Mail Abuse Prevention System

Last updated

The Mail Abuse Prevention System (MAPS) is an organization that provides anti-spam support by maintaining a DNSBL. They provide five black lists, categorising why an address or an IP block is listed:

Contents

The acronym MAPS is spam spelled backwards.

History

MAPS was founded in 1996 as a non-profit organization to pioneer innovative anti-spam techniques (e-mail).

The early history of MAPS is the History of DNSBLs itself. Dave Rand and Paul Vixie, well known Internet software engineers, started keeping a list of IP addresses which had sent out spam or engaged in other objectionable behavior. The list became known as the Real-time Blackhole List (RBL). Many network managers wanted to use the RBL to block unwanted e-mail. Thus, Rand and Vixie created a DNS-based distribution scheme which quickly became popular. [1]

Being certain there was an absolute right to publish an anti-spam blacklist, MAPS published a "How to Sue Us" page, inviting spammers to sue them and help them create case law. In 2000 MAPS was the named defendant in no fewer than three lawsuits, being sued by Yesmail, Media3, and survey giant Harris Interactive. As the first lawsuit came in, MAPS brought in Anne P. Mitchell as their Director of Legal and Public Affairs.

In 2001 the company started to require a subscription for accessing their lists. Non-subscribed users received a dummy unlisted response. MAPS explained as their expectation to get enough funds from free support failed, they were forced to make this decision. However, the spirit of the company remained as that of a non-profit organization. Their subscription page was quite hidden in their .org web site, and their fax-based subscription mechanism was rather awkward.

In 2004 MAPS became a division of Kelkea, Inc, moved from Redwood City to San Jose, and from .org to .com. Dave Rand was the founder and CEO of Kelkea at the time.

In June 2005, Trend Micro, Inc. acquired Kelkea, which brought substantial improvement to the subscription mechanism, including a fully automated method for getting temporary subscriptions. In addition, subscribers were provided with personalised web pages where they can view reports, and also set up whitelisting and blacklisting options (whitelisting is particularly convenient, as it allows to whitelist thousands of IP addresses with a few clicks).

Criticism

Proposing so many lists can confuse a MAPS subscriber; postmasters may hurriedly subscribe to all lists. The difference between an open proxy which relays spam and a 'somehow open', spam relay is not clear, so postmasters may just conclude that the more lists they use, the more spam they block. However, one of MAPS lists, the DUL, is significantly different from the others. The DUL was supposed to list addresses which are dynamically assigned to end-users (but in practice it also includes statically-allocated ones), which are not directly related to spam, and there is no evidence in MAPS archives of any such address having been used to relay spam.

DUL's purpose was to educate users to relay mail through an acknowledged ISP, rather than running their own mail servers. Doing this would bring various advantages and disadvantages; Acknowledged ISPs can, in general, afford to monitor their systems more thoroughly in order to avoid viruses, hijackers and similar threats. Furthermore, it paves the way for effectively exploiting policies like SPF, which rely upon end-user SMTP authentication in order to block email address abuse. But it also prevents users of their own domain to publish a proper SPF policy. In addition, ISP email relays are incompatible with fine-grained IP address blocking: if they relay spam and get blocked, it affects all users.

MAPS fails to disambiguate the concepts of acknowledged ISP versus end-users of IP addresses with a formal definition. While it may be relatively straightforward to recognize ISPs who are network providers, mailbox providers are easily confused with end-users of different kinds. When coupled with the ability to easily whitelist IPs by local Internet registry/region to correct obvious shortcomings, using the DUL to block mail may result in an obscure policy that jeopardizes the global reliability of email delivery.

It generates an amount of false positives much higher than MAPS claims to be aware of, blocking many legitimate websites and end users, and yet catching only an estimated 2% of spam. [2] [ verification needed ] This study, however, was done in 2002, and involved only the RBL, not the DUL.

Looking at more current results, over the last 10 years shows that the DUL is responsible for blocking the majority of spam messages. The DUL mostly stops compromised end-user machines (and routers) from being abused to send spam. The following table shows these results, as percentage of spam blocked.

2011201220132014201520162017201820192020
DUL71.6%66.7%57.5%35.0%24.6%41.4%56.8%55.2%87.2%65.1%
QIL21.8%21.4%28.5%48.8%51.5%17.3%10.8%29.2%4.1%6.2%
RBL6.0%11.7%13.8%16.2%23.7%41.2%32.3%15.4%8.4%19.4%

See also

Related Research Articles

The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

<span class="mw-page-title-main">Open mail relay</span>

An open mail relay is a Simple Mail Transfer Protocol (SMTP) server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users. This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular because of their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.

