EFF speaks out against MAPS 386
Control-Z has brought our attention to the latest EFF newsletter which speaks out against MAPS ? and ineffective spam legislation. According to the EFF: "The rights of users to send and receive email must not be compromised for quick and dirty ways to limit unsolicited bulk email. Neither misguided and ignorant legislation, nor collusive, high pressure protection schemes, have a legitimate function or place in our online future " The EFF is reminding us that freedom isn't always easy. I feel much worse for those who haven't figured out procmail yet though.
The next DMCA/"Patriot " bill waiting to happen. (Score:2, Insightful)
Making falsified return addresses a punishable offense has the side effect of rendering anonymous communications illegal.
Any legislation created will boil down to one thing: the Balkanization of the Internet.
I see a big market in e-mail wizards that will help guide you towards writing e-mail that's legal in every country in the world if anti-spam bills start getting passed.
Re:The next DMCA/"Patriot " bill waiting to happen (Score:3, Insightful)
Not if done correctly. Just make false addresses/false routing information illegal on COMMERCIAL mail. Why does a company need to do something anonymously, especially one that wants me to buy something?
Re:The next DMCA/"Patriot " bill waiting to happen (Score:3, Interesting)
No. Saying "don't lie about your return address" does not equal "you must disclose your return address". "I don't want to tell you" is not fraud. And all it requires technically is something like an anonymous remailer (which even still allows for replies).
It's perfectly possible for someone to get unsolicited mail from someone, ask them to not mail them again, and get compliance for that request, while never revealing to the recipient who the sender is.
I think that they are right (Score:4, Insightful)
So yes, I think that this is reasonable and a laudable position to take. Censorship is especially a lowest common denominator freedom-- who decides the standards on which things are censored? How are false accusations handled? Can that censorship be turned on you or I?
Re:I think that they are right (Score:2)
Whose freedom are we talking about here? Mine. Specifically, MY freedom to decide who is allowed to use MY SMTP server. I paid for the server. I decide who is allowed to send through it and who is allowed to receive through it. If somebody thinks I need to let him use it without my permission, then I trust that he'll understand when I spraypaint _my_ business's advertisements on his car's windshield.
So yes, I think that this is reasonable and a laudable position to take. Censorship is especially a lowest common denominator freedom-- who decides the standards on which things are censored? How are false accusations handled? Can that censorship be turned on you or I?
Censorship has nothing to do with this discussion. MAPS is publishing a list of IP addresses and representing that "These IP's have been implicated in spamming. We have tried to contact the owners of these IP's. Some of the owners could not be reached. Others have refused to take measures to prevent spamming from their services."
That's all they do: publish the list. I used to use it as a true blocklist. Other people I know have used it to insert an X-Spam header into incoming email. It's up to each individual admin to implement it and decide how it's to be used.
You might also take a look at the US Constitution. Show me the _EXACT_ wording that gives a right to send or receive email. It ain't there. Nobody has a right to send me email and have it received. No sensible ISP will make any guarantee that email will go through.
And if someone doesn't like a spamblocked ISP, then he has to remember that he doesn't own the ISP. He's a customer. Customers are worth listening to, but they don't own the machines. If they want to be in charge of a mail server, then they should buy their own. Sendmail is free and early Pentiums are damned cheap. And considering what volume of my incoming mail is spam, I doubt they want the increase in rates that I'd have to charge to pay for the larger pipes and larger hard drives.
I floated the question about two years ago, back when MAPS was the Great White Hope of the pro-property-rights people, and got better than 75% saying to go ahead and filter.
And when someone doesn't like MAPS, thinks they're unreliable or has false info, they can get rid of them easily enough, stop using the MAPS RBL in the filters. Contrary to a popular delusion among spammers, nobody holds a gun to anybody's head and forces them to use MAPS, SPEWS, ORBZ, or any of the other lists.
Re:You're both wrong. (Score:2)
Sure you can. Change to an ISP that doesn't use MAPS. Free market economy at work. No company HAS to do what you tell them to. Find one who behaves the way you want them to.
Procmail (Score:5, Informative)
Re:Procmail (Score:4, Informative)
Q: I want to use Procmail for spam filtering. A: Good luck. Have fun. Have you considered the following? It's really kind of late to stop the spam when it's already on your mail server. Better solutions would involve your mail administrator and IP-level blocks against spam sites (RBL et al.) as well as probably additional server-level filtering. Don't reinvent the wheel. There are good recipe packages out there which you cannot duplicate without serious effort. And it'd be a waste of time anyway. You'll find links to many Procmail spam filtering packages on the links page. Procmail is excellent for fine-tuning and for sorting already identified spam to a separate folder (some sites will just tag suspect messages, but still let them through) but on today's Internet, proper antispam measures belong in the mail server layer (if not in the political layer).
Basically it says Procmail shouldn't be used for this and to use RBL.
Don't take away my MAPS! (Score:3, Funny)
How to stop spam : (Score:4, Informative)
This is a great utility for stopping spam while not interfereing with your normal email.
It gives you unlimited disposable email addresses to give out whenever you need an email for a website.
If you dont want email from that address anymore, you can turn it off.
On the other hand : Spam is meant to market a good or service. Therefore there must be some way to get in contact with the spammer, otherwise their spam would be ineffective. a task force needs to be created which smacks spammers upside the head with fines, or just plain shuts them down.
Spam should be legal, as long as they include a valid return addy, and have a way to remove people (for real)
Re:How to stop spam : (Score:4, Informative)
There's a free tool to de-obfuscate the headers of Spam and send complaint letters to the appropriate abuse departments. They also have a paid filtering service that will hold any possible spam messages until you manually approve the sender (or report it as spam). Money well spent, IMHO.
Spam should be legal, as long as they include a valid return addy, and have a way to remove people (for real)
As for the valid return address, I would say this is necessary (but not sufficient) for a Spam to be "legal" in any sense (along with "ADV:" in the subject line, other standard headers to identify it as spam, and a notification of how they got my email address so that I can badger / LART the upstream company to stop selling my info).
However, the "remove" method doesn't really work because these addresses are often just a way to verify that your address is still "live". One way to test this is to send a removal request using a newly-created address, then wait to start receiving spam on that address.
The only way for "opt-out" to actually work is to have a higher-level, trusted agency maintain the opt-out list (similar to "do-not-call" lists that exist for telemarketing agencies). However, given the nature of the Internet, it's hard to say what agencies should have jurisdiction here.
