On Fri, Oct 10, 2014 at 09:48:26PM +0530, Suresh Ramasubramanian wrote:
Call it triage. When a minuscule amount of mailing list traffic is weighed against huge volumes of forged spam and phish...
Triage as an abuse mitigation tactic is fine. But where that triage needs to be applied, and where it can be most effective, is at the *source* of the abuse. Which is not here or any other of the myriad mailing lists where most of the heavy lifting is done WRT to networking, security, software and all the other things that make the 'net work. Yahoo itself is a major source of abuse, it has been for many years, and there is absolutely no visible sign that they've done anything about it, that they're doing anything about it, or that they intend to do anything about it. Spam/phishes show up all day, every day, and yes they really *are* from Yahoo, so there's not much need at the moment for anyone to bother forging an @yahoo address. (That's kind of like creating an exquisitely detailed fake replica of a Mercedes-Benz sedan and then slapping a Yugo logo on it. Why would any forger good enough to pull that off devalue their own effort by deliberately associating it with junk?) So please, let's not pretend that Yahoo has suddenly had a come-to-Jebus moment and is interested in stopping abuse. They're not. If they were, they would have invested resources into their own operation many years ago, they would deal with their abuse@ email promptly and professionally, and Yahoo-sourced abuse would be an isolated/transient problem, rather than a systemic/persistent one. What they *are* interested in, given the floundering state of their company, is anything they can do to retain users -- and screwing up others' mailing lists (for which the operators are being blamed, through no fault of their own) in favor of their own offerings is one way to achieve that. ---rsk