Mail Abuse Prevention System
Encyclopedia
The Mail Abuse Prevention System (MAPS) is an organisation that provides anti-spam support by maintaining a DNSBL
DNSBL
A DNSBL is a list of IP addresses published through the Internet Domain Name Service either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time...

. They provide five black lists, categorising why an address or an IP block is listed:
  • Real-time Blackhole List (RBL), the one for which MAPS is probably best known.
  • Dialup Users List (DUL), blocks of addresses that include many SOHO
    Small office/home office
    Small office/home office, or SOHO, refers to the category of business or cottage industry which involves from 1 to 10 workers. SOHO can also stand for single office/home office....

     users.
  • Relay Spam Stopper (RSS), spam relays, e.g. hijacked servers.
  • Open Proxy Servers (OPS), naively open SMTP servers.
  • Non-confirming Mailing List (NML), marketers who use opt-out strategy.


The acronym MAPS is spam
E-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...

 spelled backwards.

History

MAPS was founded in 1996 as a non-profit organization
Non-profit organization
Nonprofit organization is neither a legal nor technical definition but generally refers to an organization that uses surplus revenues to achieve its goals, rather than distributing them as profit or dividends...

 to pioneer innovative anti-spam techniques (e-mail).

The early history of MAPS is the History of DNSBLs itself. Dave Rand and Paul Vixie
Paul Vixie
Paul Vixie is an American Internet pioneer, the author of several RFCs and well-known Unix software.Vixie attended George Washington High School in San Francisco, California. He received a Ph.D in computer science from Keio University in 2011....

, well known Internet software engineers, started keeping a list of IP addresses that had sent them spam or engaged in other behavior that they found objectionable. The list became known as the Real-time Blackhole List (RBL). Many network managers wanted to use the RBL to block unwanted e-mail. Thus, Rand and Vixie created a DNS-based distribution scheme that quickly became popular.

Sure that there was an absolute right to publish an anti-spam blacklist, MAPS published a "How to Sue Us" page, inviting spammers to sue them and help them create case law. In 2000 MAPS was the named defendant in no fewer than three lawsuits, being sued by Yesmail, Media3, and survey giant Harris Interactive. As the first lawsuits came in, MAPS brought in Anne P. Mitchell
Anne P. Mitchell
Anne P. Mitchell is an attorney, Professor of Law, and the founder and CEO of the Institute for Social Internet Public Policy.-Personal life:...

 as their Director of Legal and Public Affairs.

In 2001 the company started to require a subscription for accessing their lists. Non-subscribed users received a dummy unlisted response. MAPS explained that their expectation to get enough funds from free support failed, forcing them to make that decision. However, the spirit of the company remained that of a non-profit organization. Their subscription page was quite hidden in their .org web site, and their fax-based subscription mechanism was rather awkward.

In 2004 MAPS became a division of Kelkea, Inc. They moved from Redwood City to San Jose, and from .org to .com. Dave Rand was the founder and CEO of Kelkea at the time.

In June 2005, Trend Micro, Inc.
Trend Micro
Trend Micro Inc. is a computer security company. It is headquartered in Tokyo, Japan and markets Trend Micro Internet Security, Trend Micro Worry-Free Business Security, OfficeScan, and other related security products and services...

 acquired Kelkea. That brought substantial improvement to the subscription mechanism, including a fully automated method for getting temporary subscriptions. In addition, subscribers are provided with personalised web pages where they can view reports and also set up whitelisting and blacklist
Blacklist (computing)
In computing, a blacklist or block list is a basic access control mechanism that allows everyone access, except for the members of the black list . The opposite is a whitelist, which means allow nobody, except members of the white list...

ing options. Whitelisting is particularly convenient, as it allows to whitelist thousands of IP addresses with a few clicks.

Criticism

Proposing so many lists can confuse a MAPS subscriber; postmasters may hurriedly subscribe to all lists. The difference between an open proxy that relays spam and a, somehow open, spam relay is not clear, and so postmasters may just conclude that the more lists they use the more spam they block. However, one of MAPS lists, the DUL, is significantly different from the others. DUL addresses are dynamically assigned or statically allocated to end-users, they are not directly related to spam and there is no evidence in MAPS archives that any such address has ever been used to relay spam.

DUL's purpose was to educate users to relay mail through an acknowledged ISP, rather than running their own mail servers. That behavior would bring various advantages and disadvantages. Acknowledged ISPs can, in general, afford to monitor their systems more thoroughly in order to avoid viruses, hijackers and similar threats. Furthermore, it paves the way for effectively exploiting policies like SPF
Sender Policy Framework
Sender Policy Framework is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF...

 that rely upon end-user SMTP authentication in order to block email address abuse, but it prevents users of their own domain to publish a proper SPF policy. In addition, ISP email relays are incompatible with fine-grained IP address blocking: if they relay spam and get blocked, it affects all their users.

MAPS fails to disambiguate the concepts of acknowledged ISP versus end-users of IP addresses with a formal definition. While it may be relatively straightforward to recognize ISPs who are network providers, mailbox providers are easily confused with end-users of different kinds. When coupled with the ability to easily whitelist IPs by Local Internet Registry
Local Internet Registry
A local Internet registry is an organization that has been allocated a block of IP addresses by a regional Internet registry , and that assigns most parts of this block to its own customers. Most LIRs are Internet service providers, enterprises, or academic institutions. Membership in an RIR is...

/region to correct obvious shortcomings, using the DUL to block mail may result in an obscure policy that jeopardizes the global reliability of email delivery.

What constitutes spam sources is determined after an an ambiguous set of guidelines and personal opinions. MAPS have interfered with the mail services of companies simply because of considering them to be a potential spam risk, even if delivery of spam directly from each of the involved IP addresses had never occurred.

It generates an amount of false positives much higher than MAPS claims to be aware of, blocking many legitimate websites and end users, and yet catching only an estimated 2% of spam..
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK