 |
|
|
|
What is OPENLISTS? |
|
|
The short answer: OPENLISTS is a validated
database of open mailing list output points, accessible via DNS lookup.
|
|
|
|
|
|
OpenLists is a database for tracking SMTP servers
that have been confirmed to permit the addition of email addresses to lists
that they deliver without first obtaining the permission of the actual
owner of the email address through a closed-loop confirmation process before
beginning the mailings. These servers are output points for mailing lists
that contain these types of addresses.
|
|
|
|
|
|
Data on newly discovered servers can only be looked
up via RBL-style DNS queries or individual
email inquiries.
|
|
|
Results from an inquiry will show the current state
of an IP/Network in the system, along with some additional
information.
|
|
|
OpenLists is NOT a "black hole" - we do not
disseminate routing information causing included hosts to be unreachable
from portions of the Internet. Running an open mailing list is usually
accidental and those admins who continue to run open mailing lists, after
being warned about it by OpenLists and/or other entities, may eventually
find themselves in the MAPS RBL
- which is a "black hole" and has been used by at least 40% of the
mail servers on the Internet.
|
|
|
|
|
|
OpenLists tracks these systems so that people operating
mail servers subscribed to our database can block e-mail coming from IPs/Networks
that are hosts to open mailing lists until such time as they are fixed
to no longer permit the operation of those types of lists from within their
network.
|
|
|
|
|
|
Admins may alternatively set their systems up to
tag messages delivered from these servers as "possibly spam", or just log
the connections. What any admin does is entirely up to that admin. If you've
been blocked from delivering mail and given a pointer to this site please
note: It is the decision of the administrator of the site which blocked
you to disallow mail from IP addresses that are known to support improperly
operated mailing lists. Those sites must comply with that admin's rules
(not ours) in order to deliver mail to that site - we're just verifying
to the admin whether a host has sent mail to 'dirty' lists.
|
|
|
|
|
|
When an open mailing list is reported to OpenLists,
we subscribe a salted address to it using a unique token that is linked
in the OpenLists database to the subscription address being tested. We
then monitor messages that are sent to that salted address.
For any given combination of a salted address/IP, we assume that the first message that is received to that address is the confirmation message, to which there must be a reply in order to enable the subscription to that address. These messages are ignored by the system, and are never replied to or confirmed in any manner.
We may also redirect non-existent addresses within some test domains that appear to be subscribed to a mailing list for tracking within the system, thus using them as a salted address. (Since the address has never been valid within that domain, the list operator could never have received confirmation of permission to use that address from the 'owner' of that address.)
We also evaluate whether or not we are seeing a pattern of abuse from within what would be the same Class C (/24 CIDR) block of 256 addresses. We look at the 'whois' information for this address block, along with the RDNS for the addresses in the range. If the addresses appear to have the same 'owner' or don't have any RDNS defined for those addresses, the incoming item will be deferred for evaluation by a human. We will then select the smallest CIDR block that will encompass the IPs responsible for the message and expand entry in the tracking system accordingly. The objective is to cover the range of addresses that may be used to support the abusive mailing lists.
Upon receipt of the second message to that address, we have confirmed the mailing list is in fact an open list (c.f. FAQ: All of my lists use closed-loop confirmation). At that point, we begin tracking the abuse solely based upon the IP/Network that is, in our opinion, responsible for the abuse. We try to warn the administrators of the system (at postmaster@reverse-dns-name, postmaster@[ip address] and the contact for the SOA record, if the listing would involve more than just a single IP) then mark the IP/Network address to our database as being the source of abused mailing lists. If we receive a response to the notice, within twenty-four (24) hours, we mark the entry in the database so that an extended period (14 days) is allowed for the operator to clean up all of this lists originating from the IP/Network.
After the period for responding to the notice has expired (either 24 hours, or 14 days), if we receive any more messages from the IP/Network to subscribed addresses, we add the IP/Network to the real-time DNS database, and a notice of that listing to be sent, as above. |
|
|
|
|
|
FALSE POSITIVES: OpenLists is an automated system
that lists and tracks systems that allow mailing to unconfirmed lists of
addresses. If more than one message isn't sent to the address under test,
then that IP/Network is NOT listed as a system that operates open mailing
lists. Responding to the OpenLists notification message with a pointer
to what the IP/Network's policy is with respect to spam and/or UCE/UBE
or stating that "it isn't true" won't achieve anything other than frustration
for yourself. Saying a host doesn't allow this practice doesn't make
it so.
