Should You Trust MAPS? 866
"I spent all weekend long trying to get a hold of the people at MAPS, as they don't bother telling you when they are open. When I finally got a hold of someone on Monday morning (not an easy task, mind you!), they told me that they are not open on the weekend, so it would have been *impossible* to resolve this issue quickly. And because I was only a customer of the company who owns these IPs, they would not unblock my subset of IPs. Despite the problem originating from a handful of IP addresses, MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend! I had already made several phone calls and emails to my co-location facility, and they told me they were doing their best to get a hold of someone there. Several emails had been sent, and just as I first experienced, they could not reach anyone at MAPS by phone. When I finally talked to someone at MAPS, he told me that he would not be proactive in the matter by actually phoning my co-locator to work this out.
These people at MAPS thinks themselves quite high and holy, and in some ways they are: many ISPs and the like will bounce emails just because MAPS tells them to. (I've since removed MAPS from my list of RBL servers to check.) As a small-business owner, MAPS can be very hurtful to a business and very uncooperative in helping resolve the issue. I gave them a couple subnets of mine to unblock, but they would not, even though my IPs were not involved in the original complaint.
This experience has certainly made me think twice about who I trust to decide the fate of my incoming email."
No. (Score:5, Funny)
Re:No. (Score:4, Interesting)
There is nothing easier for a spammer to defeat then a RBL; they just set up a server in their closet and run their own SMTP server. Most DSL and cable connections use temporary IP addresses and you can't RBL Verizon. No spammer is going to co-lo a server to send spam from.
Spam complaints are often ridiculous due to user ignorance. I used to work for a company that send a plain text newsletter to a 100% opt-in mailing list once a month. To receive a mailing a user either had to sign up on the website or via a piece of paper on the front desk. They still would get spam complaints both to themselves and to their ISP.
Half the time they were from people that specifically signed up to get mailings. It wasn't as if we were mailing previous customers or anything, you had to say "please send me your newsletter". Evidently these people either forgot or changed their mind and couldn't be bothered to click the opt-out link at the bottom of the email. Somehow, 9 out of 10 of these people were AOL users, Funny.
The other half they were even more crazy. One time the guy was not even in the mailing list database; we weren't sending him mailings. We even checked with him to see if he had a second address that could be forwarding mail to the one in question but he claimed he had no such mailbox. There was simply no way for us to remove him from the list because he wasn't on it in the first place. Another time, we deduced that someone else had signed up the person in question (the person's last name was recorded in the database as "Assface"). Evidently someone didn't like them very much and had signed them up for every mailing list they could find. Kinda a good method of getting back at someone I suppose. (everyone that has ever flamed anyone on
Laws, RBLs, regulations... all these things are both ineffective and erode our freedom. If you don't want spam there are three things to do: 1) Don't post your email address on the web, use a PHP mailer instead. 2) Don't give out your personal address, use a a "spam" address. My Dad once gave his real address to one of those "win a Segway" things at the mall (he must have been drunk or something), he now gets about 200 spams a day, up from zero. 3) Use an email filter. The good ones don't even use blacklists and work great.
And well... 4) Don't piss someone off that knows your email address.
Re:No. (Score:5, Insightful)
You obviously didn't have a confirmed opt-in system in place then...if you had, the address in question wouldn't have gotten on the list, he would have gotten one email asking him to confirm his subscription, and nothing else if he didn't reply to it.
I can see you are new to this (Score:3, Funny)
2. You say that your list is 100% opt-in. Any anti-spammer will tell you that isn't good enough - it needs to be double-opt-in with confirmation. And besides, it doesn't matter what you say - spammers lie.
3. RBL's are perfect for eliminating the usefulness of the email sys
Re:No. (Score:5, Interesting)
Except that doing that takes away one of the big advantages of running your own mail server, a lack of limits on outgoing attachments. Now, depending on ISP, this may or may not be a big deal, but in 2005, a 2MB attachment limit is rather small.
I personally like running my own e-mail server for several reasons, one IMAP + webmail if I want.
Two, I don't have to change my e-mail address every time I move from college back home for the winter, or when I transferred colleges or go on to Grad School, or change my parents e-mail when we changed ISP's last year or just today to DSL.
Three, buy using my own PC, I can use the free dydns service to have a practically unlimited mailbox size (well 50GB, but...) unlimited e-mail addresses, aliases etc for free as opposed to paying for hosting monthly.
Also, in terms of flat out buying e-mail service, I've found running my own server to be either the equal or better in terms of reliability. For free to me, as I have the PC and net connection regardless of the third party e-mail service.
I personally hate the blocks that spammers and others are forcing on us ligitimate users who want to actually use their PC for stuff. VNC blocks piss me off, because the resnet staff tell me it's a security vulnerability. Well, VNC is free for me to use, I can't afford, nor do I have any desire to pollute my system with the shit of PC Anywhere. I also don't believe PC Anywhere has a Java client you can use from any PC like TightVNC does.
They started blocking things like TOR. FTPS, SSH. I tried to explain to them that SSH is far from unsecure/unauthenticated. I said if they allowed SSH I could then tunnel VNC over that and it wouldn't bother anyone.
They even block IRC Chat! Not just DCC, but you can't even chat. Now DCC has legitmate reasons to be blocked, but chatting? Let me tell you that you can get more info from IRC than you ever could from yahoo (which they allow).
And if you are an astalavista.net member, you can't even use the Java IRC Client.
Anyways, I really get pissed off over the thought that we NEED to have companies being the server to us clients. I think P2P has shown that people are capabile of being PEERS in the internet, like it was designed to be.
And moreso, they(the resnet, or ISPs) consider that users should be second class citizens for whatever reason. Heck, most of the listed "servers" wouldn't touch the bandwidth usage of Kazaa or Bittorrent.
Re:No. (Score:3, Interesting)
Ah, bummer. Makes sense, though. From their perspective, anyhow. Cuts down on shenanigans.
I'd rather use my own address as a from address so that I'm not locked in due to inability to switch email providers.
