Stealth Blocking

You're blocking MAPS' test, but you leave your server open to
  relay from just about anywhere else. Perhaps the error message
  they gave you was unclear, but it should be fairly obvious that
  if you want to get off the list, you have to close the relay.

  MAPS isn't "forcing" you to do anything, you know. You're very
  welcome to continue to leave it open. And, likewise, everyone
  else is equally welcome to block all mail from your server, with
  or without MAPS' easy removal process.

Let me add that to this that it is trivial for a MAPS subscriber to
"whitelist" any site, overriding any affects of a listing in the RBL, DUL
or RSS, via ALLOW statements in a mail server or deny statements on an
inbound distribute list in the case of a BGP RBL subscriber. Any provider
that wanted to receive email from/route traffic to an IP listed on the
MAPS lists can easily do so without necessarily unsubsribing from the
service.

I'm saying this to hopefully drive home the argument that MAPS does not
blackhole ANYONE, its subscribers do. And those subscribers have the
option at any time of overriding a MAPS listing within their own network.

-C

I would like to make the point that I do run two mail servers and both a maps approved.
Please don't tell me I don't know how to run a mail server. Again I am not discussing your
ability , please don't poke fun at me. In fact I had some trouble with spam on one of them
because someone was signing up a list I use for the owl networks mailing list. I infact
installed MAPS to see if it helped the problem. It did not because the user didn't run an
open relay site but rather a no confirmation email list. Would I be correct to assume they
should be in the MAPS list too? As you can see sometime spam/annoying emails is not always
sent throught an open relay but sometimes it's a problem with mailing lists..... What should
maps do, start adding sites that act like this?

I am just making the point that if MAPS wasn't run by one person with total control maybe
some of us "retards who don't know what we are doing" would be a bit more will to support the
effort.

Rob

On Wed, May 23, 2001 at 12:41:52PM -0400, Mitch Halmu exclaimed:

ORBS is a foreign entity. Out of reach. Vixie is ante portas. American, like
you and me. Blackmailing American providers, breaking state and federal laws
with impunity. People that subscribe to the blackhole lists probably have no
idea who in particular they are blocking or to what extent. Or even why.

s/blackmailing/blackholing/i - and you have to remember, Vixie isn't blocking
anybody's traffic (except for networks he operates). Individual operators that
subscribe to MAPS choose what traffic to block or not block to their own
networks. There's no blackmail there, and certainly no laws saying that I must
accept whatever traffic anybody on the Net wants to send my way.

Let's keep this argument in the bounds of reality, at least.

Hi FOlks,

Does anybody know of any reference sources for finding out who has POPs in
a specific city, and ideally where those POPs are located?

Thanks much,

Miles Fidelman

making that choice for other people. MAPS does this with their blacking of
traffic. This type of power in the hands of a single person/organization is
wrong.

MAPS doesn't make any choice for other people, MAPS only provides
documentation of the choices they've made for themselves.

They're the email equivalent of Consumer Reports. Nobody is forced to
use their lists.

I would propose a system whereas there are multiple representatives from
many viewpoints to make VERY SERIOUS decisions like this.

Then stop proposing it, and actually create it. If people agree with you,
they'll join you. If they prefer MAPS, take the hint that you're wrong
and go away.

You're assuming that the responses are an attempt to convince the troll.

They're not; nobody cares what the troll thinks.

The responses are to convince the peanut gallery, because the fact is that
the vast majority of those reading this (or any) mailing list are not
posting, and many of them are undecided on any issue that comes up.

We respond to trolls so that the lurkers will hear the rational sides of
the story, not just the troll side.

This has the unfortunate side effect of feeding the trolls, but it's
an acceptable risk if it enhances the clue level of someone who isn't
yet lost.

From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
Robert Sharp
Sent: May 23, 2001 2:36 PM
To: Valdis.Kletnieks@vt.edu
Cc: nanog@merit.edu
Subject: Re: Stealth Blocking

OK Let me start again. Lets go over some assumptions I made the
first time that
obviously need to be restated.

Like a large majority of all assumptions, they are based on little but your
own personal opinion of this issue...

1) MAPS is a single self appoint law enforcement agency on the
INTERNET. Don't argue
until you hear me out.

