|
Some of the frequently asked questions about the MAPSSM Open Proxy Stopper.
What is the MAPS OPSSM?
How do IP addresses end up on the OPSSM?
How are IP addresses removed from the OPSSM?
Are the owners of the IP addresses notified when they're added to the OPSSM list?
How come you don't give the operators of the IP address a grace period before adding their IP address to the list?
How come you don't automatically retest IP addresses to see if they're secured?
Isn't the OPSSM the same as the MAPS RBLSM?
What good does it do to block open proxies?
Why do you wait until AFTER they've sent spam?
How do you prove that an IP address is an open proxy?
Isn't performing an open proxy check network abuse?
What you're doing is illegal and wrong!
This FAQ is a work in progress.
MAPS OPSSM is a list of IP addresses of open proxies which have been used to transmit bulk unsolicited email, otherwise known as "spam". The list is made available to those who subscribe to the MAPS OPSSM. This list may be used in a variety of ways; its primary purpose is to assist others in preventing "spam" messages from reaching them through the listed IP addresses.
How do IP addresses end up on the OPSSM?
Users who receive spam via an open proxy send the spam to us and ask us to list the IP address of the open proxy on the OPSSM. Very generally speaking, if an IP address has been found to transmit spam via an open proxy and is confirmed to still be an open proxy during our testing, then that IP address is eligible for listing on the OPSSM. If we receive a submission that matches that criteria, we usually will list the IP address. See our submission guideline page for more information on submissions.
How are IP addresses removed from the OPSSM?
The person who administers the server must contact us via an online web form, and if the server has been configured so that it is no longer an open proxy that can be used to transmit spam, we'll remove it as soon as possible. Visit this page for more information about how to get an IP address removed from the OPSSM list.
Any IP address blocking the tester will require a manual removal.
Are the owners of the IP addresses notified when they're added to the OPSSM list?
Yes. Unfortunately, the notification mail is not always received by the remote server, or read by the system's administrator. If a server is misconfigured to the point where it is an open proxy that can be used to transmit spam, it's likely that it's also misconfigured to the point where it won't accept postmaster mail, or it may not even by running any SMTP services at all. If your IP address has working reverse DNS and a working postmaster mailbox (or abuse.net database entry) then you will absolutely be notified if/when your site is added to OPSSM.
How come you don't give the operators of the IP address a grace period before adding their IP address to the list?
The idea of a grace period is problematic. When assisting the RBLSM team with open proxies and relays, we've noticed that the vast majority of the operators do not respond to such warnings. Most folks seem to fail to take our complaint seriously, and fail to take their open proxy problem seriously, until suddenly thousands of internet sites start rejecting their mail.
Besides, as mentioned in the previous question, many sites don't have working postmaster or abuse.net registered contact addresses, or don't read these mailboxes in a timely fashion. The grace period warning/notifications would often bounce or simply go unread.
Finally, the OPSSM is also a quarantine list. A listed IP address is a security problem; it's been used, and continues to be used to transmit spam. When it's fixed, we'll be happy to accept further mail from it, but in the meantime, one of the specific purposes of the list is to prevent it from transmitting additional spam until the problem is resolved.
With the vast majority of the listings lasting for over two weeks, a grace period of, say, 48 hours would really do nothing but let sites transmit spam for a bit longer before they were clamped down.How come you don't automatically retest IP addresses to see if they're closed?
Overall, we feel that'd be abusive. Like noted above, most servers that are open proxies continue to be open for a medium-to-long while. If we constantly poked at those servers, we'd just make the administrators angrier at us. We'd like them to focus on the real problem of securing their open proxy, instead of on us. As such, we generally don't test a server for possible removal unless requested to do so by a representative of the organization that operates the server.
Isn't the OPSSM the same as the MAPS RBLSM?
No. While both lists do address the issue of proxied spam, they are quite different in scope and implementation.
The OPSSM is a faster-moving, semi-automated list that allows you to refuse mail from IP addresses that are open proxies that have transmitted spam and are still vulnerable to this. We generally do not remove IP addresses until they have secured the open proxy, and we make no attempt to address anything other than spam transmitted via an open proxy.
The RBLSM is a more detail-oriented list that addresses much more than open proxies. IP addresses could be listed on the RBLSM for reasons beyond being an abused open proxy. There are stricter criteria for being listed on the RBLSM; this criteria usually includes a notification attempt be made to the affected IP address. See their web site for further details.
What good does it do to block open proxies?
It has been demonstrated that the same open proxies are abused repeatedly by spammers; using this list should reduce the amount of spam that a mail system is required to accept and/or filter.
Why do you wait until AFTER they've sent spam?
Because we believe that you're innocent until proven guilty. We find that we keep a lot more friends that way. ;-) Plus it is our desire to maintain the internet as much as an open system as we can.
How do you prove that a machine is an open proxy?
After receiving evidence of an open proxy having been used to transmit spam, we perform a proxy test ourselves.
Isn't performing an open proxy check network abuse?
No; not in our opinion, and not in the opinion of our internet service provider. First, MAPS OPSSM has already received evidence of an unsolicited email advertisement from the open proxy; second, we clearly describe our intent in the exchange with the other machine; third, we send a message back to MAPS OPSSM, not to an unwilling third party. Finally, a proxy test uses none of the server's space and takes an average of 30 seconds or less to perform; this is less than one tenth of one percent of what the average spam run uses when it exploits open proxies.
What you're doing is illegal and wrong!
Obviously, we disagree with that characterization. Visit our "rights" page for our point of view on these issues.
This FAQ is a work in progress.
If you have a question and you don't see it listed here, please contact us.
Click here to return to the main menu.
[ MAPSSM LLC | RSSSM | RBLSM | DULSM | NMLSM | TSI ] [ Contact Us ] Updated 4/15/2003.