Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Last Month for Free MAPS

jamie posted more than 13 years ago | from the stuff-to-pay-for-and-then-not-read dept.

The Internet 191

MAPS has posted that it will be requiring a subscription fee starting in August. The note hasn't shown up on its PR page yet, but the readers of news.admin.net-abuse.email and SPAM-L are already finding it very interesting. I've included a copy below, along with selected commentary from those two forums. Anyone know more?

Path: ...!newsfeed.stanford.edu!news.isc.org!not-for-mail
From: Margie <margie@mail-abuse.org>
Newsgroups: news.admin.net-abuse.email
Subject: MAPS Subscription Policy Changes
Date: Thu, 12 Jul 2001 16:45:11 -0700
Organization: Internet Software Consortium
Message-ID: <nidsktsnci3cat0blc31qtanprifmek97v@4ax.com>

Effective Midnight 7/31/2001, all non-subscription access to MAPS services will cease. Anyone wishing to transfer or query MAPS data must have a signed contract with MAPS, and have access enabled in our ACL. There are several reasons for this change:

1) The data in the MAPS files belongs to MAPS and is copyrighted. MAPS, RBL, RBL+, DUL and RSS are all service marks of MAPS. MAPS must have the ability to protect its assets from unauthorized use or disclosure by third parties.

2) As MAPS popularity grew, the demand on our resources grew. We have continually upgraded systems, software, and added servers where necessary. The end result is our systems and connectivity are sufficient enough that providers have no incentive to pay for zone transfer subscriptions. When MAPS began to offer paid subscriptions, we believed that allowing access based on the ability to pay would allow the largest percentage of the net to access the services, while permitting MAPS to sustain itself with subscriptions from the large users of the services. What we have found instead is that we are our own worst "competition".

3) The economic conditions in the industry have hit everyone, including MAPS. MAPS' purpose is to stop spam on the internet. That purpose can only be achieved as long as MAPS can maintain itself as a corporation. Like any corporation, that takes income. There is very little debate about the effectiveness of the MAPS lists. This effectiveness saves its users time, bandwidth and other resources as well as giving them an added value to their customers by reducing the amount of spam the customer sees in their inbox. MAPS can simply no longer afford to foot the bill for the bulk of the internet community.

It is not our intent to put the use of the MAPS lists out of reach of the individual or hobby site. We will still offer some reduced fee or free query contracts under limited circumstances.

As usual, please direct requests for contracts to subscription-request@mail-abuse.org, questions and comments to margie@mail-abuse.org and flames to dev/null. ;)

--
Margie Arbon Mail Abuse Prevention System, LLC
Manager, Market and Business Development
margie@mail-abuse.org http://mail-abuse.org

Here are excerpted reader comments from SPAM-L and nanae which I found interesting:

"...people can no longer pass the buck when it comes to effectively blocking unwanted crap; they will have to now assume the responsibility for handling their own E-mail. I actually think that this is going to be a good thing for the long term." (Sam Varshavchik)

"...and so dies MAPS. You've just cut your own throats. The effectiveness of MAPS always depended on the number of users, which is now going to be a fraction of a percentage of what it was before." (John Oliver)

"I was under the impression that MAPS want a big number of subscribers, in order to have some force behind them when they educate and negotiate with spammers. Isn't that the reason big spamhausen like UUNet were not blacklisted, since many subscribers would stop using MAPS's tools because of too much collateral damage? Now MAPS is reducing its customer base. But perhaps we can now get eBay, UUnet and Qwest blacklisted, since only a small number of administrators will use MAPS tools..." (Karl-Henry Martinsson)

"...if the RBL listees think the RBL is a bitch, let them see what happens when they get dropped into who knows how many individual filters that won't get reviewed for removals until Hell freezes over. I think there is some serious potential for us to ALL gain from this move." (Jim Higgins)

"Anyway, now that the MAPS RBL user base has been reduced by at least a factor of 10, the mainsleaze spambags are not going to even CARE about MAPS. ... So the mainsleaze spambags are going to let loose on the remaining 92-96%. ... The way I look at it, Joe Sixpack is now going to see more spam than he's ever seen before. I think that a lot of Joe Sixpacks are going to get seriously pissed, and a fair amount of them are going to explore ways to effectively spamproof their INBOXes. This is a GOOD thing." ("Sam")

My own prediction: in the long run, this has no big effect on spam either way. Two things will reduce the hassle of spam, more legislation, or supplanting SMTP with a non-broken mail protocol. Costs have to be attached to sending mail to strangers, either micropayments or risk of jail. As long as mail's dirt-cheap to send, spam will be vying for our attention, scurrying-around clean-up crews notwithstanding.

Until SMTP is replaced, the great spam fight is a bunch of Libertarians trying to solve the tragedy of the commons. A pay-per-view clique seems like a suboptimal solution to me.

cancel ×

191 comments

Sorry! There are no comments related to the filter you selected.

Re:What about a tiered system? (1)

Anonymous Coward | more than 13 years ago | (#87891)

It is fairly simple to implement through DNS.
  • Set up a primary DNS-server for the zones.
  • Let all the secondaries (these are not located the same place as the primary) xfer the zone.
  • Delegate the zone to the secondaries only.
You now have a hidden primary that will only be loaded by the secondaries.

Re:And this is what happens when competition dies. (1)

Anonymous Coward | more than 13 years ago | (#87892)

1) ORBS was a petty vengence thing run by Alan Brown. When you could get listed as an open relay BECAUSE you told Alan Brown to "document the open-ness of the relay via producing evidence of spam, or I will just block your tester", ORBS as a tool was broken.

2) Because of ORBS getting wacked, there are now 3 NEW ORBS-like services. In the world of Linux, isn't the argument that 'more distros are better' common? Given this *IS* /., therefore more OBRS is better-goodness

So how will I be able to find things (2)

Anonymous Coward | more than 13 years ago | (#87893)

if MAPS aren't free? I could be lost... and broke... and never find my way home.

What about a tiered system? (2)

Anonymous Coward | more than 13 years ago | (#87894)

So, if thousands of users hitting MAPS is an issue (as I can easily see that it would be), then why not stratify the lookup system somehow?

I'm basically thinking of something like ntp and it's stratum system. Only x users could talk directly to MAPS. y users could then talk to x, z to y and so on. Distribute the lookups without distributing the data.

That way you avoid both the complexities of a peer-to-peer/distributed data system, and the bandwidth issues of one centralized server.

Just a random thought.

MAPS Subscriptions (2)

Anonymous Coward | more than 13 years ago | (#87895)

Well, for those that didn't actually read the post on the web site: http://www.mail-abuse.org/subscription.html

You'd see this (at the bottom):

It is not our intent to put the use of the MAPS'SM lists out of reach of the individual or hobby site. We will still offer reduced fee and free query contracts to individuals, other not for profit sites, hobbyists, etc. Please include specifics about your site when requesting these contracts.
Read: It's their intention to charge big business/ISPs who hit them heavily and don't contribute a penny. Sounds fair to me.

Re:Alternatives to MAPS and ORBS (2)

Anonymous Coward | more than 13 years ago | (#87896)

I have a very different policy when dealing with spam:

If the spam involve a legitimate web site (like skillometer.com or marblejar.com), I reply to the various addresses of the advertised site (ie: abuse@, sales@, info@, marketing@, postmaster@). I point them that I will advertise their company as spam-friendly, and I do it (ie: please, avoid skillometer.com and marblejar.com). The idea is to make them waste at least a few minutes of human time. (If I get two mail from the same spammer in a short time, I send him my freebsd kernel file asking him advice about how I could debug it, but this is pretty rare)

If the spam involve a crappy geoshitty site, I mail to the provider to get the site closed. The idea is that I want to get the site closed as soon as possible, so the spammer can't get a lot of return. Generally, those sites include only meatspace contact information (like a phone number, or an address). When I am in a bad mood, I track the phone number to get the name/address of the guy, which I latter use when registering to shitty sites (this isn't smart, but at least is funny). The downside is that they will never know why the got real spam in their mailbox, but that's the best I can do as I don't live in america, where most spammers seems to reside.