Fine, since I'm a nice guy and want to give you a chance, I'll leave my
replies to further down below.

a) MAPS creates the LAW, ie. no open relay

No. MAPS provides a listing of people with open relays (or dialup IPs, or
whatever, depending on what MAPS list you use). A phone book provides a
listing of restaurants providing Italian food; how is that different?

b) MAPS enforces the law and if you don't let them scan your
machine you are
automatically assumed guilty. Last I checked you needed a
warrent and some proof to do
that, one easily forgable email header is not proof, in any universe.

So, as someone else pointed out, you mind MAPS scanning your machine, but
you don't mind spammers relaying through it? I'm afraid that your value
system's logic is not apparent to me; perhaps you'll care to enlighten us?

c)MAPS sentences you. You are placed on this LIST rather or not
you are actually
generating spam. This is a case of the ends justifiys the means.

MAPS sentences you to WHAT??? MAPS is a LISTING.

It just so coincidentally happens that several thousands (or hundreds of
thousands) of your fellow network/system administrators don't want mail from
open relays.

So, MAPS makes a list of open relays and says to those people "here folks,
we'll give you a list of those open relays you don't WANT, so you don't need
to go and find them and block them yourself, which will take you forever". A
large amount of these people agree that MAPS' offering is useful to them.

The people sentencing you, to use your analogy, are the network
administrators using MAPS (or ORBS, or vi /etc/mail/access, or whatever) to
block you. Your crime? You run an open relay. If these people don't want
open relays talking to their mail servers, then I don't see who the hell you
are to tell them that they HAVE to accept mail from you. They don't. Each
network admins' servers are his/her own, and if he/she doesn't want his/her
servers to talk to yours, then too bad for you.

I might add that whether your open relay is abused or not isn't the
question; an open relay is almost like a loaded weapon being pointed at
someone else's servers. It will be abused someday, and being proactive means
blocking it _before_ the next wannabe spam king sends a few dozen gigs of
spam through you. If you get blocked _after_ the gigs of spam have been
sent, then there's still a lot of damage to be cleaned up.

on deaf MAP'S ears. I
don't like the IDEA of one person controlling the show. I would

What show? MAPS provides a listing. Obviously, whoever USES MAPS' listing
trusts MAPS' judgment, just like whoever buys a $WHATEVER based on
$INDUSTRY_PUBLICATION's opinion of it obviously trusts
$INDUSTRY_PUBLICATION. MAPS isn't FORCING anyone to use the RBL/DUL/RSS/etc,
last time I checked. (If that's their new policy, then I guess I'm in
trouble).

And if you use the MAPS list by your choice you are most
definetly filtering out email
or traffic for people who are legitimate. I know I have been
filtered before. MAPS is
using a very large hammer to kill a not so large bug.

Do you have any evidence to support your claim that spam sent through open
relays are a "not so large bug"?

In conclusion. I HATE spam like everyone else. I am just
opposed to the solution that
seems to keep gaining acceptance. And I have been asked by many
other people on and
off list to spot expressing my obviously un informed views. We
let me say that asking,
rather demanding, I stop questioning this is dead wrong and if
people didn't question
ideas we would still thing the earth was flat and we were the
center of the universe.

Well, OK, so you don't like the method MAPS has chosen, but now claim to
hate spam. At least _they_ are doing something to fight the problem; if you
don't agree with their method, then why don't you implement your own? I'm
sure lots of people would love a better solution than MAPS, because, as you
pointed out (and I agree with you that MAPS can lead to legitimate mail
being blocked due to the cluelessness or wilful blindness of various
admins), MAPS' way isn't perfect. But, for now, there isn't much else out
there...

Vivien

> > Third, the new 'rule' MAPS just came up with now is that you
> > must keep your
> > server open to their 'testing', or they'll blackhole you. See
> > for yourself:
> > MAPS RSS Remove Request
> > That is the reason given for blocking us the second time
> > around. No new
> > 'evidence', just open wide for inspection and say ahhh...

> Uhhh... so how do you propose that relays are tested to make
> sure they're
> closed before being removed from the database?

This is the very thing they considered abusive just a few months ago.
Wasn't it MAPS that blocked ORBS for scanning Abovenet's ports in the
first place? So now they took their rival's worst rules and made it their
own. Now it's my turn to say absolute rubbish.

  You're obscuring a very fundamental difference. ORBS scans everyone, with
no provocation. This is like checking if your neighbor's gun is loaded while
it's in his safe. MAPS scans those who have created problems for its
customers in the past. This is like checking if your neighbor's gun is
loaded while it's pointing at you.

