I agree to a large extent with your comments/observations, but I'd like to focus on one point in particular: On Wed, Apr 09, 2014 at 11:00:57PM -0400, Andrew Sullivan wrote:
So, I'm trying to imagine the presentation slide on which appears the advice to implement the controversial adopted policy. I imagine in big, giant print "Will reduce yahoo.com abuse effects" and in one of those secondary bullets "May have consequences" and even lower "for our users on mailing lists" and "for mailing list managers/non-company".
This decision by Yahoo will have no effect whatsoever on the largest abuse problem, which is outbound spam/phishing/malware/etc. *sourced* by Yahoo. Those messages are (and have been for a long time) dutifully marked as authentic and in one sense they are: they really do originate from Yahoo's operation. But of course in a much more important operational sense they're not: they're forgeries created by the new owners of hijacked Yahoo user accounts. And those accounts are being hijacked at will by the millions, as they have been for many years. Yahoo is not alone in permitting an enormous volume of such messages to leave their operation and attack the rest of the Internet: Hotmail, Gmail, and the rest do the same. (Of course the rates vary, as do the targets. My spamtraps see large rate fluctuations across networks, domains, ASNs, etc. as well as through time. I strongly suspect that individual measurements at any one are essentially meaningless and that aggregation over a sufficiently diverse set over a sufficiently long time is necessary to construct a coherent, useful statistical model of what's really happening.) In other words, this deployment might reduce abuse OF Yahoo, but it will do nothing about the far more important problem of abuse BY Yahoo. Which pretty much lives up to my expectations. ---rsk