Mail Abuse Prevention System

The Mail Abuse Prevention System (MAPS) is an organization that provides anti-spam support by maintaining a DNSBL. They provide five black lists, categorising why an address or an IP block is listed:

  • Real-time Blackhole List (RBL), the one for which MAPS is probably best known.
  • Dialup Users List (DUL), blocks of addresses that include many SOHO users.
  • Relay Spam Stopper (RSS), spam relays, e.g. hijacked servers.
  • Open Proxy Servers (OPS), naively open SMTP servers.
  • Non-confirming Mailing List (NML), marketers who use opt-out strategy.

The acronym MAPS is spam spelled backwards.

History

edit

MAPS was founded in 1996 as a non-profit organization to pioneer innovative anti-spam techniques (e-mail).

The early history of MAPS is the History of DNSBLs itself. Dave Rand and Paul Vixie, well known Internet software engineers, started keeping a list of IP addresses which had sent out spam or engaged in other objectionable behavior. The list became known as the Real-time Blackhole List (RBL). Many network managers wanted to use the RBL to block unwanted e-mail. Thus, Rand and Vixie created a DNS-based distribution scheme which quickly became popular.[1]

Being certain there was an absolute right to publish an anti-spam blacklist, MAPS published a "How to Sue Us" page, inviting spammers to sue them and help them create case law. In 2000 MAPS was the named defendant in no fewer than three lawsuits, being sued by Yesmail, Media3, and survey giant Harris Interactive. As the first lawsuit came in, MAPS brought in Anne P. Mitchell as their Director of Legal and Public Affairs.

In 2001 the company started to require a subscription for accessing their lists. Non-subscribed users received a dummy unlisted response. MAPS explained as their expectation to get enough funds from free support failed, they were forced to make this decision. However, the spirit of the company remained as that of a non-profit organization. Their subscription page was quite hidden in their .org web site, and their fax-based subscription mechanism was rather awkward.

In 2004 MAPS became a division of Kelkea, Inc, moved from Redwood City to San Jose, and from .org to .com. Dave Rand was the founder and CEO of Kelkea at the time.

In June 2005, Trend Micro, Inc. acquired Kelkea, which brought substantial improvement to the subscription mechanism, including a fully automated method for getting temporary subscriptions. In addition, subscribers were provided with personalised web pages where they can view reports, and also set up whitelisting and blacklisting options (whitelisting is particularly convenient, as it allows to whitelist thousands of IP addresses with a few clicks).

Criticism

edit

Proposing so many lists can confuse a MAPS subscriber; postmasters may hurriedly subscribe to all lists. The difference between an open proxy which relays spam and a 'somehow open', spam relay is not clear, so postmasters may just conclude that the more lists they use, the more spam they block. However, one of MAPS lists, the DUL, is significantly different from the others. The DUL was supposed to list addresses which are dynamically assigned to end-users (but in practice it also includes statically-allocated ones), which are not directly related to spam, and there is no evidence in MAPS archives of any such address having been used to relay spam.

DUL's purpose was to educate users to relay mail through an acknowledged ISP, rather than running their own mail servers. Doing this would bring various advantages and disadvantages; Acknowledged ISPs can, in general, afford to monitor their systems more thoroughly in order to avoid viruses, hijackers and similar threats. Furthermore, it paves the way for effectively exploiting policies like SPF, which rely upon end-user SMTP authentication in order to block email address abuse. But it also prevents users of their own domain to publish a proper SPF policy. In addition, ISP email relays are incompatible with fine-grained IP address blocking: if they relay spam and get blocked, it affects all users.

MAPS fails to disambiguate the concepts of acknowledged ISP versus end-users of IP addresses with a formal definition. While it may be relatively straightforward to recognize ISPs who are network providers, mailbox providers are easily confused with end-users of different kinds. When coupled with the ability to easily whitelist IPs by local Internet registry/region to correct obvious shortcomings, using the DUL to block mail may result in an obscure policy that jeopardizes the global reliability of email delivery.

It generates an amount of false positives much higher than MAPS claims to be aware of, blocking many legitimate websites and end users, and yet catching only an estimated 2% of spam.[2] [verification needed] This study, however, was done in 2002, and involved only the RBL, not the DUL.

Looking at more current results, over the last 10 years shows that the DUL is responsible for blocking the majority of spam messages. The DUL mostly stops compromised end-user machines (and routers) from being abused to send spam. The following table shows these results, as percentage of spam blocked.

2011 2012 2013 2014 2015 2016 2017 2018 2019 2020
DUL 71.6% 66.7% 57.5% 35.0% 24.6% 41.4% 56.8% 55.2% 87.2% 65.1%
QIL 21.8% 21.4% 28.5% 48.8% 51.5% 17.3% 10.8% 29.2% 4.1% 6.2%
RBL 6.0% 11.7% 13.8% 16.2% 23.7% 41.2% 32.3% 15.4% 8.4% 19.4%

See also

edit

References

edit
  1. ^ RFC 5782
  2. ^ Gwendolyn Mariano (2000-06-15). "Study finds filters catch only a fraction of spam". CNET News. Retrieved 2010-03-23.
edit