false positive from SA as a result of bad blacklist handling (other tests, sure, but not it's DNSBLs). However, you may need some pre-filtering at SMTP time to reduce the load on your spam-filtering system, and that's where the above strategy comes back into play.
So you admit, that you were relaying SPAM No, read the guy's story again. A) He was not sending spam. B) Someone else at his ISP did send spam through the IPs they get from the ISP. C) His ISP did not respond 'fast enough' for MAPS. What is not clear is what is 'fast enough'. D) MAPS blacklisted him.
The problem wasn't that we used MAPS -- we didn't. It's that other large organizations do, and we were adversely affected by an over-zealous "investigator" and an co-location facility who wasn't able to respond to MAPS's notification email within a day -- not all that unreasonable, in my opinion.
1. MAPS finds problem, discovers hosting by co-loc, bans entire co-loc.
2. Very shortly after ban, MAPS is unavailable for contact for 48+ hours.
3. MAPS refuses to unban innocent bystander.
4. MAPS refuses bystander's plea to contact co-loc.
Seems to me that MAPS has several problem. Aside from procedural issues, perceived arrogance, negligence, incompetence. Submitter is right. Overzealous, for sure.
I sure wish they were better. It hurts the users.
Then your co-lo provider is clueless and you should find another. If they offer 99.9% reliability, you should ask them for a refund for the month.
A rock and a hard place? Nobody's twisting anybody's arms and saying, "Go out and blacklist people!" These are net vigilantes on a power trip, and they're making life difficult for a lot of innocent people who have nothing to do with spam. Those are the people caught between a rock and a hard place.
If we go thru the history if the ISP and netblock in question, we may find that an infamous spammer has been using it for the last 6 months with no attempt by the ISP to resolv the problem despite many warnings from MAPS and other anti-spam organizations -- or we may find that MAPS went on a wildcat strike.
Given the very vague real data about this dispute, I'd be inclined to tell the complainant that he's probably the customer of a hardened spam provider, and he may be best to find another provider (as unpleasant as the move will be). If we get more than generic information, I may be able to giver more than a generic suggestion.
Usually Usenet death penalties are a last resort. MAPS may seem like they're assholes, but my guess is that they're finding themselves dealing with some assoles of their own (i.e. the offending ISP). In the moment, they can't tell the difference between you, and the offending spammer(s) who triggered this showdown. (( I'll presume, for the sake of argument, that you're not a spammer yourself )).
They're not willing to deal with you because their beef is with the ISP, and that's the only place where the problem can be resolved. They're iconveniencing you because it's probably one of the few tools left that they have to push your ISP to stop inconveniencing the entire internet.
Free Software: Like love, it grows best when given away.
Well, I think it's pretty damn irresponsible for RBLs to be blocking entire subnet, as tempting as that might be. We had RoadRunner do that to our /23 address space, and we couldn't even find anyone who could do anything about it. I eventually said "Screw you" and refused delivery of anything with "rr.com" on the end of it. A few months ago, the block simply disappeared.
The world's burning. Moped Jesus spotted on I50. Details at 11.
I'm an admin on another small service who was hit by the same MAPS tantrum. Some people on here seem to be posting comments that illustrate confusion about what went on. In the simplest terms it is this: a large number of IPs were blacklisted by MAPS even though the vast majority of those IPs were allocated to servers with responsible admins that had never sent spam. Many of the IPs in those blocks had been leased to smaller co-lo sites and then leased again to organizations like my own. Apparently, though, the decision was to block all IPs belonging to the highest-level organization; a completely ridiculous decision.
Once more to make it clear: many of the blocked IPs were in no way related to spamming. Please do not respond by saying "you've admitted there was some spam". The truth is that many people were punished because they happen to share the same block.
Say what you want about the need to fight spammers. Any system that produces 180,000 false positives to get one true positive is not useful. MAPS has clearly demonstrated that they are not a useful system for preventing spam.
MAPS is being harsh, yes. But too many sysadmins (and now, WAAAAAY too many zombie computer owners) are unwilling to do anything to combat this. So if MAPS blacklisting everyone in an IP block is a way to get the ISP to wake up and deal with the problem on their network, I say more power to them.
