24 Feb
2000
24 Feb
'00
1:47 a.m.
Greetings;
We have recently made changes to our mail servers here that may possibly
affect some list users. In our ongoing effort to limit SPAM, our mail
servers were recently configured to utilitize the MAPS RBL, DUL, and RSS
databases (see www.mail-abuse.org for details).
Entities that send spam typically make use of mail servers that are
improperly configured in such a way as to allow relaying (ie. they are "open
relays"). This means that these problem mail servers are often used to
bounce mail off of and redistribute spam. Our mail servers have been
configured to properly reject mail that is neither from or to a "local"
address for many years. However, if our users (or any domains we host,
including classiccmp.org) are on the spammers mailing list we have not been
able to reject that spam in the past because the target address was both
valid and local. By utilizing MAPS, any inbound mail is checked to see if it
originated from a system or network that is known to be an open relay - if
so, the message is rejected. Thus not only are we not an open relay, but we
will refuse to accept or send mail that is from or to any system that is an
open relay. That is the function of RBL and RSS; DUL is a blacklist of
non-open relays that are however known originators of spam.
You can check the above URL for details, but the basic gist is that when
anyone on the internet receives junk mail via an open relay, they can submit
the open relay's IP address to the MAPS database. The MAPS folks will test
the server and if problematic they'll contact the administrator for that
system and ask them to fix their open relay. If they do not fix the system
within 5 days, they are added to the maps database. Once the administrator
fixes the open relay their system is retested by MAPS and if compliant it is
removed from the database. Our mail servers will not accept mail from or
deliver mail to any system in the MAPS database. You can tell if you've
encountered this by your message being returned to you with a note clearly
stating that your message was rejected due to RBL, DUL, or open-relays.
As you may gather, this does open the possibility of "throwing the baby out
with the bath water". If your ISP has an open relay, we will not accept your
mail. In this case you need to call your ISP and ask them to fix their mail
server security deficiency. If one of your ISP's other customers is a source
of spam, it is somewhat possible your ISP will be blocked (which albeit
unfairly blocks you). This generally isn't much of a problem because most
ISP's are very responsive to requests from MAPS. After weighing these issues
we decided that there's no reason that our servers should have to converse
with other servers that are known to be insecure or frequent sources of
spam. We really really really dislike spam, and feel that this action is
wholly appropriate.
Regards,
Jay West
24 Feb
24 Feb
2:35 a.m.
At 06:47 24-02-2000 -0600, you wrote:
Greetings;
We have recently made changes to our mail servers here that may possibly
affect some list users. In our ongoing effort to limit SPAM, our mail
servers were recently configured to utilitize the MAPS RBL, DUL, and RSS
databases (see www.mail-abuse.org for details).
<snurph>
Good news, Jay, thanks much for the update. FWIW, I wholly agree with this
course of action. In fact, I plan to configure my own mail server(s) in a
similar way (if USWorst ever gets their act together and gets DSL out here!)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Bruce Lane, Owner and head honcho, Blue Feather Technologies
http://www.bluefeathertech.com // E-mail: kyrrin(a)bluefeathertech.com
Amateur Radio: WD6EOS since Dec. '77
"Our science can only describe an object, event, or living thing in our
own human terms. It cannot, in any way, define any of them..."
3:57 a.m.
We have recently made changes to our mail servers here
that may possibly
affect some list users. In our ongoing effort to limit SPAM, our mail
servers were recently configured to utilitize the MAPS RBL, DUL, and RSS
databases (see www.mail-abuse.org for details).
[...] (ie. they are "open relays"). [...]
[...] We really really really dislike spam, and feel that this action is
wholly appropriate.
First of all, I realy apreciate your efforts to reduce SPAM,
and I feel that choosing your system was a real good isea.
Just, I have a bad feeling about droping esential parts of
free networking - the shareing of resources. Only because
some Jerks missuse them. It's like puting an expiration
date on the driver licence and ask for renewal just because
some guys like to drive slow on the left lane. Or to ban
free speech just because some idiots don't know eht hey say ?
Hmm I guess I have a hard time to tell my view in English.