A Domain Name System blocklist, Domain Name System-based blackhole list, Domain Name System blacklist (DNSBL) or real-time blackhole list (RBL) is a service for operation of mail servers to perform a check via a Domain Name System (DNS) query whether a sending host's IP address is blacklisted for email spam. Most mail server software can be configured to check such lists, typically rejecting or flagging messages from such sites.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by email

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive. Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.

The Distributed Sender Blackhole List was a Domain Name System-based Blackhole List that listed IP addresses of insecure e-mail hosts. DSBL could be used by server administrators to tag or block e-mail messages that came from insecure servers, which is often spam.

Sender Policy Framework (SPF) is an email authentication method which ensures the sending mail server is authorized to originate mail from the email sender's domain. This authentication only applies to the email sender listed in the "envelope from" field during the initial SMTP connection. If the email is bounced, a message is sent to this address, and for downstream transmission it typically appears in the "Return-Path" header. To authenticate the email address which is actually visible to recipients on the "From:" line, other technologies such as DMARC must be used. Forgery of this address is known as email spoofing, and is often used in phishing and email spam.

Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again after a delay, and if sufficient time has elapsed, the email will be accepted.

<span class="mw-page-title-main">The Spamhaus Project</span> Organization targetting email spammers

The Spamhaus Project is an international organisation based in the Principality of Andorra, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford to refer to an internet service provider, or other firm, which spams or knowingly provides service to spammers.

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

Forward-confirmed reverse DNS (FCrDNS), also known as full-circle reverse DNS, double-reverse DNS, or iprev, is a networking parameter configuration in which a given IP address has both forward (name-to-address) and reverse (address-to-name) Domain Name System (DNS) entries that match each other. This is the standard configuration expected by the Internet standards supporting many DNS-reliant protocols. David Barr published an opinion in RFC 1912 (Informational) recommending it as best practice for DNS administrators, but there are no formal requirements for it codified within the DNS standard itself.

SORBS is a list of e-mail servers suspected of sending or relaying spam. It has been augmented with complementary lists that include various other classes of hosts, allowing for customized email rejection by its users.

A challenge–response system is a type of that automatically sends a reply with a challenge to the (alleged) sender of an incoming e-mail. It was originally designed in 1997 by Stan Weatherby, and was called Email Verification. In this reply, the purported sender is asked to perform some action to assure delivery of the original message, which would otherwise not be delivered. The action to perform typically takes relatively little effort to do once, but great effort to perform in large numbers. This effectively filters out spammers. Challenge–response systems only need to send challenges to unknown senders. Senders that have previously performed the challenging action, or who have previously been sent e-mail(s) to, would be automatically receive a challenge.

In networking, a black hole refers to a place in the network where incoming or outgoing traffic is silently discarded, without informing the source that the data did not reach its intended recipient.

The Anti-Spam SMTP Proxy (ASSP) is an open-source, Perl based, platform-independent transparent SMTP proxy server.

A Dial-up/Dynamic User List (DUL) is a type of DNSBL which contains the IP addresses an ISP assigns to its customer on a temporary basis, often using DHCP or similar protocols. Dynamically assigned IP addresses are contrasted with static IP addresses which do not change once they have been allocated by the service provider.

hMailServer Open-source e-mail server

hMailServer was a free email server for Windows created by Martin Knafve. It ran as a Windows service and includes administration tools for management and backup. It had support for IMAP, POP3, and SMTP email protocols. It could use external database engines such as MySQL, MS SQL or PostgreSQL, or an internal MS SQL Compact Edition engine to store configuration and index data. The actual email messages were stored on disk in a raw MIME format. As of January 15th, 2022, active support and development were officially halted, although version 5.6 will continue to receive updates for critical bugs.

<span class="mw-page-title-main">Blacklist (computing)</span> Criteria to control computer access

In computing, a blacklist, disallowlist, blocklist, or denylist is a basic access control mechanism that allows through all elements, except those explicitly mentioned. Those items on the list are denied access. The opposite is a whitelist, allowlist, or passlist, in which only items on the list are let through whatever gate is being used. A greylist contains items that are temporarily blocked until an additional step is performed.

The history of email spam reaches back to the mid-1990s when commercial use of the internet first became possible - and marketers and publicists began to test what was possible.

Email spammers have developed a variety of ways to deliver email spam throughout the years, such as mass-creating accounts on services such as Hotmail or using another person's network to send email spam. Many techniques to block, filter, or otherwise remove email spam from inboxes have been developed by internet users, system administrators and internet service providers. Due to this, email spammers have developed their own techniques to send email spam, which are listed below.

References

  1. RFC   5782
  2. Gwendolyn Mariano (2000-06-15). "Study finds filters catch only a fraction of spam". CNET News. Retrieved 2010-03-23.