Well, I don't want to sound like a shill, so I won't mention my favorite fowarding service [pobox.com] again. I'm sure that Google can tell you about other email forwarding [google.com] services, though. Some
Yes. (Score:3, Funny)
A sword that cuts both ways (Score:5, Insightful)
Whereas I have sympathy for the innocent bystander (as the poster appears to be), and whereas I agree that uncompromising behaviour can be frustrating, the SPAM black hole servers are somewhere between a rock and a hard place...
They can't just block small sections of netblocks (because a spam-happy ISP will just allocate new IP's to their paying spammer customer) - the only way they can police the offence is to ban the block.
They can't just add people back in when they've been blocked either - there has to have been some resolution of the problem, and that has to come from the ISP, at least IMHO. A customer running a website will say anything (especially if they're a scum-of-the-earth-spammer-type customer) to get back online. AN ISP who lies knows their next block will be more permanent...
OTOH, Being unavailable out of hours is
The real problem though isn't MAPS and their attitude, it's the spammers. Get rid of the spammers and you get rid of the need for MAPS. These lowlife internet-scum are where any ire ought to be directed, again IMHO.
A Sony NDA I once signed said that in the event of disclosure of anything under NDA, Sony would seek damages, and that financial reparation may not be sufficient penalty. The point being that the penalty *ought* to have teeth, and atm, the spam penalties do not. If you want less spam on the 'net, you're going to have to accept more regulation of the 'net. Another double-edged sword...
Simon
Re:A sword that cuts both ways (Score:5, Insightful)
Doesn't this suggest that the MAPS approach might be the wrong one to take? i.e. Have you ever tried swatting a fly with a shotgun? You could chase it around all day, and all you're likely to do is destroy your own house.
Re:A sword that cuts both ways (Score:3, Funny)
Intersting analogy. Speaking from experience?
Re:A sword that cuts both ways (Score:5, Insightful)
Re:A sword that cuts both ways (Score:3, Funny)
(X.X)
(")")
I killed your bunny.
Re:A sword that cuts both ways (Score:3, Funny)
Re:A sword that cuts both ways (Score:5, Funny)
Re:A sword that cuts both ways (Score:5, Funny)
Yes, but I'm that kind of person [honeypot.net].
Re:A sword that cuts both ways (Score:5, Funny)
You throw your gun at them?
Re:A sword that cuts both ways (Score:5, Insightful)
Rather, what we're engaged in is the unconditional surrender of Nazi Germany. Sure, all we REALLY needed to do in WW II was fire a single bullet into the brain of Der Fuhrer, but getting to that point required the invasion and destruction of much of Europe. Once the menace was gone, the Continent was rebuilt.
The rather scary part of this analogy, of course, is that the subsequent peace on the continent was secured by the decades-long occupation of the continent by a foreign army (ie the Americans). THAT is my concern in the anti-spam wars. The cure may be worse than the disease. (See other comments in this thread about increased government regulation.)
It is unfortunate that geeks aren't better at forcing other people to play nice.
Re:A sword that cuts both ways (Score:4, Insightful)
Re:A sword that cuts both ways (Score:3, Funny)
I prefer chopsticks!
Re:A sword that cuts both ways (Score:5, Insightful)
You mentioned an operation similar to MAPS that could charge a fee. Who would pay this? The spammer, or the victim, or the person signing up for the service? That sounds so open to abuse and extortion if it's the victim who has to pay to be unblocked.
I've had to deal with other RBLs and they're a holy pain in the arse. They're not worth the service they provide. They might save a couple of people from recieving some spam, but they're costing others time, money and stress in the process. To make it worse they invariabley have a terrible attitude. They're no better than vigilantes in most cases, and are normally a good demonstration of why vigilantes aren't tolerated in the real world.
Re:A sword that cuts both ways (Score:5, Insightful)
Honestly I don't care it you are an "innocent victim" of an RBL. My use of RBLs is completely voluntary. If you send me mail and I don't get it I don't see how it harms you at all. I am presuming of course that your email was so great and useful that it caused me tons of money not to have read it.
BTW my mail server has a bounce message that says you were in a blackhole. If you know me then you also know my gmail account and email me there so I can put you on my while list. Hell you could just call me too.
If I sent an email to a business and it bounced I would probably call them and ask them if there were alternative methods.
So sorry, no tears from me. My RBL list blocks hundreds of emails every day for that I am grateful.
Re:A sword that cuts both ways (Score:3, Funny)
Um...how about if you sent me a request for technical support, and my response didn't reach you? Or you sent me the directions to the restaurant we're supposed to meet back, and I responded with "I'm going to have to cancel tonight" and you showed up anyway? Or you wrote to me (the love of your life, who is angry at you) to tell me you were sorry, and I wrote back that "yes, I forgive you, now come over now!" and you didn't get it,
Re:A sword that cuts both ways (Score:3, Insightful)
How about if the mail server (or mail client, for that matter) had a disk problem and lost the message?
Email is *NOT* has no guaranteed delivery mechanism, it is best-effort every step of the way.
More importantly, the sender would receive a bounce from their SMTP server, so they would know their message didn't get through. They'd call and tell the love of their life over the phone instead.
Re:A sword that cuts both ways (Score:4, Insightful)
The point is it doesn't have to be a spam friendly ISP. All it takes is some server at the colo getting cracked and used for spam. Or some idiot setting up an open relay at the colo because they don't know what they are doing.
It can also be because some jackass at the company decided to send an unsolicited "email blast" to their address book. Believe me there are plenty of sales and marketing types who have NO CLUE why this would be wrong.
So along comes MAPS and jumps on it with gusto, blotting out the whole range of ips including hundreds of companies who haven't done a thing because of a the stupidity of a single person.
Consequently, you have a bunch of people at those companies running around and trying to figure why the hell their email no longer works. Which impacts business and costs money. It can also be extremely damaging to reputation for people trying to get customer service via email.
You're right people should call the company, and I'd like to think most will - but any kind of hassle a customer has to go through impacts their perception of the company in a negative manner.
