Last Month for Free MAPS 191
Path: ...!newsfeed.stanford.edu!news.isc.org!not-for-mail
From: Margie <margie@mail-abuse.org>
Newsgroups: news.admin.net-abuse.email
Subject: MAPS Subscription Policy Changes
Date: Thu, 12 Jul 2001 16:45:11 -0700
Organization: Internet Software Consortium
Message-ID: <nidsktsnci3cat0blc31qtanprifmek97v@4ax.com>Effective Midnight 7/31/2001, all non-subscription access to MAPS services will cease. Anyone wishing to transfer or query MAPS data must have a signed contract with MAPS, and have access enabled in our ACL. There are several reasons for this change:
1) The data in the MAPS files belongs to MAPS and is copyrighted. MAPS, RBL, RBL+, DUL and RSS are all service marks of MAPS. MAPS must have the ability to protect its assets from unauthorized use or disclosure by third parties.
2) As MAPS popularity grew, the demand on our resources grew. We have continually upgraded systems, software, and added servers where necessary. The end result is our systems and connectivity are sufficient enough that providers have no incentive to pay for zone transfer subscriptions. When MAPS began to offer paid subscriptions, we believed that allowing access based on the ability to pay would allow the largest percentage of the net to access the services, while permitting MAPS to sustain itself with subscriptions from the large users of the services. What we have found instead is that we are our own worst "competition".
3) The economic conditions in the industry have hit everyone, including MAPS. MAPS' purpose is to stop spam on the internet. That purpose can only be achieved as long as MAPS can maintain itself as a corporation. Like any corporation, that takes income. There is very little debate about the effectiveness of the MAPS lists. This effectiveness saves its users time, bandwidth and other resources as well as giving them an added value to their customers by reducing the amount of spam the customer sees in their inbox. MAPS can simply no longer afford to foot the bill for the bulk of the internet community.
It is not our intent to put the use of the MAPS lists out of reach of the individual or hobby site. We will still offer some reduced fee or free query contracts under limited circumstances.
As usual, please direct requests for contracts to subscription-request@mail-abuse.org, questions and comments to margie@mail-abuse.org and flames to dev/null. ;)
--
Margie Arbon Mail Abuse Prevention System, LLC
Manager, Market and Business Development
margie@mail-abuse.org http://mail-abuse.org
Here are excerpted reader comments from SPAM-L and nanae which I found interesting:
"...people can no longer pass the buck when it comes to effectively blocking unwanted crap; they will have to now assume the responsibility for handling their own E-mail. I actually think that this is going to be a good thing for the long term." (Sam Varshavchik)"...and so dies MAPS. You've just cut your own throats. The effectiveness of MAPS always depended on the number of users, which is now going to be a fraction of a percentage of what it was before." (John Oliver)
"I was under the impression that MAPS want a big number of subscribers, in order to have some force behind them when they educate and negotiate with spammers. Isn't that the reason big spamhausen like UUNet were not blacklisted, since many subscribers would stop using MAPS's tools because of too much collateral damage? Now MAPS is reducing its customer base. But perhaps we can now get eBay, UUnet and Qwest blacklisted, since only a small number of administrators will use MAPS tools..." (Karl-Henry Martinsson)
"...if the RBL listees think the RBL is a bitch, let them see what happens when they get dropped into who knows how many individual filters that won't get reviewed for removals until Hell freezes over. I think there is some serious potential for us to ALL gain from this move." (Jim Higgins)
"Anyway, now that the MAPS RBL user base has been reduced by at least a factor of 10, the mainsleaze spambags are not going to even CARE about MAPS. ... So the mainsleaze spambags are going to let loose on the remaining 92-96%. ... The way I look at it, Joe Sixpack is now going to see more spam than he's ever seen before. I think that a lot of Joe Sixpacks are going to get seriously pissed, and a fair amount of them are going to explore ways to effectively spamproof their INBOXes. This is a GOOD thing." ("Sam")
My own prediction: in the long run, this has no big effect on spam either way. Two things will reduce the hassle of spam, more legislation, or supplanting SMTP with a non-broken mail protocol. Costs have to be attached to sending mail to strangers, either micropayments or risk of jail. As long as mail's dirt-cheap to send, spam will be vying for our attention, scurrying-around clean-up crews notwithstanding.
Until SMTP is replaced, the great spam fight is a bunch of Libertarians trying to solve the tragedy of the commons. A pay-per-view clique seems like a suboptimal solution to me.
Re:What about a tiered system? (Score:1)
-
Set up a primary DNS-server for the zones.
- Let all the secondaries (these are not located the same place as the primary) xfer the zone.
- Delegate the zone to the secondaries only.
You now have a hidden primary that will only be loaded by the secondaries.Re:And this is what happens when competition dies. (Score:1)
2) Because of ORBS getting wacked, there are now 3 NEW ORBS-like services. In the world of Linux, isn't the argument that 'more distros are better' common? Given this *IS*
So how will I be able to find things (Score:2)
What about a tiered system? (Score:2)
I'm basically thinking of something like ntp and it's stratum system. Only x users could talk directly to MAPS. y users could then talk to x, z to y and so on. Distribute the lookups without distributing the data.
That way you avoid both the complexities of a peer-to-peer/distributed data system, and the bandwidth issues of one centralized server.
Just a random thought.
