Forgot your password?
typodupeerror
The Internet

Last Month for Free MAPS 191

Posted by jamie
from the stuff-to-pay-for-and-then-not-read dept.
MAPS has posted that it will be requiring a subscription fee starting in August. The note hasn't shown up on its PR page yet, but the readers of news.admin.net-abuse.email and SPAM-L are already finding it very interesting. I've included a copy below, along with selected commentary from those two forums. Anyone know more?

Path: ...!newsfeed.stanford.edu!news.isc.org!not-for-mail
From: Margie <margie@mail-abuse.org>
Newsgroups: news.admin.net-abuse.email
Subject: MAPS Subscription Policy Changes
Date: Thu, 12 Jul 2001 16:45:11 -0700
Organization: Internet Software Consortium
Message-ID: <nidsktsnci3cat0blc31qtanprifmek97v@4ax.com>

Effective Midnight 7/31/2001, all non-subscription access to MAPS services will cease. Anyone wishing to transfer or query MAPS data must have a signed contract with MAPS, and have access enabled in our ACL. There are several reasons for this change:

1) The data in the MAPS files belongs to MAPS and is copyrighted. MAPS, RBL, RBL+, DUL and RSS are all service marks of MAPS. MAPS must have the ability to protect its assets from unauthorized use or disclosure by third parties.

2) As MAPS popularity grew, the demand on our resources grew. We have continually upgraded systems, software, and added servers where necessary. The end result is our systems and connectivity are sufficient enough that providers have no incentive to pay for zone transfer subscriptions. When MAPS began to offer paid subscriptions, we believed that allowing access based on the ability to pay would allow the largest percentage of the net to access the services, while permitting MAPS to sustain itself with subscriptions from the large users of the services. What we have found instead is that we are our own worst "competition".

3) The economic conditions in the industry have hit everyone, including MAPS. MAPS' purpose is to stop spam on the internet. That purpose can only be achieved as long as MAPS can maintain itself as a corporation. Like any corporation, that takes income. There is very little debate about the effectiveness of the MAPS lists. This effectiveness saves its users time, bandwidth and other resources as well as giving them an added value to their customers by reducing the amount of spam the customer sees in their inbox. MAPS can simply no longer afford to foot the bill for the bulk of the internet community.

It is not our intent to put the use of the MAPS lists out of reach of the individual or hobby site. We will still offer some reduced fee or free query contracts under limited circumstances.

As usual, please direct requests for contracts to subscription-request@mail-abuse.org, questions and comments to margie@mail-abuse.org and flames to dev/null. ;)

--
Margie Arbon Mail Abuse Prevention System, LLC
Manager, Market and Business Development
margie@mail-abuse.org http://mail-abuse.org

Here are excerpted reader comments from SPAM-L and nanae which I found interesting:

"...people can no longer pass the buck when it comes to effectively blocking unwanted crap; they will have to now assume the responsibility for handling their own E-mail. I actually think that this is going to be a good thing for the long term." (Sam Varshavchik)

"...and so dies MAPS. You've just cut your own throats. The effectiveness of MAPS always depended on the number of users, which is now going to be a fraction of a percentage of what it was before." (John Oliver)

"I was under the impression that MAPS want a big number of subscribers, in order to have some force behind them when they educate and negotiate with spammers. Isn't that the reason big spamhausen like UUNet were not blacklisted, since many subscribers would stop using MAPS's tools because of too much collateral damage? Now MAPS is reducing its customer base. But perhaps we can now get eBay, UUnet and Qwest blacklisted, since only a small number of administrators will use MAPS tools..." (Karl-Henry Martinsson)

"...if the RBL listees think the RBL is a bitch, let them see what happens when they get dropped into who knows how many individual filters that won't get reviewed for removals until Hell freezes over. I think there is some serious potential for us to ALL gain from this move." (Jim Higgins)

"Anyway, now that the MAPS RBL user base has been reduced by at least a factor of 10, the mainsleaze spambags are not going to even CARE about MAPS. ... So the mainsleaze spambags are going to let loose on the remaining 92-96%. ... The way I look at it, Joe Sixpack is now going to see more spam than he's ever seen before. I think that a lot of Joe Sixpacks are going to get seriously pissed, and a fair amount of them are going to explore ways to effectively spamproof their INBOXes. This is a GOOD thing." ("Sam")

My own prediction: in the long run, this has no big effect on spam either way. Two things will reduce the hassle of spam, more legislation, or supplanting SMTP with a non-broken mail protocol. Costs have to be attached to sending mail to strangers, either micropayments or risk of jail. As long as mail's dirt-cheap to send, spam will be vying for our attention, scurrying-around clean-up crews notwithstanding.

Until SMTP is replaced, the great spam fight is a bunch of Libertarians trying to solve the tragedy of the commons. A pay-per-view clique seems like a suboptimal solution to me.

This discussion has been archived. No new comments can be posted.

Last Month for Free MAPS

Comments Filter:
  • by Anonymous Coward
    It is fairly simple to implement through DNS.
    • Set up a primary DNS-server for the zones.
    • Let all the secondaries (these are not located the same place as the primary) xfer the zone.
    • Delegate the zone to the secondaries only.
    You now have a hidden primary that will only be loaded by the secondaries.
  • 1) ORBS was a petty vengence thing run by Alan Brown. When you could get listed as an open relay BECAUSE you told Alan Brown to "document the open-ness of the relay via producing evidence of spam, or I will just block your tester", ORBS as a tool was broken.

    2) Because of ORBS getting wacked, there are now 3 NEW ORBS-like services. In the world of Linux, isn't the argument that 'more distros are better' common? Given this *IS* /., therefore more OBRS is better-goodness
  • by Anonymous Coward
    if MAPS aren't free? I could be lost... and broke... and never find my way home.
  • by Anonymous Coward
    So, if thousands of users hitting MAPS is an issue (as I can easily see that it would be), then why not stratify the lookup system somehow?

    I'm basically thinking of something like ntp and it's stratum system. Only x users could talk directly to MAPS. y users could then talk to x, z to y and so on. Distribute the lookups without distributing the data.

    That way you avoid both the complexities of a peer-to-peer/distributed data system, and the bandwidth issues of one centralized server.

    Just a random thought.
  • by Anonymous Coward

    Well, for those that didn't actually read the post on the web site: http://www.mail-abuse.org/subscription.html

    You'd see this (at the bottom):

    It is not our intent to put the use of the MAPS'SM lists out of reach of the individual or hobby site. We will still offer reduced fee and free query contracts to individuals, other not for profit sites, hobbyists, etc. Please include specifics about your site when requesting these contracts.
    Read: It's their intention to charge big business/ISPs who hit them heavily and don't contribute a penny. Sounds fair to me.
  • by Anonymous Coward
    I have a very different policy when dealing with spam:

    If the spam involve a legitimate web site (like skillometer.com or marblejar.com), I reply to the various addresses of the advertised site (ie: abuse@, sales@, info@, marketing@, postmaster@). I point them that I will advertise their company as spam-friendly, and I do it (ie: please, avoid skillometer.com and marblejar.com). The idea is to make them waste at least a few minutes of human time. (If I get two mail from the same spammer in a short time, I send him my freebsd kernel file asking him advice about how I could debug it, but this is pretty rare)

    If the spam involve a crappy geoshitty site, I mail to the provider to get the site closed. The idea is that I want to get the site closed as soon as possible, so the spammer can't get a lot of return. Generally, those sites include only meatspace contact information (like a phone number, or an address). When I am in a bad mood, I track the phone number to get the name/address of the guy, which I latter use when registering to shitty sites (this isn't smart, but at least is funny). The downside is that they will never know why the got real spam in their mailbox, but that's the best I can do as I don't live in america, where most spammers seems to reside.