SO sure you can switch ISPs. Of course this takes time, labor and may involve getting out of existing contracts which can cost money.
Re:A sword that cuts both ways (Score:4, Informative)
Bullshit.
MAPS (and almost every other RBL) won't blacklist an entire ISP for one machine.
They start with one machine (the one sending the spam), and if the ISP does nothing about it, the block starts growing.
See, read the article - they were blocked because of repeated complaints. This is not just one machine.
Re:A sword that cuts both ways (Score:4, Insightful)
Re:A sword that cuts both ways (Score:4, Interesting)
I don't use MAPS, but my experience with the ones I do use, such as SPEWS and Spamhaus is that it blocks around 90% of my incoming spam with very few false positives. While they continue to produce these results, I will continue to use these filters to manage my incoming mail.
I use SpamAssassin on the remaining 10% of the spam, and it catches most of the rest of them. I could use it on all of them, but it would take too long to check my email if I did that.
Re:A sword that cuts both ways (Score:3, Insightful)
Re:A sword that cuts both ways (Score:4, Interesting)
on way to react to this is to not take any action at all - a spam prevention system with high number of false positives is an useless one(you may need to explain it to your customers though and direct them to complain to the appropriate person - the one who decided to use maps on some server). if you can't send email to somebody.. use gmail/hotmail or whatever to mail them posing as a customer and telling that you don't like maps and that they just lost a sale because of it... if you don't like them complaining to their nonexistant support is not likely to help you - complain to the people who use their services and think it's pretty cool, at least then there's a possibility of them dumping maps as a way.
the whole way how an address gets to the list is of suspect anyhow:
***************
"After you have read our Guidelines for Reporting Email Abuse and have completed the research necessary, you are ready to submit a nomination to MAPS to have an IP address included on the MAPS RBL.
Start your message with a brief, one paragraph narrative with the details summarized:
"I am nominating a site for listing on the MAPS RBL. I received this spam... I reported it they ignored my report... I confirmed the relay... I called them, and they said... "
Include in-line, all related phone conversation transcripts, copies of the spam with full headers, the abuse report, the response or auto-ack and any other correspondence you received. Additional information should include further documentation of the spam problem, webpage source code, or other necessary information.
An Investigator will review your nomination and contact the owner of the IP address to see if we can resolve the issue. If no response is received, or the responsible parties are unwilling or unable to rectify the problem, a nomination to the MAPS RBL is made. The Investigator creates a nomination that documents the entire Investigation and Notification process. The nomination is entered into the MAPS RBL for certification and approval by Management.
This certification process verifies that the information in the nomination is accurate, and that a reasonable effort to contact responsible parties has been made.
"
***********
even if you DO answer to the accusations it's your word against the accusers and they got NO WAY to find out for sure - it's impossible to tell if you're a spammer or just some guy that some idiot is trying to frame, if you are a real spammer who really owns that ip you're likely to deny it anyhow.
Re:A sword that cuts both ways (Score:4, Insightful)
Re:A sword that cuts both ways (Score:5, Interesting)
But anyone who uses MAPS to blackhole servers is lazy and incompetant.
Get real (Score:4, Insightful)
No, YOU get real (Was: Re:Get real) (Score:5, Insightful)
No-one ever flew 737s into the world trade towers. ITYM 767s. The ones that landed in the pentagon and the paddock were 757s.
And anyway, WTF does any of this have to do with terrorism? It's a ridiculous link - a way to invoke Godwin without actually mentioning the 'n' word perhaps?
RBLs are advisory. RBLs do not block email. Which parts of this are y'all having so much damn trouble with. The operators of about 8 different RBL lists advise me (in response to a request for information that I initiate) that the MTA that has just contacted me is coming from an IP address that is known to have been used recently by a spammer. I choose to refuse to accept the proposed email delivery from that source on the strength of advice from one or more RBLs. (eight different ones, as it happens, on my home postfix server. It takes a full fifteen seconds for my smtp daemon to answer when you connect 'cos of all the lookups!!!).
Why is it so damn hard to grasp? Realtime Blackhole Lists do not block spam . Administrators and their policies block spam, and they've every right to choose what arrives on their boxes and what doesn't!
The original poster (article) has no right to get upset at anyone for my decision not to accept email from him. All he gets to do is F.O.A.D. Getting his royal whinge frontpage on slashdot is nice for him, but it's not a right or a guarantee.
Re:No, YOU get real (Was: Re:Get real) (Score:4, Insightful)
I have an email server. I like to get mail. I don't like to get spam. I consult several lists of known IPs that have sourced spam when a machine connects to my server to decide whether I maintain the connection and receive the mail or not.
Note one key operative phrase throughout that last paragraph: "My server." My personal property. I'll run it any damned way I please, thank you. The blocklist you don't want to get on is my private one, the one that works on the same basis as many Ronco products: "Set it.. and FORGET IT!!"
If you find yourself on a blocklist and unable to communicate with me via email, I have several suggestions:
Consult whois for my domain. There's a working email address, snail mail address, and telephone number. Call me. Drop me a line. Arrange to have your mail sent from a service that is not blocklisted.
I'm not really a prick in real life. Unfortunately, spammers have ruined the experience when it comes to email. If you're into righteous anger, I suggest you aim it in the right direction:
If it weren't for the damned spammers, none of this would be necessary.
Re:No, YOU get real (Was: Re:Get real) (Score:3, Insightful)
However, the times when I have problems, there has been no-one anywhere willing to accept responsibility for the fact, and the intended recipient of my email has been an unwitting pawn in some stupid game being playe
Re:A sword that cuts both ways (Score:3, Interesting)
I disagree. The problem with MAPS is they take the "vigilante with a shotgun" approach to eliminating spam. You get a couple of spam vigilantes that want to cause "the most financial harm possible" to spammers and anyone that associates with spammers, and you have the potential for a lot of a
Re:A sword that cuts both ways (Score:5, Interesting)
I'm sorry, but the idea that only blocking known offenders is unworkable has been proven wrong over and over.
