Some of the frequently asked questions about the MAPS Relay Spam Stopper.
What is the MAPS RSS?
How do sites end up on the RSS?
How are sites removed from the RSS?
Are sites notified when they're added to the RSS list?
How come you don't give the relay operators a grace period before adding their site to the list?
How come you don't automatically retest servers to see if they're closed?
Isn't the RSS the same as the MAPS RBL?
Isn't the RSS the same as ORBS?
What good does it do to block open relays?
Why do you wait until AFTER they've sent spam?
How do you prove that a machine is an open relay?
Isn't performing an open relay check network abuse?
What about multihop relays?
What you're doing is illegal and wrong!
This FAQ is a work in progress.
MAPS RSS is a list of email relays which have been used to send bulk unsolicited email, otherwise known as "spam". The list is viewable by anyone. This list may be used in a variety of ways; its primary purpose is to assist others in preventing "spam" messages from reaching them through the listed servers.
How do sites end up on the RSS?
Users who receive spam from an open relaying mail server send the spam to us and ask us to list the server on the RSS. Very generally speaking, if a site has been caught relaying spam and is confirmed to still be open to third-party relay, then that site is eligible for listing on the RSS. If we receive a submission that matches that criteria, we usually will list the site. See our submission guideline page for more information on submissions.
How are sites removed from the RSS?
Generally, the person who administers the server contacts us via an online web form, and if the server has been fixed to stop relaying third-party mail, we'll remove it as soon as possible. Visit this page for more information about how to get a site removed from the RSS list.
Are sites notified when they're added to the RSS list?
Yes. Unfortunately, the notification mail is not always received by the remote server, or read by the system's administrator. If a server is misconfigured to the point where it'll relay third-party spam, it's likely that it's also misconfigured to the point where it won't accept postmaster mail. If your site has working reverse DNS and a working postmaster mailbox (or abuse.net database entry) then you will absolutely be notified if/when your site is added to RSS.
How come you don't give the relay operators a grace period before adding their site to the list?
The idea of a grace period is problematic. When assisting the RBL team with open relays, we've noticed that the vast majority of relay operators do not respond to such warnings. Most folks seem to fail to take our complaint seriously, and fail to take their spam relay problem seriously, until suddenly thousands of internet sites start refusing their mail.
Besides, as mentioned in the previous question, many sites don't have working postmaster or abuse.net registered contact addresses, or don't read these mailboxes in a timely fashion. The grace period warning/notifications would often bounce or simply go unread.
Finally, the RSS is also a quarantine list. A listed system is sick; it's spewing garbage at us. When it's fixed, we'll be happy to accept further mail from it, but in the meantime, one of the specific purposes of the list is to prevent it from spreading the mess around until the problem is resolved.
With the vast majority of the listings lasting for over two weeks, a grace period of, say, 48 hours would really do nothing but let sites relay spam for a bit longer before they were clamped down.How come you don't automatically retest servers to see if they're closed?
Overall, we feel that'd be abusive. Like noted above, most servers that are open to relay continue to be open to relay for a medium-to-long while. If we constantly poked at those servers, we'd just make the administrators angrier at us. We'd like them to focus on the real problem of spam relay, instead of on us. As such, we generally don't test a server for possible removal unless requested to do so by a representative of the organization that operates the server.
Isn't the RSS the same as the MAPS RBL?
No. While both lists do address the issue of relayed spam, they are quite different in scope and implementation.
The RSS is a faster-moving, semi-automated list that allows you to refuse mail from sites that have relayed spam and are still open to relay. We generally do not remove sites until they have stopped their server from relaying more spam, and we make no attempt to address anything other than relay spam.
The RBL is a more detail-oriented list that addresses much more than relay spam. Sites could be listed on the RBL for reasons beyond being an abused spam relay. There are stricter criteria for being listed on the RBL list; this criteria usually includes a notification attempt be made to the affected site or organization. See their web site for further details.
Isn't the RSS the same as ORBS?
The primary difference between RSS and ORBS is the criteria by which relays get listed. ORBS will list any open relay submitted to it, whether or not there has been any spam sent through that particular machine. MAPS RSS only lists servers that have already sent spam. We also maintain an archive of the spammed messages that cause relays to be listed; we make that information available to appropriate parties upon request.
Additionally, RSS lists mail servers that have relayed third-party spam. ORBS integrates into its list additional "manual" data including sites and networks which ORBS is unhappy with, even if they're not proven spam relaying mail servers. We don't have listings of that nature, because we find that to be inappropriate.
What good does it do to block open relays?
It has been demonstrated that the same open relays are abused repeatedly by spammers; using this list should reduce the amount of spam that a mail system is required to accept and/or filter.
Why do you wait until AFTER they've sent spam?
Because we believe that you're innocent until proven guilty. We find that we keep a lot more friends that way. ;-) Plus it is our desire to maintain the internet as much as an open system as we can.
How do you prove that a machine is an open relay?
After receiving evidence of a relay having been used for spam, we perform a single relay test ourselves.
Isn't performing an open relay check network abuse?
No; not in our opinion, and not in the opinion of our internet service provider. First, MAPS RSS has already received evidence of an unsolicited email advertisement from the relay; second, we clearly describe our intent in the exchange with the other machine; third, we send a message back to MAPS RSS, not to an unwilling third party. Finally, a relay test uses less than 2k of the server's space for an average of 30 seconds or less; this is less than one tenth of one percent of what the average spam run uses when it exploits open relays.
We won't list multihop (multi-level) relays. We feel that blocking the output end of a multihop relay chain can cause too much collateral damage. It's not likely that we'll ever list multihop relays. The RBL does list multihop relays, so be sure to check their submission guidelines if you'd like to submit a multilevel relay to them. We highly recommend working up an RBL nomination in these cases -- it's very easy to do.
What you're doing is illegal and wrong!
Obviously, we disagree with that characterization. Visit our "rights" page for our point of view on these issues.
This FAQ is a work in progress.
If you have a question and you don't see it listed here, please contact us.
Click here to return to the main menu.
[ MAPS LLC | RSS | RBL | DUL | TSI ] [ Contact Us ] Updated 6/18/2000.