Of course, the best way to deal with spammers involves a jar of honey and an anthill...
Re:How to stop spam : (Score:3, Insightful)
The big problem with that Gaijin42, is that spam is very cheap to send, and mailing lists are easy to build and exchange.
Run some numbers...say, several thousand companies sending spam to 20 million people each, with a lot of overlap on the mailing lists. Some people would get thousands of emails. This would make email completely unusable for anything other than receiving spam, for many people.
As long as the sender does not pay the cost of email, spam has to be limited.
Fighting for freedom (Score:2, Insightful)
I would appreciate this more... (Score:4, Insightful)
...except I can already hear nothing (because your message is lost in the thousands of spam emails in my mailbox) and say nothing (because the line is clogged with traffic).
When we're trying to hold a useful meeting, and everybody's yelling and screaming to try and make themselves heard, the guy at the front pounding the gavel isn't trying to deprive me of the First. He's trying to insure that I still have the right to speak and not be drowned out. He's asking for silence to restore order, so that we can resume speaking.
The mailing lists hosted by the FSF don't use any spam filters. At all. Now, go look at this month's archives of the binutils bug-reporting list [redhat.com] and wonder how they manage to get any work done. (I have to hope the individual developers use filters.)
EFF is misguided in this (Score:5, Insightful)
Re:EFF is misguided in this (Score:2)
That's fine, but they are not saying that you are required to read all mail that comes into your server.
The question is, do you want your ISP and/or the government making the decision on what mail you can or can't receive -- without your knowledge?
Re:EFF is misguided in this (Score:4, Informative)
Yes they are. They're saying that all the filtering should happen at the end user end, when the spam has already cost money. To give a REAL example, I had someone sending mail to over 30,000 random names @domain in one night, all starting with the letter a, before I blocked them. These were names which had never existed in our system. If I adopted the EFF's position, then all of my users would have had a month of bad service, or I'd have to get a much bigger mail server.
Re:EFF is misguided in this (Score:4, Insightful)
They're saying that all the filtering should happen at the end user end, when the spam has already cost money.
I'm not arguing that spam isn't a problem in many cases, but I know that I DO NOT want a bunch of nannies telling me what mail I can or cannot recieve. If an ISP wants to offer blocking based on MAPS or any other system, then they should set up an opt-in for individual users, and the default should be opt-out.
Re:EFF is misguided in this (Score:2)
Re:EFF is misguided in this (Score:2)
An ISP can choose whatever policies it likes.
At this time, it's a question of ethics. It is unethical to block mail for an individual user without that user's consent.
Quite frankly, however, I think it should probably be illegal to block someone's e-mail without their consent. It's a lot like interfering with postal mail, which is a federal offense.
Re:EFF is misguided in this (Score:2)
Re:EFF is misguided in this (Score:2)
So if your apartment complex, who are the owners, decided to sort through your postal mail and decide what you would or wouldn't receive, and did it without your knowledge, you wouldn't have a problem with that? After all, they own the mail boxes, right?
Re:EFF is misguided in this (Score:3, Insightful)
Oh, it's you again.
The user consents when they choose to use an ISP that opts to use blacklisting to satisfy most of their customers.
I'm not opening the mail to see what's inside. I just choose not to allow the mail to be coming from places known to be sources of problems. If the Post Office knew that mail coming from a certain place was costing them more than what they are paid to deliver it, you can be sure they will stop taking the mail from there. That's not interfering with the mail, because that's the post office doing it themselves. I'm sure these days if the package looks suspicious, they're going to check on it. They may not even deliver it right now. But that is not interfering with the Post Office because it is they who are doing it.
I deliver mail in my mail server the way I like, and I don't want interference from outsiders telling me what to do. If you are a potential customer, and prefer a different ISP, then certainly tell me why you don't want my service. If there are enough people like you to justify setting up the service you want, I'd probably do it.
Re:EFF is misguided in this (Score:2)
I don't really care how inaccurate they are. As long as they stop at least 1 item of spam ever then they have paid for the effort putting them in (Not much at all).
MAPS & ORBS aren't that painful (Score:5, Informative)
In theory, I have no problem with the concept of these blacklists. The use of them is voluntary. From what I've heard, there may need to be some serious discussions about how they gather their data and their procedures for getting off their blacklists, but the concept seems to be both effective and practical. Also, mail providers should be up front about their use of these lists so that users can choose to use an "unprotected" mail server if they choose.
Re:MAPS & ORBS aren't that painful (Score:4, Insightful)
The problems with most of these blacklists (and there are lots of them) is that there are no globally-accepted standards for how open relays should get on or off the lists, how to notify owners of blacklisted IPs and how long entries should be blacklisted in the absence of other feedback.
I hate spam at least as much as the next guy, but I'm still cleaning up from an attack that happened two months ago through a server I thought had been configured to prevent relaying. Unfortunately, it had been rebuilt (and badly) since the last time I'd verified its configuration. The attack launched through the relay lasted no longer than 36 hours. I realize that's a helluvalong time in Internet time, but considering the attack began over a weekend, the fact that I caught it and stopped it on Sunday morning means I caught it 24 hours faster than I normally might have.
I fully expected to wind up on some blacklists because of the incident, but I didn't expect to be winding up on new blacklists 30 days after the fact.
Today, I got an email from a user who hasn't been able to contact somebody important for three weeks. The user on the other end was completely unaware that their ISP was blocking our email.
I'd like to see standards for notifications, for aging entries (and eventually dropping them), for active verification and automated retesting, and for subscribing ISPs to notify their users how many emails they blocked and from whom they were blocked.
But that's just me.
Re:MAPS & ORBS aren't that painful (Score:4, Insightful)
Why should I tell you I'm blacklisting you?
If you're a private citizen, you owe me nothing. If you're an ISP, you owe me at least a cursory attempt to have an automated program try to email me. Fer cripes sake, how hard would it be to write a perl script that parses the IPs, performs a reverse-DNS lookup, tries to email postmaster@ and then blacklists?
If I'm a real spammer or a moron with a cable modem, you won't get a valid or useful reverse-DNS. Fine. Don't notify those morons or scumbags directly. But for poor bastards who got caught with their shorts down, let's not go out of our way to make their lives hell after they've already fixed the problem.
