Affects of the balkanization of mail blacklisting

This is getting really annoying. It seems multiple large networks have
stolen copies of the MAPS DUL (I wonder if this is the cause or an effect
of MAPS going commercial?) which of course are not being kept in-sync with
the real MAPS DUL. First it was Earthlink. Today's winner is usa.net.

<xxxxxx@usa.net>
    (reason: 550 Mail from 209.208.x.y refused. Please refer to
http://mail-abuse.org/dul for an explanation.)

The address block in question above was removed from the DUL almost 2
weeks ago, but usa.net is still blocking mail from it today, and claiming
that they're doing so via the MAPS DUL.

How many other networks have stolen copies of the DUL and either nobody
maintaining their local copies or bogus sendmail reject messages pointing
you to the wrong place (or no place) to get the problem fixed?

If you're going to run your own locally maintained email blacklist, at
least get the rejection messages right and give out a correct URL for
procedures on getting off your blacklist.

They aren't stolen copies, They are the last secondary transfer of the dul
domain before MAPS closed its servers up.

Roy Engehausen

jlewis@lewis.org wrote:

IIRC, MAPS hasn't allowed free zone transfers for quite some time.

Whether or not it's really "stolen" is for MAPS to think about and a judge
to decide (if MAPS decides to go that route). The big problem with this
is usa.net is saying "go complain to MAPS", but MAPS can't help.
Obviously, they don't want people stealing it, or they wouldn't have
removed the CIDR text version of the DUL from their web site.

I don't have access to a zone file to check, but I suspect MAPS would have
been setting a relatively small expire time on the zones so this sort of
thing wouldn't happen without someone at usa.net editing the zone and
making themselves a master for it. If they did that, why didn't they
update their mail servers?

The point is, if everyone creates their own DUL, and those DULs are poorly
maintained and have no documented procedures for submissions and
deletions, it's going to be a major PITA for network operators as their
customers complain "this IP space is no good, it's in DULs all over the
net, give me some virgin IP space."

You are implying that giant usa.net is too cheap to pay for the just
recently made non-gratis MAPS service? Uh-oh.

BTW, interesting data collection going on for a PAID account at usa.net:
gender, age, marital status, household income, profession... One could
think this sort of data is ideally suited for targeted spamming^H^H^H^H
marketing.

--Mitch
NetSide

Ahhh - the point exactly. As long as ISPs find it financially
attractive to allow spammers to operate, and to not even enforce
the anti-spamming clauses in their contracts with their customers,
there is little incentive for those who don't want to bear the
cost of spam delivery to either use central lists or to be
careful or precise as to why delivery from a specific site is
blocked.

For most, the private lists become roach motels - once a domain
or IP address checks in, it never checks out. Complain to the
domain who got listed in the first place, wink wink, nudge nudge.

-=[L]=-

Complain to the domain who got listed in the first place, wink wink,
nudge nudge.

Ummm, the DUL is a list of dialup ports. When it was started, the intent
was not to punish ISPs listed there, but to give mail admins a list of IPs
that represent dialup ports, which generally should not be sending mail
directly. It is not a mark of shame to be on the DUL. Some of us
actually *volunteered* such information to maps.

Which brings me to another point that's been eating at me since maps went
commercial... DUL seemed like more of a community effort than RBL or RSS.
Many entries were added by people volunteering their own information with
the idea that it was for the "common good". I for one, feel shafted that
this list to which I contributed, is only available if I choose to pay a
sizable amount of money.

As for MAPS working out deals for smaller customers, I've not yet received
any replies from their sales kritters, which I will interpret as a "NO".

Charles

> Complain to the domain who got listed in the first place, wink wink,
> nudge nudge.

Ummm, the DUL is a list of dialup ports. When it was started, the intent
was not to punish ISPs listed there, but to give mail admins a list of IPs
that represent dialup ports, which generally should not be sending mail
directly. It is not a mark of shame to be on the DUL. Some of us
actually *volunteered* such information to maps.

That's actually the case here. The IP range in question was at one time
dial-up ports, and we added it to the DUL. It was later recycled and
removed from the DUL, but apparently not before others grabbed their own
snapshot copies of the DUL. I suppose we'll have to be more careful and
designate IP blocks as dial-ups permenantly from now on. Of course, I
don't expect ARIN will buy that as "efficient use of space". I can just
see going to ARIN asking for more IPs:

We need to turn up more business customers, but all we have left are
these old dial-up pool ranges. We can't give these blocks to our
business customers because it's too big a PITA for them to find and get
out of all the blacklists, so just give us some new IP space.