MAPS Subscriptions (Score:2)
Well, for those that didn't actually read the post on the web site: http://www.mail-abuse.org/subscription.html
You'd see this (at the bottom):
Read: It's their intention to charge big business/ISPs who hit them heavily and don't contribute a penny. Sounds fair to me.Re:Alternatives to MAPS and ORBS (Score:2)
If the spam involve a legitimate web site (like skillometer.com or marblejar.com), I reply to the various addresses of the advertised site (ie: abuse@, sales@, info@, marketing@, postmaster@). I point them that I will advertise their company as spam-friendly, and I do it (ie: please, avoid skillometer.com and marblejar.com). The idea is to make them waste at least a few minutes of human time. (If I get two mail from the same spammer in a short time, I send him my freebsd kernel file asking him advice about how I could debug it, but this is pretty rare)
If the spam involve a crappy geoshitty site, I mail to the provider to get the site closed. The idea is that I want to get the site closed as soon as possible, so the spammer can't get a lot of return. Generally, those sites include only meatspace contact information (like a phone number, or an address). When I am in a bad mood, I track the phone number to get the name/address of the guy, which I latter use when registering to shitty sites (this isn't smart, but at least is funny). The downside is that they will never know why the got real spam in their mailbox, but that's the best I can do as I don't live in america, where most spammers seems to reside.
Last thing, I tell people I work with about how to handle spam. Some of them have started fighting back.
If 10% of spam receviers did the same, spam would be much much lower. Blackholing is a very stupid solution, as it only hide the problem. And it block legitimate mails. I've seen my contributions to the Darwin FAQ bouncing back, because rob braun uses blackholing software. When you spend a couple of hours reveiwing and writing a tech document and you'll get bounced back with an automated '550 Don't accept mail from spammers' with no way to contact the guy, you understand that blackholing is _not_ the solution.
There is one kind of mail that I don't know how to deal with. It is fraudulent mail, like one I received from pa165.czestochowa.sdi.tpnet.pl which was an HTML of a fake yahoo login ("Sorry, We Cannot Process Your Request. Reason: Time expired, Please re-login", followed by a form for the login/password. Of course, those were sending data to a
Cheers,
--fred
No actually it will get worse for spammers (Score:2)
Re:I don't get it (Score:4)
It worked great until one of them wanted to send me an e-greetings card for my birthday and submitted my real e-mail address to a greetings card site known for collecting addresses to sell on.
Result ?
I now get about 4 to 5 spams a day in my personal account... go figure :(
IMPORTANT: Educating your friends about your e-mail address system is a must!
Re:Return Email Address Lookup (Score:1)
Just my $0.02.
-Leigh
Re:SMTP is NOT broken (Score:1)
The problem is trying to fix the problem of network abuse at that level.
We need to fix it in the routers if we are going to do a "once and for all" fix; the distributed list of abusers need to be fed into the routers so the same effort can block the DDOS sites as they go 'active' plus whatever new forms of abuse become popular tomorrow. Securing a weapon so deadly so it doesn't itself become a target for script kiddies and other abuse should happen before the first trials.
And yes, I'm aware of the consequences. Implementing such a scheme is the end of the Net as we know it. Large sections would no longer be able to talk to other large sections at any point in time. Welcome to the Internet after AOL, etc. showed up with the great unwashed masses.
SMTP is NOT broken (Score:2)
And hell no, I don't want to pay postage to send email. And neither does anyone else using the Internet so forget that idea. Ain't happening. It is a more stupid idea than the wet dream every 'content provider' seems to have about getting micropayments for every pageview.
MAPS is dead because their service can't scale to handle the load without throwing massive money at the problem. Kinda like what is/will be happening with M$ Passport/.NET
What we need is a decentralized replacement without a central authority. Perhaps a 'web of trust' like PGP where any site can black hole another site on their OWN server, and others will pick up the ban automatically when enough servers they trust do so.
Alan Cox predicited this last year (Score:5)
Re:I don't get it (Score:2)
Yeah, what with their taste for frilly shirts and fur coats...
--
the telephone rings / problem between screen and chair / thoughts of homocide
MAPS did not block most spam (Score:5)
I have a fairly complicated spam filter set up for my clients, which works something like this:
BCC filter -> MAPS rbl filter -> regex filter
Until fairly recently, the BCC filter was the most effective filter for getting rid of spam. Lately, with the proliferation of DSL, spammers now have the bandwidth to send out one email per recipient, making the BCC filter less effective.
The RBL filter is very ineffective (and yes, it includes the DUL and other lists). Spammers know that a large number of sites use these filters, so they perform "hit and run" spamming, finding open mail relays to rape.
The regex filter is becoming the most effective spam filter.
Not to mention a software package I wrote [sourceforge.net].
- Sam
We never know... (Score:2)
How would you define darkness, if there were no such thing as light?
Similarly, we do not know what the email system will feel like, once these services disappear.
We then tend to believe that they did not have much influence.
Re:Prices and Opinions (Score:2)
As MAPS point out, they own the copyright on their information. This means that they're not charging for load you cause on their servers, but rather for the privilege of being able to use the information. You don't have to like it, but this is the way things work.
Re:Bullshit (Score:2)
Wrong. Fair use entitles you only to SOME uses of the material, not "however you please".
Fair use grants exceptions to uses which would otherwise be copyright infringements. It is NOT a case of "all uses except copying are allowed". If this were the case, then you could legally buy a single license of some software and then allow many machines to use it from a networked disk. Clearly, this isn't the case. Software companies have been asking per-user licenses for years, and this is no different.
It may or may not be motivated by greed, but that has no bearing on the copyright issues.
And there we have it... (Score:5)
We, the recipients of spam, now actually have to pay to NOT receive spam.
Thank you very much spammers, and die.
