The truth behind the Realtime Blackhole List Cyber-terrorists. Anarchists. Anti-commerce radicals. These are all terms that have been used in our industry to describe MAPS (Mail Abuse Prevention System LLC) and the people associated with it. Unfortunately, while perception is often reality, in this case it’s quite far from the truth. But to understand that, it’s probably useful to explain its history and the MAPS process.
In 1994, Arizona attorneys Laurence Canter and Martha Siegel created a major uproar with their infamous “green card” Usenet spam, followed shortly by infamous spammer Sanford Wallace’s e-mail version. The ISPs felt the immediate effect, but they had little power to control the flood. Peering arrangements (agreements to exchange traffic) were largely informal at that time, and AGIS, the ISP that provided them with a home, refused to disconnect them.
Paul Vixie, an architect of the modern Internet and the author of some fundamental protocols related to routing, decided to do what many individual systems administrators were doing: He set up a system that allowed him to block traffic from spammers and abusers on his small network in the Palo Alto, CA area.
Clearly, the fact that he stopped the spammers from reaching his few machines was of no consequence to most of them. But he began trying to educate the unsolicited e-mailers and their providers about the detrimental effects of their actions. In many cases, these people didn’t know that what they were doing on the Internet wasn’t considered polite, and most of them ceased immediately. When they did, Paul removed the blocks to his network.
As it happens, the Internet community had selected Paul as the computer scientist most trusted to maintain a piece of software critical to the Internet’s functioning. The software, called Bind, is used by every Unix computer in the world. People began to hear about Paul’s effectiveness at blocking spammers. They asked him if they could rely on his ongoing list of active spammers, in the hopes that they could block such unsolicited e-mail before it got to them. Paul’s knowledge of Internet design came into play, and he began using the routing protocol, as well as a version of Bind, to make the information available to anyone who wanted it. The “subscribers” were able to have their systems updated within a few seconds of Paul’s addition or removal of the spammers’ addresses from the list.
Because most of the Internet community at the time trusted Paul and his philosophical position and judgment on the issue, the number of subscribers grew to the point where an estimated 40% of the Internet user base now makes use of Paul’s information.
Unfortunately, the Internet got bigger, spammers got smarter, and as a result Paul’s workload grew; he needed trusted volunteers to help him investigate and act on spamming complaints. Today, Paul and his partner pay salaries to some 20 people who make up the MAPS staff. These people work on a variety of MAPS projects in addition to the Realtime Blackhole List (RBL), but all of them focus on spam. So much for the history…
Despite what many believe, a person cannot be added to the RBL based on a single complaint. It is, in fact, exceedingly difficult to get on the list. This sparks complaints daily from some anti-spam zealots who file a nomination, or complaint, with MAPS, and are then outraged when the reported spammer is not put on the list. Here’s what usually happens:
An Internet user sends a complaint to the RBL, and asks that the e-mail abuser’s address be added to it. The nomination is routed to an investigator who goes through a mandatory and consistent process.
First, the investigator makes sure that the complainant has followed the guidelines for making a nomination. This includes providing evidence that the complainant wrote to or called the spammer and/or the spammer’s upstream provider. The evidence confirms that despite reasonable follow-up, the ISP has failed to respond, or has refused to take action.
The investigator will then search through MAPS’ logs to see if the spammer has any history of complaints in the system. Unless the history shows that the person has consistently ignored complaints and refused meaningful discussion with MAPS, the investigator will generally attempt to contact him, and begin a dialogue in order to encourage him to stop his abuse. If the e-mailer works for an organization, the investigator will contact officials there. In many cases, the organization is unaware of their employee’s actions, and the problem is easily solved.
If this fails, the investigator will then involve the spammer’s upstream ISP to get it to pressure him to stop. If this doesn’t work, MAPS will then ask the provider to take direct action. Almost every ISP has an acceptable usage policy that prohibits spam, and in these cases the provider enforces it to solve the problem. In most cases of repeat spammers, the ISP terminates their connection. But some have a zero tolerance policy, which results in instant cancellation of even a first-time offender.
After all this, if a) MAPS is still unable to encourage a change in an unsolicited e-mailer’s activities; b) the upstream ISP is unable or unwilling to take action; c) the person continues to spam; and/or d) reasonable discussions break down, the investigator makes a recommendation to one of the MAPS managers. If the manager cooperates, final approval is sought from Paul or his partner, and only then is the person’s IP address added to the RBL.
However, this isn’t the end of the process. Professional hardcore spammers immediately change the IP addresses of their machines if they’re blocked. If MAPS receives reports and subsequently confirms that a spammer has changed addresses in an attempt to circumvent the RBL, the new address is added to a growing list.
If the abuser moves to another provider, the new addresses are added, and the new provider is notified and asked to terminate the account. If a spammer contacts MAPS and begins a serious discussion about finding a way to meet the MAPS standards of behavior, the addresses are removed immediately.
The block remains removed as long as there is a genuine discussion in progress. If a resolution is reached, the reformed spammer is placed on MAPS probation. If he returns to his old ways, he is renominated. However, the process is much shorter the second time around.
MAPS is not a weapon of punishment – it’s a tool of education. MAPS’ mission is to use that opportunity to educate Internet users about the damage caused by spamming and related abuse, and to encourage responsible behavior. It is neither arbitrary nor spontaneous. And it’s not run by people who are radicals, cyber-terrorists or anti-commerce zealots.
Network