I just feel bad about the very basic idea.
Gruss
H.
Testing 1, 2, 3 :)
--
VCF Europa am 29./30. April 2000 in Muenchen
http://www.vintage.org/VCFe
http://www.homecomputer.de/VCFe
5:41 a.m.
Jay West wrote:
Greetings;
We have recently made changes to our mail servers here that may possibly
affect some list users. In our ongoing effort to limit SPAM, our mail
servers were recently configured to utilitize the MAPS RBL, DUL, and RSS
databases (see www.mail-abuse.org for details).
Entities that send spam typically make use of mail servers that are
improperly configured in such a way as to allow relaying (ie. they are "open
relays"). This means that these problem mail servers are often used to
bounce mail off of and redistribute spam. Our mail servers have been
configured to properly reject mail that is neither from or to a "local"
address for many years. However, if our users (or any domains we host,
including classiccmp.org) are on the spammers mailing list we have not been
able to reject that spam in the past because the target address was both
valid and local. By utilizing MAPS, any inbound mail is checked to see if it
originated from a system or network that is known to be an open relay - if
so, the message is rejected. Thus not only are we not an open relay, but we
will refuse to accept or send mail that is from or to any system that is an
open relay. That is the function of RBL and RSS; DUL is a blacklist of
non-open relays that are however known originators of spam.
You can check the above URL for details, but the basic gist is that when
anyone on the internet receives junk mail via an open relay, they can submit
the open relay's IP address to the MAPS database. The MAPS folks will test
the server and if problematic they'll contact the administrator for that
system and ask them to fix their open relay. If they do not fix the system
within 5 days, they are added to the maps database. Once the administrator
fixes the open relay their system is retested by MAPS and if compliant it is
removed from the database. Our mail servers will not accept mail from or
deliver mail to any system in the MAPS database. You can tell if you've
encountered this by your message being returned to you with a note clearly
stating that your message was rejected due to RBL, DUL, or open-relays.
As you may gather, this does open the possibility of "throwing the baby out
with the bath water". If your ISP has an open relay, we will not accept your
mail. In this case you need to call your ISP and ask them to fix their mail
server security deficiency. If one of your ISP's other customers is a source
of spam, it is somewhat possible your ISP will be blocked (which albeit
unfairly blocks you). This generally isn't much of a problem because most
ISP's are very responsive to requests from MAPS. After weighing these issues
we decided that there's no reason that our servers should have to converse
with other servers that are known to be insecure or frequent sources of
spam. We really really really dislike spam, and feel that this action is
wholly appropriate.
Regards,
Jay West
I don't believe in RBL's etc. to combat spammers. I prefer a baseball
bat. They
don't learn anything from it, they're too goddam stupid, but it makes me
feel better.
Seriously, there are valid reasons to use or offer an open relay, and
there are other technical means to deal with spam, which are improving
with time. The MAPS
RBL throws the baby out with the bathwater, and smacks of moral
cowardice, hypocracy bolstering the egos of the net.nazis pushing it on
everyone, to boot. I feel that strongly about it. I'd much rather let my
mail system filter the spam out than have my options restricted by a
pack of dissimulating busybodies, whose motives I question when all
their actions appear to be dirty work designed to artificially bolster
the hegemony of the big ISPs.
Nevertheless, it's not my list, and it's up to you, Jay, as the
administrator, to run it as you see fit. I implore you, though, NOT to
use the DUL, at least, as this just flat out discriminates against those
of us who are forced by circumstance to run our mail servers on dial-up
dynamic IPs. No one has to complain to anyone that you have spammed. The
DUL simply collects all the known major ISP dynamic IP ranges
preemptively. This just isn't fair. They hide this in the fine print,
and then pass the blame to you, the sysadmin. (Oh, WE didn't block your
mail, complain to Jay West. (How, if he's blocking your mail?)) I've
lost out on at least one multi-thousand dollar deal because of this
nonsense.
How Vixie lets his name be used for this crap is beyond me. If you were
trying to generate as much tension and animosity amongst users and
administrators as possible, you couldn't do a better job. Doesn't anyone
else see what's wrong with this picture? It's not fair to me, you, or
the average list reader, no matter how much mealy-mouthed propaganda
we're all fed.