    Last thing, I tell people I work with about how to handle spam. Some of them have started fighting back.

    If 10% of spam receviers did the same, spam would be much much lower. Blackholing is a very stupid solution, as it only hide the problem. And it block legitimate mails. I've seen my contributions to the Darwin FAQ bouncing back, because rob braun uses blackholing software. When you spend a couple of hours reveiwing and writing a tech document and you'll get bounced back with an automated '550 Don't accept mail from spammers' with no way to contact the guy, you understand that blackholing is _not_ the solution.

    There is one kind of mail that I don't know how to deal with. It is fraudulent mail, like one I received from pa165.czestochowa.sdi.tpnet.pl which was an HTML of a fake yahoo login ("Sorry, We Cannot Process Your Request. Reason: Time expired, Please re-login", followed by a form for the login/password. Of course, those were sending data to a .pl domain address). I whish companies could spend time on this problem (ie: that yahoo would open a honeypot account and send the login info to that address, then track the guy login and get him arrested).

    Cheers,

    --fred
  • by Anonymous Coward
    My company used to be an ORBS user, when they went away we took our list and filtered by it. Now we just add to it, If your domain gets on the block list IT WILL NEVER GET OFF. We don't have the desire or the resources to admin this so when a complaint is received by a Corp. user the offending domain is BLOCKED for ALL access and it stays that way forever so far. No process for review or removal, and no one to deal with any possible fixing and re-instatement. This has already killed one contracting firm we dealt with which was hosted on a domain that was filtered out. Human resources and legal decided that if the site was filtered then the company 'must' be unsuitable for some reason and we stopped doing business with them and dropped a dozen contractors because they were 'hosted by a spammer'
  • by Anonymous Coward on Friday July 13, 2001 @01:08AM (#87898)
    Hmmm... I used to do that; only friends knew my personal e-mail address.

    It worked great until one of them wanted to send me an e-greetings card for my birthday and submitted my real e-mail address to a greetings card site known for collecting addresses to sell on.

    Result ?

    I now get about 4 to 5 spams a day in my personal account... go figure :(

    IMPORTANT: Educating your friends about your e-mail address system is a must!

  • I think that's a good idea. There's only a few problems I can think of. First, is the extra bandwidth load of the extra smtp traffic. However, I think that the amount of bandwidth saved by not receiving the spam makes it worth it. Also involved is the extra system load involved with the check, which might be an issue for some sites. Another problem would be some sites which have "outside" mail servers and internal servers. The outside servers accept everything or just do basic filtering, and then pass the message along to the internal mail servers for the actual delivery of the message. This would basically mean any message that was checked with this method would just be accepted. An example I just tested is Yahoo. When you give their mail server an invalid addres, it doesn't let you know it's invalid until after the DATA is sent, which makes this perfectly useless for test.

    Just my $0.02.

    -Leigh
  • OK, it was late and I wasn't being very clear. SMTP isn't broken. It can easilly be made to work with any of a number of filtering services, MAPS being only one example. Putting some new extension into the protocol will only do two things: a) kill every existing MUA, and b) codify the exact rules for a long period of time so the spammers will know what they can get away with.

    The problem is trying to fix the problem of network abuse at that level.

    We need to fix it in the routers if we are going to do a "once and for all" fix; the distributed list of abusers need to be fed into the routers so the same effort can block the DDOS sites as they go 'active' plus whatever new forms of abuse become popular tomorrow. Securing a weapon so deadly so it doesn't itself become a target for script kiddies and other abuse should happen before the first trials.

    And yes, I'm aware of the consequences. Implementing such a scheme is the end of the Net as we know it. Large sections would no longer be able to talk to other large sections at any point in time. Welcome to the Internet after AOL, etc. showed up with the great unwashed masses.
  • I am tired of hearing this drivel about SMTP being somehow 'broken'. Some implementations of the protocol ship with broken config files and some might have actual issues in their implementations, but the protocol is just fine.

    And hell no, I don't want to pay postage to send email. And neither does anyone else using the Internet so forget that idea. Ain't happening. It is a more stupid idea than the wet dream every 'content provider' seems to have about getting micropayments for every pageview.

    MAPS is dead because their service can't scale to handle the load without throwing massive money at the problem. Kinda like what is/will be happening with M$ Passport/.NET :)

    What we need is a decentralized replacement without a central authority. Perhaps a 'web of trust' like PGP where any site can black hole another site on their OWN server, and others will pick up the ban automatically when enough servers they trust do so.
  • When above.net were hassling ORBS last year, Alan Cox mentioned that it was looking suspiciously like Vixie was planning to take MAPS commercial. See the July 17th entry in his diary [linux.org.uk].
  • when AOL gave their costumers access to the Internet it was the beginning of the end

    Yeah, what with their taste for frilly shirts and fur coats...
    --
    the telephone rings / problem between screen and chair / thoughts of homocide
  • by Kiwi (5214) on Friday July 13, 2001 @12:48AM (#87910) Homepage Journal
    In my experience with setting up Spam filters, I have found that RBL-filtering email was very ineffective in blocking spam.

    I have a fairly complicated spam filter set up for my clients, which works something like this:

    BCC filter -> MAPS rbl filter -> regex filter

    Until fairly recently, the BCC filter was the most effective filter for getting rid of spam. Lately, with the proliferation of DSL, spammers now have the bandwidth to send out one email per recipient, making the BCC filter less effective.

    The RBL filter is very ineffective (and yes, it includes the DUL and other lists). Spammers know that a large number of sites use these filters, so they perform "hit and run" spamming, finding open mail relays to rape.

    The regex filter is becoming the most effective spam filter.

    Not to mention a software package I wrote [sourceforge.net].

    - Sam

  • Of course you will not see the effect that MAPS and other anti-spam services.

    How would you define darkness, if there were no such thing as light?

    Similarly, we do not know what the email system will feel like, once these services disappear.
    We then tend to believe that they did not have much influence.

  • However, the charges per user for zone transfer makes no sense as the MAPS service bears no additional load or bandwidth charges from the extra users as the zones are stored on the ISP?s name servers locally.

    As MAPS point out, they own the copyright on their information. This means that they're not charging for load you cause on their servers, but rather for the privilege of being able to use the information. You don't have to like it, but this is the way things work.
  • Under traditional copyright laws, you have fair use, which means that once I pay your copyright fee, I have the right to use it however I please (barring that I don't make another copy.)

    Wrong. Fair use entitles you only to SOME uses of the material, not "however you please".

    Fair use grants exceptions to uses which would otherwise be copyright infringements. It is NOT a case of "all uses except copying are allowed". If this were the case, then you could legally buy a single license of some software and then allow many machines to use it from a networked disk. Clearly, this isn't the case. Software companies have been asking per-user licenses for years, and this is no different.

    It may or may not be motivated by greed, but that has no bearing on the copyright issues.
  • by Erik Hensema (12898) on Friday July 13, 2001 @12:20AM (#87916) Homepage

    We, the recipients of spam, now actually have to pay to NOT receive spam.

    Thank you very much spammers, and die.

  • When I added a MAPS filter to my mail configuration, the amount of spam I got seemed to drop by about two-thirds.
    --
  • Peacefire is not blocked. A netblock that peacefire *CHOOSES* to remain in is blocked. The netblock is blocked because Media3 are spammer-friendly.

    Yes, if you give money to companies that support spam, you can get blocked by blacklists. Just like people on AGIS used to get blocked, before AGIS was destroyed.

    Netblocks only get listed when the site has a *serious* attitude problem. If you want to associate your network packets with scum, well, you lose.