Last thing, I tell people I work with about how to handle spam. Some of them have started fighting back.

If 10% of spam receviers did the same, spam would be much much lower. Blackholing is a very stupid solution, as it only hide the problem. And it block legitimate mails. I've seen my contributions to the Darwin FAQ bouncing back, because rob braun uses blackholing software. When you spend a couple of hours reveiwing and writing a tech document and you'll get bounced back with an automated '550 Don't accept mail from spammers' with no way to contact the guy, you understand that blackholing is _not_ the solution.

There is one kind of mail that I don't know how to deal with. It is fraudulent mail, like one I received from pa165.czestochowa.sdi.tpnet.pl which was an HTML of a fake yahoo login ("Sorry, We Cannot Process Your Request. Reason: Time expired, Please re-login", followed by a form for the login/password. Of course, those were sending data to a .pl domain address). I whish companies could spend time on this problem (ie: that yahoo would open a honeypot account and send the login info to that address, then track the guy login and get him arrested).

Cheers,

--fred

Re:I don't get it (4)

Anonymous Coward | more than 13 years ago | (#87898)

Hmmm... I used to do that; only friends knew my personal e-mail address.

It worked great until one of them wanted to send me an e-greetings card for my birthday and submitted my real e-mail address to a greetings card site known for collecting addresses to sell on.

Result ?

I now get about 4 to 5 spams a day in my personal account... go figure :(

IMPORTANT: Educating your friends about your e-mail address system is a must!

SMTP is NOT broken (2)

jmorris42 (1458) | more than 13 years ago | (#87901)

I am tired of hearing this drivel about SMTP being somehow 'broken'. Some implementations of the protocol ship with broken config files and some might have actual issues in their implementations, but the protocol is just fine.

And hell no, I don't want to pay postage to send email. And neither does anyone else using the Internet so forget that idea. Ain't happening. It is a more stupid idea than the wet dream every 'content provider' seems to have about getting micropayments for every pageview.

MAPS is dead because their service can't scale to handle the load without throwing massive money at the problem. Kinda like what is/will be happening with M$ Passport/.NET :)

What we need is a decentralized replacement without a central authority. Perhaps a 'web of trust' like PGP where any site can black hole another site on their OWN server, and others will pick up the ban automatically when enough servers they trust do so.

Alan Cox predicited this last year (5)

Tet (2721) | more than 13 years ago | (#87903)

When above.net were hassling ORBS last year, Alan Cox mentioned that it was looking suspiciously like Vixie was planning to take MAPS commercial. See the July 17th entry in his diary [linux.org.uk] .

Re:I don't get it (2)

Howie (4244) | more than 13 years ago | (#87905)

when AOL gave their costumers access to the Internet it was the beginning of the end

Yeah, what with their taste for frilly shirts and fur coats...
--
the telephone rings / problem between screen and chair / thoughts of homocide

Re:Alternatives to MAPS and ORBS (1)

ink (4325) | more than 13 years ago | (#87906)

Sendmail users can do this by placing this line in sendmail.mc (usually found in /etc/mail):

dnl FEATURE(`accept_unresolvable_domains')dnl

Then re-run m4 on it:

m4 /etc/mail/sendmail.mc > /etc/sendmail.cf

The wheel is turning but the hamster is dead.

don't most already? (1)

bill_mcgonigle (4333) | more than 13 years ago | (#87907)

I use 2 email providers - pobox.com and Earthlink. Both provide spam filtering.

MAPS did not block most spam (5)

Kiwi (5214) | more than 13 years ago | (#87910)

In my experience with setting up Spam filters, I have found that RBL-filtering email was very ineffective in blocking spam.

I have a fairly complicated spam filter set up for my clients, which works something like this:

BCC filter -> MAPS rbl filter -> regex filter

Until fairly recently, the BCC filter was the most effective filter for getting rid of spam. Lately, with the proliferation of DSL, spammers now have the bandwidth to send out one email per recipient, making the BCC filter less effective.

The RBL filter is very ineffective (and yes, it includes the DUL and other lists). Spammers know that a large number of sites use these filters, so they perform "hit and run" spamming, finding open mail relays to rape.

The regex filter is becoming the most effective spam filter.

Not to mention a software package I wrote [sourceforge.net] .

- Sam

We never know... (2)

simpleguy (5686) | more than 13 years ago | (#87911)

Of course you will not see the effect that MAPS and other anti-spam services.

How would you define darkness, if there were no such thing as light?

Similarly, we do not know what the email system will feel like, once these services disappear.
We then tend to believe that they did not have much influence.

Re:Prices and Opinions (2)

/dev/kev (9760) | more than 13 years ago | (#87912)

However, the charges per user for zone transfer makes no sense as the MAPS service bears no additional load or bandwidth charges from the extra users as the zones are stored on the ISP?s name servers locally.

As MAPS point out, they own the copyright on their information. This means that they're not charging for load you cause on their servers, but rather for the privilege of being able to use the information. You don't have to like it, but this is the way things work.

Re:We never know... (1)

stesch (12896) | more than 13 years ago | (#87915)

Of course you will not see the effect that MAPS and other anti-spam services.

But you can see the differences between the services.

After ORBS closed we switched to RBL and all the SPAM got through. RBL simply has no effect.

And there we have it... (5)

Erik Hensema (12898) | more than 13 years ago | (#87916)

We, the recipients of spam, now actually have to pay to NOT receive spam.

Thank you very much spammers, and die.

Re:Confusing (1)

ethereal (13958) | more than 13 years ago | (#87917)

My thoughts exactly - sounds like it's time for OpenMAPS.org or something like that. It's nice that MAPS is still going to allow cheap access for end-users that aren't ISPs or large organizations, but in the end they're still doing the same copyright land grab that CDDB/Gracenote are so famous for. Apparently it's the coming thing in user-submitted databases: once you reach critical mass, do something to tick everybody off, and see how fast you can race back down to zero users!

Re:Did MAPS have an effect (2)

sethg (15187) | more than 13 years ago | (#87919)

When I added a MAPS filter to my mail configuration, the amount of spam I got seemed to drop by about two-thirds.
--

Re:SMTP "Broken".... (4)

Royster (16042) | more than 13 years ago | (#87923)

You could then have a policy on your MTA of:
1) if sender is an authenticated user of this MTA, accept mail
2) if sending MTA is the MX for the FROM address, and if the sending MTA has a key in the domain, accept.
3) If the sending MTA is the MX, but has no key, accept but tag as possible spam.
4) If the sending MTA isn't the MX, reject with a redirect to a webmail bypass URL.

OK, pick it apart guys. Maybe we all can hash together an RFC?


How stupid. I recieve mail @myisp.com and that's my From: address but I send mail using IP services provided by a number of ISPs depending on where I am when I'm sending. When I'm attached to airbridge.net, I use their SMTP servers. When I'm attached to oponline.com, I use their SMTP servers. I *don't* use myisp.com's servers (unless I've telnnetted into my shell account) becuase I'm not using their IP servces. My mail is legit, but my From: address does not match the SMTP server I'm using.

And this is what happens when competition dies. (2)

arcade (16638) | more than 13 years ago | (#87924)

Hmf, I read SPAML, but I've got a bit of backlog and haven't seen this. I think I need to catch up. In any case - this seems to be the end of the road for MAPS then.

I won't pay a penny for MAPS. For that, the process of getting domains blacklisted is not good enough. For servers to get listed in the RSS - spam already has to be relayed through an open relay.

This would not have happened had ORBS still existed. ORBS was a creat tool for detecting spam - as you had lists of ALL open relays there.

Now, I wonder what I'm going to do. Using MAPS' payment service is out of the question. Well .. maybe one of those ORBS-clones that are coming up may provide the correct solution.

Harumpfh.