I use a combination of greylisting, SPF and a small number of blacklists which have strict non-collateral damage policies.
Today, as an example, on a small personal system I've actively rejected 2576 connections, and allowed 228 messages. Of those 228, 75 were then identified as spam by SpamAssassin. A 97% success rate on a VERY low-bandwidth / CPU first-pass is more than acceptable for almost any application, given that you have a second pass (e.g. SA) which further improves your results to about the 99.9+% level.
The trap that people end up in is thinking that they need their first-pass to be as effective as a stand-along spam filter. Not true. You only need it to be effective enough to reduce the burden on your network and hardware by skimming off most of the incoming spam before it has a chance to consume those resources. If you're a VERY large ISP, then you might need to adopt additional measures (and while I despise the way AOL has done it, for example, I understand their reasons). If you're not one of the 10 largest ISPs in the world, then you are kidding yourself.
I have one user who asked me if mail was broken when I first deployed this. He was concerned because he'd come to think of the steady trickle of spam as a sort of heartbeat.
Re:A sword that cuts both ways (Score:3, Interesting)
I don't think so somehow.
I also had my IP plugged by MAPS in this way as a result of an over zealous vigilante. Large parts of
Fine, I thought, I'll just have a look at the web site and find out what I'd done wrong. I had just c
All swords cut both ways. (Score:3, Interesting)
Seriously, we didn't see this kind of fuss when the USENET community blackholed the entire Comcast cable community for a while, even though I'm certain there were a few innocents out there.
(Hey, the USENET "Death Penalty" was once a serious threat to ISPs.)
There are no workable solutions, whilst e-mail is an unprotected, plain-text, unvalidated, unauthenticated service. There are only attempts to get a compromise that cure a little more often than they
Re:A sword that cuts both ways (Score:3, Informative)
Most block lists which use IPs are granular to the netblock level. That's not much help to you if you only have a few IPs, but if you have a block of 8 or more from your ISP you should probably do a WHOIS search at arin.net and make sure the
MAPS are assholes (Score:4, Interesting)
RBLs are a failure (Score:5, Insightful)
But in practice, the RBL community has been a bust. The maintainers are often militant and, IMHO, too emotionally attached to the problem. They don't provide a service anymore--they provide a surgeon with a chainsaw. While it's extremely easy to get a site on an RBL, it's often difficult or impossible to get off one. There are exceptions of course, but in general you are a designated spammer until some random magic happens and you manage to get yourself off. (yes, there are procedures, usually on a website, but often removal requests will go unreplied to, and in some cases will error. Sometimes removal works and often it doesn't) And Goddess help you if the previous owner of your IP address was a spammer. (And no, I've never run an open relay.)
I hate spam, but I don't use RBLs anymore. It's too bad, really. They were a great idea, but have been poorly managed. I'm sure someone will post links to the "good" ones, but using them is like reaching for the few good apples in a barrel of rotten ones.
Mox
Re:RBLs are a failure (Score:5, Interesting)
A while ago, when the MAPS DUL virus first began to spread, my dad began to have problems delivering his mail from his Linux system on a cable modem. So I contacted MAPS and told them about what I naively assumed they would agree was unintentional collateral damage. Not only did they refuse to take his IP address off the list, they were spiteful enough to contact my dad's ISP and register a complaint about his "unauthorized" server!
It goes without saying that my dad is not a spammer. And we both see to it that his system is properly maintained and configured. All we ever wanted was to exchange email email without depending on his ISP's slow and unreliable mail servers.
MAPS and other spam vigilantes are actually far worse than the spammers they claim to be fighting. No spammer has never prevented me from sending or receiving wanted email. MAPS often does so, and they have to go away. Since they're unlikely to do so on their own accord, our only alternative is to educate the ISPs to not use their services. Openly boycot any ISP who subscribes to the MAPS, and tell them we simply don't want their "help" in blocking email. Patronize the more enlightened ISPs that give you a choice as to how or whether your mail will be spam-filtered.
Re:RBLs are a failure (Score:5, Informative)
Once upon a time, I monitored the SMTP traffic on one of my systems very carefully. I wrote a special-purpose demon that pretended to be an SMTP server, which logged attempts at sending email, but still passed email to postmaster and from specific people (just like the RFCs say it must).
One day, I found a series of attempts at routing email through my server. A whole series of email with RCPT TO's that were off-site. I reported this to the abuse addresses that were responsible for the IP address that was the source.
Now, I expected one of two things to happen: they'd ignore the problem report, or I'd get a "thanks" for pointing out the problem. What I GOT was a cranky response from an anti-spammer telling me it was his GOD GIVEN RIGHT to hammer on my server in any way he saw fit, and a listing for the entire ORGANIZATION in one of the RBL-like listings as "uncooperative". All because I caught him testing my system and reported it.
Needless to say, I no longer bother reporting the routing attempts to anyone. If reporting spam relay tests gets me labelled a spammer and included in blocking lists, fuck it.
Re:RBLs are a failure (Score:3, Informative)
Another anecdote (Score:3, Interesting)
I got an answer the next day, and it turned out that it was, in fact, Schlund themselves who had done this - not to spam, I pre
You're wrong (Score:4, Informative)
MAPS didn't block you.
MAPS added you to a blacklist.
Some admins have decided to block you based on you being in the MAPS list.
That may or may not be a good decision on the part of the admins.
Its easy to get angry with MAPS, but they're just publishing a list.
Re:You're wrong (Score:4, Insightful)
You need to let the users know however you can (on your website?) that their administrators may be blocking their e-mail without their knowledge and let the users handle the rest. It's their problem.
In my case I got quite upset when my ISP chose to bounce e-mail about the Blaster worm from my Bugtraq subscription without letting me know or giving me a means to opt out of the filtering. It would be the same thing if I was waiting on an important e-mail that never arrived because they chose to drop it on the floor for me. The users aren't being given an option to choose, and that's the real problem.