Can you say "rejected"? I think you can

This is kind of like (though not as bad) when AGIS was hosting Cyberpromo
and others. How many ISP's manually blacklisted those IP blocks from
their mail servers? Even after AGIS got rid of the spammer customers,
those IP ranges were pretty much worthless. I wonder who, if anyone, is
using them today?

Which brings me to another point that's been eating at me since maps went
commercial... DUL seemed like more of a community effort than RBL or RSS.
Many entries were added by people volunteering their own information with
the idea that it was for the "common good". I for one, feel shafted that
this list to which I contributed, is only available if I choose to pay a
sizable amount of money.

I feel the same way. We spent time occasionaly making sure the DUL was in
sync with our dial-up blocks, adding and removing IP blocks as necessary.
Now, we no longer have access to the DUL. We also no longer have an easy
way (CIDR text format) to scan the entire DUL to see which of our blocks
some bozo has incorrectly nominated, and MAPS blindly accepted.

I still think it's worth maintaining, to reduce the number of complaints
we'll get about spammers signing up for throw-away accounts on our
network, but it's hard to justify spending time working on that now that
we don't directly benefit from being able to use it. In fact, I suppose
MAPS is largely to blame for the current situation. If they hadn't had
their sudden change in policy, most networks probably wouldn't bother to
create their own DULs.

I know about several of the RSS alternatives, but has anyone setup a DUL
alternative? If not, I'll consider doing it.

Joe Jared has integrated one into http://relays.osirusoft.com - I think
he returns 127.0.0.3 for dialup blocks. The web page isn't real clear
as to how you add/remove blocks from his list.

It looks like he has some automated tools for spam submission but I
don't see much detail on how to manage the rest of the database other
than mail directly to Joe.

Mark Radabaugh
Amplex
(419) 833-3635

I might be willing to, if I could be assured that a decent number of large
providers would participate.

It would have been nice if we could all agreed on a DUL database that would be
distributed free to anyone to use.

jlewis@lewis.org wrote:

That would be the only point in doing it if I were to do it. Zone
transfer access would be encouraged, if not required. Users would be
strongly encouraged to put a NOC or abuse contact on a mailing list that
would be used for announcements only. There would have to be a web site
giving clear instructions on how to add/remove IP blocks.

The TTL on the zones is 5 minutes. Realisitically most update every 20
minutes to an hour. The DUL is a bit more static than the rest.

Subscribers are obligated contractually to maintain current zone files.

Somebody just pointed out to me (and I've verified) that query access to
at least the MAPS DUL is open to non-subscribers (still / again ?). I'm
hesitant to use it without knowing if this is just a temporary situation,
or if there has been some change in policy.

Naturally, I have a different perspective.

MAPS has developed, maintained and published these lists for a number of years, on our nickel. The "nickel" to date is to the tune of several million dollars in operational and legal expenses. That's cash folks, not donated equipment, not donated bandwidth, not volunteer efforts. Cold, hard, CASH. It didn't come from corporate donations, it didn't come from subscriptions. 99% of it came out of Dave's and Paul's pockets.

MAPS as a corporation must have revenue to operate. We tried to produce that revenue with a paid service called the RBL+. We tried to produce that revenue with our outsourced abuse services. The people that could most afford to use those services chose to continue to use the free queries (at the rate of 10s of millions of queries a day for some ISPs) rather than paying their own way. That had to stop. The only way to stop it was to restrict access all access to the zones.

You folks are certainly free to start your own lists, or, you could encourage your employers to financially support the organization that has been financially carrying them for all this time.

The fees are based on cost, not profit. MAPS remains a not-for-profit corporation. For most mid-sized networks, the cost to them is $0.05 per user per year . For the small outfits, its less than my annual Starbuck's expenses

It's temporary. Because of the huge volume of responses (mostly for free access), we have chosen to use a deny table for the largest users while we get all of the allow entries made. This prevents our backlog from cutting off folks that want to subscribe. As soon as we get caught up, we will swap over from a deny table to an allow table. That should be real soon now.

Date: Sat, 11 Aug 2001 13:19:45 -0400 (EDT)
From: Charles Sprickman <spork@inch.com>
Subject: Re: Affects of the balkanization of mail blacklisting

> Complain to the domain who got listed in the first place, wink wink,
> nudge nudge.

Ummm, the DUL is a list of dialup ports. When it was started, the intent

Right. It is then surprising that an IP address which was listed as a
dialup suddenly wasn't.

was not to punish ISPs listed there, but to give mail admins a list of IPs
that represent dialup ports, which generally should not be sending mail
directly. It is not a mark of shame to be on the DUL. Some of us
actually *volunteered* such information to maps.

