The MAPS story is still being edited. Last updated 8/7/08
According to MAPS own history, MAPS started in Late 1996.
AOL Mailbombs Cyberpromo's ISPs. The Court finds that there isn't a First Amendment right to send email to AOL. We agree that the First Amendement protects people from the government. But the First Amendment doesn't give AOL the right to conduct mailbombing tactics against AGIS for hosting Cyberpromo.
CYBER PROMOTIONS, INC. v. AMERICAN ONLINE, INC. 948 F.Supp. 436:
These cases present the novel issue of whether, under the First Amendment to the United States Constitution, one private company has the unfettered right to send unsolicited e-mail advertisements to subscribers of another private online company over the Internet and whether the private online company has the right to block the e-mail advertisements from reaching its members. The question is important because while the Internet provides the opportunity to disseminate vast amounts of information, the Internet does not, at least at the present time, have any means to police the dissemination of that information. We therefore find that, in the absence of State action, the private online service has the right to prevent unsolicited e-mail solicitations from reaching its subscribers over the Internet.
The cases have their genesis in a letter dated January 26, 1996, in which American Online, Inc. ("AOL") advised Cyber Promotions, Inc. ("Cyber") that AOL was upset with Cyber's dissemination of unsolicited e-mail to AOL members over the Internet. AOL subsequently sent a number of "e-mail bombs"1 to Cyber's Internet service providers ("ISP").[...]
1. In past submissions, Cyber has stated that AOL's "e-mail bombs" occurred when AOL gathered all
unsolicited e-mail sent by Cyber to undeliverable AOL addresses, altered the return path of such e-mail, and then sent the altered e-mail in a bulk transmission to Cyber's ISPs in order to disable the ISPs.
The blacklist (http://www.vix.com/spam/) is first mentioned on Nanog in October, 1996.
The follow are highlights of a discussion took place on the Nanog List on December 27, 1996:
Neil McRae talks about a blacklist: (emphasis added)
"The last thing the Internet needs is some dodgy cartell deciding on who is allowed access and who isn't."
Vixie wants to block "troublemakers": (emphasis added)
> I think a list of sites that refuse to deal with troublemakers
> (with details) would be extremely useful. If people want to use it to
> blackhole traffic, that would be their decision.http://www.vix.com/spam/ is one such, and contains pointers to others.
Robert Pickering agrees with McRae. Then cites his own experience with AOL: (emphasis added)
The problem is: who is defining the list? AOL placed fuse.net on their blacklist. This prevented all of our subscribers from mailing into AOL. We found out that the reason they blacklisted us was that they received 144 complaints from their users about junk mail from Fuse. The problem: they were all about the same mail message. One of my ex-users mailed a message to about 1500 AOL subscribers. So, because 0.00206% of their subscriber base complained, they placed our domain on their list ((144/7,000,000)*100). They didn't contact us, they didn't find out what our polcies were, they didn't even bother to find out if the user was actually posting from our site (they were, but AOL couldn't verify this).
The moral. If you're going to create blacklists, make sure you have good definitions of how someone gets on, how they are notified that they are on (so they can respond), and how they can get off. AOL had none of this in place. My helpdesk just started to get flooded with calls of people who couldn't mail family members at AOL. Also, AOL was silently removing the messages. No bounces, just deletes. So, we had no way of knowing they were doing it, the mail just didn't show up.
Michael Dillon notes that this behavior was illegal. (emphasis added)
You and your users should lay charges against AOL. They were in violation of the ECPA which forbids them from deleting email like that the same way the laws forbid a postal carrier from burning letters they don't want to deliver.
And if anyone else is thinking of taking similar action to block email, make sure you either filter port 25 in the router or you bounce back all the email so that the sending party knows the mail is not going to be delivered. Once you accept an email message you have a legal obligation to deliver it to the addressee.
Vixie acknowledges that Dillon states the letter and intent of ECPA.
I agree that this is the letter, and the intent, of the ECPA. However, as a matter of enforceable practice, none of the above matters. [...]