The sites that have blacklisted me aren't private individuals. They're blacklist organizations that small ISPs and some corporations belong to. The SMTP service that acted as a relay for a day and a half has a valid RDNS name that is mx.mydomain.com. It shouldn't have been tough for somebody to figure out they could send an email to postmaster@mx.mydomain.com or abuse@mx.mydomain.com or even postmaster@mydomain.com.
I'm all for killing spammers and sterilizing their children. And I don't have a problem with blacklisting morons like myself. I do have a problem with making it impossible for me to redeem myself.
Re:MAPS & ORBS aren't that painful (Score:2)
Yes. When I was blacklisted, there were no fees to be removed - you just had to fix the problem and inform the list maintainer. I haven't been in charge of a mail system in quite some time, so I'm not up to date on all the latest details of the controversy. Giving somebody a profit motive for "false positive" listings is disturbing and changes the nature of the list significantly (IMHO).
MAPS is not the problem (Score:5, Insightful)
As long as there is sufficient notification and user choice, then there's nothing wrong with MAPS. It's only when their somewhat strong-arm tactics are combined with ISP coercion that the user really has a problem.
Re:MAPS is not the problem (Score:2)
Choice Statistics (Score:3)
This touches on a point that occured to me while reading the EFF newsletter. It would be nice to have some enduser preference statistics.
Anti-spam activists are often portrayed as some kind of out-of-touch net-nazi brotherhood by SPAMers and their supporters. They apparently hate commercial use of the internet and are hell-bent on depriving normal internet users from valuable information that they really want. At least, that's the impression I've gotten from reading some SPAMer's writing on the issue.
Oddly enough, I haven't ran in to one customer, co-worker, or client thats said "I wish I got more valuable information about marketing oportunities and special offers in my inbox". They usually say "I hate spam. How do I stop it?"
It would be interesting to give endusers the choice between protected/shielded/MAPS'd/etc service and wide-open email. I suspect it would provide data contrary to the SPAMer's points.
Re:Choice Statistics (Score:3, Informative)
- When I worked on the AOL mail system, any time I met someone new - whether socially, in business, at the gas station, whatever - the first and only question they'd ask was how to stop the spam.
- During periods where the spamblocks are less effective (because the spammers are ahead of the game), spam is by far THE NUMBER ONE COMPLAINT to Steve Case's mailbox and to Customer Service.
And this is *after* scores of millions of spams have already been blocked each day.
The strong libertarian/individualist/techie pull of Slashdot notwithstanding, the average American e-mail user just doesn't want their spam.
I agree wtih others who said that ISPs should publicize the existence of their spamblocks, and it must be part of the Terms of Service. But to say that even if users agree to filtering, it should be illegal? I don't get it.
Jay, the ex AOL mail guy
What's wrong with voluntary collective solutions? (Score:5, Insightful)
It's a shame to see MAPS and collective protection schemes dumped into this list of "bad things." Like most geeks, I don't like everything that MAPS does and I'll admit that I've even been on the wrong side of the ORBS cluestick in the past. However, I believe the concept of collective protection is a good one. If there's a problem with ISPs using systems like that to block legitimate mail, then customers who want to receive said mail won't be with them for long. There are natural market pressures at work to provide what the most important people (the end users like our friends and family) want.
Like most of you, I have a pretty potent procmail script, but I have to say I've probably invested an absurdly significant amount of time in my labor of love getting it just right. If I were less of a geek, I might tend towards finding a group of like-minded mail readers and collecting our resources together. If evantually our creation became a widely recognized and used method of mail filtering, great! Then that's the choice of every sysadmin and every participant (by the merits that they all pay his/her salary) to be behind that shield. Nobody else has the right to tell me I have to accept socket connections from them if I don't want to.
Re:What's wrong with voluntary collective solution (Score:2)
What's wrong with voluntary collective solutions?
The problem is that they are NOT typically voluntary by the people to whom it matters -- the email recipients. If an ISP wants to offer a service to block spammers, then then it should up to the individual to opt-in to the blocking.
Right now it's a federal crime to interfere with the delivery of regular postal mail. Why should e-mail be any different? How would you like it if your apartment complex decided to root through your mail and arbitrarily decided what you could or couldn't receive?
Re:What's wrong with voluntary collective solution (Score:2)
It IS voluntary... the customer continues to pay the ISP each month for service.
If an ISP decides that "the cost of accepting mail from $ROGUE_SENDER_NETWORK is too high for me to accept", that's the ISP's decision, not the end user's. If you want "unfiltered" mail, you should be prepared to pay MORE for that service, because it costs your ISP more, in terms of bandwidth, disk space, etc.
Re:What's wrong with voluntary collective solution (Score:2)
Then like I said... if an apartment complex decided that "the cost of accepting mail from J.C. Penney catalogs is too high for me to accept", should they have the right to just dump the catalogs into the trash and not give them to the recipients? Without even their knowledge? Just find another place to live, right?
Right now federal law says no -- you do not have the right to interfere with the delivery of postal mail. I see no reason why e-mail shouldn't be afforded the same protections.
Re:What's wrong with voluntary collective solution (Score:2)
Since an apartment complex doesn't bear any of the burden for US Postal Service delivery, you're using a bogus argument.
An absurdly significant amount of time? (Score:2)
Huh. Most of my procmail-using friends started their antispam recipes by downloading one of the fifty or so publicly available ones, recommended for such a purpose. Then they tweaked as necessary -- I think some of them never needed to tweak. The resource collection you speak of already exists.
(I had to start from scratch, because I started using procmail way early.)
Blacklist implementation voluntary, too (Score:3, Informative)
Right to send email? (Score:5, Insightful)
And the EFF wants to get rid of your rights... sigh..
Re:Right to send email? (Score:2)
Since when does anyone, anywhere have the right to send email? Since when does anyone have the right to have their data go over a network that they don't own?
Likewise...
Re:Right to send email? (Score:2)
E-mail is not, at least currently.
Bear that in mind.
Re:Right to send email? (Score:2)
Its their right... I'd have a problem with it, sure. But the fact I have a problem with it doesn't mean they don't have the right to do it. I'd go get another ISP. Problem solved.
So if the apartment complex decided to start rooting through your mail and deciding what you can and can't receive (without your knowledge), that's no problem, right? You'll just find another apartment?
It's illegal to tamper with postal mail. I see no reason why e-mail shouldn't have the same protections.
spam vs. the rules of the internet (Score:4, Insightful)
The arguments against spam mainly consist in the fact that spammers are ostensibly using the resources of end users and ISP's without their permission. This is simply false.