I sympathize with this guy's plight (especially since it sounds like he was just a bystander) but his ISP was lax -- and it might have just ignored the whole thing altogether if MAPS hadn't taken action as radical as this. What this really says is that he either needs to demand that ISP enforce stricter no-spam policies or he needs to take his business elsewhere.
I don't have any pity for the few (if any) legitimate users of spam haven networks like Optigate or Genesis II having their e-mails blocked. Spammers are willing to go the extra mile, that's why they're winning.
Seriously, we didn't see this kind of fuss when the USENET community blackholed the entire Comcast cable community for a while, even though I'm certain there were a few innocents out there.
(Hey, the USENET "Death Penalty" was once a serious threat to ISPs.)
There are no workable solutions, whilst e-mail is an unprotected, plain-text, unvalidated, unauthenticated service. There are only attempts to get a compromise that cure a little more often than they kill.
In a way, I like major problems like this, because things are more likely to change under pressure. People are generally lazy, so when there's no need for improvement, there isn't any. Once the system becomes broken enough, that will change. The last thing you want, though, is slow degradation, because people will build up a tolerence and change becomes completely impossible.
This is not my preferred option, and I don't believe it's the option any "free/open source" fan supports. If you're into Linux or any of the *BSDs, the odds are high that if you have an itch, you'll scratch it, rather than deciding your arm should fall off first. On the other hand, if that is what it takes for others to do anything, then maybe we're not doing them any favours if we enable them to overlook the inevitable.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
On behalf of many members of the male gender I would say no. We don't trust those lying overpriced pieces of paper. And we don't ask for directions. We rely on our innate sense of direction.
One time, I even made it to Mexico without consulting a map. It took me days but I got there. I learned a lot that I didn't expect from that road trip. Like it's so cold in Mexico that there's moose everywhere. Also the Mexicans tend to pronounce things a bit differently. Like "about" is pronounced more like "aboot". And they tend to say "eh?" a lot. It's far different than the Mexico I read about as a kid.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Why were you sending email directly from a home IP address?
One line blog. I hear that they're called Twitters now.
I agree, my first real negative experience with them, was when I was attempting to be proactive. I was setting up an email server and wanted to find out what holes came in the base configuration. I feed it an IP plugged the in-progress server to get back a report, and found my IP address automatically blocked. This address belonged to an active server that was already properly configured but the client didn't have any extra IPs for me to use. There server was down the entire weekend, plus three workdays, before I could get them to remove the ban. Yet, they encourage techs to test a machine and receive a report of security holes. After that, I pretty much put out the word to never use their service to test a machine that's being built.
I hate spam, but their methods pretty much demand a new approach to fighting spam, creating blacklist, and even just testing servers. Their support is horrible and while it guarantees it will hurt a spammer here or there, that's pretty much like shooting in a crowd then stating well at least I killed a bad guy.
The expected, desired response to this situation is to go hire a new ISP which _does_ respond quickly to spam complaints. If he and all of his ISP's customers start doing this, his ISP will either improve their spam complaint handling, or go out of business. Eventually all you have left is ISPs who respond quickly to spam complaints.
This is exactly how the system should work. Outraged customers make ISPs perform better.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
First of all I can completely understand your frustration - it's a bastard of a situation. You appearently didn't do anything and was hit hard by MAPS.
:)?
That being said, I think blacklists are a necessary evil. At the university where I currently work (as a student-aid, not responsible for the whole operation) we employ three different blacklists. Why? Becausse they filter out about 2/3 of the mails sent to our users (roughly 2.500-3.000 on a workday). If we didn't remove theese mails, we would be overrun by users complaining. As the situation is now, we only have to deal with the legit mail, that is accidently blocked.
Of course there are alternatives like bayesian filtering, but theese unfortunately take up processing power and storage. It is perhaps an approach we should investigate further, but I must admit we haven't gotten around to it, as the blacklists are serving us fine.
PS. Are you sure you don't have any zombie's on your network segments? Is smtp (both incoming and outbound) firewalled off for all machines (except perhaps mailservers
I find it stunning to see all of these complaints about RBLs from people who apparently consider internet email access vital to their business processes, but have service from only one ISP. Have these people never heard of redundancy????