Re:Did MAPS have an effect (Score:2)
--
Re:vigilantes (Score:2)
Yes, if you give money to companies that support spam, you can get blocked by blacklists. Just like people on AGIS used to get blocked, before AGIS was destroyed.
Netblocks only get listed when the site has a *serious* attitude problem. If you want to associate your network packets with scum, well, you lose.
I just don't see the big deal. Peacefire are aware that they could get hosting elsewhere; *lots* of people have written to offer them help with this, and hosting off of Media3's netblock. They're staying there to be stubborn. It's their own damn fault.
Re:Oops the fire is out, let's find the next one.. (Score:2)
MAPS has enough trouble without clueless people spreading lies about them.
Re:SMTP "Broken".... (Score:4)
1) if sender is an authenticated user of this MTA, accept mail
2) if sending MTA is the MX for the FROM address, and if the sending MTA has a key in the domain, accept.
3) If the sending MTA is the MX, but has no key, accept but tag as possible spam.
4) If the sending MTA isn't the MX, reject with a redirect to a webmail bypass URL.
OK, pick it apart guys. Maybe we all can hash together an RFC?
How stupid. I recieve mail @myisp.com and that's my From: address but I send mail using IP services provided by a number of ISPs depending on where I am when I'm sending. When I'm attached to airbridge.net, I use their SMTP servers. When I'm attached to oponline.com, I use their SMTP servers. I *don't* use myisp.com's servers (unless I've telnnetted into my shell account) becuase I'm not using their IP servces. My mail is legit, but my From: address does not match the SMTP server I'm using.
And this is what happens when competition dies. (Score:2)
I won't pay a penny for MAPS. For that, the process of getting domains blacklisted is not good enough. For servers to get listed in the RSS - spam already has to be relayed through an open relay.
This would not have happened had ORBS still existed. ORBS was a creat tool for detecting spam - as you had lists of ALL open relays there.
Now, I wonder what I'm going to do. Using MAPS' payment service is out of the question. Well
Harumpfh.
--
Re:Passing the buck (Score:2)
If an ISP has a business as a customer, and that business hosts their own mail server, which because it's probably something insecure and inadequately administered (*cough* *cough* *exchange* *cough*), the ISP front ends all of the mail going in, then the ISP will be where the MAPS rejection will have to take place, but that server will have no idea if the next hop has 10, or 10 million, users. And this is very possible because user names can be ubiquitous to mail servers; they can be configured to accept everything that comes in and store it under the name actually addressed, or various other options. MAPS' pricing structure based on user count probably works for most, but there are cases where it falls on its face. Vixie should be smarter than that, but I suspect it is other individuals involved in their inflexible way of doing business.
Re:Prices and Opinions (Score:2)
The number of users might well be entirely unknown and out of the control of the ISP. A business customer may wish to not divulge this to the ISP for various reasons. Or they may even have their mail server configured without specific users. The user count pricing might work for most, but there are places where it fails. It is fundamentally a bad idea to price it that way. But that is just MHO.
Re:vigilantes (Score:2)
If the ISP is spam friendly ... and there are some out there that fall into that category ... then move on to a new ISP. When calling up ISPs, ask them what they actually do to prevent spam coming from their entire network. If their answer is not satisfactory, say so, and move on. Unless you live in the back country, you now have a choice, at least in US and EU.
MAPS has worked for me. I've had zero cases of legit (wanted) mail blocked by MAPS (doesn't mean it can't happen somewhere, but it sure doesn't seem to be all that big of a problem). I also use blocking by in-addr.arpa verification. No in-addr.arpa results then no acceptance of mail. This has been nearly as effective as MAPs (admins that don't get in-addr.arpa right tend to also be admins that don't get the servers closed to relaying). I've had 3 cases of this blocking legit mail. In 1 case the ISP fixed the problem. In another case they are now working on it after I phoned them yesterday. The 3rd case is so far unreachable, which indicates to me how much they really care.
Building a new anti-spam database. (Score:2)
Are you the admin of a server than has been using MAPS? If so, your server logs may have a list of many known open relays (but also many that have been subsequently closed). It's a start. You can build your own DNS zone like MAPS did to block at least these.
Now if people were to get together and merge their lists and share them, it could be the start of a brand new database.
More anti-SPAM legislation? (Score:2)
I don't think I can trust lawmakers to get it right. Slashdot has so many stories of past cases where lawmakers do goofy things that trample on rights not even related to what they were trying (or said they were trying) to do. I fear the risk of squelching the right to anonymous speech, especially anonymous mail, as a result of new laws. Even the anti-SPAM efforts outside of government has some risk of that. While I'm sure we might be able to come up with some well focused law to reduce spam, it won't be all that effective unless it is totally universal, and highly enforced. Those are things that generally don't get done by governments unless it can result in good press for politicians, and that's not likely to ever be in this case. Can you really trust the government THAT MUCH?
A replacement for SMTP, even if the protocol were final today, would probably not be deployed for 10 or even 20 years. SMTP would have to get cut off to force people to upgrade servers to something compliant with "SMTP2". The migration path would end up resulting in lots of "lost legitimate mail", at least for those cutting access from the original SMTP protocol. But if no one does that, then why would others have any incentive to upgrade?
Correction to Postfix config (Score:2)
The items on smtpd_client_restrictions need to be separated on different lines or by commas. My cut and paste didn't work to get it formatted right and I forgot to change it to comma separated.
Re:Did MAPS have an effect (Score:2)
I would put at least as much blame for this on BellSouth, if not more. Sure, Netcom was clueless, but it shouldn't have been their action to do any more than inform you that it was a DUL issue. Someone at BellSouth should be fired (because in this job market, they can be very easily replaced).