Which brings me to another point that's been eating at me since maps went
commercial... DUL seemed like more of a community effort than RBL or RSS.
Many entries were added by people volunteering their own information with
the idea that it was for the "common good". I for one, feel shafted that
this list to which I contributed, is only available if I choose to pay a
sizable amount of money.

A very good point - the DUL was/is different from the other two lists, and
perhaps should have been treated differently. As I understood it, some ISPs
'contributed' their configurations as part of ensuring that direct-to-mx
spam would be reduced.

As for MAPS working out deals for smaller customers, I've not yet received
any replies from their sales kritters, which I will interpret as a "NO".

Likewise. All I got was an autoack and a ticket number.

-=[L]=-

In article <3B757874.C4221651@garlic.com> you write:

It would have been nice if we could all agreed on a DUL database that would be
distributed free to anyone to use.

Yes indeed. Unless someone knows of a free source of servers, IP
connectivity, and most importantly staff time, I suspect that it would
be much cheaper all around to contact MAPS and pay something to use
the DUL than for each provider to waste its own staff time coming up
with an inferior "free" substitute.

I can report from experience that MAPS has been very flexible, and is
likely to accept any reasonable offer for access to its lists.

The staff time is the only one I can't address but a "new DUL" that only did zone
transfers (no direct queries) would encourage clones that people could use for
testing. That would probably drop the load significantly.

"John R. Levine" wrote:

Which brings me to another point that's been eating at me since maps went
commercial... DUL seemed like more of a community effort than RBL or RSS.
Many entries were added by people volunteering their own information with
the idea that it was for the "common good". I for one, feel shafted that
this list to which I contributed, is only available if I choose to pay a
sizable amount of money.

MAPS is not the first organization to charge for a 'community' service and
won't be the last.

Supplying your netblocks to MAPS does not pay the light bill. Or the
employees. Or the attorneys.

As for MAPS working out deals for smaller customers, I've not yet received
any replies from their sales kritters, which I will interpret as a "NO".

You've called them and not just emailed them, yes?

>
>
> It would have been nice if we could all agreed on a DUL database that
> would be distributed free to anyone to use.
>

Naturally, I have a different perspective.

MAPS has developed, maintained and published these lists for a number
of years, on our nickel. The "nickel" to date is to the tune of
several million dollars in operational and legal expenses. That's cash
folks, not donated equipment, not donated bandwidth, not volunteer
efforts. Cold, hard, CASH. It didn't come from corporate donations, it
didn't come from subscriptions. 99% of it came out of Dave's and
Paul's pockets.

Indeed they have. And some of us are quite thankful for the gift. But
that is, effectively, what it was - like all of the community efforts
that give away code, or lists of abusers, or anything else.

MAPS as a corporation must have revenue to operate. We tried to
produce that revenue with a paid service called the RBL+. We tried to
produce that revenue with our outsourced abuse services. The people
that could most afford to use those services chose to continue to use
the free queries (at the rate of 10s of millions of queries a day for
some ISPs) rather than paying their own way. That had to stop. The
only way to stop it was to restrict access all access to the zones.

This is true; operating costs are > 0, and must be offset by either
donations (invidual or corporate), or fees. MAPS has now changed which
of these they are using to fund themselves, and this has consequences,
just as it does for every other non-profit (animal shelters, PBS based
TV stations, etc).

You folks are certainly free to start your own lists, or, you could
encourage your employers to financially support the organization that
has been financially carrying them for all this time.

Indeed. Of course, some of us either don't control the bean counters,
or are very small networks whose costs due to spam are easily exceeded,
even by the new "low cost" version of MAPS. And some are just militantly
anti-commercial about things, and will now treat MAPS like any other
commercial entity, rather than community service - IE, if they want
an up-to-date list of dialup IPs, they can darn well pay for it, since
they're charging for use of the information. Formerly, this would have
fallen into the category of "donation".

The fees are based on cost, not profit. MAPS remains a not-for-profit
corporation. For most mid-sized networks, the cost to them is $0.05
per user per year . For the small outfits, its less than my annual
Starbuck's expenses

And some companies trying to do dialup are doing it on a very slim margin
for those dialup customers.

All in all, MAPS can do whatever they like, and always could - but what
they have chosen to do will almost certainly now put them in a model where
they will be in competition against those services which choose to run on
donations rather than fees, and provide a similar service.

I would say "may the better business model win", but I'm not sure that's
really what's in the best interest of the 'Net at large. It certainly
hasn't been, in a lot of cases. Generally because "business" puts money
first and foremost, while the 'Net was largely built on a trust basis that
collapses as soon as it's abused. Just the way things panned out.