The law will not hold you to a higher standard than "reasonable best effort". [...]
Wow, a network discussion on NANOG that is actually north american in nature.
What's going on in this discussion is an agreement to act in bad faith. An agreement to pretend that by blocking email, one is making a "mistake", and that one has made a "reasonable best effort" to deliver the email, and that the email was undeliverable by "honest mistake".
December 27, 1996, Vixie says that no one has threatened him over restraint of trade
I have not yet been threatened for hosting the http://www.vix.com/spam/ page. I fully expect to be threatened at some point, but since I'm not in the ISP business it's rather hard to argue restraint of trade.
February, 1997. CompuServe v. Cyber Promotions 962 F.Supp. 1015:
This case presents novel issues regarding the commercial use of the Internet, specifically the right of an online computer service to prevent a commercial enterprise from sending unsolicited electronic mail advertising to its subscribers. [...]
For the reasons which follow, this Court holds that where defendants engaged in a course of conduct of transmitting a substantial volume of electronic data in the form of unsolicited e-mail to plaintiff's proprietary computer equipment, where defendants continued such practice after repeated demands to cease and desist, and where defendants deliberately evaded plaintiff's affirmative efforts to protect its computer equipment from such use, plaintiff has a viable claim for trespass to personal property and is entitled to injunctive relief to protect its property.
Things look pretty reasonable. Tell Cyberpromo to stop, and they have to stop. Cyberpromo gets more reasonable, too. Sort of.
April 21, 1997, Cyberpromo says blocking is Cyber is OK. Cyberpromo says it will sell filtering software. This is an important notion that blacklists also seize on: creating a problem, and selling the cure. Importantly, Cyberpromo says that ISPs can block email from Cyberpromo if they choose.
It is our position that the Internet is an open marketplace, where commerce of any and all kinds may take place in accordance with public demand. We do not believe censorship is the responsibility of an Internet service provider. It is not our place to censor customers' content or legitimate business practices. Messages originating from customer sites reflect the opinions of our customers and not necessarily those of Cyber Promotions.
SUGGESTIONS
Cyber is a pro-active organization with goals of delivering the highest quality email solutions. Since we believe in continuous improvement, we will re-evaluate our position in light of the any new regulatory developments.We appreciate that our position may not be agreeable to everyone. Further, we understand your interest in seeking a solution. With that in mind, may we suggest the following options:
- END-USERs - A variety of e-mail and filtering software packages are available on the Internet for end-users. For example, Eudora and procmail offer sufficient protection from e-mail of your undesired Internet sites. Or you can use the latest in filtering software, e-Filter, sold on Cyber's own web page at... http://www.cyberpromo.com
- ISPs - Your mail servers and/or router systems can be set to reject incoming spam or filter out offensive sites at the IP level. Sendmail and ccmail are a few examples of good systems which perform these functions.
At this time, Cyberpromo has fixed, static IP addresses. It is very easy to block Cyber, and ISPs have Cyber's permission to do so. What could be better? One would think that this is a pretty good deal for everyone involved. AGIS is Cyberpromo's ISP, and is working with Cyberpromo through the IEMCC to get standards for blocking email.
The Cyberpromo FAQ is last updated.. Discusses HackerX, who compromised Cyberpromo's computers.
September 6th Vixie talks about open relays and “making money” Blacklists caused relay abuse:
So blackholing the spammers led them to relay their spam via third parties, [...]
But blocking relays doesn't stop the phenomena of spam, in fact it doesn't even slow it down. [...]
So, yes, do sign up for the blackhole. If half the ISP's in the country would just refuse to exchange packets with most of AGIS's customers, maybe the other
half would feel so much pain that they would come along for the ride. (Right now AGIS picks up a huge amount of business since disconnected spammers always end up buying connectivity from AGIS when noone else will sell it to them.) Who knows, perhaps we can isolate the spammers so they can only spam eachother. [...]the war won't be over until the last spammer's head is stuck onto a spear at the city limits. [...]