    I just don't see the big deal. Peacefire are aware that they could get hosting elsewhere; *lots* of people have written to offer them help with this, and hosting off of Media3's netblock. They're staying there to be stubborn. It's their own damn fault.
  • No, your Aunt Edna's ISP won't be blacklisted because a spammer sent mail from there... unless they let the spammer keep spamming. If the spam stops, the listing goes away. Period.

    MAPS has enough trouble without clueless people spreading lies about them.
  • by Royster (16042) on Friday July 13, 2001 @05:52AM (#87923) Homepage
    You could then have a policy on your MTA of:
    1) if sender is an authenticated user of this MTA, accept mail
    2) if sending MTA is the MX for the FROM address, and if the sending MTA has a key in the domain, accept.
    3) If the sending MTA is the MX, but has no key, accept but tag as possible spam.
    4) If the sending MTA isn't the MX, reject with a redirect to a webmail bypass URL.

    OK, pick it apart guys. Maybe we all can hash together an RFC?


    How stupid. I recieve mail @myisp.com and that's my From: address but I send mail using IP services provided by a number of ISPs depending on where I am when I'm sending. When I'm attached to airbridge.net, I use their SMTP servers. When I'm attached to oponline.com, I use their SMTP servers. I *don't* use myisp.com's servers (unless I've telnnetted into my shell account) becuase I'm not using their IP servces. My mail is legit, but my From: address does not match the SMTP server I'm using.
  • Hmf, I read SPAML, but I've got a bit of backlog and haven't seen this. I think I need to catch up. In any case - this seems to be the end of the road for MAPS then.

    I won't pay a penny for MAPS. For that, the process of getting domains blacklisted is not good enough. For servers to get listed in the RSS - spam already has to be relayed through an open relay.

    This would not have happened had ORBS still existed. ORBS was a creat tool for detecting spam - as you had lists of ALL open relays there.

    Now, I wonder what I'm going to do. Using MAPS' payment service is out of the question. Well .. maybe one of those ORBS-clones that are coming up may provide the correct solution.

    Harumpfh.


    --
  • If an ISP has a business as a customer, and that business hosts their own mail server, which because it's probably something insecure and inadequately administered (*cough* *cough* *exchange* *cough*), the ISP front ends all of the mail going in, then the ISP will be where the MAPS rejection will have to take place, but that server will have no idea if the next hop has 10, or 10 million, users. And this is very possible because user names can be ubiquitous to mail servers; they can be configured to accept everything that comes in and store it under the name actually addressed, or various other options. MAPS' pricing structure based on user count probably works for most, but there are cases where it falls on its face. Vixie should be smarter than that, but I suspect it is other individuals involved in their inflexible way of doing business.

  • The number of users might well be entirely unknown and out of the control of the ISP. A business customer may wish to not divulge this to the ISP for various reasons. Or they may even have their mail server configured without specific users. The user count pricing might work for most, but there are places where it fails. It is fundamentally a bad idea to price it that way. But that is just MHO.

  • If the ISP is spam friendly ... and there are some out there that fall into that category ... then move on to a new ISP. When calling up ISPs, ask them what they actually do to prevent spam coming from their entire network. If their answer is not satisfactory, say so, and move on. Unless you live in the back country, you now have a choice, at least in US and EU.

    MAPS has worked for me. I've had zero cases of legit (wanted) mail blocked by MAPS (doesn't mean it can't happen somewhere, but it sure doesn't seem to be all that big of a problem). I also use blocking by in-addr.arpa verification. No in-addr.arpa results then no acceptance of mail. This has been nearly as effective as MAPs (admins that don't get in-addr.arpa right tend to also be admins that don't get the servers closed to relaying). I've had 3 cases of this blocking legit mail. In 1 case the ISP fixed the problem. In another case they are now working on it after I phoned them yesterday. The 3rd case is so far unreachable, which indicates to me how much they really care.

  • Are you the admin of a server than has been using MAPS? If so, your server logs may have a list of many known open relays (but also many that have been subsequently closed). It's a start. You can build your own DNS zone like MAPS did to block at least these.

    Now if people were to get together and merge their lists and share them, it could be the start of a brand new database.

  • Two things will reduce the hassle of spam, more legislation, or supplanting SMTP with a non-broken mail protocol.

    I don't think I can trust lawmakers to get it right. Slashdot has so many stories of past cases where lawmakers do goofy things that trample on rights not even related to what they were trying (or said they were trying) to do. I fear the risk of squelching the right to anonymous speech, especially anonymous mail, as a result of new laws. Even the anti-SPAM efforts outside of government has some risk of that. While I'm sure we might be able to come up with some well focused law to reduce spam, it won't be all that effective unless it is totally universal, and highly enforced. Those are things that generally don't get done by governments unless it can result in good press for politicians, and that's not likely to ever be in this case. Can you really trust the government THAT MUCH?

    A replacement for SMTP, even if the protocol were final today, would probably not be deployed for 10 or even 20 years. SMTP would have to get cut off to force people to upgrade servers to something compliant with "SMTP2". The migration path would end up resulting in lots of "lost legitimate mail", at least for those cutting access from the original SMTP protocol. But if no one does that, then why would others have any incentive to upgrade?

  • The items on smtpd_client_restrictions need to be separated on different lines or by commas. My cut and paste didn't work to get it formatted right and I forgot to change it to comma separated.

  • I would put at least as much blame for this on BellSouth, if not more. Sure, Netcom was clueless, but it shouldn't have been their action to do any more than inform you that it was a DUL issue. Someone at BellSouth should be fired (because in this job market, they can be very easily replaced).

  • Interesting perspective, annoying those who benefit. I'll certainly have to think about that. Probably it's very rare that those who benefit are not condoning it. Of course one risk is that if this practice were widespread, one way to hurt someone's business is to spam in their name.

  • Very little legitimate mail gets thrown out this way. Some does, but in all but one case, the admins were incompetent or non-existant. The one case where I spoke with a competent admin running an ISP which was not getting delegation from their upstream (*cough* *cough* *qwest* *cough*) indicated that they were indeed looking to switch to another upstream as soon as they got their portable ARIN space (in the works).

    I see that your reverse is adsl-208-188-249-147.dsl.stlsmo.swbell.net which works forward and gets the correct address, so it should work fine to deliver to my mail servers.

  • Change ISP. What town do you live in?

    Using incompetent ISPs only encourages them.

  • True, but we get to smack people for not supporting it.

  • /var/log/messages

  • You trace it back to the first party that won't cooperate. They are then responsible. If that was an anonymous remailing service, then they should have implemented and deployed a mechanism to prevent bulk UCE and/or had a means to track down who sent it if it violated their policy. OTOH, anonymous remailers are hardly ever the source of spam. It's usually an ISP so gung-ho to get more accounts that they don't care who or what. These are the guys that will need to pay.

    Giving up privacy is not necessary if things are implemented correctly. What you'd give up is the ability to send huge volumes of mail privately, and the ability to send to anyone who does not want mail coming from private/anonymous sources.

  • by Skapare (16644) on Friday July 13, 2001 @03:23AM (#87938) Homepage
    Incidently, the cost for most ISPs would equate to about $0.05 per user per year.

    According to http://mail-abuse.org/rbl+/ [mail-abuse.org]:

    In query mode, the cost is US$1,500 per year for sites with up to 1,000 users; each additional 500 users will be priced at US$750 per year.

    That works out to not less than US$1.50 per user per year.

    Part of the problem is that it is based on number of users. ISPs which are doing mail forwarding to end customer systems (generally businesses on DSL or T1 links, and often with some tight firewalls and tunnels) have no user base in the forwarding mail server. They simply cannot work from this kind of pricing structure since their service is volume and domain based, not user based.