Re:Alternatives to MAPS and ORBS (Score:2)
Interesting perspective, annoying those who benefit. I'll certainly have to think about that. Probably it's very rare that those who benefit are not condoning it. Of course one risk is that if this practice were widespread, one way to hurt someone's business is to spam in their name.
Re:Alternatives to MAPS and ORBS (Score:2)
Very little legitimate mail gets thrown out this way. Some does, but in all but one case, the admins were incompetent or non-existant. The one case where I spoke with a competent admin running an ISP which was not getting delegation from their upstream (*cough* *cough* *qwest* *cough*) indicated that they were indeed looking to switch to another upstream as soon as they got their portable ARIN space (in the works).
I see that your reverse is adsl-208-188-249-147.dsl.stlsmo.swbell.net which works forward and gets the correct address, so it should work fine to deliver to my mail servers.
Re:Alternatives to MAPS and ORBS (Score:2)
Change ISP. What town do you live in?
Using incompetent ISPs only encourages them.
Re:SMTP "Broken".... (Score:2)
True, but we get to smack people for not supporting it.
Re:vigilantes (Score:2)
Re:More anti-SPAM legislation? (Score:2)
You trace it back to the first party that won't cooperate. They are then responsible. If that was an anonymous remailing service, then they should have implemented and deployed a mechanism to prevent bulk UCE and/or had a means to track down who sent it if it violated their policy. OTOH, anonymous remailers are hardly ever the source of spam. It's usually an ISP so gung-ho to get more accounts that they don't care who or what. These are the guys that will need to pay.
Giving up privacy is not necessary if things are implemented correctly. What you'd give up is the ability to send huge volumes of mail privately, and the ability to send to anyone who does not want mail coming from private/anonymous sources.
Re:Last Month for Free MAPS - Not (Score:3)
According to http://mail-abuse.org/rbl+/ [mail-abuse.org]:
That works out to not less than US$1.50 per user per year.
Part of the problem is that it is based on number of users. ISPs which are doing mail forwarding to end customer systems (generally businesses on DSL or T1 links, and often with some tight firewalls and tunnels) have no user base in the forwarding mail server. They simply cannot work from this kind of pricing structure since their service is volume and domain based, not user based.
Re:Did MAPS have an effect (Score:3)
Tell me what ISP you are using. I want it to be the first entry in a new service called isps-that-hire-clueless-techs-we-do-not-want-mail- from.org. Maybe we can start getting rid of bad ISPs this way.
:-)
Re:Alternatives to MAPS and ORBS (Score:3)
I'd like to do a lot of the things you do. But I also have to balance what I do with how much time I have to deal with it. And it is not much. I'm trying to shift the cost back to those responsible (including those that make it harder for me to identify who is responsible ... open relays fall into this category). Of course I want to prevent the lost of legitimate mail. But the loss of some of it is part of the cost. It's all a balancing act, and what I do today may not be what I do tomorrow. And maybe this whole /. thread will bring some new ideas to mind.
Getting more people involved in doing something besides wearing out the "d" key on their keyboards is certainly a great idea. I just don't agree with you regarding the blackholing ... as long as the benefits outweigh the costs, which so far is the case for me.
A huge amount of mail is fraudulent and spam at the same time. Often times it is hard to track down who sent it. In one case I've gotten spam where the sender used a huge string of dots as the in-addr.arpa name (so he must have used a dedicated address with in-addr.arpa delegation) which caused the open relays to overflow the Recieved: header and not reveal the previous hop. In those cases the only recourse I have is to block the open relay.
Open relays are primarily the result of "inadequate administration" (my diplomatic term for what is usually incompetency somewhere). I don't want mail from there, plain and simple. They are not part of "my network" anymore. If they repent, I'll unblock them. If they do it again then the next time it's 30 days after they repent, and so on.
But what I choose to do is based on keeping my own costs (time) low. That's what it's all about. If it weren't, then I'd just sit there and read all the spam.
Re:SMTP "Broken".... (Score:3)
This is one of those fundamental problems. Unfortunately, for large scale servers, this is a genuine performance win to separate things like this. Still, if there was a way to list them then this could help.
I suggest listing the outbound mail servers in the MX entries at higher numbers anyway. They won't be used as long as the lower numbered servers are working. And if the server isn't even set up to work as a fall back when all the inbound servers go down at the same time, it can just give out connection refused during those troubling times, or black hole the SYN packets. But at least this way there is something there in the MX entries to validate the outbound servers.
Alternatives to MAPS and ORBS (Score:5)
Here are some up and coming alternatives:
I also have my mail server configured to reject mail from other mail servers that do not have their IP addresses correctly configured and/or delegated in the in-addr.arpa reversed DNS zone. Amazingly, this has cut out almost as much spam as MAPS has. For Postfix users, this can be done with:
While this does end up rejecting a few "legitimate" servers, the number is very small. I suspect that for the most part this works because open relays tend to be the result of "inadequate administration" which can also be the cause of the lack of reverse DNS. If they can't get one of them right, they probably can't get the other right.Re:Alternatives to MAPS and ORBS (Score:2)
- Use the ISP's mail services. IMAP/SSL messages down, set the ISP's SMTP host as a smart-host. This is what I do; I've seen the pain a friend goes thru running his own mail service, and I don't want it. (This assumes ISP's DNS admin isn't truly a doofus.)
