RBL Working Group Ben Black INTERNET DRAFT Layer 8 Networks Obsoletes: draft-ietf-rbl-selfdefense-00.txt November 1998 Expires May 1999 Best Practices for Being Permanently Added to the RBL <draft-ietf-rbl-permanent-00.txt> Status of this memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' To view the entire list of current Internet-Drafts, please check the ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), or ftp.isi.edu (US West Coast). Abstract The Realtime Blackhole List (RBL) service from the Mail Abuse Protection System (MAPS) is a completely free and voluntary system for creating intentional network outages to limit the propogation of unwanted, unsolicited, mass e-mail (SPAM). Many purveyors of SPAM and SPAM-related services have had little trouble in getting themselves added to the MAPS RBL, but certain providers of web hosting services whose customers engage in SPAMMING have expressed concern that at some point in the future they may be removed from the MAPS RBL, exposing millions of innocent e-mail users to a barrage of SPAM. This document offers a description of the best current practices for guaranteeing that your company stays on the MAPS RBL. 1. Terminology Throughout this document, the words that are used to define the significance of particular requirements are capitalized. These words are: - "MUST" This word or the adjective "REQUIRED" means that the item is an absolute requirement of this specification. - "MUST NOT" This phrase means that the item is an absolute prohibition of this specification. - "SHOULD" This word or the adjective "RECOMMENDED" means that there may exist valid reasons in particular circumstances to ignore this item, but the full implications should be understood and the case carefully weighed before choosing a different course. - "SHOULD NOT" This phrase means that there may exist valid reasons in particular circumstances when the listed behavior is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behavior described with this label. - "MAY" This word or the adjective "OPTIONAL" means that this item is truly optional. One vendor may choose to include the item because a particular marketplace requires it or because it enhances the product, for example; another vendor may omit the same item. 2. Best Practices Although there are many successful methods for achieving a lifetime membership in the RBL, the following have proven the simplest and most expedient. 2.1 Verbally Harassing the Maintainers of the RBL The maintainers of the MAPS RBL are all volunteers with an interest in making the Internet less of a haven for nefarious SPAM merchants. This is a fundamental technique which SHOULD be attempted by ALL service providers wishing to burn all possible bridges. 2.2 Sending SPAM Demanding Removal from the RBL Nothing says "Blackhole me!" like sending an unwanted mass mailing to potential subscribers of the MAPS RBL service. Service providers in the market for a new line of work unrelated to the Internet MUST SPAM as MANY other service providers as possible to maximize their chances at a coveted RBL Blackhole Lifetime Membership. 2.3 Threatening Lawsuits Even the most stalwart RBL maintainer may later have mercy later if only the suggestions in Sections 2.1 and 2.2 are followed. To avoid this eventuality, service providers SHOULD threaten to sue not only the RBL maintainers, but also all RBL subscribers. When responding to queries regarding the upcoming legal action, providers MUST NOT resort to the use of logic and common sense. Hard work definitely pays off in this area. 2.4 Proper CAPITALIZATION One of the keys to a successful SPAM demand or threat is proper capitalization. Unlike normal English usage, providers MUST randomly capitalize ENTIRE words for no APPARENT REASON. E-mail which follows this rule is certain to have a major impact on all readers. 3. Example of Advanced Techniques This outstanding example illustrates a complete mastery of all the tecniques listed above. The sender of this message is obviously highly motivated in his quest to remain on the RBL until the end of time. -- start -- From: "Alan R. Bechtold" <alanbechtold@sysop.com> Subject: Using MAPS will get you SUED!!! Date: Wed, 18 Nov 1998 11:48:11 -0800 It has come to my attention that your company utilizes the MAPS BLACKHOLE list to block purported SPAMMERS from sending E-mail to your system. While the idea might sound good I am writing to inform you that you will be named in a Federal Lawsuit if you do not CEASE AND DESIST use of this list IMMEDIATELY. Here is why: My company, BBS PRESS SERVICE, INC., designs and hosts Web sites. That's all we do. We don't sell access to the Internet. We don't sell E-mail accounts. Besides some E-mail accounts for our employees to use when contacting our customers, and one E-mail account we use to send out a weekly newsletter to our customers, we don't generally handle any E-mail at all. I am anti-SPAM. I advise all of my 5,000+ clients against the use of SPAM. Still, two have used it to promote sites we host for them. Naturally, this resulted in our receiving the usual barrage of E-mails DEMANDING that we remove the Web sites of the offending parties. Our attorneys have advised us that it is NOT in our best interest to do so. Removing the Web site of anyone for something they did OUTSIDE of our system, even if it was indeed PROMOTING a site hosted on our system, would in fact expose my company to possible lawsuit from the SPAMMER! I understand many Web site design and hosting services stipulate in their contracts that they reserve the right to pull any site if evidence of SPAMMING is seen -- but my attorneys have also advised me that this is completely unenforceable in court and wouldn't stand up to a court challenge. I don't know about you but I am totally opposed to being REQUIRED to take action against anyone for anything they've done outside of my control. Do we also want to become liable for pulling Web sites held by anyone who is convicted of a crime...any crime? Wouldn't this lead to the requirement of background checks, to make sure a Web site customer has never indeed beenconvicted of a crime? The ramifications are tremendous. Anyway -- I write to anyone complaining about SPAM from a client of mine (and they do track down the Web site host even if we didn't originate the SPAM) and inform them of my position. One person apparently forwarded my reply to MAPS. Even though my reply states CLEARLY that I am OPPOSED to SPAM, the kind folks at MAPS decided to add my company's IP to the list anyway. The problem is -- they won't TALK about resolving the problem. Their "volunteer" hung up on me when I called, after first being outright surly and rude with me. I tried E-mailing Paul Vix to tell him to remove my company's IP from his list but -- guess what -- my E-mail got REJECTED by his system because he uses the list! I finally got a message through by going through another provider. Meanwhile Paul Vix has not returned my urgent calls and hasn't been available on the phone when I do call. This is causing my company irreparable harm. MAPS' whole attitude and the way they create their so-called LIST is, because of my case alone, entirely questionable. And he has left me little choice but to file suit against Paul, MAPS and anyone associated with the LIST or using it in their products or on their services. This is where you come in. I am writing to tell you right now -- cease and desist from using the MAPS BLACKHOLE list on your service IMMEDIATELY. I will be including anyone and everyone still using the MAPS list in my lawsuit against MAPS. Period. You might also want to contact Paul Vixie and let him know the legal jeopardy his methods have placed you in. By comparison, the SPAMMERS are starting to look like the "good guys." I know they're not and you know they're not but MAPS must end here and now. I would appreciate your comments and cooperation. -- end -- 4. Author Information Ben Black Layer 8 Networks email: black@layer8.net