When you set up an internet MX, you are implicitly agreeing to a certain set of unwritten rules. Essentially, the rules are that you must relay any and all mail from and to your customers, except as specified in their user agreements. If they agreed to have every e-mail with the word "sex" in it blocked, then you can go ahead and do that. But if the user agreement the both of you are bound by includes no specification of what types of mail are and are not acceptable, then you must relay EVERYTHING your customers send and receive.
Why?
Because this is how the internet works. *I* control who I hand my e-mail address to, and thus who can send to me. It is not my ISP's business to arbitrarily block inbound e-mails for me. Rather, it is my resonsibility to control the availability of my address, and to deal with any and all mail I receive, regardless of source or desirability.
Imagine the consequences if these rules were discarded wholesale. If intermediary mail relays blocked transmission based on arbitrary whim, the entire structure of e-mail communication could collapse. Remember also that "spam" is not an objective label. I get e-mail adverts that I don't really want, but occiasionally I find something very interesting in them. Here, I'm speaking of mails from vendors I've done business with who are sending my "specials" and whatnot evevn though I didn't ask for it. Fundamentally, these are every bit as much "unsolicited commercial e-mail" as those ridiculous offers for cheap toner! If one is outlawed, so is the other, and the two "perpetrators" would be subject to the same penalties.
If you want to get rid of spam, replace SMTP. Create a system where addresses can be "authorized-only", similar to how ICQ can work: to receive mail from someone, you must authorize them to send to you. Under the current system, however, any attempt to stem the flow of spam will harm the proper operation of internet communication more than it will help. You can't run a mail relay that's selective, that's not how it's supposed to work, and things will break down if that's not how things DO work. Putting people in jail for sending mail over a system DESIGNED AND IMPLEMENTED FOR THE PURPOSE OF SENDING MAIL is absolutely ridiculous. It would be like arresting people for driving on the road because the locals didn't like the paintjob on your car.
I hope I made some sense here.
MoNsTeR
Re:spam vs. the rules of the internet (Score:2)
And our SLA states that email is not a gauranteed delivery service, and we can and will drop any message we feel like.
Re:spam vs. the rules of the internet (Score:2, Insightful)
All the spam I get is not based on an address I handed out. You just need to look at the header file to see that the spammer is just hitting multiple combinations of my name or domain. So where is my control?
Re:spam vs. the rules of the internet (Score:2, Interesting)
When you set up an internet MX, you are implicitly agreeing to a certain set of unwritten rules. Essentially, the rules are that you must relay any and all mail from and to your customers, except as specified in their user agreements.
I'm waving the bullshit flag on this one. But your assertion is an unprovable one since you assert that the rules are "unwritten" and thus no amount of arguing will convince you otherwise.
It is not my ISP's business to arbitrarily block inbound e-mails for me.
I agree. But if your ISP blocks mail without telling you, then your problem is with your ISP and the idiots who made that decision, not with MAPS.
Rather, it is my resonsibility to control the availability of my address, and to deal with any and all mail I receive, regardless of source or desirability.
And some people choose to delegate this authority to their ISP who in turn delegate this to MAPS or ORBS(with the full knowledge, consent, and approval of their customers). Who the hell are you to tell these people that they can't delegate that authority???
If you want to get rid of spam, replace SMTP. Create a system where addresses can be "authorized-only", similar to how ICQ can work: to receive mail from someone, you must authorize them to send to you.
And just how would new people get themselves added to your authorization list? Are you going to start posting your phone number next to your e-mail address so that people can call you to get added to your authorization list so that they can send you an e-mail? I understand where you're coming from here, but it's an inviable solution.
Putting people in jail for sending mail over a system DESIGNED AND IMPLEMENTED FOR THE PURPOSE OF SENDING MAIL is absolutely ridiculous. It would be like arresting people for driving on the road because the locals didn't like the paintjob on your car.
No, it's like the government telling you that you can't live in a gated community. After all, the roads and driveways in that community(paid for and maintained by your money) were built to be drived upon and you can't delegate the policing of those roads and driveways to another entity(the landlord of the gated community, the homeowner's association, etc). If you want your driveway policed and you don't want undesireable people to park there, then you'll just have to police it your own damn self.
Kevin
I agree (Score:3, Interesting)
It would be much easier to tackle this problem if a 'pseudolution' (spam is, by its very nature, not 100% solvable) is rolled out with the next generation mail protocal. To this end, does anyone know if there are any current undertakings addressing a next generation email protocol capable of more interaction/configuration from a client?
One VERY nice feature I'd like to see is email addresses with embedded timeout values in them
I havn't thought TOO deeply about it, as you can tell, and I'm not much of a privacy/encryption expert, but can anyone articulate a set of rules based on the above postulation that is technically feasible?
MAPS has been highly effective for us (Score:5, Interesting)
Frankly, I've found MAPS to be highly effective. I expected to occasionally toss out legit messages, which was why my direct line is included in every bounce, but MAPS has been considerably better than I could have hoped for. With proper setup and configuration it is quite easy to ensure that legitimate mail gets through with only a minimum of delay. MAPS has been a very worthwhile investment for our company, and our end users have consistently thanked us for implementing it. Likewise, Procmail Sanitizer has stopped all kinds of trojans and viruses cold at the gateway-even catching new ones before being publicized. Although we don't use Outlook, we still find it useful to stop the stuff, and I can't fathom anyone running an Outlook environment without Procmail Sanitizer. Good stuff.
Some "ICQ" features ... (Score:3, Interesting)
It seems like a really nice feature for an email client would be something like the ICQ feature that auto-ignores people that aren't on your list. Your email client could auto delete email from people that aren't in your address book. I guess filters could be used to do this, but it's not obvious for the 'common users', like Grandma (:
There could/should also be a way for the email client to tell the mail server "hey, stop sending me mail from X@X.X". That way you cut it off at the source and it stops messing with your bandwidth. The server could also build a list of ignored email address and domains and stop responding to their requests all together for all users. This could become hurtful, putting control into the user's hands a bit, but somehow I think it would do more good than harm. It would need lots of revision, but I don't have the time or energy to care (:
~LoudMusic
Re:Some "ICQ" features ... (Score:3, Informative)
I know I'm going to get modded down for this, but you can do that with a single rule in outlook. I doubt it would be hard for any decent mail reader to do.
There is a hidden context here. (Score:3, Interesting)
Gilmore's stance is pretty straightforward: running an open relay was a good thing in 1987, so of course it must still be best practice in 2001.