- Get a third-party mail account. If you like webmail, Yahoo is pretty good at this (and has semi-effective spam filtering and allows you to roll your own filters as well). NewsAndMail.com allows SSL access (but has no filters). There are others I can't vouch for. Check them out here [fepg.net]. Or you can get a pay-for-play shell account (or I think some people do free ones; if you know of them, hit "reply") and go all-out with procmail...
As for the doofi who insist on using idiot.com or spamhaus.com who want to send you email... get yourself one of those free webmail accounts that has forwarding capabilites. Tell your less-than-clued (or stuck) friends (I have a good friend who HAS to use AOL for work... ugh.) to send you mail at thiscouldntpossiblybearealuser@yahoo.com (or whatever) and forward the yahoo account to me@mycozylittledomain.org, and hey, presto! problem solved.(FWIW, I really do like Yahoo a lot; I might even could be convinced to go pay-for-play with them, if the pay was modest and the play was as froody as it currently is... they have some annoying habits, but most of them can be (and are) fixed with Junkbuster; the rest (like always inserting a new filter at the END of the list) can be dealt with. Yeah, I *wish* I could work for them, but that would require moving to the PRCa, and I'm just not going to do that.)
Opt-in mail (Score:2)
My free time is valuable to me, and I appreciate a mailbox where each and every mail is a mail Im actually interested in recieving.
Forced to open relays (Score:2)
I know, I know, I should have LARTed him, then fled to another job, but it isn't always an option (say, for poor co-op students).
What we really need to do is create public awareness of spamming and open relays, and villify it to the extent that smoking has. We want the general public to view spaming as more evil than forcing your two year-old to smoke 6 packs a day of unfiltered cigs.
Re:Prices and Opinions (Score:2)
It's the same "logic" as client access licencing...
Re:SMTP "Broken".... (Score:2)
Re:SMTP "Broken".... (Score:2)
Re:SMTP "Broken".... (Score:2)
Re:vigilantes (Score:2)
How would you know?
Re:SMTP "Broken".... (Score:2)
------
Re:SMTP "Broken".... (Score:2)
Also, maybe that should also be the DNS standard, since it specifies what MX records are for.
------
Spammers are getting threatening... (Score:3)
Apparently some spammers feel filters that exclude them are now illegal. I suppose next the subject lines will start exclaiming "You are required by law to read this!"
Re:Oops the fire is out, let's find the next one.. (Score:2)
This would allow law enforcement to say "ok, these people received this message at a certain time relayed through _x_; lets get who sent the message through them." It might make international cases more difficult, but international law is already a tough one on the Internet.
vigilantes (Score:2)
My server isn't an open relay, but enough detection methods out there are useless enough to think it is. I'm still fighting Earthlink to unblock us.
BTW, this is NOT something legislation will fix. This is something that will be fixed by a) a decent replacement for SMTP that's universally accepted, and b) competent administration.
My site's just fine. We don't route spam. Leave me the hell alone.
Re:SMTP "Broken".... (Score:2)
If the sending server is one of the MX's for the domain to which it belongs, accept.
In other words, when you are using foo.com, the sending server is mail.foo.com, and since mail.foo.com is an MX for foo.com, it is accepted.
SMTP "Broken".... (Score:4)
Assume you are sending a message to me (me@example.com). Your ISP's MTA contacts example.com's MTA and begins to send the message. Once example.com's MTA knows where the message purports to be from, it looks up the MTAs for that domain, and verifies that the connection is actually coming from one of the MTAs listed. If not, bu-bye!
Now, this doesn't address open relays. I don't claim that it does. Open relays are best addressed with education of the alleged sysadmin (perferably with a Board of Education, +5 LART). What it does address is the growing number of spammers using broadband connections to directly spam users.
In effect, this is doing much the same thing as the MAPS DUL, with the following exceptions:
1) It's "opt in" rather than "opt out": a mail sender must take positive action to be able to send mail, rather than their ISP taking action to prevent them.
2) Even if you are on a dynamic IP connection, you can still set yourself up with a domain, and use a dynamic DNS provider to link back to your server. (Whoever, IMHO if you are on dynamic DNS, you really should be going through your ISP's MTA, but....)
3) It allows you to have some idea of who is sending you a message.
Now, I agree that many spammers will just register domains and spam away, but it costs more effort to register a domain than it does to simply get a connection, the domain registrar has some record of who owns the domain, and the "JethroBillyBobTrailerTrash" spammers won't be able to handle setting this up.
You could even extend this to having a public key stored in a text record of the domain, and require that all mail received by an MTA be coded against a valid key. Back to my example: your MTA would retrieve the key for example.com, and code the message against that key and your key. That way, example.com knows that you are the sender of the message. This also has the happy side effect of making it a lot harder to eavesdrop on the message.
You could then have a policy on your MTA of:
1) if sender is an authenticated user of this MTA, accept mail
2) if sending MTA is the MX for the FROM address, and if the sending MTA has a key in the domain, accept.
3) If the sending MTA is the MX, but has no key, accept but tag as possible spam.
4) If the sending MTA isn't the MX, reject with a redirect to a webmail bypass URL.
OK, pick it apart guys. Maybe we all can hash together an RFC?
Re:Alternatives to MAPS and ORBS (Score:2)
> reject mail from other mail servers that
> do not have their IP addresses correctly
> configured and/or delegated in the
> in-addr.arpa reversed DNS zone.
There are a hell of a lot of competnet mail administrators out there who are at the mercy of their less-than-competent ISP in regards to reverse DNS. From my experience, you'll be throwing out a hell of a lot of legitimate mail with an policy that's blind to this fact.
Re:I don't get it (Score:2)
- Don't have much friends, don't do much development, don't participate in mailing lists.
- Change your employers pretty often.