Re:You're wrong (Score:3, Informative)
SORBS also like to stress this point. They offer their RBL to be used as anyone sees fit, and they take no responsibility for its contents or how it is used. It is the ultimate disclaimer.
The problem is that some ISPs do use these RBLs, and this causes a great deal of 'collateral damage'. When you are the victim of collateral damage, there is often very little you can do about i
Ignore the list, they'll render themselves useless (Score:2, Insightful)
MAPS very flawed... (Score:5, Insightful)
The MAPS process is pretty clear (Score:2, Insightful)
We use them, and they're one tool in the anti-spam arsenal. If your domain gets locked out, there's a good chance that your administrator was non-responsive. They're not foolproof, and they're not well funded. Nonetheless, their record and methodology are well-known. So is their success at getting the attention of admins from tiny domains through to AOL, its subsidiaries, and major corporations.
Yes, it bites when you get black-holed. It's usually (but not always) entirely deserved.
Woe Is You (Score:4, Insightful)
You've discovered the joys of running a site on the modern Internet. These kinds of things will happen; there is very, very little you can do to prevent it. Your best defense against this sort of thing is a general outage contingency plan; whether by thunderstorm, fire, hardware failure, power outage, vengeful backhoe, blacklisting, or stupid admin trick, an extended service outage is an eventuality, not a possibility.
My advice to you? Take some time to lay out an outage response plan, or learn to be satisfied with three nines availability. Don't waste your time getting 'em in a bunch over MAPS and prepare for the next time something like this hits.
Re:Woe Is You (Score:4, Insightful)
Ah ha!! You just hit the nail on the head, so to speak. The supposed recipient's provider/administrator is the one that is causing the blockage, no one else.
You will notice that there are two points of view in this story's comments. Those that are viamately opposed to RBL's and those that are in favor of them.
The people that are for them, such as yourself, are the network operators that are tired of dealing with the constant onslaught of spam and the complaints that it generates, not to mention the resources that it consumes.
The ones that are opposed to RBL's are the "site operators" and business owners. They are upset because their business critical emails and "news letters" are blocked, supposedly unreasonably. They fail to realize that regardless of the fact that they feel their emails and "news letters" are of critical importance, they are in fact only important to them. Everyone else, including their beloved customers, thinks those emails are spam! They are the reason that the other group started using an RBL!
For those senders of emails to people who actually subscribed to their lists, I pose a challenge. Every three months, send a message to your subscribers telling them that they will be unsubcribed and that they must opt-in again to continue to receive the "all important news letters". Most of you will never do this. But, if you did, you probably won't be surprised to find that your subscriber list shrinks drastically. Hey CNN, give it a shot!
I for one am probably going to block the entire countries of croatia, hungary, china, and korea pretty soon.
Most of my US customers have a list of country domains that are blocked. It works very well for them. in fact, I have only had one customer where this was a problem because
Really? (Score:2)
That's a little bit unreasonable. If you, one of the customers, was trying to deal with them, it would have been much more reasonable to simply unblock your IP(s). Blocking an entire block due to one single is
show resistance to these authoritarians (Score:3, Funny)
When they take you off the list, stop spamming.
Re:show resistance to these authoritarians (Score:3, Funny)
MAPS is better than SPAM (Score:2, Flamebait)
So you admit, that you were relaying SPAM -- which hurts everyone on the internet. And yet you're upset because you were inconvienced by servers which check MAPS refusing to accept your mail for a couple of days.
I think MAPS should go further and recommend a 1 week penalty (after fix, of course) for all servers which relay S
Re:MAPS is better than SPAM (Score:4, Informative)
Re:MAPS is better than SPAM (Score:4, Interesting)
Re:MAPS is better than SPAM (Score:5, Informative)
I'm sorry, you seem to think I care (Score:3, Insightful)
MAPS is being harsh, yes. But too many sysadmins (and now, WAAAAAY too many zombie computer owners) are unwilling to do anything to combat this. So if MAPS blacklist
Re:MAPS is better than SPAM (Score:3, Insightful)
This is exactly how the system should work. Outraged customers make ISPs perform better.
It beats some of the others (Score:4, Insightful)
MAPS has made some big bloopers over time. They've also done a heck of a lot of good. The founders have had to endure all sorts of attacks, threats on their lives, etc.. and they perservered with their vision.
Are they perfect? Far from it. IMHO, if you weigh the good they've done against the harm they've caused, my view is they are overwhelmingly good.
As for Kelkea, I have no opinion.
on the other hand... (Score:2, Insightful)
Re:on the other hand... (Score:3, Interesting)
Re:on the other hand... (Score:4, Interesting)
The blacklists you need to worry about are the ones that don't tell you that you are on them - the multiple small ones that quietly shut off access to their mail servers, or send email from certain net blocks to /dev/null and never check to see if the spam has stopped. You will never know how many of these your co-lo's spamming customers have annoyed to the extent they just flipped the switch.
Spam has been a big problem for long enough, and the various blackhole lists have been in action long enough, that your ISP or co-lo or whatever should have been aware of the consequences of harboring spammers. One of the " rules of the internet" is that I can refuse to accept email from any domain I don't feel like accepting email from. If I choose to accept the recommendations of MAPS, it's my right to do so ... you and your ISP have no right to tell me I must or must not listen to MAPS or even Fluffy.
Re:on the other hand... (Score:3, Informative)
One of the customers where I work was recently added to a bunch of RBLs, all because people who signed up for their mailing list decided they didn't want it anymore. This is fairly common, as several other customers have had to deal with it in the past (in every single case I was able to easily confirm they were not spamming, only opt-in, and they don't buy addresses.)
Many times it has nothing to do with the ISP, but about stupid people who don't understand what is in their inbox. Given how easy it is to
If i remember correctly... (Score:4, Insightful)
Of course, we had been saving all our spam since like 1997, and when we fed all the spam (30,000 messages?) into a bayesian filter, it caught most spam. Also, we still used ORDB, as they tend to only target specific kinds of problems (obviously, Open Relay Data Base). That caught a lot, also.