Second Gilmore in the same day (Score:3, Insightful)
Now I'm in doubt again.
Best Current Practice (Score:3, Insightful)
Out of the box, most modern mail servers configure themselves to prevent the relaying of mail. What we are fighting by using services such as MAPS are legacy systems and new servers that come online and are misconfigured. It is simply negligence to be operating an open relay in today's Internet. That negligence needs to be challenged. We can ultimately get the upper hand on the abuse of open relays this way, and I would support Internet wide adoption of the use of such services as a Best Current Practice.
With regards to my users not receiving mail, it is our company policy to individually handle each complaint related to our mail filtering to benefit our customers. We will almost always explicitly permit mail from servers that we know are legitimately trying to reach our users. We will also send a courtesy email to the administrators of the open relay to inform them of the situation. This isn't about maliciously blocking every relay out there, to the detriment of our users, this is about encouraging a trend of improved mail server administration. Responsible implementation of these kinds of controls on unsolicited email benefit everyone.
Cheers
I still don't see the problem (Score:2)
If we are talking about ISP users who do not do their own sendmail setup that might be a diferent matter, but the ISP could simply offer each user a choice when they sign them up:
1) We will try to filter spam from your email
2) We leave your email compleatly unfiltered
As long as people have a choice what is the problem. And if ISPs don't give the choice then the problem is with the ISP not MAPS and friends.
The Internet is a free-market information service (Score:5, Insightful)
The Internet is not regulated as a telecom service. The FCC doesn't regulate ISPs, just the telecom services they buy. Nobody regulates mail servers. It's a free market, and it works. Now in a free market, you have competition. If your ISP uses MAPS and you don't like it, then you're free to go elsewhere. If your ISP is RBL'd, you're free to go elsewhere. There are lots of free e-mail services out there. See for instance http://www.emailaddresses.com/ . Now I wish my own "primary" e-mail provider, the one I ping many times a day, used one of these services, because I'm spammed to death and sick of it! If somebody couldn't get through, they almost certainly would find another way to reach me. Like I have a phone too, not to mention other e-mail addresses.
So given the fact that there is no anti-spam legislation, and negligible likelihood of effective anti-spam legislation within the next few years, then the free market approach (you know, the one the spammers cite to block anti-spam legislation) is to allow anti-spam filters at the ISPs. The ISPs will install them if it's good for business, and block spammers if being blackholed is bad for business.
Indeed one of the reasons that the Internet is not regulated as a "telecommunications service" is that it does not offer to provide transport of information "without change in form or content" -- an ISP may change things, of which blocking spam is one example. It would be quite a different story if a telecomm provider attempted to do the same thing -- their mission is to pass the bits unchanged, down there below layer 3.
And please don't tell me how easy it is to build an anti-spam filter on your private mail server. 99.9% of end users do no not run mail servers; ISPs, who have full-time bandwidth, run them for us.
Re:The Internet is a free-market information servi (Score:2)
MAPS DUL (Score:2, Informative)
I reconfigured exim to use my ISPs SMTP server as a smart host and all was well. Until I receive the following message which basically says that my server is an open relay.... Its not... Now my step-mother thinks I am a mail abuser... I can only guess what she think of that...
From: Abuse Investigation Team [mailto:abuse@adelphia.net]
Sent: Friday, October 05, 2001 1:59 PM
To: *
Subject: RE: email problems
Thank you for forwarding this information to us. However, the bounced
message you received indicates that the sender is being blocked due to the
originating IP address being listed in MAPS database. MAPS is a database of
domains and IP addresses that have been found to have either open mail relay
servers or are spam friendly. Adelphia, like many other ISPs, has
instituted MAPS as a means of filtering spam to lower the amount of
unsolicited email that reaches our customers.
Adelphia is unable to unblock the sender of the email. The domain
responsible for the IP address being blocked will need to follow the link in
the bounced message and take the appropriate steps as outlined by MAPS to
have their domain and/or IP address unblocked. For more information
regarding MAPS, please see their website at http://www.mail-abuse.org
Sincerely,
Abuse Investigation Team
Adelphia Communications
1-814-260-3961
abuse@adelphia.net
http://powerlink.adelphia.net/policies.html
http://powerlink.adelphia.net/policies/security
Sender : *
Date : 10/5/2001 5:48 AM
---
because of MAPS my email began bouncing.
* *
-----Original Message-----
From: Mail Delivery System [mailto:Mailer-Daemon@chase.org]
Sent: Thursday, October 04, 2001 8:13 AM
To: *
Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. The following address(es) failed:
*:
(generated from *):
SMTP error from remote mailer after MAIL FROM::
host mx5.dc2.adelphia.net [24.48.57.12]:
553 5.3.0 Open relay - see http://www.mail-abuse.org/
------ This is a copy of the message, including all the headers. ------
Return-path: *
Received: from smtprelay.abs.adelphia.net ([64.8.20.11]
helo=smtprelay3.abs.adelphia.net)
by loki with esmtp (Exim 3.12 #1 (Debian))
id 15p7NF-0001tp-00
for ; Thu, 04 Oct 2001 08:13:09 -0400
Received: from * ([*]) by
smtprelay3.abs.adelphia.net (Netscape Messaging Server 4.15)
with SMTP id GKOJBX02.Q4L for ; Thu, 4 Oct 2001
07:45:33 -0400
From: *
To: *
Subject: test
Date: Thu, 4 Oct 2001 07:44:08 -0400
Message-ID:
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal
test
* *
*
A solution (Score:5, Interesting)
Requirements:
- mail servers would have to know if a message is being sent to many users, or [threshhold]
- mail servers would have to be able to decrypt addresses against a local private key specific to your email account (not your pwd, for security considerations, i think)
So, now you give you email address out to orgnizations (basically, anyone who wishes to enter a dialog with you in a one-to-many fasion) as hr435sd45kfjd@sirsonic.com (your mail client would support the ability to encrypt your normal email user name against this private key)
Now, here's the kicker:
So, what has to be done? Does this work? I think once you wrap peoples heads around the idea of a timeout on communication privs, people who love this
Am I on crack? I think its a good idea.
Re:A solution (Score:2)
Re:A solution (Score:2)
So anyone who trawls your site would only have a way of reaching you within the next, say, six hours
Re:A solution (Score:2)
http://madhaus.utcs.utoronto.ca/qmail/spam-filt
http://www.xns.org/xns/whitepapers/filtering/ describes XNS for white-list instead of black-list filtering.