Now as to money. I've hired somebody to do the paperwork of signing up new eBGP4 anti-spam routing feed recipients. I will shortly start charging some kind of quarterly fee to said recipients to cover some of my costs. If you decide to start feeding each other, just make sure that the route origin is always my server since I need to be able to revoke a black hole route in real time whenever (a) I make a mistake or (b) somebody calls me asking for help with their spam problem and they are on my blackhole list. If you cache this data or disconnect it from its source, I'm still liable for the business losses of blackholed network owners even though I won't have any control over continued propagation. Don't put me in that position, please.
I am also getting ready to start work on my company's next commercial product, and it looks like a spam filtering SMTP gateway is going to be it even though I've got this drop-dead idea for optimal HTTP redirects that I've been wanting to implement for about the last 14 months. Oh well, "follow the money."
Jim Carroll complains about the removal of the Rogue Sites List. The Rogue Sites area allowed ISPs to review the list, and then add in the sites they wanted to blocked.
Apparently a large number of list "memebers" threaten legal action. They alleged some used this list as a list of targets for retaliation. [...]
Some sites had to be permitted, even though they may have been guilty of UCE. On one occasion, they had an ISP on their list. This ISP was close enough to us in geographic region that it was reasonable to expect some of our users were emailing users on their system. We could not therefore black hole them.
It would seem to me that this would be more serious if this were an automatic feed, sent directly to our routers. There would be no way to review the sites on the list before they were blocked.
Then Vixie seems to have a new strategy on conspiracy in restraint of trade: "Vixie isn't running the list". But wait, it is him.
http://spam.abuse.net/ is hosted on a vixie machine but not edited by any vixie people. scott hazen mueller, a former employee here, is in charge of that page. i have no editorial input at all other than as an individual contributor. [...]
because of my cease-and-desist problem, and my very real worries about "conspiracy in restraint of trade", i will not make the list available other than through a protocol like BGP/TCP which allows me to revoke an entry from the list in real time and without anyone else's participation.
September 16th Cyberpromo is disconnected by AGIS after massive ping flood attack. Most anti-spam sites ignore the fact that Cyberpromo won this. All ignore the Distributed Denial of Service (DDOS) attack that caused AGIS to act.
The controversy began on September 16, 1997 when AGIS terminated Cyber's connection to the Internet without prior notice. The termination followed a massive "ping attack" on AGIS's network which it maintains appeared to be directed at Cyber's computers.(2) On October 25, 1996, AGIS had contracted in writing with Cyber to grant Cyber full Internet access through one T-1 line. On March 10, 1997, the parties entered into a second contract providing Cyber with two additional T-1 lines. The only difference between the two contracts was the addition to the second contract of two paragraphs: one restricting AGIS from terminating Cyber's service without 30 days notice and the other acknowledging that Cyber was in the business of sending unsolicited bulk commercial e-mail. The first additional paragraph was added because Cyber wanted AGIS to acknowledge in writing that it was aware that Cyber was in the business of sending unsolicited bulk commercial e-mail over AGIS's system; the second was added because Cyber wanted 30 days notice in the event that AGIS terminated Cyber's service to enable it to find an alternate carrier.
[...] AND NOW, this 30th day of September, 1997, IT IS ORDERED that Plaintiff Cyber Promotions Motion for a Preliminary Injunction is GRANTED. Defendant Apex Global Information Services ("AGIS") is ORDERED to restore Internet access services to Cyber Promotions Inc. ("Cyber") forthwith. AGIS is ENJOINED from terminating Cyber's service through October 16, 1997 or until such time as Cyber notifies me and AGIS that it has secured comparable Internet access service whichever is sooner.
After Cyberpromo is finally disconnected, commercial bulk emailers turn to disposable dialup accounts. Quickly, AOL, Earthlink, Netcom, etc turn into the largest spam sources. When a dialup port is used, a dynamic address is dynamically assigned on each new connection. As a result, the ready and fast changing supply of dynamic IP Addresses enable the spammers to avoid blacklists. Open relay abuse is no longer necessary, since the spammers can send email directly or can simply use the dialup ISP's relays.