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
You should always trust your security to outside companies.
Get your Unix fortune now!
And boy, did spamhaus roll us over the coals on that one. Our ISP changed providers and bought into one that had a block of IP addresses that used to be owned by a spammer and when the spammer vacated the premises, they weren't nice enough to let Spamhaus know that they had left the neighborhood, and consequently, when we moved in, WHAMMO, blacklisted.
It took a lot of investigation, and then using a different email server to forward all of our email through for a couple of MONTHS to get everything resolved.
And, boy were the Spamhaus people super nice and helpful.
Ocean is land, covered with water.
That's completely retarded. His ISP kicked out spamming customers. They're already responsive to spamming complaints.
My employer is extremely paranoid about spammers getting on our network (I work at a data center) and we've gone so far as to turn off entire T1 lines until we can find someone at the other end to shutdown a zombie PC. Yet we still periodically make it onto various blacklists, because people report mailing lists they subscribed to as spam or because we didn't shut off someone fast enough to make the RBLs happy (it's never taken us longer than 24 hours to notice a spammer and shut him down.) In at least 2 cases we were added to a blacklist 2+ weeks after we shut the spammer off.
Going straight to blocking their other customers, without at least trying to contact someone is overzealous. When I see someone spamming our mail servers I will actually try to call his ISP. If I can't get someone, or I get someone and it doesn't stop in 48 hours I block them myself. It's not hard, takes 5 minutes, and keeps everyone happy.
A couple of the blacklists and AOL's mailserver blacklisted the IP's for being "home IP's", even though they weren't. Took a number of emails from both us and Qwest's NOC to get removed off all the blacklists.
So, beware of situations where ISP's designate blocks of IP's for business use "within" those they've classified as "home". It happens.
I'm Rick James with mod points biatch!
No-one ever flew 737s into the world trade towers. ITYM 767s. The ones that landed in the pentagon and the paddock were 757s.
And anyway, WTF does any of this have to do with terrorism? It's a ridiculous link - a way to invoke Godwin without actually mentioning the 'n' word perhaps?
RBLs are advisory. RBLs do not block email. Which parts of this are y'all having so much damn trouble with. The operators of about 8 different RBL lists advise me (in response to a request for information that I initiate) that the MTA that has just contacted me is coming from an IP address that is known to have been used recently by a spammer. I choose to refuse to accept the proposed email delivery from that source on the strength of advice from one or more RBLs. (eight different ones, as it happens, on my home postfix server. It takes a full fifteen seconds for my smtp daemon to answer when you connect 'cos of all the lookups!!!).
Why is it so damn hard to grasp? Realtime Blackhole Lists do not block spam . Administrators and their policies block spam, and they've every right to choose what arrives on their boxes and what doesn't!
The original poster (article) has no right to get upset at anyone for my decision not to accept email from him. All he gets to do is F.O.A.D. Getting his royal whinge frontpage on slashdot is nice for him, but it's not a right or a guarantee.
I find your ideas intriguing and I wish to subscribe to your newsletter.
Well, over the next few harrowing days with little or no sleep, I got a crash course in how serious anti-spam people think and work. I was able to get into contact with the SPEWS folks through the more approachable founder of another SPAM blacklist, and got a call, I think at 1 AM, regarding the block.
It turns out I had ignored a bunch of email warnings which had looked to me like poorly worded form letters, and hadn't been handling SPAM complaints with the same dedication I was giving to routing updates, process automation, and other job duties. I had believed Dean Westbury, one of our first customers, over some complainers because he had impressed me early on with the way he dealt with one of his spamming customers. I didn't know, at the time, that he was one of the world's most notorious SPAM kings.
Anyway, he (the SPEWS guy) had me by the balls and he knew it. I told him I'd get on the stick, and accordingly he tentatively lifted the ban on our IP blocks. We made one of our tech guys a mostly-full-time SPAM cop, we continually fine-tuned our AUP to exclude any indirect use of our network for use by spammers, and we started keeping up with the alt.net-abuse.* newsgroups. In short, we became pro-active instead of reactive.
