Some of the frequently asked questions about the MAPSSM Relay Spam Stopper.
What is the MAPS RSSSM?
How do sites end up on the RSSSM?
How are sites removed from the RSSSM?
Are sites notified when they're added to the RSSSM list?
How come you don't give the relay operators a grace period before adding their site to the list?
How come you don't automatically retest servers to see if they're closed?
Isn't the RSSSM the same as the MAPS RBLSM?
Isn't the RSSSM the same as ORBS?
What good does it do to block open relays?
Why do you wait until AFTER they've sent spam?
How do you prove that a machine is an open relay?
Isn't performing an open relay check network abuse?
What about multihop relays?
What you're doing is illegal and wrong!
This FAQ is a work in progress.
MAPS RSSSM is a list of email relays which have been used to send bulk unsolicited email, otherwise known as "spam". The list is viewable by anyone. This list may be used in a variety of ways; its primary purpose is to assist others in preventing "spam" messages from reaching them through the listed servers.
How do sites end up on the RSSSM?
Users who receive spam from an open relaying mail server send the spam to us and ask us to list the server on the RSSSM. Very generally speaking, if a site has been caught relaying spam and is confirmed to still be open to third-party relay, then that site is eligible for listing on the RSSSM. If we receive a submission that matches that criteria, we usually will list the site. See our submission guideline page for more information on submissions.
How are sites removed from the RSSSM?
Generally, the person who administers the server contacts us via an online web form, and if the server has been fixed to stop relaying third-party mail, we'll remove it as soon as possible. Visit this page for more information about how to get a site removed from the RSSSM list.
If no request is made to remove a server, the RSSSM will retire listings as follows:
First RSSSM listing of a given IP address: removal after 30 days. Second RSSSM listing of a given IP address: removal after 60 days. Third RSSSM listing of a given IP address: removal after 120 days. Fourth RSSSM listing of a given IP address: removal after 240 days. Any host blocking the tester will require a manual removal.
MAPSSM reserves the right to reassess, extend, or otherwise adjust the expiration times, or to implement a "no expiration" policy, in its sole discretion and without prior notice.
Are sites notified when they're added to the RSSSM list?
Yes. Unfortunately, the notification mail is not always received by the remote server, or read by the system's administrator. If a server is misconfigured to the point where it'll relay third-party spam, it's likely that it's also misconfigured to the point where it won't accept postmaster mail. If your site has working reverse DNS and a working postmaster mailbox (or abuse.net database entry) then you will absolutely be notified if/when your site is added to RSSSM.
How come you don't give the relay operators a grace period before adding their site to the list?
The idea of a grace period is problematic. When assisting the RBLSM team with open relays, we've noticed that the vast majority of relay operators do not respond to such warnings. Most folks seem to fail to take our complaint seriously, and fail to take their spam relay problem seriously, until suddenly thousands of internet sites start refusing their mail.
Besides, as mentioned in the previous question, many sites don't have working postmaster or abuse.net registered contact addresses, or don't read these mailboxes in a timely fashion. The grace period warning/notifications would often bounce or simply go unread.
Finally, the RSSSM is also a quarantine list. A listed system is sick; it's spewing garbage at us. When it's fixed, we'll be happy to accept further mail from it, but in the meantime, one of the specific purposes of the list is to prevent it from spreading the mess around until the problem is resolved.
With the vast majority of the listings lasting for over two weeks, a grace period of, say, 48 hours would really do nothing but let sites relay spam for a bit longer before they were clamped down.How come you don't automatically retest servers to see if they're closed?
Overall, we feel that'd be abusive. Like noted above, most servers that are open to relay continue to be open to relay for a medium-to-long while. If we constantly poked at those servers, we'd just make the administrators angrier at us. We'd like them to focus on the real problem of spam relay, instead of on us. As such, we generally don't test a server for possible removal unless requested to do so by a representative of the organization that operates the server.
Isn't the RSSSM the same as the MAPS RBLSM?
No. While both lists do address the issue of relayed spam, they are quite different in scope and implementation.
The RSSSM is a faster-moving, semi-automated list that allows you to refuse mail from sites that have relayed spam and are still open to relay. We generally do not remove sites until they have stopped their server from relaying more spam, and we make no attempt to address anything other than relay spam.
The RBLSM is a more detail-oriented list that addresses much more than relay spam. Sites could be listed on the RBLSM for reasons beyond being an abused spam relay. There are stricter criteria for being listed on the RBLSM list; this criteria usually includes a notification attempt be made to the affected site or organization. See their web site for further details.
Isn't the RSSSM the same as ORBS?
The primary difference between RSSSM and ORBS is the criteria by which relays get listed. ORBS will list any open relay submitted to it, whether or not there has been any spam sent through that particular machine. MAPS RSSSM only lists servers that have already sent spam. We also maintain an archive of the spammed messages that cause relays to be listed; we make that information available to appropriate parties upon request.
Additionally, RSSSM lists mail servers that have relayed spam. ORBS integrates into its list additional "manual" data including sites and networks which ORBS is unhappy with, even if they're not proven spam relaying mail servers. We don't have listings of that nature, because we find that to be inappropriate.
What good does it do to block open relays?
It has been demonstrated that the same open relays are abused repeatedly by spammers; using this list should reduce the amount of spam that a mail system is required to accept and/or filter.
Why do you wait until AFTER they've sent spam?
Because we believe that you're innocent until proven guilty. We find that we keep a lot more friends that way. ;-) Plus it is our desire to maintain the internet as much as an open system as we can.
How do you prove that a machine is an open relay?
After receiving evidence of a relay having been used for spam, we perform a single relay test ourselves.
Isn't performing an open relay check network abuse?
No; not in our opinion, and not in the opinion of our internet service provider. First, MAPS RSSSM has already received evidence of an unsolicited email advertisement from the relay; second, we clearly describe our intent in the exchange with the other machine; third, we send a message back to MAPS RSSSM, not to an unwilling third party. Finally, a relay test uses less than 2k of the server's space for an average of 30 seconds or less; this is less than one tenth of one percent of what the average spam run uses when it exploits open relays.
We won't list multihop (multi-level) relays. We feel that blocking the output end of a multihop relay chain can cause too much collateral damage. It's not likely that we'll ever list multihop relays. The RBLSM does list multihop relays, so be sure to check their submission guidelines if you'd like to submit a multilevel relay to them. We highly recommend working up an RBLSM nomination in these cases -- it's very easy to do.
What you're doing is illegal and wrong!
Obviously, we disagree with that characterization. Visit our "rights" page for our point of view on these issues.
This FAQ is a work in progress.
If you have a question and you don't see it listed here, please contact us.
Click here to return to the main menu.
[ MAPSSM LLC | RSSSM | RBLSM | DULSM | TSI ] [ Contact Us ] Updated 6/18/2000.