Since commercial bulk emailers have changing IP addresses via disposable dialups, commercial bulk mailers no longer need to abuse open relays. Open Relays are not Anonymous Relays. Open Relays do not hide the true source of sender. It is discovered that self-described "anti-spammers" assert that Open Relays are "free" and who continue to abuse them.
Rodney Joffe and MailOrder.com, a service provider for the bulk postal mail industry.
Rodney Joffe and Genuity.com
1998 Rodney Joffe proposes Opt-out system. Remember, Cyberpromo also proposed Opt-out but was rejected.
June 18, 1998 Mail Abuse Prevention System, LLC was incorporated. (California state records)
1999 Whitehat founded by Joffe. Paul Vixie, John Levine, and Ray Everett-Church on the board
1998-1999 Anderson reports on privacy issues, computer fraud, and reports discovery of anti-spammers abusing open relays. Anderson is threatened, silenced on Nanog. See for example, articles on John Levine and Steven Bellovin
2000 MAPS "converts" from non-profit status to for-profit status. This conversion seems very dubious. We continue to wonder how that is possible. The IRS penalty for such conversion is terrifically high: 85% of the assets have to be given to the IRS.
2000 Above.net blocks ORBS blacklist. Above.net is an ISP run by Dave Rand, MAPS co-founder. ORBS is a competitor of MAPS. ORBS shuts temporarily.
2000 Sued by Exactis (Exactis V. MAPS). Accused of violations of the Sherman Antitrust Act, the Colorado Electronic Communciations Privacy Act, and is also accused of extortion.
Motion and Memorandum in Support of Temporary Restraining Order and Preliminary Injunction Good read that shows threats by MAPS.
2001 MAPS asks for dismissal on First Amendment grounds. This argument is rejected by the Court. MAPS attorney is chastised by the judge. After this, defenseless, MAPS settles out of court. MAPS essentially loses Exactis V. MAPS
2001 ORBS Blacklist is shutdown after losing defamation suits. ORBS operator Alan Brown loses his ISP to pay damages.
(Wait. Vixie, Levine and Everett-Church are on the board of a spammer. This is the old strategy.)
2002 SORBS is organized. Mathew Sullivan claims to have no assets recoverable through suit.
2003 Two MAPS employees and another Cleveland antispammer are working for well-known Spammer Scott Richter (OptInRealBig.com, etc). The MAPS people were hired to do "listwashing", that is, remove the spam-tracking addresses that anti-spammers use to track spammers.[Brian McWilliams, SPAM Kings 2005, page 254]
2003 "Scott Richter, anti-spammer" at FTC conference.
2003 CAN-SPAM Act passed. This act roughly mirrors the IEMCC proposal of Cyberpromo, except it doesn't include the special mail header that identifies email as being commercial bulk email. CAN-SPAM requires bulk emailers to only send solicited email.
2003 Most open relay oriented blacklists shut down.
2003 Vixie supports SORBS by hosting the blacklist at ISC.
2003 Open relay abuse by anti-spammers largely ends after the open relay blacklists shut.
2003 SORBS begins listing IP Address blocks used by Anderson as hijacked. There is no justification.
Aug 12, 2004 Vixie sells MAPS to co-founder Dave Rand (Well, really Kelkea, Inc) Kelkea bills itself as a "reputation authority". Kelkea states the question:
[IADL agrees with this assessment of the importance of reputation, and IADL pages are devoted to giving the history so that the public can characterize the behavior over time and make informed decisions.]What is Reputation on the Internet and why is it important?
Reputation is the characterization of the behavior of an entity over time. This history allows you to know whom you are dealing with and to make informed decisions.
June 14, 2005 Rand (Kelkea) sells MAPS to Trend Micro.10 months after buying. That's pretty short time, given all the press (google 'kelkea')
2007 Most web pages for MAPS haven't been updated since 2005.