--

Re:Passing the buck (2)

Skapare (16644) | more than 13 years ago | (#87925)

If an ISP has a business as a customer, and that business hosts their own mail server, which because it's probably something insecure and inadequately administered (*cough* *cough* *exchange* *cough*), the ISP front ends all of the mail going in, then the ISP will be where the MAPS rejection will have to take place, but that server will have no idea if the next hop has 10, or 10 million, users. And this is very possible because user names can be ubiquitous to mail servers; they can be configured to accept everything that comes in and store it under the name actually addressed, or various other options. MAPS' pricing structure based on user count probably works for most, but there are cases where it falls on its face. Vixie should be smarter than that, but I suspect it is other individuals involved in their inflexible way of doing business.

Re:Prices and Opinions (2)

Skapare (16644) | more than 13 years ago | (#87926)

The number of users might well be entirely unknown and out of the control of the ISP. A business customer may wish to not divulge this to the ISP for various reasons. Or they may even have their mail server configured without specific users. The user count pricing might work for most, but there are places where it fails. It is fundamentally a bad idea to price it that way. But that is just MHO.

Re:vigilantes (2)

Skapare (16644) | more than 13 years ago | (#87927)

If the ISP is spam friendly ... and there are some out there that fall into that category ... then move on to a new ISP. When calling up ISPs, ask them what they actually do to prevent spam coming from their entire network. If their answer is not satisfactory, say so, and move on. Unless you live in the back country, you now have a choice, at least in US and EU.

MAPS has worked for me. I've had zero cases of legit (wanted) mail blocked by MAPS (doesn't mean it can't happen somewhere, but it sure doesn't seem to be all that big of a problem). I also use blocking by in-addr.arpa verification. No in-addr.arpa results then no acceptance of mail. This has been nearly as effective as MAPs (admins that don't get in-addr.arpa right tend to also be admins that don't get the servers closed to relaying). I've had 3 cases of this blocking legit mail. In 1 case the ISP fixed the problem. In another case they are now working on it after I phoned them yesterday. The 3rd case is so far unreachable, which indicates to me how much they really care.

Building a new anti-spam database. (2)

Skapare (16644) | more than 13 years ago | (#87928)

Are you the admin of a server than has been using MAPS? If so, your server logs may have a list of many known open relays (but also many that have been subsequently closed). It's a start. You can build your own DNS zone like MAPS did to block at least these.

Now if people were to get together and merge their lists and share them, it could be the start of a brand new database.

More anti-SPAM legislation? (2)

Skapare (16644) | more than 13 years ago | (#87929)

Two things will reduce the hassle of spam, more legislation, or supplanting SMTP with a non-broken mail protocol.

I don't think I can trust lawmakers to get it right. Slashdot has so many stories of past cases where lawmakers do goofy things that trample on rights not even related to what they were trying (or said they were trying) to do. I fear the risk of squelching the right to anonymous speech, especially anonymous mail, as a result of new laws. Even the anti-SPAM efforts outside of government has some risk of that. While I'm sure we might be able to come up with some well focused law to reduce spam, it won't be all that effective unless it is totally universal, and highly enforced. Those are things that generally don't get done by governments unless it can result in good press for politicians, and that's not likely to ever be in this case. Can you really trust the government THAT MUCH?

A replacement for SMTP, even if the protocol were final today, would probably not be deployed for 10 or even 20 years. SMTP would have to get cut off to force people to upgrade servers to something compliant with "SMTP2". The migration path would end up resulting in lots of "lost legitimate mail", at least for those cutting access from the original SMTP protocol. But if no one does that, then why would others have any incentive to upgrade?

Correction to Postfix config (2)

Skapare (16644) | more than 13 years ago | (#87930)

The items on smtpd_client_restrictions need to be separated on different lines or by commas. My cut and paste didn't work to get it formatted right and I forgot to change it to comma separated.

Re:Did MAPS have an effect (2)

Skapare (16644) | more than 13 years ago | (#87931)

I would put at least as much blame for this on BellSouth, if not more. Sure, Netcom was clueless, but it shouldn't have been their action to do any more than inform you that it was a DUL issue. Someone at BellSouth should be fired (because in this job market, they can be very easily replaced).

Re:Last Month for Free MAPS - Not (3)

Skapare (16644) | more than 13 years ago | (#87938)

Incidently, the cost for most ISPs would equate to about $0.05 per user per year.

According to http://mail-abuse.org/rbl+/ [mail-abuse.org] :

In query mode, the cost is US$1,500 per year for sites with up to 1,000 users; each additional 500 users will be priced at US$750 per year.

That works out to not less than US$1.50 per user per year.

Part of the problem is that it is based on number of users. ISPs which are doing mail forwarding to end customer systems (generally businesses on DSL or T1 links, and often with some tight firewalls and tunnels) have no user base in the forwarding mail server. They simply cannot work from this kind of pricing structure since their service is volume and domain based, not user based.

Re:Did MAPS have an effect (3)

Skapare (16644) | more than 13 years ago | (#87939)

Tell me what ISP you are using. I want it to be the first entry in a new service called isps-that-hire-clueless-techs-we-do-not-want-mail- from.org. Maybe we can start getting rid of bad ISPs this way.

:-)

Re:Alternatives to MAPS and ORBS (3)

Skapare (16644) | more than 13 years ago | (#87940)

I'd like to do a lot of the things you do. But I also have to balance what I do with how much time I have to deal with it. And it is not much. I'm trying to shift the cost back to those responsible (including those that make it harder for me to identify who is responsible ... open relays fall into this category). Of course I want to prevent the lost of legitimate mail. But the loss of some of it is part of the cost. It's all a balancing act, and what I do today may not be what I do tomorrow. And maybe this whole /. thread will bring some new ideas to mind.

Getting more people involved in doing something besides wearing out the "d" key on their keyboards is certainly a great idea. I just don't agree with you regarding the blackholing ... as long as the benefits outweigh the costs, which so far is the case for me.

A huge amount of mail is fraudulent and spam at the same time. Often times it is hard to track down who sent it. In one case I've gotten spam where the sender used a huge string of dots as the in-addr.arpa name (so he must have used a dedicated address with in-addr.arpa delegation) which caused the open relays to overflow the Recieved: header and not reveal the previous hop. In those cases the only recourse I have is to block the open relay.

Open relays are primarily the result of "inadequate administration" (my diplomatic term for what is usually incompetency somewhere). I don't want mail from there, plain and simple. They are not part of "my network" anymore. If they repent, I'll unblock them. If they do it again then the next time it's 30 days after they repent, and so on.

But what I choose to do is based on keeping my own costs (time) low. That's what it's all about. If it weren't, then I'd just sit there and read all the spam.

Re:SMTP "Broken".... (3)

Skapare (16644) | more than 13 years ago | (#87941)

This is one of those fundamental problems. Unfortunately, for large scale servers, this is a genuine performance win to separate things like this. Still, if there was a way to list them then this could help.

I suggest listing the outbound mail servers in the MX entries at higher numbers anyway. They won't be used as long as the lower numbered servers are working. And if the server isn't even set up to work as a fall back when all the inbound servers go down at the same time, it can just give out connection refused during those troubling times, or black hole the SYN packets. But at least this way there is something there in the MX entries to validate the outbound servers.

Alternatives to MAPS and ORBS (5)

Skapare (16644) | more than 13 years ago | (#87942)

Here are some up and coming alternatives:

I also have my mail server configured to reject mail from other mail servers that do not have their IP addresses correctly configured and/or delegated in the in-addr.arpa reversed DNS zone. Amazingly, this has cut out almost as much spam as MAPS has. For Postfix users, this can be done with:

smtpd_client_restrictions = permit_mynetworks reject_unknown_client permit
While this does end up rejecting a few "legitimate" servers, the number is very small. I suspect that for the most part this works because open relays tend to be the result of "inadequate administration" which can also be the cause of the lack of reverse DNS. If they can't get one of them right, they probably can't get the other right.

