MAPS backlash kicks off

Readers point Reg in right direction

  • alert
  • submit to reddit

High performance access to file storage

Site blocking furore kicks off

Having severely flamed young Kieren McCarthy over his MAPS allegations, our readers decided that they weren't finished with him yet. First in line is Rich Tietjens:

Re: "MAPS needs to improve its own public relations rather than rely on its supporters to spam anyone that dares criticise it. That still holds."

I suppose that it would be really, really smart for MAPS to violate the restraining order in the MEDIA3 vs. MAPS lawsuit and issue a bunch of press releases. Yes, I'm sure that's a wonderful idea.

Oh, and reader feedback is now considered "spam?" Bloody cheek, you lot!

Say, I wonder, is Keiren McCarthy any relation to the "Jamie McCarthy" who's posting anti-MAPS propaganda at Slashdot? They both seem to be utterly incapable of fact-checking, and rather starry-eyed over their hero, Bennet Haselton, the lapdog of spammers everywhere.

Credibility at The Reg has just gone down the toilet.

For the record, the two McCarthys are unrelated. Now, Atro Tossavainen offers us a brick-by-brick demolition:

You're being fed by Bennett Haselton. Please do your homework. Let me point out some factual errors in your article:

"MAPS hunts for open mail relays that will allow spammers to use companies' servers and drive millions of people mad with worthless messages."

MAPS hunts for nothing. MAPS does nothing at all to actively identify network abusers of any kind. Volunteers, that is, spam recipients, let MAPS know about problem net- works. MAPS itself merely sits back and waits for reports of such hosts or networks to come in, then researches those reports, and perhaps acts on them.

"If it finds one, it blacklists it by putting it on its RBL list."

No. Open relays are generally not even listed on the MAPS RBL. They usually are listed on MAPS RSS Relay Spam Stopper, which is a fully automated list, but not in the sense that you have explained.

MAPS RSS works like this: A spam recipient sends in a copy of a spam sent through an open relay, includes a Relay: IP.ad.dr.ess line, and the RSS automaton verifies the openness of the relay by posting a test message to itself. If the relay is found to be open, it is listed. MAPS RSS affects nothing else but reception of e-mail sent through servers that are listed on it to sites which subscribe to MAPS RSS.

"What appears to be happening is that if MAPS finds a mail server that is left open, it also blocks that server's Web site."

No. First of all, MAPS blocks nothing at all. It has no control over the Internet connections of anybody but itself. They issue advisories, which others can use if they so choose. Second, only open relay e-mail servers are listed on MAPS RSS.

MAPS RBL can list spam originators, multi-level relays, supporters of spam or spam services, etc. Please see the MAPS RBL criteria for a full listing, at www.mail-abuse.org/rbl/candidacy.html.

It is up to the subscribers to decide how they want to use any MAPS list. They can be used to control e-mail delivery, and even many MAPS RBL subscribers only use them for this purpose. The RBL can also be used on a router level. This means that a hardware device ("router") that transmits traffic between networks is instructed to use the RBL for access control. Any traffic coming from, or directed at, an IP address that is on the RBL will then be stopped. This is not aimed specifically at e-mail, or Web traffic - all Internet Protocol (IP) traffic is similarly affected.

I reiterate, MAPS itself blocks nothing. They have no access to my network, or yours. If I, or you, as a network owner, want to consult their opinion, you can, but nobody can force you to.

"The main problem however is MAPS' (and arch-enemy ORBS) attitude towards spamming. They will blacklist someone but not tell them"

No. Both MAPS and ORBS will send a network owner plenty of notices before adding any IP address on any list.

"They will only remove someone from the backlist when they deem it right."

MAPS RSS and ORBS entries are only removed when the listed server no longer is an open relay and the owner (or anybody, indeed) has requested it to be removed.

MAPS RBL listings, and their removal, depend on the reason the IP address was listed in the first place, and can't be explained here briefly. Read the RBL documentation.

But ahead of that (at least from our perspective) is that they will never talk to anyone, never explain or defend themselves and certainly never apologise.

If you don't read e-mail addressed to postmaster (required by Internet standards since 1982), or the domain contacts in the domain registry database, or even snail mail or fax messages or answer your telephone, you can hardly blame MAPS for not trying to contact you.

Every MAPS listing with its reasons is explained on the MAPS website, ditto for ORBS.

MAPS goes to extremes to avoid false positives, and so they generally don't happen. For correct listings, why apologise? Does Consumer Reports apologise for calling a product bad when it was in fact bad?

Ok. That's enough right to reply for this week. Keep it coming...

High performance access to file storage

More from The Register

next story
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story


Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.