There's always this one: http://software.libertine.org/tmda/ the Tagged Mail delivery agent, my personal favorite.
Re:A solution (Score:2)
I dont like white-list filtering, because email is used far too often to instigate legitimate communication from a source you were previously unaware of. (Musicians, artists, freelancers
Man, spam fighting sure is subjective tho. I am aware of the level of subjectivity when trying to formalize a suitably universal process by which to cut down noise-to-signal reatios when dealing with public means of contact info.
Anyhow, I'm still interested in knowing how much work is being done to put some of these facilities lower down in the trenches of the technology that drives mail across the net.
Re:A solution (Score:2)
Blacklisted laity (Score:2)
It's like another case of IIS users who get wormed and don't know or care what to do about it - and they
Collective solutions are bad?!? (Score:3, Interesting)
If I tell you how to automatically delete email with subjects like "MAKE MONEY FAST", how am I different from someone telling you that some ISP has an open relay? After all, if I publish a list of subjects that spammers are likely to use, am I not denying their right to send me email just as if I didn't accept email from their domain?
And BTW, I use spambouncer [spambouncer.org] (a set of procmail recipes) to block spam. It's trapped 190 email messages since October 1. I think 3 have slipped past.
Re:Collective solutions are bad?!? (Score:2)
It can be empty
Protection of freedom (Score:2)
Should it be illegal for an ISP to use MAPS without an individual user's consent? It occurs to me that it should be illegal. Right now, it is a federal crime to interfere with regular mail delivery. Why should e-mail be any different?
If an ISP wants to offer me a service -- that I opt-in to -- to limit the amount of junk mail I receive, then that's fine. But it seems highly arrogant of an ISP to decide what should or should not go in my mailbox.
The more I think about this issue, the more I think it should be a federal crime to interfere with the delivery of e-mail.
ISP's only need to provide connectivity (Score:2)
If ISP's were owned and operated by governments for the purpose of delivering email, I'd agree with you. But because they're commercial entities who have an independent agreement with a user, I don't personally have a problem with blocking email.
ISP's provide Internet connectivity. If and when they provide a pop3 server (or something else) to relay people's mail, it's an added bonus.
I don't know if MAPS is the way to go or not, but IMHO anything criminal should come from the ISP breaking an agreement with the user - not just automatic determined by a government. There are lots of reasons why an ISP might not want to agree to deliver all email in the first place, and governments shouldn't require them to because of their business category. If there's an arrangement with users that says the ISP should deliver a person's email, and they don't carry that out, then there's a problem.
Hopefully that's a normal part of most ISP agreements, but I don't know for sure. I don't like it that lots of ISP's use MAPS without properly informing their users what's going on so people can decide.
Email is uni/multi cast NOT broadcast (Score:4, Informative)
The free speech argument isn't invalid its just impractical for most end users. Secondly it is being applied in the following way by the EFF:
- "ANYBODY has the right to say anything to YOU"
and not in what most people consider free speech, which is:
- "ANYBODY has the right to say anything in a public forum."
These are NOT the same thing. You get into the whole "I'm paying time and money becuase idiots keep sending me spam". Email is personal communication (uni or multi cast) it is not broadcast. If people wish to broadcast they should do so in public forums - er, like this one!
It's still an issue if an ISP blocks somebody you do want to hear from - but this is somewhat akin to the fact that millions of people around the world don't even have access to email, a telephone or even a decent postal service to even contact me in any way whatsoever.
Being black listed at least forces those areas that are to try and regulate their users. Of course Eventually this is likely to break down to requiring pretty intelligent software to determine what to block based on message content rather than sender behaviour - and even then people will still pay third parties (ISPs,M$) to perform this for them - how many pieces of software out there still use the default passwords...
Mailfilter (Score:2, Interesting)
From a small isp perspective.. (Score:2, Interesting)
Most of these Blackhole lists do send a message back to the person trying to send the mail, and they often portray admins who run open relays as evil spammers or complete morons. Neither of these is true. We were trying to provide a service to our customers, and we work CONSTANTLY to keep the spam out.
Blocking or denigrating the ISP or admin of a mail server which happens to have an open relay that may get used for spamming is like blaming Boeing for the recent trade center attacks. They built the plane but they did not do the deed. We ran a mail server, but we did not spam people. Go after the spammers, and their backbone providers, and their corporate backers, not the little guys who get hurt by this the most.
Re:From a small isp perspective.. (Score:3, Informative)
SMTP AUTH maybe? Relaying allowed for authorized users, nobody else. End of open-relay problem.
Boycotting Spammers (Score:2)
Dismay?! More like anger. Boycotting doesn't work. The fact that I haven't purchased any ``100% Legal Temple Kiff'' hasn't stopped the fscking emails from coming.
I seem to remember... (Score:2)
From this part of the executive summary in the page:
"And anti-spam blacklists, such as the MAPS RBL (Mail Abuse Prevention System Realtime Blackhole List, the most popular), result in a large number of Internet service providers (ISPs) surrepticiously blocking large amounts of non-spam from innocent people [emphasis added by me]. This is because they block all email from entire IP address blocks--even from entire nations. This is done with no notice to the users, who do not even know that their mail is not being delivered."
I seem to recall some cases (can't put my finger on them at the moment) involving ISPs and hosting companies attempting to blackhole the address blocks of their competitors. Needless to say, a very nasty practice indeed. This is part of the reason I've never used the black hole lists.
I know mail filters aren't perfect, but I've always found good ones that worked sufficiently for my purposes. Yes, I know this doesn't reduce the technology threat posed to the infrastructure of the Net by mass spammers, nor does of it reduce the massive losses in bandwidth taken by companies dealing with major spammers on their and connected networks.
Does anyone have any specific case examples of MAPS abuse? I'd be interested to review these myself, if only to be sure I never associate myself (or my company, for that matter) with such orgs in the future. Are there any watchdog groups out there that keep tabs on this sort of thing?
Out-of-hand solutions to an exaggerated problem (Score:2, Interesting)
Re:Out-of-hand solutions to an exaggerated problem (Score:2, Informative)
I'm sure there are hundreds of people who have their own stories to prove that the above statement is simply false. Many spam operations build lists of all potential [user]@domain.com addresses; addresses for which the spam doesn't bounce are then added to the "valid address" file (which is typically then sold on to others as being a list of "people who have indicated that they wish to receive email" about whatever they're selling). And this is the point really - this is not about "free speech" or the "rights" of spammers. It's about a bunch of shysters using deceptive business practices to try and turn a dollar, and doing it *at others' expense*.