My intention is not to start flames. I'd go to n.a.n.a.e for that. I
realize that mine is not a popular opinion- it's totally against the
recieved wisdom from the net.gods and issue-milking politicians- but
it's a valid one, and I had to put my 2 cents in.
Sincerely,
James B. DiGriz
6:17 a.m.
My intention is not to start flames. I'd go to
n.a.n.a.e for that. I
realize that mine is not a popular opinion- it's totally against the
recieved wisdom from the net.gods and issue-milking politicians- but
it's a valid one, and I had to put my 2 cents in.
Sincerely,
James B. DiGriz
My $.02.
I Have used the same ISP for over 7 years and the username is well worn
but every time there is a security hole or some list also echos to to the
newsgroups I get spammed to death. I get tired of updating procmail to
get rid of UCE and Pornspam! It's so bad that I've put some domains in
there so if someone send me legitimate mail I don't see it. Now I'm on
some dammed opt-inbroacasts list that I didn't ask for and I don't think
12-15 spams (not including duplicates) is acceptable. ANYTHING that
makes if harder for spammers is fine by me. I don't think I have to be
burdened with the load of filtering that crap or doing maintenance on it
because some spammer things it's a good thing.
Servers are private property, Someone owns it, pays for the juice and
while it's reasonable to support some free activity there is a point where
stopping misuse and outright abuse of the server is not unreasonable. If
I were on the net I'd be mighty PO'd if someone were using the server for
profit (transport of advertizing) and not sharing the cost of the hardware
and admin time.
Allison
6:42 a.m.
New subject: (OT) Re: Mail servers changes (INFO)
"James B. DiGriz" wrote:
[stuff deleted]
Nevertheless, it's not my list, and it's up to
you, Jay, as the
administrator, to run it as you see fit. I implore you, though, NOT to
use the DUL, at least, as this just flat out discriminates against those
of us who are forced by circumstance to run our mail servers on dial-up
dynamic IPs. No one has to complain to anyone that you have spammed. The
DUL simply collects all the known major ISP dynamic IP ranges
preemptively. This just isn't fair. They hide this in the fine print,
and then pass the blame to you, the sysadmin. (Oh, WE didn't block your
mail, complain to Jay West. (How, if he's blocking your mail?)) I've
lost out on at least one multi-thousand dollar deal because of this
nonsense.
In our case, on advise of corporate counsel, we've actually relaxed
our anti-smap measures somewhat. We don't have a reason to relay,
so we don't, and we still honor RBL, but we've tossed everything
else. It's a long and debatable argument, but in essence we've been
told that deciding to accept or reject messages based on origin
compromises our common carrier status and could effectively make us
liable if a downstream user was doing something illegal. Remember,
the law, particularly in the US, doesn't really care if something
is technically practical; once we demonstrate that we can filter
messages in *any* fashion it's trivial to be found liable for a
failure to filter in *every* fashion, particularly in a civil
action. We decided that no matter how remote the risk we didn't want
to be on the hook for some pedophile's on-line activities.
Interestingly, the opinion was that it's okay to filter *on behalf
of the user*, i.e., if the *user* tells us to filter the mail (or
constructs their own filters) then we're off the hook, in the
same fashion that calling number block/anonymous caller block can
be implemented by the telcos without affecting their CC status. So
now we're cooking up a scheme to allow not-terribly-technical users
to set procmail filters.
Chris
--
Chris Kennedy
chris(a)mainecoon.com
http://www.mainecoon.com
PGP fingerprint: 4E99 10B6 7253 B048 6685 6CBC 55E1 20A3 108D AB97
7:31 a.m.
New subject: (OT) Re: Mail servers changes (INFO)
On Thu, Feb 24, 2000 at 09:42:28AM -0800, Chris Kennedy wrote:
Interestingly, the opinion was that it's okay to
filter *on behalf
of the user*, i.e., if the *user* tells us to filter the mail (or
constructs their own filters) then we're off the hook,
OK then! Jay -- as a user of this list, I request that you go all-out and
put in whatever spam blocks you can.