Re:Spam baby! (1)

argent (18001) | more than 13 years ago | (#87945)

I haven't heard any rumor like that about MAPS, and I think you're being pretty damn uncool for even suggesting it, baby.

Re:I don't get it (1)

eddy (18759) | more than 13 years ago | (#87947)

And when you shut your eyes, does the world sieze to exist?

My spambox gets everything from 0 to 20 spammails a day

Opt-in mail (2)

Znork (31774) | more than 13 years ago | (#87953)

I've already moved to opt-in mail. You want to get into my mailbox? Well, since I dont feel a real need of having you there, its up to *you* to figure out how to contact me in some other way to get me to add your mail address to acccepted senders (oh, and I screen calls, and dont answer the door without prior notice).

My free time is valuable to me, and I appreciate a mailbox where each and every mail is a mail Im actually interested in recieving.

Re:Prices and Opinions (2)

mpe (36238) | more than 13 years ago | (#87956)

I can see charging ISP?s on a per user basis for the query mode lookups. However, the charges per user for zone transfer makes no sense as the MAPS service bears no additional load or bandwidth charges from the extra users as the zones are stored on the ISP?s name servers locally.

It's the same "logic" as client access licencing...

Re:SMTP "Broken".... (2)

gorilla (36491) | more than 13 years ago | (#87957)

You cannot guarantee that the domain has it's outgoing SMTP service and it's incoming service on the same set of machines. Many large sites have dedicated outgoing and dedicated incoming servers. This allows you to tune each system to perform as best as possible for it's assigned task (incoming or outgoing) instead of having to compromise.

Re:SMTP "Broken".... (2)

gorilla (36491) | more than 13 years ago | (#87958)

But MX records are not meant to list outgoing mailservers, they are for incoming ones. You cannot start limiting connections based upon a misuse of the records.

Re:Spammers are getting threatening... (1)

thogard (43403) | more than 13 years ago | (#87962)

I'm so close to simply rejecting anything that has 1618 and the word Senate or Bill in the same line. I have patches for sendmail with regex matching in the body but I don't want to reject the email, I just want to hang the connection forever and my patches don't do that. the patches are here [abnormal.com] but please seend feedback.

Part of the real problem is spamers computers are told to go away nicly and not delt with properly. Most spaming programs are multi-threaded but if 1 out of 100 boxes they touched just held the connections open, it would quickly bog down their efforts.

Re:SMTP "Broken".... (2)

Dwonis (52652) | more than 13 years ago | (#87963)

Actually, it's probably the best option, under the circumstances. I would suggest trying to get it into the SMTP standard, however, so everyone can know about it.
------

Re:SMTP "Broken".... (2)

Dwonis (52652) | more than 13 years ago | (#87964)

Ugh! Somebody slap me for my awful punctuation.

Also, maybe that should also be the DNS standard, since it specifies what MX records are for.
------

Spammers are getting threatening... (3)

Velox_SwiftFox (57902) | more than 13 years ago | (#87965)

Quote from UCE: "Under U.S. Law (Bill s.1618 Title III passed by the 105th U.S. Congress) you are prohibited from considering this mail Spam because we include contact information and a link for removal from our mailing list.

Apparently some spammers feel filters that exclude them are now illegal. I suppose next the subject lines will start exclaiming "You are required by law to read this!"

Re:Did MAPS have an effect (1)

naChoZ (61273) | more than 13 years ago | (#87966)

MAPS definitely has an affect for me. Just on my office mailserver (~150 accts) I did postfix log report and a little math. In one week, of 45,000 messages received and 70,000 delivered, there were almost 4300 rejected. When I broke it down, there a little over 1000 rejected by my maps_rbl_domains servers I've added. A few were rejected by my regexp file and the remaining were domains not found and that sort of thing.

vigilantes (2)

drteknikal (67280) | more than 13 years ago | (#87971)

Having been periodically (and erroneously) blacklisted, it's fine by me if they all die. Fix the problem, and stop bitching about open relays.

My server isn't an open relay, but enough detection methods out there are useless enough to think it is. I'm still fighting Earthlink to unblock us.

BTW, this is NOT something legislation will fix. This is something that will be fixed by a) a decent replacement for SMTP that's universally accepted, and b) competent administration.

My site's just fine. We don't route spam. Leave me the hell alone.

SMTP "Broken".... (4)

wowbagger (69688) | more than 13 years ago | (#87973)

I've thought of a very simple change to how MTA's work that I believe would correct much of the problem with spam, without requiring any change in how SMTP works.

Assume you are sending a message to me (me@example.com). Your ISP's MTA contacts example.com's MTA and begins to send the message. Once example.com's MTA knows where the message purports to be from, it looks up the MTAs for that domain, and verifies that the connection is actually coming from one of the MTAs listed. If not, bu-bye!

Now, this doesn't address open relays. I don't claim that it does. Open relays are best addressed with education of the alleged sysadmin (perferably with a Board of Education, +5 LART). What it does address is the growing number of spammers using broadband connections to directly spam users.

In effect, this is doing much the same thing as the MAPS DUL, with the following exceptions:
1) It's "opt in" rather than "opt out": a mail sender must take positive action to be able to send mail, rather than their ISP taking action to prevent them.
2) Even if you are on a dynamic IP connection, you can still set yourself up with a domain, and use a dynamic DNS provider to link back to your server. (Whoever, IMHO if you are on dynamic DNS, you really should be going through your ISP's MTA, but....)
3) It allows you to have some idea of who is sending you a message.

Now, I agree that many spammers will just register domains and spam away, but it costs more effort to register a domain than it does to simply get a connection, the domain registrar has some record of who owns the domain, and the "JethroBillyBobTrailerTrash" spammers won't be able to handle setting this up.

You could even extend this to having a public key stored in a text record of the domain, and require that all mail received by an MTA be coded against a valid key. Back to my example: your MTA would retrieve the key for example.com, and code the message against that key and your key. That way, example.com knows that you are the sender of the message. This also has the happy side effect of making it a lot harder to eavesdrop on the message.

You could then have a policy on your MTA of:
1) if sender is an authenticated user of this MTA, accept mail
2) if sending MTA is the MX for the FROM address, and if the sending MTA has a key in the domain, accept.
3) If the sending MTA is the MX, but has no key, accept but tag as possible spam.
4) If the sending MTA isn't the MX, reject with a redirect to a webmail bypass URL.

OK, pick it apart guys. Maybe we all can hash together an RFC?

Re:I don't get it (2)

TV-SET (84200) | more than 13 years ago | (#87976)

From what you said, it looks like you:

- Don't have much friends, don't do much development, don't participate in mailing lists.
- Change your employers pretty often.
- Don't have any real means for people from outside of your world to contact you.
- Abuse Hotmail, completely screwing their statistics about the millions of users they've got ;)

Of course, your approach may work for someone, but it certainly is not an ultimate solution for everyone. There are people who need to be available (ESR? :)

I support the idea of having different purpose e-mail addresses. Additionally, I want to remind everyone about the nice things like exim filters, procmail and perl.

Happy filtering :)

Re:We never know... (1)

Rogain (91755) | more than 13 years ago | (#87979)

It did nothing to reduce the volume of spam SENT, nobody is quaking in their boots because of MAPS. For its users a huge amount of spam went unread, but it changed nothing in the real world.

Coincidence? (4)

cperciva (102828) | more than 13 years ago | (#87985)

Is it entirely coincidental that MAPS is starting to charge a subscription fee almost immediately after ORBS was shut down? It seems interesting that as soon as they have no competition they start charging a subscription fee.

Thanks, but no thanks. I'd prefer not to pay for the priviledge of having email erroneously blocked.

Re:More Legislation? (2)

jgerman (106518) | more than 13 years ago | (#87987)

I've said this over and over. I tend to get modded down pretty regularly for it. But I agree with you completely. Legislation is not the answer. Like you said it's a boot in the door.