These guys are fanatics. If you're letting any of your customers spam, you are making money off that activity, which makes you complicit. That's the way they think, and when I thought it over myself, I agreed. If these guys at ORBS, MAPS, and SPEWS weren't fighting spam, I think it's likely the problem would be orders of magnitude worse. The best thing you can do for yourself is to align yourself with these yahoos (some of them will continue to hate you forever, for not doing so from the start, but that's life) and make sure you keep up with all the spamhouses and don't let the big spammers onto your network. If you already have some of them, clamp down on them by modifying your AUP until you can kick them off. There are plenty of ways to make money on the net without income from these thieves.
The RBLs don't force anyone to use them. They provide a service (many are free, even) and ISPs use them to cut down on the huge bandwidth and storage costs of unlimited spamming. If you want to keep yourself off them, you need to keep your network clean. The larger you are, the more resources you'll need to devote to that. And if you're just a customer of a hosting facility, you need to get them similarly clued-in or find another facility. It may not be "right" but it's The Way Things Are (TM).
It doesn't matter if it's MAPS, ORBS, SPEWS, Spamhaus, or even AOL; if you administer outbound email, you are likely to be affected by someone protecting their email systems from spam. It is usually not your fault, but if others don't normally get listed frequently, there has to be some reason (unresponsive upstream ISP, something one of your customers or users is doing, a preventable misunderstanding about mailing lists) that got you listed.
If one RBL service has too many false positives, ISPs usually stop using them. MAPS is still in business, so their false positive rate probably isn't absurdly high.
Here are some tips to help email administrators keep their email flowing:
1. Negotiate ahead of time to get your servers whitelisted or registered as a "good" server. This means setting up proper forward/reverse DNS, configuring SPF, possibly registering with one or more "bonded sender" programs, looking at the AOL postmaster FAQ and getting into their whitelist system, etc.
2. Lease yourself a shared or dedicated server (think $25/mo -$60/mo) at another colocation facility that you can use to configure to be a mail relay for your primary mail servers. If delivery fails enough from your primary server, it should requeue the message to go out via your relay, perhaps after you've diagnosed the cause of the blocking complaint.
3. Setup test scripts to periodically poll major DNS RBLs for the status of your IP address and alert you when you're listed. (Perhaps tie this in to automatically activate your relay server in #2).
4. Ask your ISP what their spam policies are and assess your risk to getting mixed up in their other customers' problems. If they aren't vehemently anti-SPAM themselves, consider another provider for your outbound mail. By "vehemently", I mean: They have their own enformcement policies and 24-hour contact escallation policies with each customer, and will shut down customers that are not responsive to handling complaints.
5. If you manage mailing lists, make sure each and every message at the bottom has a link to the proof about how the recipient opted in for the message. (PS: Stop using email to distribute content! It's so, like, 20th-century. If your content is any good, they'll access it regularly via the web or RSS it into their portal.)
-ez
(Disclaimer: I'm the the inventor of DNS RBL. Your misery is partly my fault. Mua ha ha ha.)
Karma: Whore (you look at your score after posting)
I suppose that is the real question here.
The OP is extremely vague about exactly what IP range is involved. So, I smell a rat up front.
But, for sake of argument: Suppose the IP space had a notorious spammer in residence for a long time. Suppose the owner of that huge space had ignored complaints for a long time. Then, were I MAPS, or SPEWS, or SBL or any other block list, I'd have no qualms at all about dropping the space into a blocklist then leaving for a 2-week vacation.
As for the poster whose outbound email was blocked. I say, tough shit. Get a new provider and get over it.