Really, it goes back to the eternal tradeoff for any computer system - ease of use traded for security. Always.
Strike a compromise - don't be overzealous, but take reasonable precautions.
~Will
The only thing worse than a spammer is an RBL scam (Score:4, Insightful)
What do you do when you find out that a domain that gets used is blacklisted by someone for no reason, and they won't take you off the list unless you give them $250?
I don't trust RBLs nearly as much as I used to. (Score:2)
Standardization? (Score:3, Interesting)
Not like, "They said they were neo-Nazi's and we've chosen to ban their entire ISP for not removing their page, because we're offended by Nazi's." which could very well happen now.
But more like, "We've received over 500 unique spam complaints about IPs in this range. Company hasn't responded in 5 business days. IP range is now blacklisted until they do something about it and contact us."
Of course, the larger the ISP, the more attempts to contact them could be made. Like maybe two weeks for a large ISP and a week for a smaller or ISP that's in some backwater country.
DNSBLs are a mixed bag (Score:5, Interesting)
Similar thing... (Score:5, Insightful)
ORBS, in turns, blacklisted their mail server as an open relay, and then had the unbelievable nerve to tell my girlfriend that they would lift the ban in exchange for a "donation" so that they could continue to run their service.
While this isn't criminal, it's morally repugnant.
Bottom line, "blacklist" services like ORBS/MAPS are a horrible, misguided and idiotic idea. Case study after research project after real-life experience can attest to this.
Re:Similar thing... (Score:3, Informative)
Re:Similar thing... (Score:4, Insightful)
No, professional mass mailers should be using this phrase if they want to appear reputable in their field. Jane Public, who operates a charity and not a mass mailing company, might describe her mailing list as "double opt-in" and might ask the computer store for "more memory" when her disk is filling up.
NO! (Score:3, Interesting)
Time and time again, I see people trying to enforce someone else's terms of service (usually poorly, and without room for any exception), getting blacklisted for non-spam activities (e.g. using a provider that hosts a spammer willingly), etc, etc.
These are attacks on the nature of the Internet as a network of peers.
Spamhaus does a very good job with XBL of listing just systems that are known zombies, relays, etc.
Combined with a decent offender-only list of bulk spam sources (I use dnsbl.antispam.or.id), you get excellent results, with few (none that I've been able to discover through analysis) false positives.
SpamAssassin, of course, makes this a moot point by combining and weighting several sources. I've never seen a false positive from SA as a result of bad blacklist handling (other tests, sure, but not it's DNSBLs). However, you may need some pre-filtering at SMTP time to reduce the load on your spam-filtering system, and that's where the above strategy comes back into play.
Story has valid complaint. (Score:5, Insightful)
2. Very shortly after ban, MAPS is unavailable for contact for 48+ hours.
3. MAPS refuses to unban innocent bystander.
4. MAPS refuses bystander's plea to contact co-loc.
Seems to me that MAPS has several problem. Aside from procedural issues, perceived arrogance, negligence, incompetence. Submitter is right. Overzealous, for sure.
I sure wish they were better. It hurts the users.
Re:Story has valid complaint. (Score:3)
From their perspective (and other RBL folks who block more than the sending IP), there are no innocent bystanders. If you're giving money to a spam-friendly co-lo or ISP, you're a spam supporter, and should be punished until you change providers.
There's some merit, I suppose, to that thinking. But many RBL folks take it rather too far, IMO.
MAPS, on the other hand, are yahoos. I've never noted that they can tell their ass from a hole in the ground.
Missing critical information (Score:4, Insightful)
If we go thru the history if the ISP and netblock in question, we may find that an infamous spammer has been using it for the last 6 months with no attempt by the ISP to resolv the problem despite many warnings from MAPS and other anti-spam organizations -- or we may find that MAPS went on a wildcat strike.
Given the very vague real data about this dispute, I'd be inclined to tell the complainant that he's probably the customer of a hardened spam provider, and he may be best to find another provider (as unpleasant as the move will be). If we get more than generic information, I may be able to giver more than a generic suggestion.
Usually Usenet death penalties are a last resort. MAPS may seem like they're assholes, but my guess is that they're finding themselves dealing with some assoles of their own (i.e. the offending ISP). In the moment, they can't tell the difference between you, and the offending spammer(s) who triggered this showdown. (( I'll presume, for the sake of argument, that you're not a spammer yourself )).
They're not willing to deal with you because their beef is with the ISP, and that's the only place where the problem can be resolved. They're iconveniencing you because it's probably one of the few tools left that they have to push your ISP to stop inconveniencing the entire internet.
Re:Missing critical information (Score:3, Interesting)
And use of that "tool" is plainly wrong, if not outright illegal. You want to blacklist IPs associated with spam problems? Go right ahead. You want to blacklist and entire IP block when you know or should know that there are innocent users of IP addresses in that block? Sounds like an unfair and deceptive business practice to me that in my humble legal o
Re:Missing critical information (Score:3, Insightful)
I can block anyone's email from my servers any time I want to, and
Re:Missing critical information (Score:3)
Is this rhetorical? (Score:5, Funny)
On behalf of many members of the male gender I would say no. We don't trust those lying overpriced pieces of paper. And we don't ask for directions. We rely on our innate sense of direction.
One time, I even made it to Mexico without consulting a map. It took me days but I got there. I learned a lot that I didn't expect from that road trip. Like it's so cold in Mexico that there's moose everywhere. Also the Mexicans tend to pronounce things a bit differently. Like "about" is pronounced more like "aboot". And they tend to say "eh?" a lot. It's far different than the Mexico I read about as a kid.
overall comment (Score:3, Insightful)
Welcome to ISP email administration - Level 2 (Score:5, Informative)
If one RBL service has too many false positives, ISPs usually stop using them. MAPS is still in business, so their false positive rate probably isn't absurdly high.
Here are some tips to help email administrators keep their email flowing:
1. Negotiate ahead of time to get your servers whitelisted or registered as a "good" server. This means setting up proper forward/reverse DNS, configuring SPF, possibly registering with one or more "bonded sender" programs, looking at the AOL postmaster FAQ and getting into their whitelist system, etc.
2. Lease yourself a shared or dedicated server (think $25/mo -$60/mo) at another colocation facility that you can use to configure to be a mail relay for your primary mail servers. If delivery fails enough from your primary server, it should requeue the message to go out via your relay, perhaps after you've diagnosed the cause of the blocking complaint.
3. Setup test scripts to periodically poll major DNS RBLs for the status of your IP address and alert you when you're listed. (Perhaps tie this in to automatically activate your relay server in #2).
4. Ask your ISP what their spam policies are and assess your risk to getting mixed up in their other customers' problems. If they aren't vehemently anti-SPAM themselves, consider another provider for your outbound mail. By "vehemently", I mean: They have their own enformcement policies and 24-hour contact escallation policies with each customer, and will shut down customers that are not responsive to handling complaints.
5. If you manage mailing lists, make sure each and every message at the bottom has a link to the proof about how the recipient opted in for the message. (PS: Stop using email to distribute content! It's so, like, 20th-century. If your content is any good, they'll access it regularly via the web or RSS it into their portal.)
-ez
(Disclaimer: I'm the the inventor of DNS RBL. Your misery is partly my fault. Mua ha ha ha.)
Karma: Whore (you look at your score after posting)
Re:Welcome to ISP email administration - Level 2 (Score:4, Insightful)
Well that is all well and good, but AOL doesn't whitelist. IF you can prove you are for real and a valid mailling list server etc, they will take that into account when looking at the volume of complaints coming from said IP, but it isn't a guarenteed whitelist. At least what I can find in dealing with their Postmaster.info stuff. Couple that and with their Brain dead users and the report as spam button, we finally made a rule that you can nolonger forward mail from our Virt Servers to your AOL account. Since AOL decides who do blacklist based on the last server that the mail came through before it got to them. So if one of my 40K or so customers forwards xxx@domiain to yyy@aol, every time they hit the report as spam button (which I am told is very close to the delete button), I get a nasty gram, and if they do it enough, you get the AOL report card, that says we have concerns about your ability to send e-mail to us since your complaint level has hit zz%. THe other fun part of that, is that users think anything they don't like is spam, or they aim with the mouse isn't quite good enough to hit the correct button, as we get copies of Private notes responding to a message from an AOL user, stuff between friends. People responding back to a note from their mothers,etc... Me personally could care less if I can send e-mail to AOL, but if my mail clusters get blacklisted , I have a lot of very uspet customers, and it costs us a lot of money to fix.
ok Rant mode off..
spamcop beatings (Score:3, Interesting)
This is particularly difficult for small ISPs which have to struggle enough already to hang on to our niche.
And it is especially sad for long established ISP such as ourselves, who have been in the business since practically the beginning of the commercially available internet.
The DDoS attacks we've suffered once or twice in the past have not hurt so much as being blacklisted by SpamCop. Being smacked down by "friendly fire" really makes one dispair.
No matter how nice and helpful they were once we finally got them to talk to us, I can't say I will ever be able to trust them.
Previous to that SORBS black listed us several times. Their security scanner for some reason believed that one of our Zope ftp servers, on a non-standard port, was a compromised machine.
We've been innocence each and every one of these times.
I have to admit in some of my emails to SpamCop I was a little bitter. In one I suggested, tongue in cheek, that I was going to start a blacklist blacklist and have their blacklist blacklisted.
In another I couldn't help but must wonder if they aren't some sort of anti-terrorist terrorists...
I don't know the answer. But It's clear from the overwhelmingly negative response here that the issue of innocent victims being blacklisting is widespread, and extremely aggravating.
But no doubt just as spammers will continue to exist, the blacklists, right or wrong, will continue to think they are fighting the good fight. And sysadmins who haven't yet experienced the helpless sinking feeling of being innocently blacklisted themselves will continue to see the blacklist services as an quick and easy answer to one of the biggest and most difficult problems on the internet.
There is a reason vigilante systems got a bad name (Score:3, Insightful)
The vigilance committees start with the best of intentions. And often they do good, and help the problem. But history knows it doesn't always go that way, and when there are no checks and balances, you pay the price.
Of course, it's not impossible to set up a private justice system that has the right safeguards. But the safeguards are expensive. They deliberately... deliberately are designed to let many guilty people go unpunished. This frustrates people (especially in the spam wars, amazingly.) So people rarely stick to the safeguards.
This is why many people were worried about blacklists like these from the very start, even when they had nothing but the best laid plans.
Spamhaus (Score:3, Interesting)
There's a reason I stick to Spamhaus as the sole RBL at work (and at home) - professionalism. They spell out criteria and rationale clearly on their website. They list only IPs, rather than blindly blocking entire netblocks or domains. The delisting policy is incredibly liberal by default, but temper that by tracking repeat offenders. And (this is where a _lot_ of lists fall down) they assign a TTL to every entry and automatically expire the entries even if the owner doesn't report a resolution.
We block millions of messages a day based on the SBL/XBL lists and have, to date, recieved only one query from a client about why a particular message was blocked, and it turned out the recipient had a worm outbreak that got them places on the XBL. The block had been lifted before it even made it to our support team.
Educate those using it (Score:3, Informative)
Time between us recieving the -first- complaint and the script being nuked from the server? Minutes, not even half an hour. It's not like we ignored the problem and allowed it to fester.
Well we ended up on some spam list that (get this) requires you to make a $50 donation to some charity to get off the list! Oh and it gets better, they listed 3 charities, 2 of them didn't work because they wanted NOTHING to do with this spam list after they were dossed, attacked, hounded, and overall just harassed for these bozos listing them on their site. The 3rd charity? Some legal defense fund, via PAYPAL for... the owner of the site!!
Well the -1- server blocking email because of that list I just contacted them and pointed them at this podunk little anti spam site and they quit using them and email went through and all was well.
