The MAPS RBL+ in JANET

JANET(UK) has subscribed to certain services of Mail Abuse Prevention System LLC (MAPS, now part of Trend Micro) on behalf of all JANET customer organisations. This note is for the information and guidance of those who manage or administer mail services within JANET organisations.

Top

• How to use the JANET RBL+: quick-start instructions in a separate document
• Conditions of use (in the above separate note)
• How it works
• What is available
• Other MAPS lists
• TXT records
• Zone transfers
• Technical arrangements within JANET
• Service provision
• Robustness
• Capacity
• Performance issue
• Background to this subscription
• Further information
• References

Contents | Top

How to use the JANET RBL+

Please see the separate short note How to use the JANET RBL+.

Up | Contents | Top

How it works

What is available

JANET organisations can test whether an individual IP address is in the MAPS RBL+ by looking up a specially constructed domain name in the DNS, the standard Domain Name Service.
For an IPv4 address a.b.c.d (in the usual 'dotted-quad' notation), attempt to find an A (Address) record for the domain name

d.c.b.a.rbl-plus.mail-abuse.ja.net

which begins with the target address in reverse order.
If the lookup succeeds, a.b.c.d is in the JANET RBL+ and the address returned gives some additional information.
If the lookup fails, a.b.c.d is not in RBL+.

This is exactly the pattern of the original MAPS RBL lookup and returns similar results based on current RBL+ data. Although it is quite possible to carry out manual lookups for individual IP addresses, it is expected that a mail program will automatically check each IP address from which it receives an attempt to transfer mail, and will respond to the attempt in a manner set by the system administrator and depending on the result of the lookup.

Up | Previous | Contents

Other MAPS lists

RBL+ is the union of the four separate MAPS lists RBL, DUL, RSS and OPS (see below for brief descriptions). RBL+ will succeed for an address covered by any one or more of the four.

However, the value returned in a successful RBL+ lookup does carry information about which of the four basic lists contains the target address. The normal lookup is for an A (Address) record, and the address returned will be of the form 127.1.0.N. The number N is between 1 and 15, and is a bit encoding of the status of the target address in the four lists:

• the '1' bit indicates presence in the RBL;
• the '2' bit indicates presence in the DUL;
• the '4' bit indicates presence in the RSS;
• the '8' bit indicates presence in the OPS.

The resulting decoding is:

127.1.0.1	address is in				RBL
127.1.0.2				DUL
127.1.0.3				DUL	RBL
127.1.0.4			RSS
127.1.0.5			RSS		RBL
127.1.0.6			RSS	DUL
127.1.0.7			RSS	DUL	RBL
127.1.0.8		OPS
127.1.0.9		OPS			RBL
127.1.0.10		OPS		DUL
127.1.0.11		OPS		DUL	RBL
127.1.0.12		OPS	RSS
127.1.0.13		OPS	RSS		RBL
127.1.0.14		OPS	RSS	DUL
127.1.0.15		OPS	RSS	DUL	RBL

Certain mailer products can be configured to use the information in these returned addresses and effectively to treat the individual component lists separately. The note "Using RBL+ with Exim" is an example of configuration for one product in common use in JANET.

Up | Previous | Contents

TXT records

Certain of the MAPS zones maintain a TXT (Text) record for each entry, containing material for the message accompanying the SMTP rejection code. (Simple Mail Transfer Protocol, set out in RFC 2821). The TXT records are not available in the JANET RBL+.

Up | Previous | Contents

Zone transfers

Under the terms of the JANET subscription to MAPS, the JANET zones are available to JANET organisations for 'query' use without cost. If on reading the benefits of 'zone transfer' use you feel that it would be a better solution for your own organisation or department, you will need to contact MAPS directly and make your own subscription. JANET(UK) has no objection to you supporting MAPS in this way. JANET organisations would normally qualify to subscribe at the 'not-for-profit and educational' rates.

Up | Previous | Contents

Technical arrangements within JANET

Under JANET(UK)'s subscription to RBL+, JANET transfers the rbl-plus zone from MAPS and makes it available for query use to any users of JANET. To prevent users of other networks from accidentally using the data without subscription, it is placed in a zone served only by JANET nameservers, and those nameservers are configured to service only lookup requests which come from within JANET. No zone transfers are available from the JANET servers.