Peer1.net did not appropriately respond to their spam complaints, and simply moved known spammers from one IP block to another. It is unknown if they were knowingly harboring spammers (MAPs seems to think so), but the reason MAPs escalated to all of their netblocks was because they could not get the attention of Peer1 with previous attempts, and the best way to get their attention when they are ignoring you is to get every single one of your customer's attention and have them all call you. I emailed MAPs, they didn't respond, I called them and got a human on the phone and they explained this to me. I called Peer1 to chew them out for doing this and will demand that they give me outage credit.
r g,
I rely on RBLs to block a significant amount of spam, however I use conservative ones that the anti-spam community seems to be fairly confident in their abilities, attitude, de-listing policy. They constantly need to be re-evaluated (in fact I need to do that soon) as to their effectiveness, but with this list I have not had a customer complaint about us blocking mail.
list.dsbl.org,
opm.blitzed.org,
relays.ordb.o
cbl.abuseat.org,
NB: MAPs is not listed because they do this sort of thing. While it may sound like I support what they did above, I also am really pissed off because I've got a lot of trouble tickets from people wanting to know why their mail bounced. It is for this reason that I am not using MAPs in my RBL list.
Ok, I've got mod points here but I have to post.
/end rant
I just have to say that anyone using MAPS or SPEWS or any other high false positive RBL list to outright blacklist servers is just asking for trouble and is indeed not a good mail admin.
You might want to use MAPS or SPEWS or others to help reduce spam in conjuntion with SA or another tool but you can not use them to block the IP's at the SMTP stage, that's just ludacris.
There are RBL's out there with almost zero false positives, use them to block the initial connection and perhaps use MAPS et al to add *points* to the spam rating of the message, but never use them to block outright.
Do aol, google, yahoo etc use them ? No, you'd have to be out of your mind to do that.
Bah, ignorant mail admins bother me just as much as stupid mail admins who continually send me warning messages about how my email to them was bounced because it contained a virus (if you don't get that you shouldn't be admining a mail server).
RBLs don't block mail. Their users do. Nobody has to use it. They use it because it keeps the spam away.
MAPS is apparently not a list of spam sources, it is a list of places that sent spam and their associated blocks. They do that so the legitimate customers will call their ISP and demand they stop the adjacent spammers.
FWIW that is how the spews.org blacklist works. First lists only spam sources. Then if the spamming continues increases the pressure on the ISP to dump their spammers by causing pain to the legitimate customers of that ISP (if any). Course some ISPs have no legitimate customers......
Which explains perfectly why the OP couldn't get removed, only his ISP could. Oops.
.
Our small ISP has had to struggle repeatedly with SpamCop. I will say that once we finally got some dialog going with SpamCop (which was not very easy to do...) they were very nice and fairly helpful. And the apologised each time and explained what happened (it involves one of our customers, who run their own mail server, with us as a backup MX, actually being a SpamCop customer, and not having configured his account properly, and thus the spam they reported which was delivered through us caused us to get black listed. Yes, he managed to blacklist his own ISP...!)... This happened several times. Several of our customers noticed the blacklisting and were not happy campers.
This is particularly difficult for small ISPs which have to struggle enough already to hang on to our niche.
And it is especially sad for long established ISP such as ourselves, who have been in the business since practically the beginning of the commercially available internet.
The DDoS attacks we've suffered once or twice in the past have not hurt so much as being blacklisted by SpamCop. Being smacked down by "friendly fire" really makes one dispair.
No matter how nice and helpful they were once we finally got them to talk to us, I can't say I will ever be able to trust them.
Previous to that SORBS black listed us several times. Their security scanner for some reason believed that one of our Zope ftp servers, on a non-standard port, was a compromised machine.
We've been innocence each and every one of these times.
I have to admit in some of my emails to SpamCop I was a little bitter. In one I suggested, tongue in cheek, that I was going to start a blacklist blacklist and have their blacklist blacklisted.
In another I couldn't help but must wonder if they aren't some sort of anti-terrorist terrorists...
I don't know the answer. But It's clear from the overwhelmingly negative response here that the issue of innocent victims being blacklisting is widespread, and extremely aggravating.
But no doubt just as spammers will continue to exist, the blacklists, right or wrong, will continue to think they are fighting the good fight. And sysadmins who haven't yet experienced the helpless sinking feeling of being innocently blacklisted themselves will continue to see the blacklist services as an quick and easy answer to one of the biggest and most difficult problems on the internet.
It's hard to figure out the right way to do justice. But the reason that "vigilante" is a bad word is not because ad-hoc or public systems of justice can't do things right. It's because we've learned, the very hard way, that all systems of justice need accountability and checks and balances built into them. Built into them _hard_, from the very start, and impossible to remove. And even then, people find ways to remove them.