I for one would not pay for something like that, I'm not even sure that MAPS has a legitimate claim to the data either. Isn't the information that they broker submitting free of charge by users?

Perhaps a freenet application would be a viable solution? Instead of having some servers at a hosting facility somewhere all users who wished to use it could share the hosting duties.

Fraction of a percentage (2)

Richy_T (111409) | more than 13 years ago | (#87988)

So a percentage then. Or indeed a fraction.

Example: 1/2 of 50% = 25% (or 1/4)

Rich

Screw Your Competition Then Charge Money (5)

cluge (114877) | more than 13 years ago | (#87990)

Does this sound like Microsoft or what? Lets compare shall we?

MS tries to buy you or puts you out of business by stealing your product/idea and then incorperating it into Windows for "Free"

MAPS and the network that it runs routinely and IMHO illegally injected false routes into the global routing table so that ORBS was unavailable so ONLY their "free" service is accessable. See MAPS vs ORBS [slashdot.org]

MS: is now going with a subscription fee for it's software. All that "free stuff" it added to your OS which may or may not work properly now has to be paid for monthly!

MAPS: With the competition driven into the ground, you suddenly have to PAY for MAPS. (You mean they couldn't mirror those zone files on several servers across many networks that would be willing to do so for free??)

Sad, we see here dishonesty, trickery and stupidity win over the better product, and/or the better idea.
"Science is about ego as much as it is about discovery and truth"

Re:SMTP is NOT broken (4)

sigwinch (115375) | more than 13 years ago | (#87991)

First you say "I am tired of hearing this drivel about SMTP being somehow 'broken'".

Then you say "What we need is a decentralized replacement without a central authority. Perhaps a 'web of trust' like PGP where any site can black hole another site on their OWN server, and others will pick up the ban automatically when enough servers they trust do so".

When people say SMTP is broken, the lack of trust management is what they're referring to. The inherent brokenness of SMTP is that it delivers just about anything that shows up on port 25. I agree with you that a distributed trust mechanism is needed.

Unfortunately making it work would take major design of new protocols and massive deployment of new mail servers. It would also take new email clients that people could use to report spam to their mail server. Large mail servers would need massive CPU power to do the necessary public key cryptography.

Re:vigilantes (2)

lpp (115405) | more than 13 years ago | (#87992)

And I quote:
It -REQUIRES- the ninocent be blocked, because they're the ones that will get the ISP to change it's poiculy, and ot boot their spammers.

*sigh* Okay, I guess that since I live around the corner from a couple of crack houses that I should be arrested, or at least harassed, by the police so that I may take some vigilante action (or perhaps just petition the city council to raze the nearby offending buildings). Hurting the innocent along with the guilty is a non-option. Or rather, a bad one, since we appear to be doing it these days. And keep in mind that these days it is getting easier and easier for Joe Sixpack to actually buy his own domain and set up his family webpage. How the heck is he going to know about MAPS or why Grandma can't seem to get to the family webpage.

And one more thing:
you assholes who haven't been around for near as long as those of us in the fight are telling us we're wrong

Yes, we are. Don't think that just because you have been in the thick of things that you automatically have some great moral authority to dictate right and wrong. If you get into a squabble with a relative, things escalate, and then you lose your head and start reaching for a gun, don't tell me I have no right tell you that you are wrong when I pull out the water hose to cool things down.

_lpp
---------------------------------------

or use a password filter (2)

pallex (126468) | more than 13 years ago | (#87999)

Just 2 accounts - a spammy `post to usenet/slashdot/etc` one, which will get caned with badly spelt pyramid schemes etc, and another which you get your friends to set you up using something like

"password "

you set up a filter saying "if subject doesnt contain password then send to trash folder"

and thats pretty much it - zero spam.

Re:or use a password filter (2)

pallex (126468) | more than 13 years ago | (#88000)

"Plain old text", eh? plain old text and no angled brackets, you mean?

that should have said
" password open-angle-brackets username @ whatever.com close-angle-brackets"

Re:vigilantes (5)

pjrc (134994) | more than 13 years ago | (#88003)

This is bull. If you got listed your a spammer or an open relay.

There have been numerous well known cases where MAPS created an entire netblock against "spam friendly" ISPs, in an attempt to put pressure on that ISP to change its policy and stop selling bandwidth or other services to spammers. This tactic has the effect of blocking all of that ISPs customers, spammers and legitimate businesses and users alike. Not long ago, slashdot ran a story about peacefire.org and others getting blocked by MAPS [slashdot.org] .

Your belief that everything listed by MAPS must be spammers is clearly false if examples can be shown where non-spammers have been blocked, and I believe that link above is just such an example.

Even without a hard example, it's a well known fact that MAPS uses large netblocks against entire ISPs who they consider "spam friendly", without any regard for the other innocent bystanders who just happen to be other (unsuspecting) customers of that ISP.

These services would not be worth squat if they did not work as advertised.

It is debatable how effective MAPS is. In this C/net article [cnet.com] MAPS blocked very few spams and also blocked many non-spam messages. MAPS was the only spam blocking service among the ones tested that blocked non-spam messages. That C/net ran a test and found MAPS to block a significant number of non-spam messages further shows how naive it is to blindly trust MAPS.

I suspect that time will shortly prove that MAPS is in fact "not worth squat". Such questionable effectiveness coupled together with blocking legitimate emails isn't great from a free service, but when you're paying your expectations change.

I don't get it (5)

Aceticon (140883) | more than 13 years ago | (#88005)

I've been around the Net for some time now, and i've seen it go from purely academic to (almost) purely commercial (yep, when AOL gave their costumers access to the Internet it was the beginning of the end).

I've seen the fall of Usenet (information to noise ratio is now about 1-10 in most groups) and the raise of spamming...

Do i get spam on my e-mail account? - Nope.

How?

I have three e-mail accounts:

  • One for my friends and my informal humor mailing lists and official stuff (note: subscriptions to banana-girls-with-big-breasts.com sort of sites does not count as official). I never put this address in any public forum (that includes /.).
    Number of spams per-month = zero
  • The other one is at work. I only use it for work related stuff. When i change companies this one changes but my friends can always get me through the other one (for all the other ones, well - if you don't have my personal e-mail that means i don't want to hear from you again). I never publish this one in public forums.
    Number of spams per-month = zero
  • The last one is my public e-mail. I'll look at it maybe once a week. I'll use it publicly (although i still refrain myself from using it "as is" in Usenet - beter transform it so that humans can understand the real one but not e-mail address collection programs). Registration to any moderatly crappy site involves using this one. For extra crappy sites i just create a new one in Hotmail.
    Number of spams per-month = about 10 to 20
So, after all my gloating about my own cunningness, what's the conclusion:

Levels of privacy!!!
Set up e-mail accounts the same way as you set up your life: friends; work; everybody else

It works!

Re:vigilantes (1)

www.sorehands.com (142825) | more than 13 years ago | (#88007)

Actually there is a way to eliminate spammers:

Public whipping!

Re:Coincidence? (1)

Traxton1 (154182) | more than 13 years ago | (#88008)

It's called a monopoly. Ask Billy about em, he should know by now.

Spam baby! (4)

Traxton1 (154182) | more than 13 years ago | (#88010)

It's been rumored that if you don't continue to pay your subscription fee MAPS will put your site on the list. And send you emails until you do!

This service is necessary (2)

frankie_guasch (164676) | more than 13 years ago | (#88013)

Maybe some people can manage to filter spam having some private mail addresses and some public ones. But spam filter is necessary many public mail adresses are needed to contact customers.
We need to put public addresses in web pages and give customer support.
You just can't rely on laws. Most of the spam I receive now comes from far east or south america. Maybe these countries will have a law some day, but there always be places where spam would be sent from.
Spam filters like MAPS or ORBS are very helpfull filtering unsolicited mail.

Re:An alternative to fighting SPAM (1)

heytal (173090) | more than 13 years ago | (#88015)

Please forward the above post to all the people who you know, and are new to e-mail. Even if they are not new to e-mail, please forward the posting to them, and request them to forward it to others.