Re:Out-of-hand solutions to an exaggerated problem (Score:3, Insightful)
But I understand that any time I receive any piece of unsolicited email it is because *I* supplied my email address to the spammer - either directly or indirectly.
File this one under "P" for "Parody"
I know... it's such a pity. Every time I walk out into the street, I am in the sights of a sniper rifle. I wish that when I walked into the street I wouldn't have to wear a bullet proof vest and face shield, but that's the sad reality of living in this crazy world today. I'm just glad that my company was smart enough to put up thick concrete walls wigh don't allow most bullets to pass through them between me and my parking lot.
Rights vs. privileges (Score:3, Interesting)
The point is that if your ISP is blacklisted, there's usually a good reason for it. It's because they don't control spam like they should, and thus they degrade email service for many many people. The blackhole list is designed to be a wake up call, and it usually isn't used until repeated requests to fix the problem have been ignored. If you find your ISP on the blacklist, complain to them to fix the problem that got them there. Either that, or switch to an ISP that isn't on the list. It's not your right to send email that's curtailed, it's the privilege to send it through that ISP that's restricted. Complaining about the lists themselves won't accomplish anything.
ISPs who have contracts that don't allow them to block email don't use the RBLs, but many ISPs specifically retain the right to block email if they need or want to. As companies, it's in their interests to protect their bottom line, and spam email is a bandwidth and storage killer. We won't see those lists go away until a better way of stopping spam comes along.
John Gilmore (-1 Flamebait) (Score:5, Informative)
I entirely agree that ISPs should not be filtering email without notice or consent and that "end-user" tools are the best solution, but I disagree vehemently that a spammer's right to "free speech" overrides my right to accept or deny data arriving at the edge of my network, for whatever reason I decide, including irrational reasons. I can and will use any tools at my disposal to control what enters (and leaves) my systems. The problem with end-user solutions that live in the mail client is that by the time spam is deleted, the resource cost has already occured. I much prefer to simply drop connections that I don't want; it still costs me a little bandwidth but I don't waste the disk space and processing cycles that I would if I accepted the spam.
Free speech for everyone is all very well, but the galling thing is that most spam is *deceptive*, using falsified return information or deliberately implicating other innocent third parties. I would settle for allowing all mail to come in iff I can puruse claims for fraud against those who won't play nice. Since this is unlikely to happen any time soon, I'll keep my blocking techniques, thank you very much, and I won't be shedding any tears over the "free speech" rights of spammers - I simply don't recognise any innate "right" to practice deception, especially when it's at my own expense.
Silly EFF (Score:5, Interesting)
Freedom of speech is *harmed* by spam; it is harder and harder to talk to people, because more and more of them need a variety of local blacklists, buggy procmail rules, or other harsh filters, just to use their mailboxes *at all*. My friend can't email her dad, because the first time he checked his mailbox, he had a thousand pieces of spam.
That's not free speech. Free speech is the right to say things that people don't like - not the right to say things at no cost to yourself, to people who don't want to subsidize you, in their private space.
Enforcement, not prevention. (Score:3, Interesting)
You can't.
But, human beings have the ability to reason and match patterns in history to pattern in planning. And if they see masses of spammers being investigated and tried and sentenced and punished, that's a pattern that will be strong in their history.
Spam is not a violent crime. The inability to intercept it is not a detriment to public safety. But our apathy has led to the feeling among spammers that they can get away with it. By showing them they can't, they will for the most part stop trying.
And it's very easy to enforce. Every spam necessarily includes directions on how to contact those who would profit from your participation. And they need to stay there in order to collect your request. So every spam is a notice to the authorities to go to this place and arrest these people. Their trial will sort out whether they are guilty or not.
--Blair
You might not like MAPS, (Score:2, Insightful)
To: ask@eff.org Subject: RBLs (Score:2)
RBLs, databases of open relays in particular, are excellent tools for preventing spam. They are content-neutral and are designed only to penalize systems that misconfigure their mail servers. I have seen numerous instances where customers or employees of organizations with misconfigured systems have successfully applied pressure to management to get the mail systems configured correctly.
Remember, there are often business pressures to maintain an open relay. Management doesn't understand the issue, so they're reluctant to expend resources on it. Customers balk at use of SMTP AUTH or POP-before-SMTP. The pressures, in short, point to a tragedy-of-the-commons type of situation.
Open relay databases change the balance of pressures. They enable victims of spam to provide feedback to the organizations that maintain open relays, telling them: if you don't stop enabling others to consume my resources without permission, then your ability to communicate with others will be negatively affected. They enable victims of spam to act as a bloc.
Example.com, my employer, enables our customers to use or not use MAPS' "RSS" open relay database at their discretion. Example.net, a site for which I volunteer, uses the ORDB open relay database for all users, for many reasons; but only after determining that the consensus of the users was for such a measure. [Domain names were changed here because I felt like it. They were real in the email I sent.]
Your suggestion of a boycott of spamvertised products is quite naive. The cost of advertising through spam is so low that it takes very few sales to recoup.
Your suggestion that the Constitution of the USA is relevant to RBLs also seems weak to me. Private entities are not generally bound by restrictions on the behavior of governments. As an owner and operator of network equipment, I have the right to deny others the ability to use that equipment to send advertisements at my expense. I'll refrain from quoting the hackneyed line about freedom, fists and noses, but you get the idea.
Spam is one of the most complex issues (Score:5, Insightful)
Amazingly, because of this, many of the people writing here with opposite positions may both be right.
I've written extensively on this and have a collection of essays on my web site, though they are not all endorsed by fellow EFF people. As you might expect, with such new and contentious issues, no group, not slashdotters and certainly not the EFF, finds itself of a single mind.
Those who have written that the first amendment applies only to government action are correct. However, the principles of free speech apply universally, if you defend them. Private actors do have their right to block speech, but this does not make such actions immune from criticism by free speech advocates.
Instead, I look to define good principles by which we private actors might govern ourselves. There are many good lessons in the free speech principles to which we have held governments.
Amongst the principles (not just in free speech) is the protection of the innocent. That you don't punish the bystanders to get at the guilty. Private actors usually have the right to do that, but it need not be lauded.