  • by Skapare (16644) on Friday July 13, 2001 @03:31AM (#87939) Homepage

    Tell me what ISP you are using. I want it to be the first entry in a new service called isps-that-hire-clueless-techs-we-do-not-want-mail- from.org. Maybe we can start getting rid of bad ISPs this way.

    :-)

  • by Skapare (16644) on Friday July 13, 2001 @04:13AM (#87940) Homepage

    I'd like to do a lot of the things you do. But I also have to balance what I do with how much time I have to deal with it. And it is not much. I'm trying to shift the cost back to those responsible (including those that make it harder for me to identify who is responsible ... open relays fall into this category). Of course I want to prevent the lost of legitimate mail. But the loss of some of it is part of the cost. It's all a balancing act, and what I do today may not be what I do tomorrow. And maybe this whole /. thread will bring some new ideas to mind.

    Getting more people involved in doing something besides wearing out the "d" key on their keyboards is certainly a great idea. I just don't agree with you regarding the blackholing ... as long as the benefits outweigh the costs, which so far is the case for me.

    A huge amount of mail is fraudulent and spam at the same time. Often times it is hard to track down who sent it. In one case I've gotten spam where the sender used a huge string of dots as the in-addr.arpa name (so he must have used a dedicated address with in-addr.arpa delegation) which caused the open relays to overflow the Recieved: header and not reveal the previous hop. In those cases the only recourse I have is to block the open relay.

    Open relays are primarily the result of "inadequate administration" (my diplomatic term for what is usually incompetency somewhere). I don't want mail from there, plain and simple. They are not part of "my network" anymore. If they repent, I'll unblock them. If they do it again then the next time it's 30 days after they repent, and so on.

    But what I choose to do is based on keeping my own costs (time) low. That's what it's all about. If it weren't, then I'd just sit there and read all the spam.

  • by Skapare (16644) on Friday July 13, 2001 @04:42AM (#87941) Homepage

    This is one of those fundamental problems. Unfortunately, for large scale servers, this is a genuine performance win to separate things like this. Still, if there was a way to list them then this could help.

    I suggest listing the outbound mail servers in the MX entries at higher numbers anyway. They won't be used as long as the lower numbered servers are working. And if the server isn't even set up to work as a fall back when all the inbound servers go down at the same time, it can just give out connection refused during those troubling times, or black hole the SYN packets. But at least this way there is something there in the MX entries to validate the outbound servers.

  • by Skapare (16644) on Friday July 13, 2001 @02:42AM (#87942) Homepage

    Here are some up and coming alternatives:

    I also have my mail server configured to reject mail from other mail servers that do not have their IP addresses correctly configured and/or delegated in the in-addr.arpa reversed DNS zone. Amazingly, this has cut out almost as much spam as MAPS has. For Postfix users, this can be done with:

    smtpd_client_restrictions = permit_mynetworks reject_unknown_client permit
    While this does end up rejecting a few "legitimate" servers, the number is very small. I suspect that for the most part this works because open relays tend to be the result of "inadequate administration" which can also be the cause of the lack of reverse DNS. If they can't get one of them right, they probably can't get the other right.
  • There are a hell of a lot of competnet mail administrators out there who are at the mercy of their less-than-competent ISP in regards to reverse DNS. From my experience, you'll be throwing out a hell of a lot of legitimate mail with an policy that's blind to this fact.
    There are a couple of solutions to this:

    • Use the ISP's mail services. IMAP/SSL messages down, set the ISP's SMTP host as a smart-host. This is what I do; I've seen the pain a friend goes thru running his own mail service, and I don't want it. (This assumes ISP's DNS admin isn't truly a doofus.)

    • Get a third-party mail account. If you like webmail, Yahoo is pretty good at this (and has semi-effective spam filtering and allows you to roll your own filters as well). NewsAndMail.com allows SSL access (but has no filters). There are others I can't vouch for. Check them out here [fepg.net]. Or you can get a pay-for-play shell account (or I think some people do free ones; if you know of them, hit "reply") and go all-out with procmail...
    As for the doofi who insist on using idiot.com or spamhaus.com who want to send you email... get yourself one of those free webmail accounts that has forwarding capabilites. Tell your less-than-clued (or stuck) friends (I have a good friend who HAS to use AOL for work... ugh.) to send you mail at thiscouldntpossiblybearealuser@yahoo.com (or whatever) and forward the yahoo account to me@mycozylittledomain.org, and hey, presto! problem solved.

    (FWIW, I really do like Yahoo a lot; I might even could be convinced to go pay-for-play with them, if the pay was modest and the play was as froody as it currently is... they have some annoying habits, but most of them can be (and are) fixed with Junkbuster; the rest (like always inserting a new filter at the END of the list) can be dealt with. Yeah, I *wish* I could work for them, but that would require moving to the PRCa, and I'm just not going to do that.)

  • I've already moved to opt-in mail. You want to get into my mailbox? Well, since I dont feel a real need of having you there, its up to *you* to figure out how to contact me in some other way to get me to add your mail address to acccepted senders (oh, and I screen calls, and dont answer the door without prior notice).

    My free time is valuable to me, and I appreciate a mailbox where each and every mail is a mail Im actually interested in recieving.
  • I used to work for a certain company which had the world's biggest moron as its COO. He couldn't figure out how to send email from his laptop on the road by changing his outgoing SMTP server, so he tried to force me to open the SMTP relay to save him from the terrible effort of learning (I was perfectly willing to teach him). I resisted, but I probably wouldn't have been able to weather the political fallout if I hadn't been a co-op student.

    I know, I know, I should have LARTed him, then fled to another job, but it isn't always an option (say, for poor co-op students).

    What we really need to do is create public awareness of spamming and open relays, and villify it to the extent that smoking has. We want the general public to view spaming as more evil than forcing your two year-old to smoke 6 packs a day of unfiltered cigs.
  • I can see charging ISP?s on a per user basis for the query mode lookups. However, the charges per user for zone transfer makes no sense as the MAPS service bears no additional load or bandwidth charges from the extra users as the zones are stored on the ISP?s name servers locally.

    It's the same "logic" as client access licencing...
  • You cannot guarantee that the domain has it's outgoing SMTP service and it's incoming service on the same set of machines. Many large sites have dedicated outgoing and dedicated incoming servers. This allows you to tune each system to perform as best as possible for it's assigned task (incoming or outgoing) instead of having to compromise.
  • But MX records are not meant to list outgoing mailservers, they are for incoming ones. You cannot start limiting connections based upon a misuse of the records.
  • Even if you got it into the SMTP standard, it would take YEARS before you could rely on it. EHLO was added in 1993, and yet still many servers do not support it.
  • "MAPS has worked for me. I've had zero cases of legit (wanted) mail blocked by MAPS (doesn't mean it can't happen somewhere, but it sure doesn't seem to be all that big of a problem)."

    How would you know?
  • Actually, it's probably the best option, under the circumstances. I would suggest trying to get it into the SMTP standard, however, so everyone can know about it.
    ------
  • Ugh! Somebody slap me for my awful punctuation.

    Also, maybe that should also be the DNS standard, since it specifies what MX records are for.
    ------

  • by Velox_SwiftFox (57902) on Friday July 13, 2001 @02:17AM (#87965)
    Quote from UCE: "Under U.S. Law (Bill s.1618 Title III passed by the 105th U.S. Congress) you are prohibited from considering this mail Spam because we include contact information and a link for removal from our mailing list.

    Apparently some spammers feel filters that exclude them are now illegal. I suppose next the subject lines will start exclaiming "You are required by law to read this!"