  Once you connect to me, and in so doing create a problem for me, you have
no right to complain when I connect back to you. But if you connect to me
without provocation to search me for vulnerabilities, that's a horse of
another color.

  DS

  You're blocking MAPS' test, but you leave your server open to
  relay from just about anywhere else. Perhaps the error message
  they gave you was unclear, but it should be fairly obvious that
  if you want to get off the list, you have to close the relay.

'Just about anywhere else' is a gross exaggeration. We currently block over
3000 entries, from class B's to individual ips. As an example, all of
uu.net dial-ins, but NOT their SMTP servers. As another example, BellSouth
is the ILEC here, so many of our customers hold a dsl account from them
as well as a dial-up or domain with us. We can't block their ips. Some
of these customers keep their accounts because of the email address they
had with NetSide for years. And no, reselling dsl from BellSouth is not
a viable economical option.

  MAPS isn't "forcing" you to do anything, you know. You're very
  welcome to continue to leave it open. And, likewise, everyone
  else is equally welcome to block all mail from your server, with
  or without MAPS' easy removal process.

--
J.D. Falk SILENCE IS FOO!
<jdfalk@cybernothing.org>

Do you speak as a MAPS official, JD? Thought you held the title of MAPS
Product Manager. The forcing part comes with the conditions you attach.
They may hear your call and tighten the blockade. Then again, some may
start thinking independently...

It is not the integrity of our server, it's the deviant line from your
prescriptions that hurts here. Perhaps it's time an ISP questions your
authority to make the rules. Risking our neck, just like that. While I
respect your convictions and even ideals, I am strongly questioning your
methods by which you implement them. You are still treating our company
like some rogue .cn domain. One shoe fits all.

--Mitch
NetSide

1) MAPS is a single self appoint law enforcement agency on the INTERNET.
Don't argue until you hear me out.
a) MAPS creates the LAW, ie. no open relay
b) MAPS enforces the law

I didn't think I'd ever be drawn into this debate, however...

MAPS publishes a list of IP addresses. It might use whatever
bizarre mechanism it likes to generate them. However, in my
personal view, and many many other people, this lists bears a very
good correlation to IP addresses which I don't want sending
email to my mail server. They do this for free. Noone is forced
to use them. If you think the way they identify these IP
addresses is (a) irrational (b) unjust (c) bizarre, whatever,
please feel free to create your own competitive product/gift,
gain the sort of respect MAPS has, and good luck to you.

However, in the mean time, stop whining at people who
are merely publishing exactly that - a list of IP addresses
determined via a relatively well documented procedure - and,
if you have a good case (but I think not) start trying to
convince those thousands of users who think that subscribing
is a good way to stop spam that they are fundamentally wrong.

I infact installed MAPS to see if it helped the
problem. It did not because the user didn't run an open relay site
but rather a no confirmation email list. Would I be correct to
assume they should be in the MAPS list too?

They would be eligible for listing on the RBL per ERS - Home Page  | Trend Micro Service Central.

As you can see sometime
spam/annoying emails is not always sent throught an open relay but
sometimes it's a problem with mailing lists..... What should maps
do, start adding sites that act like this?

When we receive a valid and actionable nomination per the requirements of ERS - Home Page  | Trend Micro Service Central, it is investigated and handled according to procedures. If the entity is unable or unwilling to rectify the situation that allows them to continue to send unsolicited e-mail, they *do* get added to the RBL.

What we don't do is add them to the RSS. That's for open, single stage, abused relays. We haven't been escalating those to the RBL for the better part of a year. Multi-hop open abused relays are still eligible for listing on the RBL.

I am just making the point that if MAPS wasn't run by one person with
total control maybe some of us "retards who don't know what we are
doing" would be a bit more will to support the effort.

Well, since MAPS *isn't* run one person with total control but rather a good sized staff of folks that have various responsiblilties for receiving, assessing, investigating and recommending listings or otherwise resolving the nominations for our various lists, does this mean you are going to be supporting the effort?

You might want to read ERS - Home Page  | Trend Micro Service Central. I think you are a bit misinformed.

If you want to think of it in those terms, fine.