- Don't have any real means for people from outside of your world to contact you.
- Abuse Hotmail, completely screwing their statistics about the millions of users they've got
Of course, your approach may work for someone, but it certainly is not an ultimate solution for everyone. There are people who need to be available (ESR?
I support the idea of having different purpose e-mail addresses. Additionally, I want to remind everyone about the nice things like exim filters, procmail and perl.
Happy filtering
Coincidence? (Score:4)
Thanks, but no thanks. I'd prefer not to pay for the priviledge of having email erroneously blocked.
Re:More Legislation? (Score:2)
I for one would not pay for something like that, I'm not even sure that MAPS has a legitimate claim to the data either. Isn't the information that they broker submitting free of charge by users?
Perhaps a freenet application would be a viable solution? Instead of having some servers at a hosting facility somewhere all users who wished to use it could share the hosting duties.
Fraction of a percentage (Score:2)
Example: 1/2 of 50% = 25% (or 1/4)
Rich
Re:Screw Your Competition Then Charge Money (Score:2)
Oh yeah, and I forgot EGO
"Science is about ego as much as it is about discovery and truth"
Screw Your Competition Then Charge Money (Score:5)
MS tries to buy you or puts you out of business by stealing your product/idea and then incorperating it into Windows for "Free"
MAPS and the network that it runs routinely and IMHO illegally injected false routes into the global routing table so that ORBS was unavailable so ONLY their "free" service is accessable. See MAPS vs ORBS [slashdot.org]
MS: is now going with a subscription fee for it's software. All that "free stuff" it added to your OS which may or may not work properly now has to be paid for monthly!
MAPS: With the competition driven into the ground, you suddenly have to PAY for MAPS. (You mean they couldn't mirror those zone files on several servers across many networks that would be willing to do so for free??)
Sad, we see here dishonesty, trickery and stupidity win over the better product, and/or the better idea.
"Science is about ego as much as it is about discovery and truth"
Re:SMTP is NOT broken (Score:4)
Then you say "What we need is a decentralized replacement without a central authority. Perhaps a 'web of trust' like PGP where any site can black hole another site on their OWN server, and others will pick up the ban automatically when enough servers they trust do so".
When people say SMTP is broken, the lack of trust management is what they're referring to. The inherent brokenness of SMTP is that it delivers just about anything that shows up on port 25. I agree with you that a distributed trust mechanism is needed.
Unfortunately making it work would take major design of new protocols and massive deployment of new mail servers. It would also take new email clients that people could use to report spam to their mail server. Large mail servers would need massive CPU power to do the necessary public key cryptography.
Re:vigilantes (Score:2)
*sigh* Okay, I guess that since I live around the corner from a couple of crack houses that I should be arrested, or at least harassed, by the police so that I may take some vigilante action (or perhaps just petition the city council to raze the nearby offending buildings). Hurting the innocent along with the guilty is a non-option. Or rather, a bad one, since we appear to be doing it these days. And keep in mind that these days it is getting easier and easier for Joe Sixpack to actually buy his own domain and set up his family webpage. How the heck is he going to know about MAPS or why Grandma can't seem to get to the family webpage.
And one more thing:
Yes, we are. Don't think that just because you have been in the thick of things that you automatically have some great moral authority to dictate right and wrong. If you get into a squabble with a relative, things escalate, and then you lose your head and start reaching for a gun, don't tell me I have no right tell you that you are wrong when I pull out the water hose to cool things down.
_lpp
---------------------------------------
or use a password filter (Score:2)
"password "
you set up a filter saying "if subject doesnt contain password then send to trash folder"
and thats pretty much it - zero spam.
Re:or use a password filter (Score:2)
that should have said
" password open-angle-brackets username @ whatever.com close-angle-brackets"
Re:vigilantes (Score:2)
The key word is "if". If you actually went so far as to pay for a portion of a spammer's bill to their ISP, then your statement might make some sense. Nobody willingly pays someone else's ISP bills, just as nobody walks over to their undesirable neighbors house and offers them cash to help pay their rent.
The simple fact that this hypothetical crackhouse happens to be owned by the same landlord and you happen to send your monthy rent check to that same landlord does not somehow make you a drug dealer.
Luckily law enforcement (in the US) isn't free to harrass mere bystanders without "probable cause", and ultimately there is "due process" in the courts. It's not a perfect system, but it does generally tend to prevent rampant and unchecked abuse of power. The same can not be said of MAPS.
Your financial support of a spam-friendly ISP is what keeps them in business.
The bitter hatred of spam that many tech-types hold has an amazing power to justify as rightous harming innocent bystanders. Amazing.
The subject of this thread, "vigilantes" is particularily approapriate. This attitude, that (maybe) hindering some spammers justifies hampering many innocent people simply because they live in the wrong part of town, is truely the mindset of a vigilante who's lost touch with reality.
Re:vigilantes (Score:2)
Ugly as spam is, it simply is not a contageuos disease.
Simply hosting a (non-spam related) site within the same netblock as some spammers does not somehow influence that site to start sending large volumes of unsolicited email.
A quarantine is also used only when the disease is fatal. Nobody can quarantine people to prevent the spread of a disease like the common cold or flu.
Spam isn't fatal. I get about 3-8 spams daily, and I just delete them. Sure, spam is annoying, but it's nowhere near serious enough (fatal) to declare a quarantine or other similarily drastic actions.
I'm glad to see people fighting spam... but when they start intentionally hurting innocent people who are mere bystanders, they've crossed over the line.