The vigilance committees start with the best of intentions. And often they do good, and help the problem. But history knows it doesn't always go that way, and when there are no checks and balances, you pay the price.
Of course, it's not impossible to set up a private justice system that has the right safeguards. But the safeguards are expensive. They deliberately... deliberately are designed to let many guilty people go unpunished. This frustrates people (especially in the spam wars, amazingly.) So people rarely stick to the safeguards.
This is why many people were worried about blacklists like these from the very start, even when they had nothing but the best laid plans.
Has it been over a year since you last donated to the Electronic Frontier Foundation
Why is an IP address not just an IP address? Stop being so elitist. IP didn't have a NOBLEMAN/SERF bit in every header last time I checked.
It's lazy ISPs' faults that spammers aren't shut down quickly, thus these blacklists have to take out whole blocks, causing collatoral damage like the original article describes.
The internet was designed to allow PEERS to talk to ther PEERS. It's an equal-opportunity protocol stack, by design. Too bad some people no longer believe in this principle.
ERROR 144 - REBOOT ?
2. You say that your list is 100% opt-in. Any anti-spammer will tell you that isn't good enough - it needs to be double-opt-in with confirmation. And besides, it doesn't matter what you say - spammers lie.
3. RBL's are perfect for eliminating the usefulness of the email system for commercial use - this is the entire point of the anti-spam movement. If email is only useful for informal, friend-to-friend communications and useless and unreliable for things like order confirmations, newsletters and other commercial stuff, they have won.
See? You must be new to this.
And on a broader front, are you really prepared to trust a company like Kelkea, Inc. (owners of MAPS) to decide what emails gets to you without really knowing how they operate and deal with resolution processes?
There's a reason I stick to Spamhaus as the sole RBL at work (and at home) - professionalism. They spell out criteria and rationale clearly on their website. They list only IPs, rather than blindly blocking entire netblocks or domains. The delisting policy is incredibly liberal by default, but temper that by tracking repeat offenders. And (this is where a _lot_ of lists fall down) they assign a TTL to every entry and automatically expire the entries even if the owner doesn't report a resolution.
We block millions of messages a day based on the SBL/XBL lists and have, to date, recieved only one query from a client about why a particular message was blocked, and it turned out the recipient had a worm outbreak that got them places on the XBL. The block had been lifted before it even made it to our support team.
I had a similar thing happen to me. While I didn't run a special daemon designed to catch spamming attempts, I did notice a big bunch of weird entries in my logs; I checked where they were coming from - turned out to be an IP registered to Schlund + Partner - and then contacted Schlund about it, as I assumed that one of their customers was trying to use my mail server as a relay.
I got an answer the next day, and it turned out that it was, in fact, Schlund themselves who had done this - not to spam, I presume, but to check whether my system was an open relay. Why that is any of their business I don't understand, but OK - I can live with it, as the worst thing it did was eat up logfile space.
However, what really bugged me was the attitude of the person who got back to me - "arrogant jerk" does not even begin to describe it. What it essentially came down to was "I'm better than you, so shut up, and BTW, my penis (i.e., the servers I'm administrating, the pipe they're connected to etc.) is bigger than yours, too".
I lost a *lot* of respect for Schlund that day, and in fact, until today, I will not do any business with them. Well, not that I would anyway, but it at least gives me a certain satisfaction to know that they're on my own personal blacklist, at least.
quidquid latine dictum sit altum videtur.
Same thing happened to me. You, however, were lucky with only two days down time. I was down for over 6 weeks (I received nearly 1000 bounces from idiots blacklisting based on this) while SORBS took their lolly gagging free time responding to the ticket. Eventually they said "the IPs are marked for removal from the list, it will take effect in a few days." They weren't kidding, it took a week. Absolutely ridiculous set of processes over there. I can't even imagine how many other blocks of IPs they have wrongfully accused. I know I'll never use SORBS.
I had a server blocked by some really dumb anti spam site a while back, there was an open formmail on some customer's site, we recieved a complaint, we found it, we deleted it, I think in all we got 2 spamcop complaints and one complaint from a person so obviously there wasn't -that- much spam sent before we were notified and nuked the formmailer.