I'm constantly deluged in spam from every side so anything to filter even
one possible source is OK by me. UUCP and Bitnet are long gone, the net
isn't a cooperative bunch of non-profit institutions scratching each other's
backs to get the packets through any more. Every step of the way is paid
for by the people using it and it's perfectly reasonable for them to refuse
to allow their systems to be used to generate someone else's advertising,
*especially* when the intent is not only to steal services, but to hide
the thief's identity so they won't be held accountable.
This crap about opt-in mailing lists is especially annoying. I've never
opted into one of these things in my life, in fact every time anyone asks for
my email address when I'm making an order or whatever, I specifically tell
them *not* to put me on any mailing lists. But these days most of my spam
contains an accusation that I *asked* for it -- I suppose they think this
is some kind of legal loophole, they can play dumb and say they *thought*
I opted in. I even got one of these from PLX Tech recently, you'd think
a reputable IC manufacturer would know better...
And these days I keep my fax machine turned off too -- seriously 9 out of 10
faxes I was getting were commercial spam, even though that's a direct violation
of the FCC rules (which say that you can't send unsolicited commercial faxes
to anyone unless you have an established business relationship with them).
Apparently these bozos see my print ads and figure that the reason I thousands
per year for the ads is actually because I'm just itching to buy their piles
of used monitors, and I want to let them use *my* printer and ink cartridge
to print their ads. Usually they leave off the header giving the originating
fax number, which is also illegal.
What happened to the good old days when this crap only came by snail mail and
cost nothing!
John Wilson
D Bit
5:02 p.m.
New subject: (OT) Re: Mail servers changes (INFO)
John Wilson wrote:
On Thu, Feb 24, 2000 at 09:42:28AM -0800, Chris
Kennedy wrote:
Jerome Fine replies:
Ditto!!! Please put in whatever spam blocks you can for me as well!!
Interestingly, the opinion was that it's okay
to filter *on behalf
of the user*, i.e., if the *user* tells us to filter the mail (or
constructs their own filters) then we're off the hook,
OK then! Jay -- as a
user of this list, I request that you go all-out and
put in whatever spam blocks you can. What happened to the good old days when this crap only
came by snail mail and
cost nothing!
And cost the advertiser big dollars just for the postage. Now that is what I
call an effective filter. In addition, there should be a requirement for reasonable
SUBJECT/DATE/FROM/TO portions of every e-mail and any mass spam
could easily be checked to see how many (almost) identical messages are being
sent if the number of messages with the same "TO:" are being found - especially
if the "TO:" is not a valid address to respond to.
Finally, I have asked this question in the past. Will every message that includes
an attachment have the attachment checked for a virus? In many case, I am
loathe to open an attached file if I don't know the person who has sent the
e-mail. On some rare occasions, even Netscape seems to send the e-mail
as an attachment even though it was not expected.
Sincerely yours,
Jerome Fine
10:19 a.m.
New subject: (OT) Re: Mail servers changes (INFO)
Chris Kennedy <chris(a)mainecoon.com> wrote:
we've been told that deciding to accept or reject
messages based on origin
compromises our common carrier status
Possibly. But only if you actually have common carrier status, or can
make a credible claim that you should. Have they passed any law granting
such status to ISPs? I'd think that would be big news, and I haven't
heard of it.
11:48 a.m.
New subject: (OT) Re: Mail servers changes (INFO)
Eric Smith wrote:
Chris Kennedy <chris(a)mainecoon.com> wrote:
We and most other ISPs advance the argument that we are not responsible
for the content which passes through our infrastructure, arguing that
we are the bit-shipping analog to telcos -- and hence should have the
same indemnification from acts of our subscribers which might be
criminally or civilly actionable. Of course we add explicit indemnification
language to our subscription agreements as well.
Is there a legislative CC mandate? No. Has this argument been used
successfully in court? According to counsel, yes. Would
the argument be as effective if we demonstrate the ability to filter
objectionable material on behalf of our subscribers but without their
explicit direction or consent? Probably not, because the telcos
don't do so. I'm not sure that I completely subscribe to that position,
but we pay these people for their legal opinions because they're supposed
to know more about telecommunications law than we do.