Like any other "law", the MAPS RBL has power only because the population
(of ISPs in this case) at large believes that it is just, and should be
followed. ISPs that subscribe to MAPS RBL are saying that they believe
that open relays should not exist, that MAPS should be able to test for this
condition, and that they don't want to receive e-mail from non-compliant
hosts. If you think this is a bad "law", then you'll need to convince enough
of the rest of the population at large of such, and then perhaps ISPs will
unsubscribe from the MAPS RBL.

/cbz

  Did I say POP-before-SMTP? I don't think I did... SMTP AUTH and TLS
are two completely setups than POP-before-SMTP and both are
supported by any
decent MUA. I agree POP-before-SMTP was not a good plan but it
worked before
the SMTP AUTH mechanism came of age. Now there is no logical reason not to
use it. Or let me guess you don't authenicate your NNTP server either like
most reputable USENET server admins are doing.

Sorry, I just have to respond to this. If the solution to the open relay
problem is to make all users/customers upgrade their mail software so that
SMTP AUTH can be used instead, then why not extend this idea to its logical
conclusion and stop using IPv4? Just do it, it's only a software upgrade,
after all, same as upgrading to MUAs that support SMTP AUTH. IPv6 would
probably help make a bigger dent in the spam problem than MAPS ever will.

It's just a software upgrade, no sweat right? Yet I know someone is going
to say "but that's different". I don't think it is, at least not different
in kind.

Lessee... RFC 2487 is SMTP over TLS, dated January 1999, and RFC 2554 is
SMTP AUTH, dated March 1999. So that's a wholesale upgrade of mail
infrastructure that has been more or less completed (forced?) in just two
years. IPv6 is described in RFC 1883, dated December 1995. And here it is,
6 years later...

I think a lot of priorities are bass-ackwards. Or maybe I'm just naive, and
there's other considerations, other agendas at work that I'm not aware of.

  Jeremy T. Bouse
--
,-----------------------------------------------------------------
------------,
>Jeremy T. Bouse, CCNA - UnderGrid Network Services, LLC -

www.UnderGrid.net |

       Public PGP/GPG fingerprint and location in headers of message

    If received unsigned (without requesting as such) DO NOT trust it!

jbouse@Debian.org - NIC Whois: JB5713 - Jeremy.Bouse@UnderGrid.net

`---------------------------------------------------------------------------
--'

Quoting Robert Sharp (rsharp@appliedtheory.com):

I would like to make the point that I do run two mail servers and both a maps approved.
Please don't tell me I don't know how to run a mail server. Again I am not discussing your
ability , please don't poke fun at me. In fact I had some trouble with spam on one of them
because someone was signing up a list I use for the owl networks mailing list. I infact
installed MAPS to see if it helped the problem. It did not because the user didn't run an
open relay site but rather a no confirmation email list.

What strange logic process brought you to the conclusion that you
should use MAPS to block email from one particular mailing list?
Maybe English isn't your native tounge and I'm just not understanding
you, or a thorough course of instruction on Internet email, and how to
block it, is in order.

Would I be correct to assume they should be in the MAPS list too?

Why, yes, if someone *nominates* the list for inclusion into MAPS and
shows documentation of the problem.
...

I am just making the point that if MAPS wasn't run by one person with total control maybe
some of us "retards who don't know what we are doing" would be a bit more will to support the
effort.

You think MAPS is just one person? You don't know a thing about what
you are complaining about, as evidenced by this and your other words
above. ERS - Home Page  | Trend Micro Service Central

Confusing it with ORBS, perhaps.

Aaron

I disagree. This isn't CLUELESS-NEWBIE-L. Anyone reading NANOG can probably smell a troll. I know it's hard to resist feeding them - I participated in my share of trollfests on SPAM-L in 98 and 99 (not to mention the flamewars between genuine anti-spammers who disagreed about methods), but I like to think that I learned from the experience. Trolls don't go away until they stop getting responses. If you must enlighten the peanut gallery, "Go away troll" would suffice. Anything more guarantees that he will continue trolling. Arguing with a troll as if he were a rational person gives him the appearance of credibility.You can't get the last word. I know, I've tried. You can't. No matter how irrefutably you prove your point, he will simply embellish his troll and post it again.

Sorry, I just have to respond to this. If the solution to the open relay
problem is to make all users/customers upgrade their mail software so that
SMTP AUTH can be used instead, .. [snip]

There's no "make them upgrade" about it.