Time between us recieving the -first- complaint and the script being nuked from the server? Minutes, not even half an hour. It's not like we ignored the problem and allowed it to fester.
Well we ended up on some spam list that (get this) requires you to make a $50 donation to some charity to get off the list! Oh and it gets better, they listed 3 charities, 2 of them didn't work because they wanted NOTHING to do with this spam list after they were dossed, attacked, hounded, and overall just harassed for these bozos listing them on their site. The 3rd charity? Some legal defense fund, via PAYPAL for... the owner of the site!!
Well the -1- server blocking email because of that list I just contacted them and pointed them at this podunk little anti spam site and they quit using them and email went through and all was well.
Months later, 4 or more, we're STILL listed on that damned spam site. I could care less.
Spews and maps are just making it so any serious sysadmin/network/provider can NOT use them for RBL blocking, they're just overzealous.
I use spamcop, ordb, blitzed, and spamhaus quite regularly on a variety of servers, the "false positives" are low, and I rarely hear of someone legitimately not able to send email to anyone I host.
--- www.f-theocean.com
So I don't see any problem with these spam blacklists, it hasn't hurt me a bit!
Define "quickly enough". If it's been more than 48 hours and the spammers are still there, that's too slow.
To make matters worse, they put this in effect either late Friday night, or early Saturday morning -- hours during which MAPS is not available for contact! (Mon-Fri, 9-5 only) How do people deal with MAPS and other RBL services who will not cooperate or be reasonable?
By not having a spam/virus transmisison problem. Works for me.
And on a broader front, are you really prepared to trust a company like Kelkea, Inc. (owners of MAPS) to decide what emails gets to you without really knowing how they operate and deal with resolution processes?"
Yes.
"I spent all weekend long trying to get a hold of the people at MAPS, as they don't bother telling you when they are open.
Their web forms are always open.
When I finally got a hold of someone on Monday morning (not an easy task, mind you!), they told me that they are not open on the weekend, so it would have been *impossible* to resolve this issue quickly.
Impossible without using their web forms, that is.
And because I was only a customer of the company who owns these IPs, they would not unblock my subset of IPs.
Lets see, you are a customer of the people with the problem, you are not in the loop with your ISP as to exactly what actions have been taken, you don't know exactly what customers were involved, nor any of the sensitive details someone is going to want to know when there has been a massive spam run. Gee, that's too bad poor baby.
Despite the problem originating from a handful of IP addresses, MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend!
Never heard of snowshoe spamming? You live in a cave? News flash, many responsible systems admins block far more than just a /19. Many block /7's and /6's on private block lists.
I had already made several phone calls and emails to my co-location facility, and they told me they were doing their best to get a hold of someone there. Several emails had been sent, and just as I first experienced, they could not reach anyone at MAPS by phone.
See link to web form above.
When I finally talked to someone at MAPS, he told me that he would not be proactive in the matter by actually phoning my co-locator to work this out.
See above about having "standing".
These people at MAPS thinks themselves quite high and holy, and in some ways they are: many ISPs and the like will bounce emails just because MAPS tells them to. (I've since removed MAPS from my list of RBL servers to check.) As a small-business owner, MAPS can be very hurtful to a business and very uncooperative in helping resolve the issue.
If you are a business owner and fail to understand exactly why email is not a garenteed delevery system, and your business depends on email, then you are very stupid and deserve to go broke.
I gave them a couple subnets of mine to unblock, but they would not, even though my IPs were not involved in the original complaint.
And spammers NEVER lie. They NEVER pose as someone else. They ALWAYS tell everybody what IP ranges they intend to use in their spam run two weeks before thay use it.
This experience has certainly made me think twice about who I trust to decide the fate of my incoming email."
Good for you. Now, when you get finished thinking about that, think about how you can make your small business profitible when you can't use email. It's obvious to me that you fail to understand what went wrong, who is to blame for it, and what to do about it.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
MAPS isn't doing anything wrong, they simply gather findings and make them available to their subscribers. They exist to serve the interests of those subscribers, not the interests of some random nobodies who wish to send mail to those subscribers. MAPS is under no obligation to provide 24/7 assistance to the ``unfairly'' blacklisted domains. What exactly would be the business case for doing that? Who would pay those operators who wake up at 3:30 a.m. on a Saturday to service a complain?