--
Chris Kennedy
chris(a)mainecoon.com
http://www.mainecoon.com
PGP fingerprint: 4E99 10B6 7253 B048 6685 6CBC 55E1 20A3 108D AB97
we've been told that deciding to accept or
reject messages based on origin
compromises our common carrier status
Possibly. But only if you actually have common carrier status, or can
make a credible claim that you should. Have they passed any law granting
such status to ISPs? I'd think that would be big news, and I haven't
heard of it.
6:44 a.m.
In response to one or two people who voiced complaints about MAPS.
First, one or two people said there are valid reasons for running a mail
server as an open relay. *BS*. That's not just silly, that's ludicrous.
There is no reason to configure your mail server as an open relay unless you
are specifically intending to allow SPAM/UCE. Any possible scenario that you
can come up with as to why a mail server should be an open relay can easily
be addressed with other methods that were specifically designed for those
cases. As a matter of fact, most any mail server software is preconfigured
by default to disallow relaying (nowadays).
Second, I am not keeping anyone who wants to operate an open relay from
doing so. They are perfectly free to do it. However, *I* am not obligated to
talk to their mail server and put myself at risk. To take the argument to
silly levels to illustrate the point. Let's say someone chooses to configure
their mail server so that every inbound and outbound piece of email gets a
virus attached to it. Fine - I'll defend their right to do that. But I will
also defend my right to not converse with their server. I'm not saying folks
can't run open relays - I'm just saying I don't have to allow my servers to
come in contact with them.
Third, the above argument isn't quite as silly as it sounds. You think SPAM
isn't on the same level as virii? When spam traffic isn't at denial of
service levels, it costs us hundreds of manhours of support. I can't begin
to tell you how many calls we get each day from people who have received so
much SPAM (or a small amount but the spam has big attachments) that they
think their mail isn't working when in fact they're trying to download 200
messages over a slow 33.6k link. We have to go in and manually clean out
their mailboxes for them. Not to mention the amount of processor, memory,
and disk space it chews up on my servers, or network bandwidth that I have
to pay a kings ransom for. And then when the spam hits denial of service
levels, it directly affects both my and my customers livelihoods. Mail
servers drives fill up or processor usage tops out... etc. etc. and the
servers halt. Then my customers can't get the email service they're paying
for and my image suffers.
Fourth, DUL does not indiscriminately single out users. Only specific
addresses that have proven to send (not one or two, but) hundreds of bulk
spam and that refused to cease doing so are listed. DUL does not reject mail
just because someone has a dynamic IP on their mail server. That argument is
plain false.
Lastly - I absolutely hate to say this (and do so reluctantly) - and anyone
here who knows me knows I'm am not a dictatorial pushy force-my-will type
person. I am not a "net-nazi"; many of you recall how hesitant I was to make
any decision on my own (re: the reply address argument of several weeks ago)
regarding the list. However, in this case I'm truely *VERY* sorry to say
apologetically - you don't have a choice. If it was just the list, that'd be
a different story but when it affects my entire service, that's my call to
make. You are all welcome to discuss the merits/deficiencies of open relays,
but our servers will continue to use MAPS.
Respectfully,
Jay West
8:20 p.m.
I rambled on the messages so far, prepared to post pointed comments pro and
con, and then I realized we don't get any spam on this list. Since the list
changed to closed, you have to be a member to post, it has eliminated spam
that wasn't even much of a problem before.
As long as we don't have any active problems I see no reason for further
comment.
8888
days inactive
8889
days old
11 comments
10 participants
participants (10)
-
allisonp@world.std.com -
chris@mainecoon.com -
eric@brouhaha.com -
Hans.Franke@mch20.sbs.de -
jbdigriz@dragonsweb.org -
jhfine@idirect.com -
kyrrin@bluefeathertech.com -
mikeford@socal.rr.com -
west@tseinc.com -
wilson@dbit.dbit.com