Re:vigilantes (Score:5)
There have been numerous well known cases where MAPS created an entire netblock against "spam friendly" ISPs, in an attempt to put pressure on that ISP to change its policy and stop selling bandwidth or other services to spammers. This tactic has the effect of blocking all of that ISPs customers, spammers and legitimate businesses and users alike. Not long ago, slashdot ran a story about peacefire.org and others getting blocked by MAPS [slashdot.org].
Your belief that everything listed by MAPS must be spammers is clearly false if examples can be shown where non-spammers have been blocked, and I believe that link above is just such an example.
Even without a hard example, it's a well known fact that MAPS uses large netblocks against entire ISPs who they consider "spam friendly", without any regard for the other innocent bystanders who just happen to be other (unsuspecting) customers of that ISP.
These services would not be worth squat if they did not work as advertised.
It is debatable how effective MAPS is. In this C/net article [cnet.com] MAPS blocked very few spams and also blocked many non-spam messages. MAPS was the only spam blocking service among the ones tested that blocked non-spam messages. That C/net ran a test and found MAPS to block a significant number of non-spam messages further shows how naive it is to blindly trust MAPS.
I suspect that time will shortly prove that MAPS is in fact "not worth squat". Such questionable effectiveness coupled together with blocking legitimate emails isn't great from a free service, but when you're paying your expectations change.
Try ... (Score:2)
My account has been there for 3 years now - and no spam.
Use Hotmail at your own risk...
You seem to have hit on something with that:
Just what planet are your "zero spam" accounts on? .me? .ma? .ve? .ju? .ur?
The idea of using free e-mails in sites on non-.com domains might be usefull, given that most spam is oriented to an US audience ...
I don't get it (Score:5)
I've seen the fall of Usenet (information to noise ratio is now about 1-10 in most groups) and the raise of spamming...
Do i get spam on my e-mail account? - Nope.
How?
I have three e-mail accounts:
- One for my friends and my informal humor mailing lists and official stuff (note: subscriptions to banana-girls-with-big-breasts.com sort of sites does not count as official). I never put this address in any public forum (that includes
/.).
- The other one is at work. I only use it for work related stuff. When i change companies this one changes but my friends can always get me through the other one (for all the other ones, well - if you don't have my personal e-mail that means i don't want to hear from you again). I never publish this one in public forums.
- The last one is my public e-mail. I'll look at it maybe once a week. I'll use it publicly (although i still refrain myself from using it "as is" in Usenet - beter transform it so that humans can understand the real one but not e-mail address collection programs). Registration to any moderatly crappy site involves using this one. For extra crappy sites i just create a new one in Hotmail.
So, after all my gloating about my own cunningness, what's the conclusion:Number of spams per-month = zero
Number of spams per-month = zero
Number of spams per-month = about 10 to 20
Levels of privacy!!!
Set up e-mail accounts the same way as you set up your life: friends; work; everybody else
It works!
Spam baby! (Score:4)
Re:Non-profit or not non-profit? (Score:2)
Not-for-profits charge for access all the time. That's why, for example, you have to join, say, the New York Public Theater to receive full access to shows. Their motive isn't profit but it's positively insane to say they can't handle money, as if it makes them unclean.
This service is necessary (Score:2)
We need to put public addresses in web pages and give customer support.
You just can't rely on laws. Most of the spam I receive now comes from far east or south america. Maybe these countries will have a law some day, but there always be places where spam would be sent from.
Spam filters like MAPS or ORBS are very helpfull filtering unsolicited mail.
Re:Come back ORBS, all is fogiven (Score:2)
Good riddance.
How about enhancing SMTP? (Score:2)
This is neither an opt-in nor an opt-out situation. Instead, people get to choose wether they want opt-in (Answer: No SPAM) or opt-out (Answer: Yes, SPAM is ok).
Prices and Opinions (Score:3)
Larger or overseas sites will probably prefer transfer mode, in which you transfer a copy of the DNS zone to your local nameserver. The cost for this is US$1,250 per year per nameserver, plus US$50 per 1,000 users -- around half a cent per user each month.
Educational institutions, non-profits, and members of selected ISP trade associatons may (at our sole discretion) be eligible for discounts; please contact us with a proposal.
I can see charging ISP's on a per user basis for the query mode lookups. However, the charges per user for zone transfer makes no sense as the MAPS service bears no additional load or bandwidth charges from the extra users as the zones are stored on the ISP's name servers locally.
--
When I'm good I'm very good, when I'm bad I'm better, But when I'm evil you better run
Re:Did MAPS have an effect (Score:2)
So... yeah, it has an effect. No, it doesn't stop all the spam. But what's left is easier to deal with.
--
MAKE MONEY FAST!!!!! 8--)))) (Score:5)
Effective Midnight 7/31/2001, all non-subscription access to MAPS services will cease. Anyone wishing to transfer or query internet data must read the rest of this mail.
Send us and the following 6 people on the ACL list 1 DOLLAR. Then add your name to the ACL list and send it to everyone you know. you get rich in a few days day and receive no more spam at the same time!
Some testimony of users :
"i did not pay ...and so dies . You've just cut your own throats. The effectiveness of MAPS always depended on the number of users, which is going to be paid out now. If you do not pay MAPS and the world arroudn will die (John Oliver) ,
"MAPS want a big number of subscribers....aministrators will use MAPS ..." (Karl-Henry Martinsson)
"This is a GOOD thing." (Sam)
Margie "mail" Arbon. Abuse Prevention System, TM Manager, Market and MAKE MONEY FAST Development.
Confusing (Score:5)
OK, correct me if I am wrong, but the data in MAPS are built up from a lot of user-submissions reporting open relays and spammers etc.