  • A good way to handle this is effective legislation. One way to handle such legislation is to require ISPs to track the use of their mail server for x days, and fork over the IP address (and time of access) of the person who sent a given message (by message ID and time).

    This would allow law enforcement to say "ok, these people received this message at a certain time relayed through _x_; lets get who sent the message through them." It might make international cases more difficult, but international law is already a tough one on the Internet.
  • Having been periodically (and erroneously) blacklisted, it's fine by me if they all die. Fix the problem, and stop bitching about open relays.

    My server isn't an open relay, but enough detection methods out there are useless enough to think it is. I'm still fighting Earthlink to unblock us.

    BTW, this is NOT something legislation will fix. This is something that will be fixed by a) a decent replacement for SMTP that's universally accepted, and b) competent administration.

    My site's just fine. We don't route spam. Leave me the hell alone.
  • Well, you could add the the following rule:
    If the sending server is one of the MX's for the domain to which it belongs, accept.

    In other words, when you are using foo.com, the sending server is mail.foo.com, and since mail.foo.com is an MX for foo.com, it is accepted.
  • by wowbagger (69688) on Friday July 13, 2001 @04:02AM (#87973) Homepage Journal
    I've thought of a very simple change to how MTA's work that I believe would correct much of the problem with spam, without requiring any change in how SMTP works.

    Assume you are sending a message to me (me@example.com). Your ISP's MTA contacts example.com's MTA and begins to send the message. Once example.com's MTA knows where the message purports to be from, it looks up the MTAs for that domain, and verifies that the connection is actually coming from one of the MTAs listed. If not, bu-bye!

    Now, this doesn't address open relays. I don't claim that it does. Open relays are best addressed with education of the alleged sysadmin (perferably with a Board of Education, +5 LART). What it does address is the growing number of spammers using broadband connections to directly spam users.

    In effect, this is doing much the same thing as the MAPS DUL, with the following exceptions:
    1) It's "opt in" rather than "opt out": a mail sender must take positive action to be able to send mail, rather than their ISP taking action to prevent them.
    2) Even if you are on a dynamic IP connection, you can still set yourself up with a domain, and use a dynamic DNS provider to link back to your server. (Whoever, IMHO if you are on dynamic DNS, you really should be going through your ISP's MTA, but....)
    3) It allows you to have some idea of who is sending you a message.

    Now, I agree that many spammers will just register domains and spam away, but it costs more effort to register a domain than it does to simply get a connection, the domain registrar has some record of who owns the domain, and the "JethroBillyBobTrailerTrash" spammers won't be able to handle setting this up.

    You could even extend this to having a public key stored in a text record of the domain, and require that all mail received by an MTA be coded against a valid key. Back to my example: your MTA would retrieve the key for example.com, and code the message against that key and your key. That way, example.com knows that you are the sender of the message. This also has the happy side effect of making it a lot harder to eavesdrop on the message.

    You could then have a policy on your MTA of:
    1) if sender is an authenticated user of this MTA, accept mail
    2) if sending MTA is the MX for the FROM address, and if the sending MTA has a key in the domain, accept.
    3) If the sending MTA is the MX, but has no key, accept but tag as possible spam.
    4) If the sending MTA isn't the MX, reject with a redirect to a webmail bypass URL.

    OK, pick it apart guys. Maybe we all can hash together an RFC?
  • > I also have my mail server configured to
    > reject mail from other mail servers that
    > do not have their IP addresses correctly
    > configured and/or delegated in the
    > in-addr.arpa reversed DNS zone.

    There are a hell of a lot of competnet mail administrators out there who are at the mercy of their less-than-competent ISP in regards to reverse DNS. From my experience, you'll be throwing out a hell of a lot of legitimate mail with an policy that's blind to this fact.
  • From what you said, it looks like you:

    - Don't have much friends, don't do much development, don't participate in mailing lists.
    - Change your employers pretty often.
    - Don't have any real means for people from outside of your world to contact you.
    - Abuse Hotmail, completely screwing their statistics about the millions of users they've got ;)

    Of course, your approach may work for someone, but it certainly is not an ultimate solution for everyone. There are people who need to be available (ESR? :)

    I support the idea of having different purpose e-mail addresses. Additionally, I want to remind everyone about the nice things like exim filters, procmail and perl.

    Happy filtering :)

  • by cperciva (102828) on Friday July 13, 2001 @12:32AM (#87985) Homepage
    Is it entirely coincidental that MAPS is starting to charge a subscription fee almost immediately after ORBS was shut down? It seems interesting that as soon as they have no competition they start charging a subscription fee.

    Thanks, but no thanks. I'd prefer not to pay for the priviledge of having email erroneously blocked.
  • I've said this over and over. I tend to get modded down pretty regularly for it. But I agree with you completely. Legislation is not the answer. Like you said it's a boot in the door.

    I for one would not pay for something like that, I'm not even sure that MAPS has a legitimate claim to the data either. Isn't the information that they broker submitting free of charge by users?

    Perhaps a freenet application would be a viable solution? Instead of having some servers at a hosting facility somewhere all users who wished to use it could share the hosting duties.

  • So a percentage then. Or indeed a fraction.

    Example: 1/2 of 50% = 25% (or 1/4)

    Rich

  • Sad, we see here dishonesty, trickery and stupidity win over the better product, and/or the better idea.

    Oh yeah, and I forgot EGO
    "Science is about ego as much as it is about discovery and truth"

  • by cluge (114877) on Friday July 13, 2001 @05:49AM (#87990) Homepage
    Does this sound like Microsoft or what? Lets compare shall we?

    MS tries to buy you or puts you out of business by stealing your product/idea and then incorperating it into Windows for "Free"

    MAPS and the network that it runs routinely and IMHO illegally injected false routes into the global routing table so that ORBS was unavailable so ONLY their "free" service is accessable. See MAPS vs ORBS [slashdot.org]

    MS: is now going with a subscription fee for it's software. All that "free stuff" it added to your OS which may or may not work properly now has to be paid for monthly!

    MAPS: With the competition driven into the ground, you suddenly have to PAY for MAPS. (You mean they couldn't mirror those zone files on several servers across many networks that would be willing to do so for free??)

    Sad, we see here dishonesty, trickery and stupidity win over the better product, and/or the better idea.
    "Science is about ego as much as it is about discovery and truth"

  • by sigwinch (115375) on Friday July 13, 2001 @02:25AM (#87991) Homepage
    First you say "I am tired of hearing this drivel about SMTP being somehow 'broken'".

    Then you say "What we need is a decentralized replacement without a central authority. Perhaps a 'web of trust' like PGP where any site can black hole another site on their OWN server, and others will pick up the ban automatically when enough servers they trust do so".

    When people say SMTP is broken, the lack of trust management is what they're referring to. The inherent brokenness of SMTP is that it delivers just about anything that shows up on port 25. I agree with you that a distributed trust mechanism is needed.

    Unfortunately making it work would take major design of new protocols and massive deployment of new mail servers. It would also take new email clients that people could use to report spam to their mail server. Large mail servers would need massive CPU power to do the necessary public key cryptography.

  • And I quote:
    It -REQUIRES- the ninocent be blocked, because they're the ones that will get the ISP to change it's poiculy, and ot boot their spammers.

    *sigh* Okay, I guess that since I live around the corner from a couple of crack houses that I should be arrested, or at least harassed, by the police so that I may take some vigilante action (or perhaps just petition the city council to raze the nearby offending buildings). Hurting the innocent along with the guilty is a non-option. Or rather, a bad one, since we appear to be doing it these days. And keep in mind that these days it is getting easier and easier for Joe Sixpack to actually buy his own domain and set up his family webpage. How the heck is he going to know about MAPS or why Grandma can't seem to get to the family webpage.

