North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: RBL-type BGP service for known rogue networks?

  • From: Rodney Joffe
  • Date: Sat Jul 08 13:32:48 2000

Peter van Dijk wrote:
> On Fri, Jul 07, 2000 at 12:18:15PM -0400, Shawn McMahon wrote:
> > The ORBS approach:
> >
> > Put people on the list quickly, and make it easy for them to get back off the
> > list.

Unfortunately, while this is an admirable objective, it is *not* the way
ORBS operates. Were it, MAPS would have not been forced to create a
working alternative.

> This statement is in no way a political basis for ORBS.

Good. Because it misses the abusive nature of ORBS itself (lack of
specificity, broad and shotgun based, enormous collateral damage, and a
documented track record of personal vendettas (see and search for
ORBS)). The attacks on Steve Atkin's SamSpade come to mind.
> ORBS lists open relay by policy. As simple as that. If ORBS is aware that
> you are an open relay, you get listed. ORBS is 100% objective.

See the above.

> > The MAPS approach:
> >
> > Make it damn hard to get on the list.
> That's because MAPS is not automated, and not objective.

No, that's because the collateral damage can be enormous, and you can't
allow such mistakes to happen.

> MAPS relies on
> reports of abuse, which can be forged.

The presupposes that some rather bright people can be fooled easily by
headers. Perhaps you should look at the pedigree's of the MAPS employees
(there are 10 or 15 of them already, recruited from the best of the
abuse department in some major ISPs). MAPS does not rely on reports to
add addresses (ask anyone who has nominated address space to MAPS).
Sometimes the damn research that MAPS does, and the discussions they get
into with the owners of the source address space take so long and are so
detailed that MAPS take flak for not acting quickly enough, or ignoring
the nomination, or bowing to pressure. They are thorough to the n'th
degree. Here's a little snippet: I bet that Paul Vixie's email addresses
gets forge subscribed 10 times a day in the hopes that he will react,
and punish the list he is forge subscribed to. If personal reaction and
a vendetta were his MO I bet there would be a long trail of complaints,
and a successful lawsuit or two.

> IIRC MAPS does check if a server is
> an open relay. If it didn't I would rant :)

They do a lot more than that. Understand the fundamental difference
between ORBS and MAPS. ORBS attempts to punish. No educational value.
MAPS educates the spammer (if possible) and the network providers. I
would hazard a guess that a large number of smaller providers now whack
spammers and have tough AUPs because of an "education" provided by
MAPS.  I*I*RC as long as a provider is actively in communication with
MAPS and is discussing a solution, the addresses that are suspected are
removed from MAPS.

I suggest a thorough read of all the pages at

DISCLAIMER: I subscribe and use all of the MAPS services on my network
-  so I am a satisfied customer.

Geez, I should have listened to my own suggestion, and taken the thread
elsewhere. But I guess this is certainly a good place for network
operators to get an education about the issue.