On Mon, 24 Sep 2001, Suresh Ramasubramanian wrote:
> 1. The *.vix.com zone is gone now. MAPS zones are now served out of
> *.mail-abuse.org
>
> 2. It will cost you from now on to lookup MAPS zones - no longer free.
I think that depends who you are. They demand some kind of
contractual relationship (though it seems they _are_ willing to set up
an agreement with a service provider, who in turn makes the lookups
available to their users, subject to agreed terms). (My reading of
their terms was that some classes of user could get free access, as
long as they agreed to the terms.)
> See http://www.mail-abuse.org for more.
Indeed.
> So try something else - like the lists served from
> http://relays.osirusoft.com
There are numerous services which offer a function somewhat like ORBS
was. However, I don't know any of them that's quite as reliable as
MAPS in avoiding false-positives: there are numerous sites which are
technically capable of participating in an open relay, but haven't yet
been exploited by spammers, and that includes a number of serious
academic organisations, government departments, and _has_ on occasion
included one of our funding agencies. So it would be unwise from our
point of view to block unconditionally based on one of these entries.
On the other hand we've been on the receiving end of a number of
notorious spam havens that aren't listed at MAPS, but _were_ cited by
Osirusoft.
RBL-type registers I know of that are also accessible as DNS zones can
be found on the web at
www.orbl.org,
www.ordb.org,
www.orbz.org,
relays.osirusoft.com, orbz.gst-group.co.uk and a rather quirky one at
www.dorkslayers.com
Speaking only as an interested user and having little knowledge of the
internals or politics involved at those various sites: of the ones
I've been watching, Osirusoft seems pretty good, but if one were to
refuse mail from just any site listed at Osirusoft, there would be a
distinct loss of genuine mail.
Now, sure, some spam-merchants have adopted a sneaky line in hosting
some innocuous mailing lists, so that users will clamour for these
spam-havens to be excluded from the mailer's blocking rules.
We've had reasonable success recently with applying scoring in the
system_filter; a listing in the Osirusoft or other open-relay list
contributes to the score, but that alone does not cause the rejection
threshold to be reached. Other criteria have to stack up too until
the mailer rates the item as spam and rejects it via a "fail" command.
(We're actually organising that by using an rbl_domains /warn entry in
the exim configuration, and then testing for the resulting
x-rbl-warning header in the system_filter - that seems satisfactory -
any better ideas?).
Doing it this way does, however, cause us a certain amount of tedium,
since most of our attempts to return a rejection report for spam are
then refused by their alleged reporting address (which is typically
counterfeit, or deliberately deaf to reports), and the rejection
reports then get frozen.
If a spam-sending site becomes too much of a nuisance on that basis,
then we add it to a local blocking list, meaning that it gets rejected
earlier in the procedure and logged in the rejectlog, rather than
generating a rejection report.
(The postmasters take a look at the rejection reports and, if
appropriate, send a report to RSS. Since MAPS-listed sites, including
RSS, are rejected out-of-hand by our mailer RBL configuration, we
don't need to maintain local entries for those).
Hope this helps