    And one more thing:
    you assholes who haven't been around for near as long as those of us in the fight are telling us we're wrong

    Yes, we are. Don't think that just because you have been in the thick of things that you automatically have some great moral authority to dictate right and wrong. If you get into a squabble with a relative, things escalate, and then you lose your head and start reaching for a gun, don't tell me I have no right tell you that you are wrong when I pull out the water hose to cool things down.

    _lpp
    ---------------------------------------
  • Just 2 accounts - a spammy `post to usenet/slashdot/etc` one, which will get caned with badly spelt pyramid schemes etc, and another which you get your friends to set you up using something like

    "password "

    you set up a filter saying "if subject doesnt contain password then send to trash folder"

    and thats pretty much it - zero spam.
  • "Plain old text", eh? plain old text and no angled brackets, you mean?

    that should have said
    " password open-angle-brackets username @ whatever.com close-angle-brackets"

  • If you're helping pay the rent for the crackhouse, then yeah, you should go to jail.

    The key word is "if". If you actually went so far as to pay for a portion of a spammer's bill to their ISP, then your statement might make some sense. Nobody willingly pays someone else's ISP bills, just as nobody walks over to their undesirable neighbors house and offers them cash to help pay their rent.

    The simple fact that this hypothetical crackhouse happens to be owned by the same landlord and you happen to send your monthy rent check to that same landlord does not somehow make you a drug dealer.

    Luckily law enforcement (in the US) isn't free to harrass mere bystanders without "probable cause", and ultimately there is "due process" in the courts. It's not a perfect system, but it does generally tend to prevent rampant and unchecked abuse of power. The same can not be said of MAPS.

    Your financial support of a spam-friendly ISP is what keeps them in business.

    The bitter hatred of spam that many tech-types hold has an amazing power to justify as rightous harming innocent bystanders. Amazing.

    The subject of this thread, "vigilantes" is particularily approapriate. This attitude, that (maybe) hindering some spammers justifies hampering many innocent people simply because they live in the wrong part of town, is truely the mindset of a vigilante who's lost touch with reality.

  • Can you say quarantine? MAPS is...

    Ugly as spam is, it simply is not a contageuos disease.

    Simply hosting a (non-spam related) site within the same netblock as some spammers does not somehow influence that site to start sending large volumes of unsolicited email.

    A quarantine is also used only when the disease is fatal. Nobody can quarantine people to prevent the spread of a disease like the common cold or flu.

    Spam isn't fatal. I get about 3-8 spams daily, and I just delete them. Sure, spam is annoying, but it's nowhere near serious enough (fatal) to declare a quarantine or other similarily drastic actions.

    I'm glad to see people fighting spam... but when they start intentionally hurting innocent people who are mere bystanders, they've crossed over the line.

  • by pjrc (134994) <paul@pjrc.com> on Friday July 13, 2001 @02:59AM (#88003) Homepage Journal
    This is bull. If you got listed your a spammer or an open relay.

    There have been numerous well known cases where MAPS created an entire netblock against "spam friendly" ISPs, in an attempt to put pressure on that ISP to change its policy and stop selling bandwidth or other services to spammers. This tactic has the effect of blocking all of that ISPs customers, spammers and legitimate businesses and users alike. Not long ago, slashdot ran a story about peacefire.org and others getting blocked by MAPS [slashdot.org].

    Your belief that everything listed by MAPS must be spammers is clearly false if examples can be shown where non-spammers have been blocked, and I believe that link above is just such an example.

    Even without a hard example, it's a well known fact that MAPS uses large netblocks against entire ISPs who they consider "spam friendly", without any regard for the other innocent bystanders who just happen to be other (unsuspecting) customers of that ISP.

    These services would not be worth squat if they did not work as advertised.

    It is debatable how effective MAPS is. In this C/net article [cnet.com] MAPS blocked very few spams and also blocked many non-spam messages. MAPS was the only spam blocking service among the ones tested that blocked non-spam messages. That C/net ran a test and found MAPS to block a significant number of non-spam messages further shows how naive it is to blindly trust MAPS.

    I suspect that time will shortly prove that MAPS is in fact "not worth squat". Such questionable effectiveness coupled together with blocking legitimate emails isn't great from a free service, but when you're paying your expectations change.

  • - Yahoo

    My account has been there for 3 years now - and no spam.

    Use Hotmail at your own risk...

    You seem to have hit on something with that:

    Just what planet are your "zero spam" accounts on? .me? .ma? .ve? .ju? .ur?

    The idea of using free e-mails in sites on non-.com domains might be usefull, given that most spam is oriented to an US audience ...

  • by Aceticon (140883) on Friday July 13, 2001 @12:30AM (#88005)
    I've been around the Net for some time now, and i've seen it go from purely academic to (almost) purely commercial (yep, when AOL gave their costumers access to the Internet it was the beginning of the end).

    I've seen the fall of Usenet (information to noise ratio is now about 1-10 in most groups) and the raise of spamming...

    Do i get spam on my e-mail account? - Nope.

    How?

    I have three e-mail accounts:

    • One for my friends and my informal humor mailing lists and official stuff (note: subscriptions to banana-girls-with-big-breasts.com sort of sites does not count as official). I never put this address in any public forum (that includes /.).
      Number of spams per-month = zero
    • The other one is at work. I only use it for work related stuff. When i change companies this one changes but my friends can always get me through the other one (for all the other ones, well - if you don't have my personal e-mail that means i don't want to hear from you again). I never publish this one in public forums.
      Number of spams per-month = zero
    • The last one is my public e-mail. I'll look at it maybe once a week. I'll use it publicly (although i still refrain myself from using it "as is" in Usenet - beter transform it so that humans can understand the real one but not e-mail address collection programs). Registration to any moderatly crappy site involves using this one. For extra crappy sites i just create a new one in Hotmail.
      Number of spams per-month = about 10 to 20
    So, after all my gloating about my own cunningness, what's the conclusion:

    Levels of privacy!!!
    Set up e-mail accounts the same way as you set up your life: friends; work; everybody else

    It works!

  • by Traxton1 (154182) <Traxton1@yahoLIONo.com minus cat> on Friday July 13, 2001 @12:13AM (#88010)
    It's been rumored that if you don't continue to pay your subscription fee MAPS will put your site on the list. And send you emails until you do!
  • Blockquoth the poster:
    are they non-profit or do they charge you money since they are a company??
    Um, these two are not at all exclusive of each other. One can incorporate a not-for-profit corporation. As an example, my school is incorporated, with the powers of the corporation vested in the Board of Trustees. It is that corporation that owns the land, pays the bills, etc.

    Not-for-profits charge for access all the time. That's why, for example, you have to join, say, the New York Public Theater to receive full access to shows. Their motive isn't profit but it's positively insane to say they can't handle money, as if it makes them unclean.

  • Maybe some people can manage to filter spam having some private mail addresses and some public ones. But spam filter is necessary many public mail adresses are needed to contact customers.
    We need to put public addresses in web pages and give customer support.
    You just can't rely on laws. Most of the spam I receive now comes from far east or south america. Maybe these countries will have a law some day, but there always be places where spam would be sent from.
    Spam filters like MAPS or ORBS are very helpfull filtering unsolicited mail.
  • Umm, no, ORBS, don't come back. I like actually being able to send mail without having it bounce because all of my school's/ISP's servers have been blacklisted because they don't allow external connections...

