As mentioned previously, MAPS is no longer allowing DNS queries to sites that have not subscribed. I haven't subscribed, and so I'm no longer rejecting mail from sites listed in their blacklist. There are two practical observations I'd like to make about this, given that I've had a few days of MAPSlessness to consider it now.

Observation number one is that I'm not entirely sure how much more spam I'm getting as a result of this move. I think there has been an increase, but I haven't bothered being totally scientific about measuring the spam I get. On top of that, the "SirCam" email trojan has been utterly swamping my system and making spam look relatively minor. One account on my system was mailed thirty copies of SirCam, blowing their mailbox out to a size where they couldn't download it. I had to intervene manually in that particular instance. I'd expect the MAPS move to result in an increase of spam whether I subscribed or not, because reducing the number of MAPS users lowers the bar on spamming.

Regardless of the amount of spam, observation number two is that I'm now spending considerably less time dealing with it, but this is mostly due to laziness on my part. It used to be the case that I was terribly civic-minded about the whole spam issue, and made sure that I did my part to raise the bar on spammers. I would address complaints to every party providing Internet service to the spammer (except the DNS provider). In particular, if they advertised a web page, I complained to that provider whether or not the same service was used to actually relay the mail. If I added anything to my own site blacklist, I went to considerable effort to make sure the administrator was notified. (On rare occasions I even got responses to these messages and subsequently removed the block.)

But all that diligence is a thing of the past now. If MAPS is going semi-commercial, then I don't consider them to be a collaborative community effort anymore, and I'm not about to make a one-man stand. When MAPS was a community effort, it made sense to do my part as a member of that community. Pragmatically speaking, I could still behave as though it were a community effort, and it wouldn't make any noticable difference, but it's thankless and time-consuming work doing The Right Thing. Unless I feel that there is a significant community of people sharing the load, I'm not inclined to do it.

Instead, I'm a slacker. I've taken a totally selfish and defensive approach to the spam issue: my actions do not particularly benefit anyone other than myself and my users, and they are not calculated to hurt spammers so much as just keep them out of my system. I no longer use MAPS, but rather go bananas with my own blacklist. Spam me, and you're blocked. In fact, I'll probably block the entire associated subnet. In the last couple of days, in fact, I've blocked over 32,000 IP addresses in Taiwan, and nearly 25,000 IP addresses in China. If I can be bothered at the time, I'll notify the ISP that I've added the block, but given that maybe one in twenty such notifications results in a response, I don't feel too obliged to invest the effort. If stuff starts turning up in my reject logs that looks like it might not have been spam, I'll deal with it. In any case, my system is configured to respond with an error code that explains how to contact me.

Part of the overall problem here is a twofold combination of "loose mail protocol" and "incompetent systems administrators". It's very easy for a machine to be an open relay, and the SMTP protocol by which all email is delivered does very little to help you identify the source of spam, since nearly all the relevant information can be forged. The "incompetent systems administrators" thing is unavoidable: the only way to get rid of them is to either raise the bar so that they can't get the service working at all without the appropriate expertise, or make the process so simple they can't get it wrong, and both of these options involve changes to software and protocols. Changing protocols, on the other hand, is very hard because of network effects: for a protocol to be useful, you need a whole lot of people using it already, and this acts as a barrier to new protocols.

Even so, I'm accumulating some very nice ideas for an improved mail protocol. If a replacement system can be invented which is perceived by the masses as being significantly better than that which exists now, the network effect can be overcome. I'm in no hurry to implement, though: the plan has to be a really good plan before it has a hope of working, so I'll sit and contemplate some more. Maybe I'll write a rant about it some time soon.