MAPS subscribers are aware of its limitations and problems and, guess what, they don't care and use the blacklist anyway! A MAPS user doesn't care that some random nobody sometimes gets ``unfairly'' blacklisted and is unable to contact them for an entire weekend. They care most about not getting spam and are glad that MAPS is so strict. In other words, the subscribers share the same values as the MAPS operators! If MAPS were to change the way it operates, those users might well switch to some other service that follows the original policies. MAPS users even accept that sometimes they won't be able to talk to other MAPS users because of the same problem you are having. Yet they remain MAPS users. Therefore, they will hardly be sympathetic to your case.
So basically, your complaint boils down to the existence of difficult people who have very particular rules about being talked to because they don't want to be bothered. The system by which they share those rules with each other isn't what's standing in your way here.
My brother's cable company is his ISP, and it's the only ISP he can use. My cable company is my ISP, and it's the only ISP I can use. WE HAVE NO CHOICE unless we move, and I ain't moving just for MAPS. A couple of years ago, my brother couldn't get my email for a few months because his ISP -- without his requesting it -- used MAPS to filter his email. And my ISP -- through no fault of mine -- somehow got on the MAPS list. You think my complaints had any effect on this situation? My ISP was all over MAPS right away, but MAPS was, as usual, so far up their high horse that they couldn't seem to remedy the situation. For months. MAPS is a pack of vigalanties and should be outlawed. Use of their "service" should be illegal.
Let me be clear here: Blocking anyone's email without their permission should be illegal. My brother's email should not have been filtered, by MAPS or anyone, without his permission. Due to their monopoly, cable companies should not be allowed to do this. We should be free choose our ISP, regardless of where we live. (the cable company actually told me they're not a monopoly because I'm free to move)
Question for all you pro-MAPS zealots out there: At what point does MAPS go away? What does victory look like? Because as I see it, even if all the spam disappeared tomorrow, MAPS would continue on because they would think the spam went away because of them, and that without them it would all come back. In other words, they don't know what victory looks like. Statements like "it will only stop the spam" show that you have no clue what the real world wants. But we know what you want, you want your little power trip. Fine. Be a big man on your tiny little campus, but know this: the world thinks your cure is worse than the disease.Yes, but does everyone you send to read yours? What if one of them is stuck behind a MAPS customer?If all this should have a reason, we would be the last to know.
Well, well:
my recommendation to you:
switch providers ASAP.
One spam complaint, or 'a couple' of complaints not being followed up does not bring anyone into a blackhole list.
RBL lists and spam tagging services (spamcop, spamhaus, etc.) are a very good thing: they keep in check those who want to take more for themselves than they have the right to.
Your hosting provider did not get into the RBL for 'one or two' spam complaints 'not dealt with fast enough':
it takes a couple of independent complaints, each backed up with full spam emails, including all headers. I am not sure how many MAPS requires to see before acting, but I would guess it is not one alone.
MAPS also works with providers before swinging the big axe.
Spammers do good bandwidth, and I guess your provider is cashing for GB/month.
Maybe they did not prevent spammers from signing up again, so the spammer could actually 'poison' a ouple of different subnets. Maybe there were several different spammers operating successfully off your hosting provider.
Switch to a different provider now.
You are probably working with one of the 'spam friendly' ones, who actually advertise that, and hide spam hosts with all kinds of 'no traceroute', no lookups, etc.
Just check, there's more to it than you think, and than your provider tells you.
Calling the list or spam tagging service is the wrong approach.
You should have called your provider, who should have given you immediately an address outside of the blackholed ranges. Sure, that takes a while to trickle through the Internet, but is still faster than waiting for a resolution of the blackhole listing issue.
Did your provider do that?
Was your provider available?
Did they send you to MAPS?
If they sent you to MAPS then they know what they are doing and just try to give MAPS unjustified grief by directing 100s of customers to their phones. And that's spam too.....blocking someones phone lines this way...
Go get your money back.
da micha