Offering to remove the bad addresses misses the point, as the addresses should have never been added to the list in the first place. The only remedial action that will suffice is to ensure that only mailing lists that have verifiably confirmed their address list are operating from that IP/Network. In our opinion, and in that of the people that subscribe to the list, it is the owner of the IP/Network's responsibility to ensure that the mailing lists that are operating from within their address space are only using this type of list. Neither us, nor our subscribers, want to have to spend any of our time trying to track down and get addresses removed from these improperly managed lists. Additionally, it can be impossible to get an address removed from some lists, unless you know the 'secrets' that were used when the subscription was obtained. |
|
|
|
|
|
The OpenLists database is exported as an RBL-style
DNS zone via the Usenet newsgroup 'alt.anonymous.messages.'
Many E-mail Transport Agents, as well as user-level tools, can be configured to consult this database to see if a server that is sending them E-mail is included in OpenLists. In this way, many sites and individuals protect their E-mail from UCE/UBE sent by these systems by consulting our central database and blocking incoming mail from these IPs/Networks, or by tagging such messages as "potentially UCE/UBE", etc. |
|
|
|
|
|
At present, only improperly operated lists that
come to the attention of the OpenLists administrators become candidates
for testing and addition to the list. Hitting various spam-trap addresses,
which the admins, in turn, follow up on with subscriptions and testing
find some of these lists. Other sources of lists are postings to
the Spam-L mailing list or to the News.Admin.Net-Abuse.Email (NANAE) Usenet
Newsgroup.
|
|
|
|
|
|
If you choose to operate your mailing lists in this
fashion (not confirming and obtaining permission to use the address), we're
not
demanding that you change your practices - doing so is your choice. It's
also an admin's personal choice to subscribe to the OpenLists database
and install MTA/delivery reject tests. Therefore, if you operate non-confirmed
lists and are being blocked by a mail server using OpenLists, you are being
told by that server's admin that you must comply with that site's policies
before being allowed to deliver mail to their server. We have nothing to
do with that decision other than making it easier for admins to detect
and reject connections from your servers that you choose
to operate in that manner.
|
|
|
|
|
|
The amount of time you may waste complaining about
the existence of this public resource would probably be better spent cleaning
up all of your mailing lists and being a good net neighbor.
|
|
|
|
|
|
Fairness: The ONLY people we have
an obligation to be fair to are those using OpenLists as part of their
mail filtering strategy. We delay listing IP/Networks for a few days (if
the first notice is acknowledged) in order to allow admins to reevaluate
their list operating policies and decide whether or not they want to close
and clean up their lists. We notify the postmasters/network administrators
so that they can change their practices and get out of the database quickly.
Please don't tell us that it's unfair to include your IP/Network in our
database. The only people using it are those who don't want mail from sites
that choose to operate their mailing lists in a fashion that has the potential
of abusing the actual owners of the email addresses and/or the admins that
are responsible for them (many admins have to deal with the bounces caused
by email being sent to invalid addresses that are added to a mailing list,
either maliciously or not) - and if you don't change your practices, you
will
likely eventually end up in more widely used RBL systems such as MAPS.
|
|
|
|
|
|
Aggressive: Yes, the method is aggressive,
if you call subscribing to mailing lists, and listing networks that support
abusable mailing list practices that are being used in the wild "aggressive".
We don't like open mailing lists and the abuse that can be caused by them.
In our experience, the amount of time required to try and 'educate' the
proprietors of these lists has grown to exponential proportions; these
types of lists are propagating faster than the education process can successfully
handle, in our opinions.
|
|
|
"I don't like the OpenLists database": Then don't use it
|
|
Who is behind the OpenLists system? |
|
|
The OpenLists system is operated by a small group
of (grumpy) volunteers who are sick and tired of receiving junk email via
systems that are, in our opinions, improperly operating their mailing lists
thereby causing us and potentially other admins unnecessary grief. The
list operators take no income from any source for the purposes of maintaining
this list. The only thing we want is for the improper list operation to
stop and in particular, for mailing lists operators to send email only
to parties that have specifically agreed to allow them to use their email
addresses for that specific purpose, using a closed-loop system to confirm
that permission before any mailings begin. Our contribution to helping
that happen is to maintain a database of IPs/Networks which are allowing
mailing lists to be operated in such a manner as to allow forged subscriptions.
(After all, the primary test of whether or not a system can be abused is
to subscribe an address to a mailing list without ever confirming it.)
|
|
|
|
|
|
· FAQ
|
|
|
|
|
|
|
|
|
|
|
|
Contact: mladmin@nym.cryptofortress.com-
as the system is semi-automated, the mail sent to this address is read
infrequently, and no reply is guaranteed. Note - any E-mail message sent
to this contact address or to any of our network service providers may
be posted in whole or in part to various anti-spam forums, depending on
the abusiveness or humor value of the message. ANY message that mentions
the words "lawyer" or related terms in particular will very likely be posted.
|
