10 Oct
2014
10 Oct
'14
2:21 p.m.
But other than providing more warning, what would have been a better way to start eliminating forged senders? Everything I've read indicates that both Yahoo and AOL did this with eyes wide open.
A good move would have been to improve their security so that AOL and Yahoo didn't have massive thefts of their customers' address book data (two separate times for one of them.) This meant that their users were getting large amounts of spam "from" people they knew, sent from outside of their networks. AOL and Yahoo made narrowly rational decisions to push the cost of their security failures onto the rest of the world. I understand why they did it, but that doesn't mean we have to like it, or to cut them any slack about it. R's, John