Re:How about enhancing SMTP? (1)

YKnot (181580) | more than 13 years ago | (#88018)

I admit that using the word SPAM in a protocol (despite writing it in all caps) isn't that good an idea. But "Unsolicited Commercial Email" is too specific. How about implementing both "UBE_OK?" and "UCE_OK?", so you can avoid "Make money fast" and "Take a look at our latest product" but still be informed about non-commercial issues or keep that out, too?

Re:How about enhancing SMTP? (1)

YKnot (181580) | more than 13 years ago | (#88019)

I got that all caps thing all wrong:
http://www.spam.com/ci/ci_in.htm [spam.com]
UCE and UBE are more precise anyway.

How about enhancing SMTP? (2)

YKnot (181580) | more than 13 years ago | (#88020)

I'd like to propose an enhancement to the SMTP protocol: The MTA which receives the mail on behalf of the user should answer to the question "SPAM_OK" with either "Yes, TTL=x" or "No, TTL=x". Not following the answer should be made illegal (high fines or "downtime" attached). Every sender should be required to explain why he thinks his mail is not SPAM - failure to do so or unability to prove an existing business relationship, see above...
This is neither an opt-in nor an opt-out situation. Instead, people get to choose wether they want opt-in (Answer: No SPAM) or opt-out (Answer: Yes, SPAM is ok).

Prices and Opinions (3)

bl968 (190792) | more than 13 years ago | (#88022)

From the maps website i found the following interesting information. How much does it cost? In query mode, the cost is US$1,500 per year for sites with up to 1,000 users; each additional 500 users will be priced at US$750 per year.

Larger or overseas sites will probably prefer transfer mode, in which you transfer a copy of the DNS zone to your local nameserver. The cost for this is US$1,250 per year per nameserver, plus US$50 per 1,000 users -- around half a cent per user each month.

Educational institutions, non-profits, and members of selected ISP trade associatons may (at our sole discretion) be eligible for discounts; please contact us with a proposal.


I can see charging ISP's on a per user basis for the query mode lookups. However, the charges per user for zone transfer makes no sense as the MAPS service bears no additional load or bandwidth charges from the extra users as the zones are stored on the ISP's name servers locally.


--
When I'm good I'm very good, when I'm bad I'm better, But when I'm evil you better run :P

Defeating SPAM (1)

sneakcjj (191664) | more than 13 years ago | (#88023)

A friend of mine told me about this, so I can't take full credit.

If you have your own domain (which for $30 or so should be reasonable for most), setup a mail server for yourself and have all non-registered (i.e. not a real user) accounts point to one real account.

Now, say you want to order tickets from Ticket Master. When they ask for an email address put in ticketmaster@mydomain.com. If they sell your email address and you get some spam, you will know exactly who sold your address. I've done this for ebay, amazon, Barnes&Nobles, Ticket Master and my credit union just to name a few.

It's been an interesting experiment. My credit union has ethics and follows their privacy policy so I haven't received any spam (yet). Barnes and Noble hasn't been spammed yet either. However Ticket Master, EBay and Amazon have resulted in spam. It's pretty neat to see who exactly sells your email address or allows people to scan pages for addresses.

MAKE MONEY FAST!!!!! 8--)))) (5)

leuk_he (194174) | more than 13 years ago | (#88025)

From: Margie "margie@mail-abuse.org"

Effective Midnight 7/31/2001, all non-subscription access to MAPS services will cease. Anyone wishing to transfer or query internet data must read the rest of this mail.

Send us and the following 6 people on the ACL list 1 DOLLAR. Then add your name to the ACL list and send it to everyone you know. you get rich in a few days day and receive no more spam at the same time!

Some testimony of users :

"i did not pay ...and so dies . You've just cut your own throats. The effectiveness of MAPS always depended on the number of users, which is going to be paid out now. If you do not pay MAPS and the world arroudn will die (John Oliver) ,

"MAPS want a big number of subscribers....aministrators will use MAPS ..." (Karl-Henry Martinsson)

"This is a GOOD thing." (Sam)

Margie "mail" Arbon. Abuse Prevention System, TM Manager, Market and MAKE MONEY FAST Development.

Non-profit or not non-profit? (1)

ksp (203038) | more than 13 years ago | (#88026)

Maybe it is some form of American legal trick? Their web page says:
Welcome to the Mail Abuse Prevention System LLC (MAPSSM). We are a not-for-profit California organization whose mission is to defend the Internet's e-mail system from abuse by spammers.

Then the announcement says:
MAPS' purpose is to stop spam on the internet. That purpose can only be achieved as long as MAPS can maintain itself as a corporation. Like any corporation, that takes income.

Now, are they non-profit or do they charge you money since they are a company??

Re:Defeating SPAM (1)

ColdGrits (204506) | more than 13 years ago | (#88027)

That's an old old idea - I've been doing it for about 3 years now.

Any good ISP will let you have infinite email addresses (anythingyoulike@domain_name.isp.tld) so it's easy to do it for free.

I've had spam to addresses given to eBay, Barnes&Noble, Slashdot (even though the address is never published...), several online greetings card places etc. Interestingly, none from my bank, creditcards, gamelink nor Amazon.

Does make it easy to bin loads of spam, as you stop dealing with particular companies so you just direct email to the appropriate address to /dev/null - sorted :-)

Confusing (5)

ColdGrits (204506) | more than 13 years ago | (#88030)

"The data in the MAPS files belongs to MAPS and is copyrighted. ".

OK, correct me if I am wrong, but the data in MAPS are built up from a lot of user-submissions reporting open relays and spammers etc.

So how come it is OK for MAPS to claim copyright and charge for access to community-submitted data, but NOT OK for CDDB to do exactly the same thing?

&nbsp--

Re:So how will I be able to find things (2)

nsushkin (222407) | more than 13 years ago | (#88033)

MAPS are free if you join AAA.

There is only one solution. (1)

3-State Bit (225583) | more than 13 years ago | (#88034)

Regex? Filters jokes your friends send you.
Filter bad companies? Lose info you might ever want from them.
Filter things that match a spamming template AND are from a company that (intentionally or not) generates a lot of spam? Lose greeting cards [mail-abuse.org] your friends send you.

No, my friends, there is one and only one solution.
Own your domain. Make a mail account for each time you give out an email address, and forward that mail account to your secret in-box. You might be tempted to make a "family" account that you give out to family -- resist it! When your "family" account somehow gets spammed, who's responsible? You can't just delete the account! But if you only give out each account name to ONE person, then the moment spam hits your account, you look at the logs, and see what in-box it came from: bam, you know who gave out that e-mail address. Want to receive something from amazon.com, to see how you order's going, but not any spam? Make an amazon-com account, and filter anything not coming into it that's from amazon.com. This way, you don't need to READ privacy statements. If a company sells your email address, you let them know that you know, and you cancel whatever accounts you had with them.

You don't NEED to do any filtering when each account is associated with one and only one person/company. If you get spam in an account, look back at your description of when you generated it, and unsubscribe through the web site. After that, you can just nix the account and bounce all email, losing NO valuable email -- only ones that a particular company sent you after you asked to be removed from its list.

Need to sign up for something when you're away from your computer, or give out an email address? No problem: you're carrying around a business card-size list of 7 "spares", which you cross out when you've given them out and put a description in the blank line to the right of them. If you're John Doe, and a strange company asks for your email at the mall in order to receive information about a cellular plan they're offering, you just take out your business card, read that the next account is JohnDoe23235228@johndoe.com, and give it to them. Naturally, there is no straight johndoe@johndoe.com account name. And, just as naturally, since these numbers are random, no one can just "guess" an account and start spamming it. Not unless they "guess" several million, and guess how many ISPs let that slip by?

You know your duty: do it duly. You'll never complain of SPAM again, or spend a minute adding another regex filter, praying you won't filter anything important or something for which you asked.