The present installed base of MUA's is predominantly capable of doing SMTP AUTH out of the box, and every new PC sold with OE included free o' charge (yuk, but that's a different issue) increases the percentage of people who have ready access to the tools.

"Roaming" is not a right, its a privilege, and if you're one of the minority still using an MUA from 5 years ago that doesn't support it, then that's your own lookout.

Lessee... RFC 2487 is SMTP over TLS, dated January 1999, and RFC 2554 is
SMTP AUTH, dated March 1999. So that's a wholesale upgrade of mail
infrastructure that has been more or less completed (forced?) in just two
years. IPv6 is described in RFC 1883, dated December 1995. And here it is,
6 years later...

Apples... oranges.

D

The problem with your logic is that ad-hoc 'laws' conceived by majorities
do not necessarily reflect the actual law of the land. Our legal system
has conceived checks and balances against the tyranny of the majority.
There are compelling reasons throughout history why such system works
best. A trivial example of my point are anti-discrimination laws.

Unfortunately, technology jumped too far ahead, too fast. A lot of the
issues discussed here will revert back to normality, just like in any
aging frontier community, once the legal system catches up. Some may not
want the government's camel in their tent, but I say it's preferable to
the status quo and levels the playing field again for all players.

--Mitch
NetSide

Mike Batchelor was said to been seen saying:

Sorry, I just have to respond to this. If the solution to the open relay
problem is to make all users/customers upgrade their mail software so that
SMTP AUTH can be used instead, then why not extend this idea to its logical
conclusion and stop using IPv4? Just do it, it's only a software upgrade,
after all, same as upgrading to MUAs that support SMTP AUTH. IPv6 would
probably help make a bigger dent in the spam problem than MAPS ever will.

  I'm quite sure you meant for this to be some wise-ass comment so
I hate to disappoint you when I tell you my internal network is already
been upgraded to IPv6 at this time and welcome it globally as I assist to
do so.

  As for upgrading how many people are using a version of IE less than
4.0 these days? IIRC Outlook Express that came with IE 4.0 support SMTP AUTH.
As due many other very popular MUAs.

  I take it you also still design your websites for version 3.0 and
earlier browsers. Is it that hard to think that upgrades in the name of
better security are not a *WISE* and *PRUDENT* move rather than leaving
your frontdoor unlocked while you go out to the convience store?

  Jeremy

The type of cartel that was created here is against anti-trust laws in
the US. That's what is commonly referred to as conspiracy to restrict trade.
The legal aspects are well covered on http://www.dotcomeon.com Furthermore,
MAPS doesn't really openly publish its lists. Why do you think that's so?
Wouldn't it be nice, or at least fair for everyone to know who's listed?

And then those who are listed on ORBS complain that the list is being
used to suggest attacks on those open relays. While MAPS may not have a
single list you can download, anyone is free to lookup any IP address and
see if it is listed, so it is definitely public.

So now, how has my business bothered your business? It hasn't. I don't
recall any complaints from your service. That means we at least manage
and monitor our servers pretty effectively as configured, and we're not
unrepentent spammers. But we dared to be different. Face it, it's really
our philosophy that angers you.

Or perhaps because those who care to use MAPS didn't see any spam from your
servers in the first place...

I use RBL/RSS/DUL on my home email server. I recognize that some
legitimate mail to me may get bounced (I periodically check the logs to
see what is getting rejected, which is about 1 legitimate mail every 2-3
months), but that is a price I am willing to pay to avoid spam. Anyone
I really care to talk to knows other ways to contact me anyway.

My home email account gets about 1 spam per week, while my email address
at a previous employer (which does not use RBL/etc) gets about 150 spams
per day. Both addresses are listed as whois contacts, both have posted
messages on public mailing lists, etc. That is why I choose to block
sites listed there, and I suspect that is the reason most people choose
to use them. It has nothing to do with your philosophy -- I had no idea
who you were or what your philosophy was until you started this thread.

Nobody forces anyone to use any of the MAPS lists. At a previous
employer, we used MAPS RBL for a while until Netcom was blocked. As we
were an ISP, many of our customers complained about this so we stopped
using RBL until we were able to offer the option to enable it
individually per account and allow each customer to configure their
filters.

John A. Tamplin jat@jaet.org
770/436-5387 HOME 4116 Manson Ave
770/431-9459 FAX Smyrna, GA 30082-3723