Months later, 4 or more, we're STILL listed on that damned spam site. I could care less.
Spews and maps are just making it so any serious sysadmin/network/provider can NOT use them for RBL blocking, they're just overzealous.
I use spamcop, ordb, blitzed, and spamhaus quite regularly on a variety of servers, the "false positives" are low, and I rarely hear of someone legitimately not able to send email to anyone I host.
Spanked (Score:3, Informative)
Define "quickly enough". If it's been more than 48 hours and the spammers are still there, that's too slow.
To make matters worse, they put this in effect either late Friday night, or early Saturday morning -- hours during which MAPS is not available for contact! (Mon-Fri, 9-5 only) How do people deal with MAPS and other RBL services who will not cooperate or be reasonable?
By not having a spam/virus transmisison problem. Works for me.
And on a broader front, are you really prepared to trust a company like Kelkea, Inc. (owners of MAPS) to decide what emails gets to you without really knowing how they operate and deal with resolution processes?"
Yes.
"I spent all weekend long trying to get a hold of the people at MAPS, as they don't bother telling you when they are open.
Their web forms [mail-abuse.net] are always open.
When I finally got a hold of someone on Monday morning (not an easy task, mind you!), they told me that they are not open on the weekend, so it would have been *impossible* to resolve this issue quickly.
Impossible without using their web forms, that is.
And because I was only a customer of the company who owns these IPs, they would not unblock my subset of IPs.
Lets see, you are a customer of the people with the problem, you are not in the loop with your ISP as to exactly what actions have been taken, you don't know exactly what customers were involved, nor any of the sensitive details someone is going to want to know when there has been a massive spam run. Gee, that's too bad poor baby.
Despite the problem originating from a handful of IP addresses, MAPS saw it appropriate to block over 180,000 IP addresses just before the weekend!
Never heard of snowshoe spamming? You live in a cave? News flash, many responsible systems admins block far more than just a /19. Many block /7's and /6's on private block lists.
I had already made several phone calls and emails to my co-location facility, and they told me they were doing their best to get a hold of someone there. Several emails had been sent, and just as I first experienced, they could not reach anyone at MAPS by phone.
See link to web form above.
When I finally talked to someone at MAPS, he told me that he would not be proactive in the matter by actually phoning my co-locator to work this out.
See above about having "standing".
These people at MAPS thinks themselves quite high and holy, and in some ways they are: many ISPs and the like will bounce emails just because MAPS tells them to. (I've since removed MAPS from my list of RBL servers to check.) As a small-business owner, MAPS can be very hurtful to a business and very uncooperative in helping resolve the issue.
If you are a business owner and fail to understand exactly why email is not a garenteed delevery system, and your business depends on email, then you are very stupid and deserve to go broke.
I gave them a couple subnets of mine to unblock, but they would not, even though my IPs were not involved in the original complaint.
And spammers NEVER lie. They NEVER pose as someone else. They ALWAYS tell everybody what IP ranges they intend to use in their spam run two weeks before thay use it.
This experience has certainly made me think twice about who I trust to decide the fate of my incoming email."
Good for you. Now, when you get finished thinking about that, think about how you can make your small business profitible when you can't use email. It's obvious to me that you fail to understand what went wrong, who is to blame for it, and what to do about it.
Reality check! (Score:3, Informative)
MAPS subscribers are aware of its limitations and problems and, guess what, they don't care and use the blacklist anyway! A MAPS user doesn't care that some random nobody sometimes gets ``unfairly'' blacklisted and is unable to contact them for an entire weekend. They care most about not getting spam and are glad that MAPS is so strict. In other words, the subscribers share the same values as the MAPS operators! If MAPS were to change the way it operates, those users might well switch to some other service that follows the original policies. MAPS users even accept that sometimes they won't be able to talk to other MAPS users because of the same problem you are having. Yet they remain MAPS users. Therefore, they will hardly be sympathetic to your case.
So basically, your complaint boils down to the existence of difficult people who have very particular rules about being talked to because they don't want to be bothered. The system by which they share those rules with each other isn't what's standing in your way here.
Re:Customer service vs customer service. (Score:5, Funny)
If hunting spammers was legal this wouldnt be a problem at all.. Uh. unless someone thinks you sent them spam due to faked headers etc..
At the very least it should be reasonable to punch someone who buys something from spam. The main problem is the vast and bountiful supply of idiots that make it worthwhile for the spammer bastards to carry on as they do.
Re:Customer service vs customer service. (Score:5, Informative)
Re:Not anymore (Score:5, Interesting)
Re:Not anymore (Score:5, Interesting)
I hate spam, but their methods pretty much demand a new approach to fighting spam, creating blacklist, and even just testing servers. Their support is horrible and while it guarantees it will hurt a spammer here or there, that's pretty much like shooting in a crowd then stating well at least I killed a bad guy.
Re:Not anymore (Score:3, Informative)
A couple of the blacklists and AOL's mailserver blacklisted the IP's for being "home IP's", even though they weren't. Took a number of emails from both us and Qwest's NOC to get removed off all the blacklists.
So, beware of situations where ISP's designate blocks of IP's for business use "within" those they've classified
TCP/IP Elitism [was Re:Not anymore] (Score:5, Interesting)
It's lazy ISPs' faults that spammers aren't shut down quickly, thus these blacklists have to take out whole blocks, causing collatoral damage like the original article describes.
The internet was designed to allow PEERS to talk to ther PEERS. It's an equal-opportunity protocol stack, by design. Too bad some people no longer believe in this principle.
Re:The False Positive/True Positive Ratio (Score:3, Informative)
Your point is correct. It's also the reason MAPS expands blocked netblocks. If they only block the specific IPs that originated the spam, unscrupulous ISPs merely move the spammers to different IPs and let them continue. Note that this isn't a theoretical statement, it's observed behavior. If an ISP does that, MAPS responds by expanding the block to include more and more of the ISP's assigned addresses, until (if the ISP doesn't get the hint first) the ISP has no unblocked address space left.
Yes, non-spamm