If you want to be really full-on about it, you can even post email addresses in a "dynamic" way -- my slashdot email is "redirector at jdoe dot com", and the redirector replies to all emails with:
IMPORTANT: Your email, of which a copy is attached, has NOT been delivered. In order to ensure that emails to this account are not unsolicited/spam, you must first reply to this email, in the format: "Robert Wayne, a friend of your sister Nichole's" (In other words, characters that specify your name, a comma, characters that specify a description of you.)
You will then immediately be mailed back the actual email account, to which you should address any future email. If you want it to be delivered, you must also resend the email that generated this autoreply, which you will find attached.
To avoid having to go through this process in the future, use the account name you will receive in your reply to this email.

Spamming companies very rarely reply, or even get YOUR replies.

Make sense? Good. Get to it.




I can just see it now... (4)

TWX_the_Linux_Zealot (227666) | more than 13 years ago | (#88035)

... MAPS will start sending out email to random people, explaining how their services can reduce the spam problem on their email servers. It'll probably be almost as bad as when the emails for "system security" clog up and crash the mail server...

IBM had PL/1, with syntax worse than JOSS,

Friday 13th: Part1 (2)

billybob2001 (234675) | more than 13 years ago | (#88036)

How many posts are we away from

Last Month for Free Slashdot

Re:Did MAPS have an effect (2)

squiggleslash (241428) | more than 13 years ago | (#88038)

It wasn't anything to do with clueless admins at my ISP. It was the Netcom segment of Mindspring together with a BellSouth cock-up that were causing the problems. Consider:
  • BellSouth had registered their entire block with the DUL without removing blocks allocated to other groups, like my ISP
  • Netcom had subscribed to the DUL (curiously only for their ix.netcom.com domain, @mindspring.com and @netcom.com addresses were routable)
  • Netcom refused to reveal that the DUL had anything to do with the problem. I hadn't even heard of DUL at that point, and my ISP's sysadmins hadn't either. Nor did they admit to using any other filtering system. The blame, they said, must lie with my ISP, despite the fact that my ISP was routing email everywhere else correctly.
  • Netcom wouldn't answer emails from my ISP, ignoring them. Netcom answered emails from me by telling me it was a configuration problem with my PC and I should contact my ISP, even after having it explained to them that the configuration settings were fine, that my ISP had confirmed the problem was with Netcom, etc.
I think it's fair to say that the clueless ones are those working for Netcom. To implement an email blocking system which clearly is going to hiccup on a regular basis, with no system in place to deal with hiccups, dishonestly withholding the reason why the emails are being blocked in the first place, preventing information about problems from reaching the people who could fix it, basically preventing people legitimately contacting their customers, takes a degree of cluelessness over and beyond what I'd normally consider clueless.

I wouldn't get an account at whatever-they-call-themselves-today (is it Earthlink now?), if that's the answer you were looking for. And BellSouth deserve a slap too.
--

Re:Did MAPS have an effect (3)

squiggleslash (241428) | more than 13 years ago | (#88039)

I think the question i would like to answer is did MAPS have an effect ?
Unquestionably it did. Thanks to the DUL, for example, I was unable to email my girlfriend on her Netcom account for several weeks because my ISP's class C block was completely blocked, because it was part of BellSouth's allocation of IP addresses and my ISP's mail server wasn't registered.

It took several weeks of patiently trying to explain the problem and being rebuffed with "You must have configured your machine wrongly", "It must be a configuration problem with your ISP's servers", "Are you using the right SMTP server?", etc, before I was able to find a clueful tech support person who'd listen and talk to their system administrators to find out what the problem was. At the time I had no fricking idea what the DUL was, and there's no requirement that DUL users configure their SMTP gateways to actually say the reason they're blocking email from you is because of the "DUL" or to provide any link. Neither had my ISP's tech heard of it. Why should he? It's not in any RFC - indeed, it breaks the RFCs.

Oh wait, you mean did it have an affect on spam? I can't comment. I think for the most part the thing that's had the most effect on spam has been the closing of open relays, which is pretty much unrelated to MAPS (and something their arch-rivals at ORBS arguably had more effect with.)

I really cease to be impressed with outfits that propose rules that break legitimate ways of using something purely in order to make it more difficult for those we dislike to operate. The DUL is one example. It reminds me of the reason why I screen phonecalls with an answerphone rather than ACR - because that's what an answerphone does whereas ACR is a stupid "I've noticed all telemarketers withhold their number therefore all withheld numbers now and in the future must be telemarketers!" hack designed for the express purpose of selling something which will become totally ineffectual if a substantial enough group of people subscribe to it. People go for ACR though because answerphones are "old tech" and ACR is "automatic" and "new technology". Yay!

Support them with subcriptions if you want to help combat spam or dont use the service - i think its a fair comment - not everything can be free as life costs money
I understand the sentiment, but can't agree with the solution. I don't particularly like the way MAPS operates. Whether it going subscription, and thus reducing the number of ISPs in the scheme, will make a substantial difference to how easy spammers find it to operate I cannot tell. It'll be interesting to see the results. I doubt MAPS has had as big an impact as it'd like to believe (only 75% or more ISP usage of the RBLs would have been likely to do that), and I seriously doubt we'll see major increases as a result of MAPS going, if it does go.


--

One small thing seems to be missing... (1)

Zocalo (252965) | more than 13 years ago | (#88040)

How much do subscription services actually cost? The information does not appear to be readily available on MAPS' website and if ISPs etc. that do use MAPS are going to have to start paying for it, then they are going to need to get a purchase order raised, despatched and cleared in, let's see, 18 days and counting. That process often can't even start until the bottom line is known.

I think Paul Vixie et al have no experience with the snail like pace of corporate finance if they are expecting to pull this off with this kind of notice. Unless they want MAPS to wither on the vine, of course.

Time to check out the alternatives again, I guess. :-(

Re:Spammers are getting threatening... (1)

Zocalo (252965) | more than 13 years ago | (#88041)

I've seen that too. I like this. There are some potential regexps in that you can use to file messages in "/dev/null"...

It's offical folks. (1)

kireK (254264) | more than 13 years ago | (#88042)

The offical [mail-abuse.org] notice is now on MAPS.

Come back ORBS, all is fogiven (4)

cyberformer (257332) | more than 13 years ago | (#88043)

For more than a year, ORBS claimed that MAPS wanted to go commercial. MAPS consistently denied this. Now, as soon as ORBS is gone...

This doesn't make sense! (3)

cavemanf16 (303184) | more than 13 years ago | (#88047)

Costs have to be attached to sending mail to strangers, either micropayments or risk of jail.

jamie, what's wrong with you?! Making people pay doesn't stop the spam! I get more snail mail spam than I do email spam on a daily basis. Charging for email and enacting a million rules to govern its use won't help either. At a certain point, it just makes it prohibitively expensive or litigous ridden for the common user, me, to actually use it 'cause there's too many rules to follow and fees to pay. Your thinking on this one is wrong.

On the corporate end of things (2)

freeweed (309734) | more than 13 years ago | (#88049)

Funny you post this, as I just spent an hour yesterday patiently explaining to an employee that our acceptable use policy DOES in fact cover 'don't give your address out to moronic friends'. We rarely get spam in the office, as use of our company email addresses outside of work-related purposes is strictly prohibited (and so far, this works well). However, there's nothing like the day the mail server becomes completely unresponsive because someone thought that emailing 27 jpgs to each of us would be a good idea.

It's not just friends either. I've had people who are otherwise respectable businesspersons send me emails with literally 200 recipients (gee, thanks Outlook) and the subject line reading Fw:Fw:Fw:Fw:Fw:Fw:Fw:Fw:some joke or another. Do the math; logarithmic functions are downright SCARY. Unfortunately, we just can't block these addresses, as legit business does get transacted with these people.

