Open Replacement For MAPS? 20
quackPOT asks: "Is there anyone with an open database similar to the MAPS DUL list? Now that MAPS charges for service, I either have to pay (which ain't gonna happen) or deal with the spam from direct client connections from crappy dial-ups. One of MAPS excuses for charging was the overhead cost of network bandwidth/etc/whatever. Why not distribute mirrors to other networks to reduce the amount of strain on their servers?"
Why even bother? (Score:2)
1. Use of blackholes do NOT stop spam at all.
2. They piss off users when a client/friend/etc happens to be using a server on an RBL.
I also have a problem with the ego-maniacs who run these services who seem to think that they are some sort of 'net police.
My last company was on the ORBS RBL for over a year after we blocked all traffic from their network. One of their discovery scripts screwed up and DOS'd our mail server. Yet we were called spammers for blocking their attack.
A centralized blackhole list is important. (Score:3, Interesting)
The primary benefit of something like the 'Realtime blackhole list' (RBL) was that it was a centralized resource for the blocking and unblocking of actively exploited open relays.
If a site maintained an open relay, that relay would rapidly end up on the blackhole list, and ISPs using the list would immediately (the whole point of 'realtime') start rejecting spam relayed through that specific host.
More importantly, when the site fixed their open relay, and proved this to the list maintainer, they would immediately be removed from the list. This is a vast improvement over the old way doing things, where each of thousands of sites would manually add known open relays to their own private blocking list, and might never be removed from some of them, depending on the whims of individual admins.
Obviously you are biased due to ORBS having blocked your site. IIRC, ORBS doesn't call you 'spammers' for blocking their probes, they have a distinct category for sites that cannot be tested... if they called you spammers, it was because you sent spam.
Re:A centralized blackhole list is important. (Score:3, Interesting)
Let me explain again.
We were not running an open relay. ORBS probed us for an open relay and their script encountered some sort of problem that caused it to repeatadly probe our server. We blocked their netblock and found ourselves on the RBL.
Whether or not ORBS calls you a spammer is irrelevant. Being on the RBL puts the public under the impression that you are a spammer.
When we attempted to correct the situation, we were treated very rudely.
Re:A centralized blackhole list is important. (Score:1)
MAPS lists do not include these blocks, but they rely instead on lists of servers that have been used for relaying spam (RSS list), dial-ups (DUL) and actual spam source (RBL).
This is why our company will be paying the pocket money of $1500 for MAPS services and not using the open lists of "some egomaniac", as you put it. Besides, paying for the service lets us demand something for our money, namely that the service works.
Re:A centralized blackhole list is important. (Score:1)
Re:A centralized blackhole list is important. (Score:2)
Alot of people blocked mail traffic from sites that appeared in the untestable category. That led common users to believe that we were spammers.
Re:A centralized blackhole list is important. (Score:2)
The problem with having the service centralized is that there was a single place to go sue if the company wanted to continue spamming. If a decentralized scheme can be put in place, no one can get sued, no one will be thought of as the big bad mail nazis, and it will all be controlled by individual sites, as it should be.
The downside is that admins would have to go through these lists of domains to see which they want to allow through that are currently blocked. It would also take some time to propagate through the network of hosters, some of which may not care to push the database to other, only to pull it down for their own use. An upside is that you could quickly control the list locally to allow a customer/client through instead of waiting for a central authority to wade through the huge list of adds/changes/removes to get to your request. You could also insert a domain into the web of trust that would start propagating through the net that moment rather than waiting for a central authority to wade through the huge list of adds/changes/removes to get to your request. Sense a theme? =)
OK, since this is all really DNS, we need a way to update an RBL domain back and forth between sites in a trusted fashion. The new versions of named have authentication built in, so a web of trust could be started now. If the updating could be set up in a ring or a web of trust fasion that would update the next site and take from another peer site only meant to update your site (and maybe one other), then it could be closed to a known trusted group of people. A ring scheme has the property of being interruptible like a token ring network, but a web of trust is a more reliable model unfortunately prone to being harder to follow/debug. This way changes are done by someone you know or known by someone you know and a little more familiar.
This way, as an admin for a company, I am blocking a site personally as a representative of the company, rather than as a group making decisions for a large number of individuals/companies whose interests are wholly unknown to you. These rings/webs could be set up to be totally disconnected from each other so that people with special interests can get mailings they don't consider spam, yet block that which they do.
Re:A centralized blackhole list is important. (Score:2, Insightful)
In the real world, many SysAdmin's egos just can't cope with others telling them how to run their system. So, they react by doing stupid things like attacking the blacklist maintainers.
And then if your blacklist maintainer has a similar ego problem instead of shrugging off the insult, they make it worse by blacklisting systems that have done nothing wrong except piss them off.
Admittedly the split-up of the blacklists into 'really open relays', 'maybe open relays' and 'not open relays, but they annoyed me' at least made it possible for those of us who don't buy into the ego trips on either side to at least make some use of the first list.
Other free methods (Score:1)
Several orbs/maps replacements (Score:4, Informative)
http://www.orbl.org/ [orbl.org] Open Relay Black List of Phoenix, AZ
http://www.orbz.gst-group.co.uk/orbs/ [gst-group.co.uk] Open Relay Block Zone (ORBZ), of Basingstoke, England
http://www.ordb.org/ [ordb.org] the Open Relay Database (ORDB), of Aarhus, Denmark
http://www.orbz.org/ [orbz.org] Open Relay Blackhole Zones (ORBZ) Nassau, NY
also look at this prior slashdot story about ORBS (Open Relay Behavior-Modification System) forking
here is a list of the DNS zones:
or.orbl.org
relays.ordb.org
orbz.gst-group.co.uk
manual.orbz.gst-group.co.uk
inputs.orbz.org
outputs.orbz.org
Do you need MAPS? (Score:2, Informative)
I keep one year's worth of mail logs for my company's mail server. The company is small, with about 1000 email accounts. With a simple grep I found that the RBL blocked 3000 messages in one year. That's about one message every 100 days per user. Obviously, the RBL is virtually worthless for our company, so we didn't pay for a subscription.
If possible you should see how many messages the MAPS services you used blocked for you. Notice that as far as I can tell MAPS doesn't provide any hard data for the success rate of their services. When they were free that wasn't so important but once money enters the equation I need some real eveidence.
Re:Do you need MAPS? (Score:2, Interesting)
More importantly perhaps, when I first turned MAPS (RBL + RSS) I had about 200 accounts, and I was blocking about 1000/day. After about a week with MAPS lookups on, it trailed off as the spammers realized they were RBLed, and gave up trying, I would assume.
I'd really like to find a reasonable replacement. Not only is MAPS priced a bit beyond my budget, but how current are their lists going to be now that no one actually uses their service?
- H
Re:Do you need MAPS? (Score:1)
Yeah my results may be atypical, or yours may be. We need more data. If an organization didn't know how much spam the MAPS services would block for them we also need some idea of what the independent variables are. For example, I work at a newspaper company and that might affect how much spam we get. It doesn't need to be exact but I would certainly expect to get a rough idea of the value of MAPS before coughing up the dough.
Re:Do you need MAPS? (Score:2)
It's a small sample, though; ~300 users, and all of them explicitly chose to enable MAPS filtering, so the sample was probably somewhat self-selecting.
Free for Individuals (Score:3, Informative)
-Waldo
Re:Free for Individuals (Score:2)
Yeah, of course. Because we all know that businesses [valinux.com] have [amazon.com] lots [lineo.com] of [etoys.com] money [riaa.org].
Re:Free for Individuals (Score:1)
-Waldo