Unfortunately, and I think this sits at the soul of problems with MAPS, blacklists tend to operate that way. I know many are aware of this, but have dedided that blacklists are the only way, and so a few innocents must be punished to stop spam.
This is of particular concern when the area is communication.
People do have the right not to listen to any communication, but this is a very simple statement about a complex issue. There is much to be said about how they should exercise that right.
EFF position on Junk Fax? (Score:4, Interesting)
EFF fails to understand the concept of MAPS (Score:4, Insightful)
The EFF, like many other groups, is incorrectly stating that MAPS is the organization doing the actual blocking of packets, not the ISPs. It is clear to me that if ISPs did not agree with MAPS' policies on what to block and with its history of questionable bans, then those ISPs wouldn't subscribe to MAPS. It is clear that ISPs see a benefit in using a blacklist, one that saves them money on bandwidth and support. Aside from the purely practical aspect, many feel very strongly about spam.
The EFF stated that they wouldn't support a blacklist if it blocked one legitimate piece of e-mail. Aside from the fact that this is impossible, they don't seem to understand the reason that MAPS works. It wouldn't work if spam-friendly ISPs were free to sign up spammers, without any fear of ALL their traffic being blackholed.. In order for a blackhole to work, you have to block ALL of their users' traffic. Yes, it sucks if you are that user.. however, it may teach you a lesson that it doesn't pay to have a spammer one IP over from you. If ISPs don't deal with their spam problems, they are free to watch all their users go away.
MAPS 'suggested anti-spam policies' are not overly demanding. They don't force ISPs to jump through hoops, they are reasonable requests to make. An ISP who subscribes to MAPS is saying, "I don't want to receive newsletters that are not confirmed opt-in. I don't want to receive mail from ISPs with open relays." Folks, that's not too much to ask for.
Yes it's a strong arm tactic, but it's one or the other - strong arm, or legislation. The EFF believes that filtering at the user's end is the right way to deal with spam. Bullshit. Filtering doesn't stop them from using up my bandwidth. Filtering doesn't stop them from spewing all over the net, wasting the time of support staff nationwide. Until every last AOL box is filtered from receiving a single piece of spam, there WILL be suckers responding to this shit, and the spammers WILL get paid. Filtering doesn't stop spam support services, spamvertised web sites, or spamware companies.
The EFF throws around that word, 'censorship,' like they don't know what it means. This worries me.. it is censorship if someone (correct me if I'm wrong, but censorship applies only to gov'ts) prevents you from voicing your opinion, or saying whatever you have to say. It is NOT censorship if I say to you, "I'm not going to listen to what you, or anyone from your ISP, has to say."
As for legislation, illegal censorship prevents speech based on CONTENT. Legal restraint of speech, such as junk fax laws, prevents speech based on the METHOD of the speech.
Antivirus also ? (Score:3, Interesting)
Should the virus scanning-and-removal also be delayed until the end user receives the mail ?
What is the difference anyway, UCE or Viruses, both are unwanted (the 'U' in UCE) and eat up bot the users and the ISPs resources, time/disk space/cpu/bandwith.
I came to work once, and was greeted by 13000 bounces in my mailbox, somebody had discovered a client's open sendmail who forwarded everything to our backup MX server, who then sent it to the promary MX, who happily processed it ;-(
Those who deliberatly run open mail-relays deserve to be either blacklisted by MAPS or simply shot.
Too simplicistic (Score:3, Interesting)
This is all fine and nice. It is a bit of a US centric view though, since (virtually) the rest of the world pays for their internet connection by the second.
So if I filter on my end, I still pay for the downloaded crap, despite the fact that I never (want to) see it. A powerful -, end user configurable filter directly at my ISP would be a different story.
The Problem With Not Rejecting Spam (Score:3, Informative)
You can put it in a separate folder and examine, of course, but then you have to look at the stuff, so you might as well put it in your regular inbox. And you still stand the chance of missing a legitimate e-mail that looks too much like a spam.
cjs
Re:MAPS? (Score:2, Insightful)
The ISP opts-in, the user doesn't.
Furthermore, a user on an ISP that got listed on MAPS certainly doesn't.
Re:MAPS? (Score:3, Informative)
Jeff
Re:MAPS? (Score:4, Interesting)
Not if your packets happen to travel through abovenet. Vixie, founder of MAPS, is the CTO at abovenet, and they regularily drop packets based on MAPS RBL.
Not much choice there for end users.
Re:MAPS? (Score:2)
overall, though, i don't really see the argument for MAPS as a rights violation, the way EFF is talking. i choose not to go that route because i think i and my users want more fine grain controls over who we don't want to talk with.
Re: (Score:2)
Re:Just block port 25... (Score:2)
90% of IIS worm incidents could be eliminated by blocking port 80 access for non-business accounts. You objected later in your post to the port 80 blocking. Why is port 25 any different?
If users were forced to go through their ISP's SMTP server, the ISPs would be able to quickly detect and shut down spammers. The spam-spew programs would not work as they would not be able to directly connect to their victims' SMTP servers.
They'd just use an open SSL proxy to tunnel through. CONNECT victim.host.com:25 HTTP/1.1. Boom, you're in. And the spam didn't even come from your ISP's netblock.
Re: (Score:2)
Comment removed (Score:4, Insightful)
Re:Windows (Score:2)
Mailtraq [mailtraq.com]. Good software. It has no trouble handling offices with 1,000 boxes and can hook up to any provider using SMTP or POP. Good rules sets, accounts, fairly easy to set up, blah blah blah. A search on Google will bring back a lot of third-party info on the software, its configuration and more.
woof.
Re:Amount of SPAM question... (Score:3, Interesting)
I don't know how authoritative this is, but my old ISP (XMission in Salt Lake City) had a page listing attempts blocked by the MAPS rules. They were blocking somewhere about 10-20 thousand attempts per day on average, with regular spikes into the 40 thousand range and occasional spikes into the 70-80 thousand attempt neighborhood.
As a sanity check, they only flagged messages listed on ORBS and, for a while, only flagged messages listed on MAPS (until the spamload got too high). In 6 years, I got precisely one piece of mail that was ORBS-flagged that wasn't spam, and no non-spam with a MAPS-flag while MAPS flagging was in effect. Since ORBS is more aggresive in listing sites than MAPS is, this is sufficient evidence to me that at the very least the amount of non-spam incorrectly flagged by MAPS and/or ORBS was a small fraction of the amount of spam they were catching.