I for one would gladly volunteer my time to give email ettiquitte training, even to complete strangers. I've had to go as far as to block close friends from being able to email me entirely; they don't seem to understand how to remove me from their (group/buddylist/whatever) on their own.

they have to pay the rent, but... (2)

janpod66 (323734) | more than 13 years ago | (#88056)

They have to pay for servers and bandwidth, so it's understandable that they want to charge. However, it would be really nice if we could come up with true peer-to-peer collaborative filtering for E-mail. It's a harder problem, but it could obviate MAPS both as a bandwidth bottleneck and as a single point of legal attack.

Re:They think they're so damn cute... (2)

guuyuk (410254) | more than 13 years ago | (#88057)

So that would mean SPAM would be the System for the Promotion of Abusive Mail...

Or maybe System for the Prevention of Actual Mail?

Re:An alternative to fighting SPAM (1)

GreyPoopon (411036) | more than 13 years ago | (#88058)

I have two email accounts which I use for new friends, the first one is a throwaway hotmail account which doesn't matter if it gets flooded with spam....

The only problem with that is that you still have to wade through all the crap in the "purgatory" account to see if new friends are worthy of making the "real" account.

I'd like it to be done so you could still do annoymous emails etc, because privacy is important, and I don't want to have to pay for each message either. I dunno how they can do this but there must be a way.

I think the best bet is to require -- by law -- some sort of "unsolicited mail" indicator on e-mail messages. Then, if an anonymous user sends unsolicited SPAM without the indicator, authorities can demand that whatever gateway allowed them to be anonymous reveal the identity. It's not quite as private as you'd like, obviously, but it's probably the best it'll ever get. Of course, such laws would have to be agreed upon by pretty much every country on the 'net to make them worth anything....

GreyPoopon
--

An alternative to fighting SPAM (2)

GreyPoopon (411036) | more than 13 years ago | (#88059)

Note: This is only half joking.

I just realized something. Only half of the junk in my Inbox comes from spammers. The other half of the junk comes from clueless friends and family who feel the need to constantly forward those "send this to 6 people ... and earn $$$" messages. Or other various hoaxes. Maybe we should educate them before we go after the spammers. I've got it. We can require a training class before anybody is allowed to use e-mail. Of course, it'll have to be free -- wouldn't want to discriminate based on income. Any volunteer teachers?

GreyPoopon
--

Re:They think they're so damn cute... (1)

Supa Mentat (415750) | more than 13 years ago | (#88060)

Prevention that should have been. *nervously laughs*

They think they're so damn cute... (3)

Supa Mentat (415750) | more than 13 years ago | (#88061)

Ok, it is sorta cute I guess, Mail Abuse Provention System = MAPS. It's also Spam backwards, that can't be coincidence, can it?

More Legislation? (1)

bupernfut (446309) | more than 13 years ago | (#88064)

"Two things will reduce the hassle of spam, more legislation ..."

Do you really want more legislation implemented by the same government who brought us such goodies as Carnivore and export restrictions on encryption? More legislation gives the government more power, regarless of whether it's to stop SPAM today, or a Microsoft lobbied ban on open source software for the government of tomorrow. I'm not saying the two are related, but it would be one more big boot in the door.

Keep the government out of it! I like the replacing the SMTP with a non-broken protocol idea much more. I can feel the force of a new SourceForge project in genesis already :)

Re:Did MAPS have an effect (2)

datarat (457636) | more than 13 years ago | (#88068)

As someone involved in the spam blocking industry (yes it's an industry) I'd have to say that overall the effectiveness of rbl's in general is minimal.

The impact has been just enough to get MAPS sued a couple of times. Expensive lawsuits. This is probably a bigger problem than a lack of subscriptions.

The fact is that it's cheaper to buy a mail gateway filter now than to subscribe to MAPS.

Consider this the first step in the eventual closing. They're going to hang on as long as they can to finish out the subscriptions and contracts they have, in order to avoid litigation for breach of contract, and then most likely fold up and go away.

Re:SMTP "Broken".... (1)

mountie (461862) | more than 13 years ago | (#88072)

And what about massive mail systems which use different servers to send and recieve mail for the domains?

I.E MX records for domain.com point to in[1-999].mail.domain.com, and the just recieve mail and drop to the database...

All outgoing mail from domain.com goes through out[1-999].mail.domain.com which just have massive queues of shit to be spewed accross the net.

Re:Spammers are getting threatening... (2)

Kareena Bhagnani (462993) | more than 13 years ago | (#88073)

Quote from UCE: "Under U.S. Law (Bill s.1618 Title III passed by the 105th U.S. Congress) you are prohibited from considering this mail Spam because we include contact information and a link for removal from our mailing list.


Hilarious. Bill s.1618 was never passed into law. Here [easynet.co.uk] is the first thing Google popped up with when searching for it. Make sure you mention this when writing to the spammer's ISP to get their account yanked.

Oops, this one was my bad (1)

h. simpson (464174) | more than 13 years ago | (#88074)

Is nothing free anymore?

Can I not use MAPS for free?
Can I not get music for free?
Are my parents going to kick me out or force me to pay rent?
Will I have to pay for what I eat now?

Damn turning 18 sucks. I think I am responsible for everything becoming commercialized as to teach me to stop being a free loader and get a job. My bad.

H. Simpson apologizes for the end of the Free Internet Revolution.

Re:An alternative to fighting SPAM (1)

Zargle (465109) | more than 13 years ago | (#88075)

I have two email accounts which I use for new friends, the first one is a throwaway hotmail account which doesn't matter if it gets flooded with spam.... Only after they have spent some time in this 'purgatory' and I have had a chance to see if they've proven their worthiness of not sending me crap/sending my address out to 10 friends etc..... Only then will I reveal to them my real email account...... I'd like to see a way of reducing the spam on the net perhaps with different protocols or something, but I'd like it to be done so you could still do annoymous emails etc, because privacy is important, and I don't want to have to pay for each message either. I dunno how they can do this but there must be a way.

Re:Come back ORBS, all is fogiven (1)

bartlett's (465717) | more than 13 years ago | (#88077)

And the really ironic thing is I would have been more willing to pay for ORBS than MAPS' services.

Did MAPS have an effect (4)

q-soe (466472) | more than 13 years ago | (#88078)

I think the question i would like to answer is did MAPS have an effect ? i mean the level of spam does not seem to have decreased at all and i think it has grown - the major ISP and web services providers - @home, Yahoo etc dont want to know about it - they may block email accounts of bulk mailers but in my expereince they dont.

The other side of the coin in this message is that MAPS have costs as well, the maintenance of servers, databases and net bandwidth costs require money and staffing and that inevitable means costs. They have obviously now found it neccesary to continue and try and recoup them with the subscritption method.

I personally find it a usefull tool and will likely pay for access under the subscription plan but others wont, thats a choice thing.

After all they are a company and as such as they say they need to pay the bills.

Support them with subcriptions if you want to help combat spam or dont use the service - i think its a fair comment - not everything can be free as life costs money

Thats my 2 cents anyway

Passing the buck (3)

papertech (467382) | more than 13 years ago | (#88079)

If MAPS makes ISP's pay to use their services, those costs could simply be passed on to the "willing" consumers.

I would be willing to pay $24.99 instead of $19.99 if the ISP could guarantee that I wouldn't get a bunch of crapflood spammers hammering my Inbox everyday.

On the other hand, I can see ISP's dropping MAPS altogether, since the average uninterested Joe Netizen generally shops for the cheapest monthly ISP rate instead of looking at QOS.

Last Month for Free MAPS - Not (5)

MargieA (467389) | more than 13 years ago | (#88080)

MAPS has announced that this is the last month for non-subscription access to our lists. As stated in the announcement:

"We will still offer some reduced fee or free query contracts under limited circumstances."

Individual users and hobbyists can still obtain access to the lists for free. There is simply some paperwork involved. Not for profits, educational institutions, etc., are eligible for substantial discounts. It is not our intent to deny access to our services because of the inability to pay for a subscription. Those that can afford to pay are being required to do so.

Incidently, the cost for most ISPs would equate to about $0.05 per user per year .

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?