    Good riddance.
  • I'd like to propose an enhancement to the SMTP protocol: The MTA which receives the mail on behalf of the user should answer to the question "SPAM_OK" with either "Yes, TTL=x" or "No, TTL=x". Not following the answer should be made illegal (high fines or "downtime" attached). Every sender should be required to explain why he thinks his mail is not SPAM - failure to do so or unability to prove an existing business relationship, see above...
    This is neither an opt-in nor an opt-out situation. Instead, people get to choose wether they want opt-in (Answer: No SPAM) or opt-out (Answer: Yes, SPAM is ok).
  • by bl968 (190792) on Friday July 13, 2001 @12:18AM (#88022) Journal
    From the maps website i found the following interesting information. How much does it cost? In query mode, the cost is US$1,500 per year for sites with up to 1,000 users; each additional 500 users will be priced at US$750 per year.

    Larger or overseas sites will probably prefer transfer mode, in which you transfer a copy of the DNS zone to your local nameserver. The cost for this is US$1,250 per year per nameserver, plus US$50 per 1,000 users -- around half a cent per user each month.

    Educational institutions, non-profits, and members of selected ISP trade associatons may (at our sole discretion) be eligible for discounts; please contact us with a proposal.


    I can see charging ISP's on a per user basis for the query mode lookups. However, the charges per user for zone transfer makes no sense as the MAPS service bears no additional load or bandwidth charges from the extra users as the zones are stored on the ISP's name servers locally.


    --
    When I'm good I'm very good, when I'm bad I'm better, But when I'm evil you better run :P
  • I've got a little '486 running Exim to handle mail for me and my wife. It checks the various MAPS services. The number of connections it refuses varies from month to month, but it averages out to about 60... each connection represents a spam that would have been sent to at least one address for at least one of us (and often multiple addresses).

    So... yeah, it has an effect. No, it doesn't stop all the spam. But what's left is easier to deal with.
    --
  • by leuk_he (194174) on Friday July 13, 2001 @12:22AM (#88025) Homepage Journal
    From: Margie "margie@mail-abuse.org"

    Effective Midnight 7/31/2001, all non-subscription access to MAPS services will cease. Anyone wishing to transfer or query internet data must read the rest of this mail.

    Send us and the following 6 people on the ACL list 1 DOLLAR. Then add your name to the ACL list and send it to everyone you know. you get rich in a few days day and receive no more spam at the same time!

    Some testimony of users :

    "i did not pay ...and so dies . You've just cut your own throats. The effectiveness of MAPS always depended on the number of users, which is going to be paid out now. If you do not pay MAPS and the world arroudn will die (John Oliver) ,

    "MAPS want a big number of subscribers....aministrators will use MAPS ..." (Karl-Henry Martinsson)

    "This is a GOOD thing." (Sam)

    Margie "mail" Arbon. Abuse Prevention System, TM Manager, Market and MAKE MONEY FAST Development.

  • by ColdGrits (204506) on Friday July 13, 2001 @05:02AM (#88030)
    "The data in the MAPS files belongs to MAPS and is copyrighted. ".

    OK, correct me if I am wrong, but the data in MAPS are built up from a lot of user-submissions reporting open relays and spammers etc.

    So how come it is OK for MAPS to claim copyright and charge for access to community-submitted data, but NOT OK for CDDB to do exactly the same thing?

    &nbsp--

  • Sounds like a good idea to me. I run my three domains on my DSL and have MAPS in my Sendmail config, although I do have a few obvious spam domains blocked in /etc/mail/access. And my /29 block DOES have proper PTR records resolving to one of my domains, thanks to my clueful ISP. I would gladly switch to this method, especially with your experience that it does work.

    So does anyone have an M4 macro command for Sendmail configuration to do the in-addr.arpa verification? All I really care about is that there is a reverse DNS entry that can go into headers and logs, and not that it exactly matches the alleged hostname. (After all, some hosts have multiple names, and "mail." probably has another real hostname.) At least if the IP was from a dialup block, it would still mean the ISP was clueful enough that there would be a chance of them applying a LART when given the IP and an NTP-locked UTC timestamp.

    (Sorry, I don't happen to have The Bat handy right now, or I'd try looking it up in there.)

  • MAPS are free if you join AAA.
  • by TWX_the_Linux_Zealot (227666) on Friday July 13, 2001 @12:25AM (#88035) Journal
    ... MAPS will start sending out email to random people, explaining how their services can reduce the spam problem on their email servers. It'll probably be almost as bad as when the emails for "system security" clog up and crash the mail server...

    IBM had PL/1, with syntax worse than JOSS,
  • How many posts are we away from

    Last Month for Free Slashdot

  • It wasn't anything to do with clueless admins at my ISP. It was the Netcom segment of Mindspring together with a BellSouth cock-up that were causing the problems. Consider:
    • BellSouth had registered their entire block with the DUL without removing blocks allocated to other groups, like my ISP
    • Netcom had subscribed to the DUL (curiously only for their ix.netcom.com domain, @mindspring.com and @netcom.com addresses were routable)
    • Netcom refused to reveal that the DUL had anything to do with the problem. I hadn't even heard of DUL at that point, and my ISP's sysadmins hadn't either. Nor did they admit to using any other filtering system. The blame, they said, must lie with my ISP, despite the fact that my ISP was routing email everywhere else correctly.
    • Netcom wouldn't answer emails from my ISP, ignoring them. Netcom answered emails from me by telling me it was a configuration problem with my PC and I should contact my ISP, even after having it explained to them that the configuration settings were fine, that my ISP had confirmed the problem was with Netcom, etc.
    I think it's fair to say that the clueless ones are those working for Netcom. To implement an email blocking system which clearly is going to hiccup on a regular basis, with no system in place to deal with hiccups, dishonestly withholding the reason why the emails are being blocked in the first place, preventing information about problems from reaching the people who could fix it, basically preventing people legitimately contacting their customers, takes a degree of cluelessness over and beyond what I'd normally consider clueless.

    I wouldn't get an account at whatever-they-call-themselves-today (is it Earthlink now?), if that's the answer you were looking for. And BellSouth deserve a slap too.
    --

  • by squiggleslash (241428) on Friday July 13, 2001 @03:18AM (#88039) Homepage Journal
    I think the question i would like to answer is did MAPS have an effect ?
    Unquestionably it did. Thanks to the DUL, for example, I was unable to email my girlfriend on her Netcom account for several weeks because my ISP's class C block was completely blocked, because it was part of BellSouth's allocation of IP addresses and my ISP's mail server wasn't registered.

    It took several weeks of patiently trying to explain the problem and being rebuffed with "You must have configured your machine wrongly", "It must be a configuration problem with your ISP's servers", "Are you using the right SMTP server?", etc, before I was able to find a clueful tech support person who'd listen and talk to their system administrators to find out what the problem was. At the time I had no fricking idea what the DUL was, and there's no requirement that DUL users configure their SMTP gateways to actually say the reason they're blocking email from you is because of the "DUL" or to provide any link. Neither had my ISP's tech heard of it. Why should he? It's not in any RFC - indeed, it breaks the RFCs.

    Oh wait, you mean did it have an affect on spam? I can't comment. I think for the most part the thing that's had the most effect on spam has been the closing of open relays, which is pretty much unrelated to MAPS (and something their arch-rivals at ORBS arguably had more effect with.)

    I really cease to be impressed with outfits that propose rules that break legitimate ways of using something purely in order to make it more difficult for those we dislike to operate. The DUL is one example. It reminds me of the reason why I screen phonecalls with an answerphone rather than ACR - because that's what an answerphone does whereas ACR is a stupid "I've noticed all telemarketers withhold their number therefore all withheld numbers now and in the future must be telemarketers!" hack designed for the express purpose of selling something which will become totally ineffectual if a substantial enough group of people subscribe to it. People go for ACR though because answerphones are "old tech" and ACR is "automatic" and "new technology". Yay!

