I'm getting seriously confused here. I thought that the open-relay issue was irelevent to MAPS. That MAPS only black-holed confirmed SPAM sites (a little tougher, but more granular, charter). Further, that it was ORBS that listed open-relay sites specifically, whether they were involved in a spam or not (unacceptable due to punishing potential anti-spammers for proliferating spam that never saw their systems). To me, these are two entirely different charters. If MAPS starts to look like ORBS then I will stop using MAPS. Can someone please clarify?
-----Original Message----- From: Robert Sharp [mailto:rsharp@appliedtheory.com] Sent: Wednesday, May 23, 2001 1:04 PM To: Valdis.Kletnieks@vt.edu Cc: nanog@merit.edu Subject: Re: Stealth Blocking
I would like to make the point that I do run two mail servers and both a maps approved. Please don't tell me I don't know how to run a mail server. Again I am not discussing your ability , please don't poke fun at me. In fact I had some trouble with spam on one of them because someone was signing up a list I use for the owl networks mailing list. I infact installed MAPS to see if it helped the problem. It did not because the user didn't run an open relay site but rather a no confirmation email list. Would I be correct to assume they should be in the MAPS list too? As you can see sometime spam/annoying emails is not always sent throught an open relay but sometimes it's a problem with mailing lists..... What should maps do, start adding sites that act like this?
I am just making the point that if MAPS wasn't run by one person with total control maybe some of us "retards who don't know what we are doing" would be a bit more will to support the effort.
Rob
Valdis.Kletnieks@vt.edu wrote:
On Wed, 23 May 2001 14:36:15 EDT, Robert Sharp said:
And if you use the MAPS list by your choice you are most definetly filtering out email or traffic for people who are legitimate. I know I have been filtered before. MAPS is using a very large hammer to kill a not so large bug.
Hmm.. you won't configure it correctly. RFC2505 is "Best Current Practice".
You get filtered because you won't configure it correctly.
You say you've been filtered *before* because you won't configure it correctly.
Yes, we *admit* we're using a large hammer. Bouncing your e-mail didn't get your attention. Maybe irate users will get your attention. But I am doubting it. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
-------------------------------------------------------------- ----------
Part 1.2Type: application/pgp-signature
I'm getting seriously confused here. I thought that the open-relay issue was irelevent to MAPS.
No.
That MAPS only black-holed confirmed SPAM sites (a little tougher, but more granular, charter).
Yes, but open relays can easily become confirmed SPAM sites. All that has to happen is one spammer chooses to use that particular open relay.
Further, that it was ORBS that listed open-relay sites specifically, whether they were involved in a spam or not (unacceptable due to punishing potential anti-spammers for proliferating spam that never saw their systems).
ORBS lists open-relay sites whether or not they were involved with spam. That's perfectly fine with me, since as far as I'm concerned, an open relay is like a loaded gun -- it's an accident waiting to happen. The problem with ORBS is that ORBS lists sites that _aren't_ open relays for various reasons, including political disagreements with the ORBS folks. ORBS claimed originally to be a list of confirmed open relays, which it once was and nobody really complained too much. The problem is, some sites began getting complaints about the ORBS probers probing their networks. As a result, some large sites (like abovenet) blocked the ORBS probers. ORBS countered by blacklisting all of abovenet's address blocks, incuding all of their non-multihomed customers. This blacklisted thousands of machines that had no open relays.
To me, these are two entirely different charters. If MAPS starts to look like ORBS then I will stop using MAPS.
No, MAPS will look like ORBS when it starts blacklisting huge blocks of addresses because it has a political problem with on of the networks on the path to those addresses.
Can someone please clarify?
I hope this qualifies as clarification. DS
On Wed, 23 May 2001 16:18:12 PDT, David Schwartz said:
ORBS claimed originally to be a list of confirmed open relays, which it once was and nobody really complained too much. The problem is, some sites began getting complaints about the ORBS probers probing their networks. As a result, some large sites (like abovenet) blocked the ORBS probers. ORBS countered by blacklisting all of abovenet's address blocks, incuding all of their non-multihomed customers. This blacklisted thousands of machines that had no open relays.
Well.. half of this is a red herring. The last time I checked (which was a re-check as I was writing this), ORBS had different ways of listing "known open relay" and "unable to check because of a block". Therefore, a carefully worded ORBS query should result in no blacklisting of "thousands of machines that had no open relays" (although of course, you would then not get a heads-up from ORBS regarding an actual open relay in a blocked address block. It's the site's decision whether it prefers false positives or false negatives. See http://www.orbs.org/usingindex.html for details... lot of options there. Flame-fests regarding ORBS probing should be redirected to /dev/null. Valdis Kletnieks Operating Systems Analyst Virginia Tech
On 05/23/01, Roeland Meyer <rmeyer@mhsc.com> wrote:
I'm getting seriously confused here. I thought that the open-relay issue was irelevent to MAPS. That MAPS only black-holed confirmed SPAM sites (a little tougher, but more granular, charter). Further, that it was ORBS that listed open-relay sites specifically, whether they were involved in a spam or not (unacceptable due to punishing potential anti-spammers for proliferating spam that never saw their systems). To me, these are two entirely different charters. If MAPS starts to look like ORBS then I will stop using MAPS.
Can someone please clarify?
MAPS is a company. They have three basic lists. One of them, the RSS, contains open relays which have been abused by spammers. http://mail-abuse.org/rss/ has more information. Sometimes people use "MAPS" to refer to the MAPS RBL, which is described at http://mail-abuse.org/rbl/ . The most commonly overlooked (but individually most effective) MAPS list is the DUL, at http://mail-abuse.org/dul/ . Each has its own criteria and set of rules, and each has (as might be expected) attracted assorted kooks and naysayers. -- J.D. Falk SILENCE IS FOO! <jdfalk@cybernothing.org>
participants (4)
-
David Schwartz -
J.D. Falk -
Roeland Meyer -
Valdis.Kletnieks@vt.edu