Normal use of the DNS will share load between the nameservers and provide resilience against most system or network failures within JANET, and JANET has multiple points of access to the MAPS data.

Up | Previous | Contents

Service provision

Robustness

With three nameservers located at different points in the network, there is no major threat to the service from equipment or network failures of other than catastrophic scale or duration.

Capacity

Load on the nameservers is continuously monitored. We believe that overload would result in performance degradation rather than a gross loss of service.

Performance issue

We are aware of one performance issue, also noted by other networks. The zone is large and updates are frequent. Current versions of BIND (the nameserver product used) suspend response to queries while a zone updates, causing lookup delays of up to 90 seconds a few times a day.

The nameservers are managed so that they do not update at the same time, and this should never be a problem in practice.

Up | Previous | Contents

Background

MAPS is a not-for-profit company located in California. MAPS pioneered the Realtime Blackhole List (RBL), a single point where reports of Unsolicited Bulk E-mail (UBE) could be submitted, verified and recorded and the resulting list of source addresses made available immediately to any individual or organisation who chose to use it.

MAPS' integrity and the open and objective nature of this arrangement quickly earned widespread respect among mail managers worldwide, and many mail managers now choose to configure their networks or mail systems to refuse connections from listed addresses, with two quite different effects.

• Their own mail systems and services immediately become practically inaccessible to many bulk mailers, reducing the impact of UBE on those services; and this is a considerable short-term benefit.
• In the long term, however, the RBL is intended to change the behaviour of marketing businesses. So long as the criteria for inclusion in the RBL express a consensus view among Internet Service Providers (ISPs), listed organisations will find their attempts to send UBE ineffective, ISPs will find it damaging to provide their conectivity and the practice of UBE will become obsolete.

For some years MAPS operated on a goodwill basis. In the competitive and litigious environment of the United States, it was inevitable that some or all of the landmarks in the process of change are lawsuits. MAPS did not shrink from them, and their willingness to be sued was for a time enough of a deterrent to most would-be bulk mailers. Some, however, are businesses with far greater resources to apply to litigation than MAPS itself; a winning strategy for them was to prolong the case without ever reaching a point where the issues that MAPS considers important are publicly discussed. MAPS' resources were limited and they became unable to sustain this campaign on their former basis. Since August 2001 MAPS has sought to raise resources from major ISPs and others who value the service the RBL provides, and has restricted its use to subscribers in order to manage that process.

Up | Previous | Contents

As well as the function of the original RBL, MAPS now maintains listings with a variety of criteria.

• The RBL itself now lists addresses or address blocks associated with certain deficiencies in policy on UBE.
• The RSS (Relay Spam Stopper) lists open mail relays, insecure systems which are a major route for UBE.
• The DUL (Dial-Up List) lists dial-up address blocks and so identifies routes which bypass the mail service of the originating ISP.
• The OPS (Open Proxy Stopper) lists the IP addresses of open proxies which have been used to transmit UBE.

The criteria for inclusion in each list are set out in the Web pages for the services.

RBL+ combines all these listings; all addresses which are on any one or more of the above lists are included in RBL+.

Certain other organisations operate or have operated lists published in similar ways but with different criteria; although valuable in some circumstances, few have achieved the same level of acceptance as the MAPS lists.

Use of the MAPS RBL+ is an opportunity for JANET organisations to manage the UBE they receive and at the same time to gradually make UBE less acceptable in the worldwide Internet. JANET(UK) supports other programmes to reduce UBE, through LINX and RIPE.

Up | Previous | Contents

Further information

For further details please refer to the JANET Service Desk, Service@ja.net.

Up | Previous | Contents

References

• MAPS pages:
• Overview of RBL+.
• Overviews of RBL, DUL, RSS and OPS;
• JANET pages:
• How to use the JANET RBL+;
• "Using RBL+ with Exim" (an example of more selective use);
• Others:
• Configuration of RBL for Exim and sendmail;
• BIND, a widely deployed nameserver product;
• RFC 2821 Simple Mail Transfer Protocol, the standard for Internet mail exchange;
• RFC 1034, RFC 1035 and many later RFCs specify how the Domain Name System (DNS) operates.