[OT] Re: MAPS-RBL

Miguel Koren O'Brien de Lacy miguelk at KONSULTEX.COM.BR
Tue Feb 3 21:35:37 GMT 2004 

Julian;

I have to disagree completely with these databases.

I think that MAPS has a lot of bad information in it, like a virus 
scanner with many false alarms, only with graver consequences. A virus 
scanner maintainer puts a pattern in and mostly forgets about it because 
that pattern identifies a virus which will most likely never change into 
a benevolent file. Somebody putting a host or network into a 'pattern' 
database has a much harder job and an infinitely greater responsability 
because these 'patterns' (ips or networks) would have to come and go 
according to correct, dynamic information which decides without a doubt 
if the ip is 'a virus' (spamming) or not. Imagine a company that finds a 
virus and identifies that the string '0A' is in the file. So they decide 
to  mark every file with '0A' as a virus. Then they leave it up to the 
user of a given executable to make the third party developer prove to 
this hypothetical company that their use of '0A' is justified, not a 
virus, so that the program is finally able to run for the user. To make 
the analogy closer to reality, imagine that the user is not allowed to 
unisntall the virus scanner while he waits for all this to happen. You 
call themfor help and they say "ask Microsoft to contact us"!

I was an innocent victim of the MAPS gang in December during over a 
month. I had to jump through hoops to get my IP out of a DUL range, 
which I found out about when all of a sudden some of our users could not 
communicate with their major customer. I don't have a dynamic IP and I 
have my reverse DNS configured, even though the ISP probably assigns 
some dynamic ones in the net range. My influence on what the ISP does 
tends to zero.

Getting an IP "cleared" is very difficult and time consuming because 
mailabuse.com is not proactive and leaves the problem for the victim to 
solve. I believe that the reason is that their database appears more 
valuable if it has more IPs in it. They proved to me that they don't 
care if I can't communicate. The irony is that you can't communicate by 
email even with them! I bet most people don't bother to go all the way 
like I did and just convince the receiving party of the emails to ignore 
MAPS for their case. And so the database fills up with junk.

That's my experience with MAPS. Maybe others are better.

Miguel

Julian Field wrote:

> At 19:33 03/02/2004, you wrote:
>
>> > We use RBL+ and reject about 4,000 messages/day.  It is quite useful.
>>
>> Its not bad, we also have a subscription, but we see a multiple of the
>> hits on RBL+ on the NJABL and DSBL lists... I would try lists like that
>> before moving to a payed list.
>
>
> And definitely try the combined XBL+SBL list from spamhaus.org too. Very
> good in my experience.
> -- 
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>



-- 
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.

More information about the MailScanner mailing list