    Support them with subcriptions if you want to help combat spam or dont use the service - i think its a fair comment - not everything can be free as life costs money
    I understand the sentiment, but can't agree with the solution. I don't particularly like the way MAPS operates. Whether it going subscription, and thus reducing the number of ISPs in the scheme, will make a substantial difference to how easy spammers find it to operate I cannot tell. It'll be interesting to see the results. I doubt MAPS has had as big an impact as it'd like to believe (only 75% or more ISP usage of the RBLs would have been likely to do that), and I seriously doubt we'll see major increases as a result of MAPS going, if it does go.


    --

  • by cyberformer (257332) on Friday July 13, 2001 @12:18AM (#88043)
    For more than a year, ORBS claimed that MAPS wanted to go commercial. MAPS consistently denied this. Now, as soon as ORBS is gone...
  • by cavemanf16 (303184) on Friday July 13, 2001 @06:17AM (#88047) Homepage Journal
    Costs have to be attached to sending mail to strangers, either micropayments or risk of jail.

    jamie, what's wrong with you?! Making people pay doesn't stop the spam! I get more snail mail spam than I do email spam on a daily basis. Charging for email and enacting a million rules to govern its use won't help either. At a certain point, it just makes it prohibitively expensive or litigous ridden for the common user, me, to actually use it 'cause there's too many rules to follow and fees to pay. Your thinking on this one is wrong.

  • Funny you post this, as I just spent an hour yesterday patiently explaining to an employee that our acceptable use policy DOES in fact cover 'don't give your address out to moronic friends'. We rarely get spam in the office, as use of our company email addresses outside of work-related purposes is strictly prohibited (and so far, this works well). However, there's nothing like the day the mail server becomes completely unresponsive because someone thought that emailing 27 jpgs to each of us would be a good idea.

    It's not just friends either. I've had people who are otherwise respectable businesspersons send me emails with literally 200 recipients (gee, thanks Outlook) and the subject line reading Fw:Fw:Fw:Fw:Fw:Fw:Fw:Fw:some joke or another. Do the math; logarithmic functions are downright SCARY. Unfortunately, we just can't block these addresses, as legit business does get transacted with these people.

    I for one would gladly volunteer my time to give email ettiquitte training, even to complete strangers. I've had to go as far as to block close friends from being able to email me entirely; they don't seem to understand how to remove me from their (group/buddylist/whatever) on their own.

  • The whole concept of MAPS is flawed. MAPS blacklists a domain after the spammer has already sent their mail. How long and how much trouble does it take to get off the MAPS list after the fact?

    If your Aunt Edna can't send e-mail because a spammer sent spam from her ISP's domain two months ago, MAPS doesn't care. MAPS has publicly stated that they don't care if they are "throwing the baby out with the bathwater." "Maximum collateral damage" is their goal. Well excuse me but I thought the Internet was supposed to be an open system. If you want a network with a bunch of roadblocks/dead ends, start your own Anti-SpamNet.

    But no, I'm sure some sysadmins will pay good money for the MAPS list because they don't know what else to do. IP/domain filtering is NOT a practical way to get rid of spam. The spammers are smart enough to move around from one account to another.

    The only way I can ever see the spam problem solved is if people stop worrying about a few messages and get on with their lives. Use the delete key. I got pissed over spam at first (like 5 years ago), but you know what, if spammers want to spam, they'll ALWAYS find a way. No system is 100% secure.

  • They have to pay for servers and bandwidth, so it's understandable that they want to charge. However, it would be really nice if we could come up with true peer-to-peer collaborative filtering for E-mail. It's a harder problem, but it could obviate MAPS both as a bandwidth bottleneck and as a single point of legal attack.
  • So that would mean SPAM would be the System for the Promotion of Abusive Mail...

    Or maybe System for the Prevention of Actual Mail?

  • Note: This is only half joking.

    I just realized something. Only half of the junk in my Inbox comes from spammers. The other half of the junk comes from clueless friends and family who feel the need to constantly forward those "send this to 6 people ... and earn $$$" messages. Or other various hoaxes. Maybe we should educate them before we go after the spammers. I've got it. We can require a training class before anybody is allowed to use e-mail. Of course, it'll have to be free -- wouldn't want to discriminate based on income. Any volunteer teachers?

    GreyPoopon
    --

  • by Supa Mentat (415750) on Friday July 13, 2001 @12:16AM (#88061)
    Ok, it is sorta cute I guess, Mail Abuse Provention System = MAPS. It's also Spam backwards, that can't be coincidence, can it?
  • As someone involved in the spam blocking industry (yes it's an industry) I'd have to say that overall the effectiveness of rbl's in general is minimal.

    The impact has been just enough to get MAPS sued a couple of times. Expensive lawsuits. This is probably a bigger problem than a lack of subscriptions.

    The fact is that it's cheaper to buy a mail gateway filter now than to subscribe to MAPS.

    Consider this the first step in the eventual closing. They're going to hang on as long as they can to finish out the subscriptions and contracts they have, in order to avoid litigation for breach of contract, and then most likely fold up and go away.

  • Quote from UCE: "Under U.S. Law (Bill s.1618 Title III passed by the 105th U.S. Congress) you are prohibited from considering this mail Spam because we include contact information and a link for removal from our mailing list.


    Hilarious. Bill s.1618 was never passed into law. Here [easynet.co.uk] is the first thing Google popped up with when searching for it. Make sure you mention this when writing to the spammer's ISP to get their account yanked.

  • by q-soe (466472) on Friday July 13, 2001 @12:01AM (#88078) Homepage
    I think the question i would like to answer is did MAPS have an effect ? i mean the level of spam does not seem to have decreased at all and i think it has grown - the major ISP and web services providers - @home, Yahoo etc dont want to know about it - they may block email accounts of bulk mailers but in my expereince they dont.

    The other side of the coin in this message is that MAPS have costs as well, the maintenance of servers, databases and net bandwidth costs require money and staffing and that inevitable means costs. They have obviously now found it neccesary to continue and try and recoup them with the subscritption method.

    I personally find it a usefull tool and will likely pay for access under the subscription plan but others wont, thats a choice thing.

    After all they are a company and as such as they say they need to pay the bills.

    Support them with subcriptions if you want to help combat spam or dont use the service - i think its a fair comment - not everything can be free as life costs money

    Thats my 2 cents anyway
  • by papertech (467382) on Friday July 13, 2001 @12:12AM (#88079)
    If MAPS makes ISP's pay to use their services, those costs could simply be passed on to the "willing" consumers.

    I would be willing to pay $24.99 instead of $19.99 if the ISP could guarantee that I wouldn't get a bunch of crapflood spammers hammering my Inbox everyday.

    On the other hand, I can see ISP's dropping MAPS altogether, since the average uninterested Joe Netizen generally shops for the cheapest monthly ISP rate instead of looking at QOS.
  • by MargieA (467389) on Friday July 13, 2001 @12:32AM (#88080)

    MAPS has announced that this is the last month for non-subscription access to our lists. As stated in the announcement:

    "We will still offer some reduced fee or free query contracts under limited circumstances."

    Individual users and hobbyists can still obtain access to the lists for free. There is simply some paperwork involved. Not for profits, educational institutions, etc., are eligible for substantial discounts. It is not our intent to deny access to our services because of the inability to pay for a subscription. Those that can afford to pay are being required to do so.

    Incidently, the cost for most ISPs would equate to about $0.05 per user per year .

If at first you don't succeed, you are running about average.

Working...