So how come it is OK for MAPS to claim copyright and charge for access to community-submitted data, but NOT OK for CDDB to do exactly the same thing?
 --
Re:vigilantes (Score:2)
So does anyone have an M4 macro command for Sendmail configuration to do the in-addr.arpa verification? All I really care about is that there is a reverse DNS entry that can go into headers and logs, and not that it exactly matches the alleged hostname. (After all, some hosts have multiple names, and "mail." probably has another real hostname.) At least if the IP was from a dialup block, it would still mean the ISP was clueful enough that there would be a chance of them applying a LART when given the IP and an NTP-locked UTC timestamp.
(Sorry, I don't happen to have The Bat handy right now, or I'd try looking it up in there.)
Re:So how will I be able to find things (Score:2)
I can just see it now... (Score:4)
IBM had PL/1, with syntax worse than JOSS,
Friday 13th: Part1 (Score:2)
Last Month for Free Slashdot
Re: (Score:2)
Comment removed (Score:3)
Come back ORBS, all is fogiven (Score:4)
This doesn't make sense! (Score:3)
jamie, what's wrong with you?! Making people pay doesn't stop the spam! I get more snail mail spam than I do email spam on a daily basis. Charging for email and enacting a million rules to govern its use won't help either. At a certain point, it just makes it prohibitively expensive or litigous ridden for the common user, me, to actually use it 'cause there's too many rules to follow and fees to pay. Your thinking on this one is wrong.
On the corporate end of things (Score:2)
It's not just friends either. I've had people who are otherwise respectable businesspersons send me emails with literally 200 recipients (gee, thanks Outlook) and the subject line reading Fw:Fw:Fw:Fw:Fw:Fw:Fw:Fw:some joke or another. Do the math; logarithmic functions are downright SCARY. Unfortunately, we just can't block these addresses, as legit business does get transacted with these people.
I for one would gladly volunteer my time to give email ettiquitte training, even to complete strangers. I've had to go as far as to block close friends from being able to email me entirely; they don't seem to understand how to remove me from their (group/buddylist/whatever) on their own.
Oops the fire is out, let's find the next one... (Score:2)
If your Aunt Edna can't send e-mail because a spammer sent spam from her ISP's domain two months ago, MAPS doesn't care. MAPS has publicly stated that they don't care if they are "throwing the baby out with the bathwater." "Maximum collateral damage" is their goal. Well excuse me but I thought the Internet was supposed to be an open system. If you want a network with a bunch of roadblocks/dead ends, start your own Anti-SpamNet.
But no, I'm sure some sysadmins will pay good money for the MAPS list because they don't know what else to do. IP/domain filtering is NOT a practical way to get rid of spam. The spammers are smart enough to move around from one account to another.
The only way I can ever see the spam problem solved is if people stop worrying about a few messages and get on with their lives. Use the delete key. I got pissed over spam at first (like 5 years ago), but you know what, if spammers want to spam, they'll ALWAYS find a way. No system is 100% secure.
they have to pay the rent, but... (Score:2)
Re:They think they're so damn cute... (Score:2)
Or maybe System for the Prevention of Actual Mail?
An alternative to fighting SPAM (Score:2)
I just realized something. Only half of the junk in my Inbox comes from spammers. The other half of the junk comes from clueless friends and family who feel the need to constantly forward those "send this to 6 people ... and earn $$$" messages. Or other various hoaxes. Maybe we should educate them before we go after the spammers. I've got it. We can require a training class before anybody is allowed to use e-mail. Of course, it'll have to be free -- wouldn't want to discriminate based on income. Any volunteer teachers?
GreyPoopon
--
They think they're so damn cute... (Score:3)
Re:Did MAPS have an effect (Score:2)
The impact has been just enough to get MAPS sued a couple of times. Expensive lawsuits. This is probably a bigger problem than a lack of subscriptions.
The fact is that it's cheaper to buy a mail gateway filter now than to subscribe to MAPS.
Consider this the first step in the eventual closing. They're going to hang on as long as they can to finish out the subscriptions and contracts they have, in order to avoid litigation for breach of contract, and then most likely fold up and go away.
Re:Spammers are getting threatening... (Score:2)
Quote from UCE: "Under U.S. Law (Bill s.1618 Title III passed by the 105th U.S. Congress) you are prohibited from considering this mail Spam because we include contact information and a link for removal from our mailing list.
Hilarious. Bill s.1618 was never passed into law. Here [easynet.co.uk] is the first thing Google popped up with when searching for it. Make sure you mention this when writing to the spammer's ISP to get their account yanked.
Did MAPS have an effect (Score:4)
The other side of the coin in this message is that MAPS have costs as well, the maintenance of servers, databases and net bandwidth costs require money and staffing and that inevitable means costs. They have obviously now found it neccesary to continue and try and recoup them with the subscritption method.
I personally find it a usefull tool and will likely pay for access under the subscription plan but others wont, thats a choice thing.
After all they are a company and as such as they say they need to pay the bills.
Support them with subcriptions if you want to help combat spam or dont use the service - i think its a fair comment - not everything can be free as life costs money
Thats my 2 cents anyway
Passing the buck (Score:3)
I would be willing to pay $24.99 instead of $19.99 if the ISP could guarantee that I wouldn't get a bunch of crapflood spammers hammering my Inbox everyday.
On the other hand, I can see ISP's dropping MAPS altogether, since the average uninterested Joe Netizen generally shops for the cheapest monthly ISP rate instead of looking at QOS.
Last Month for Free MAPS - Not (Score:5)