Re: Yahoo Mail Update
At 01:58 AM 4/13/2008, you wrote:
Why should large companies participate here about mail issues? Last I checked this wasn't the mailing list for these issues:
True, though some aspects of mail service are inextricably tied to broader networking issues, and thus participation here might still benefit them. But sadly Yahoo doesn't even seem to participate in more relevant forums, such as the spam-l list.
But lets just say for a second this is the place to discuss company xys's mail issue. What benefit do they have participating here? Likely they'll be hounded by people who have some disdain for their company and no matter what they do they will still be evil or wrong in some way.
I've never seen someone treated badly for trying to help resolve problems. I think we all know that it can be hard to get things done within a large company and that often the folks who participate on a list like this are taking on work that isn't strictly speaking "their job" when they try to help resolve mail issues. And when a large company that was a mess does a turnaround, they also get praised: just look at the many positive comments about AOL on this and other lists over the past few years.
It is easy for someone who has 10,000 users to tell someone who has 50 million users what to do when they don't have to work with such a large scale enterprise.
I wouldn't presume to tell them how to accomplish something within their particular configuration. But I will, without apology, tell them that they need to accomplish it. For example, I'm quite comfortable saying that Earthlink should follow the minimum timeouts in RFC 1123, though I wouldn't presume to guess whether they should accomplish that by having separate fast and slow queues on different servers, on the same server, or not at all. Likewise, a working abuse role account is a minimum requirement for participation in the Internet email system, and I'm comfortable saying that the email it receives should be read by a competent human.
I find it funny when smaller companies always tell larger companies what they need to be doing.
When what the larger companies do enables criminal behavior that impacts the very viability of the smaller companies through de factor DoS attacks, it's not funny at all. Yahoo, for example, has chosen a business model (free email with little to no verification) that inevitably leads to spam being originated from their systems. Why should they be able to shift the cost of their business model to me, just because I run a much smaller business?
On Sun, Apr 13, 2008 at 3:57 PM, Rob Szarka <szlists@szarka.org> wrote:
True, though some aspects of mail service are inextricably tied to broader networking issues, and thus participation here might still benefit them. But sadly Yahoo doesn't even seem to participate in more relevant forums, such as the spam-l list.
There are other lists, far more relevant than spam-l or nanae. There's a way to present spam issues and mail filtering operationally.. and I see it all the time at MAAWG meetings, just for example. The issue here is that 90% of the comments on a thread related to this are from people who might be wizards at packet pushing, but cant filter spam. Or on mailserver lists you might find people who can write sendmail.cf from scratch instead of building it from a .mc file and still dont know about the right way to do spam filtering.
When what the larger companies do enables criminal behavior that impacts the very viability of the smaller companies through de factor DoS attacks, it's not funny at all. Yahoo, for example, has chosen a business model (free email with little to no verification) that inevitably leads to spam being originated from their systems. Why should they be able to shift the cost of their business model to me, just because I run a much smaller business?
So has hotmail, so have several of the domains that we host. srs -- Suresh Ramasubramanian (ops.lists@gmail.com)
Suresh Ramasubramanian wrote:
On Sun, Apr 13, 2008 at 3:57 PM, Rob Szarka <szlists@szarka.org> wrote:
True, though some aspects of mail service are inextricably tied to broader networking issues, and thus participation here might still benefit them. But sadly Yahoo doesn't even seem to participate in more relevant forums, such as the spam-l list.
There are other lists, far more relevant than spam-l or nanae.
There's a way to present spam issues and mail filtering operationally.. and I see it all the time at MAAWG meetings, just for example.
MAAWG, is fine but the requirements for participation are substantially higher than the nanog list.
The issue here is that 90% of the comments on a thread related to this are from people who might be wizards at packet pushing, but cant filter spam. Or on mailserver lists you might find people who can write sendmail.cf from scratch instead of building it from a .mc file and still dont know about the right way to do spam filtering.
People who have operational problems don't generally get to pick the skillset they already have just because a problem appears, some cognizance of that is surely in order. If the discussion is headed further in the meta-direction we should take it to futures.
On Sun, Apr 13, 2008 at 10:09 PM, Joel Jaeggli <joelja@bogus.com> wrote:
MAAWG, is fine but the requirements for participation are substantially higher than the nanog list.
* Quite a lot of ISPs who already attend nanog are also maawg members * Lots of independent tech experts (Dave Crocker, Chris Lewis, Joe St.Sauver from UOregon etc) are regulars at maawg, designated as senior tech advisors * Quite a few other invited guest type people So, not as bad as it sounds
People who have operational problems don't generally get to pick the skillset they already have just because a problem appears, some cognizance of that is surely in order.
That was the only meta comment I had here. I'll stop now. srs -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Sun, Apr 13, 2008 at 5:27 AM, Rob Szarka <szlists@szarka.org> wrote:
At 01:58 AM 4/13/2008, you wrote:
Why should large companies participate here about mail issues? Last I checked this wasn't the mailing list for these issues:
True, though some aspects of mail service are inextricably tied to broader networking issues, and thus participation here might still benefit them. But sadly Yahoo doesn't even seem to participate in more relevant forums, such as the spam-l list.
Maybe their management or legal has told them not to. I know when I worked for a certain company we were forbidden from replying to operational lists or forums for fear of employees responses being used against the company in court or in the news.
But lets just say for a second this is the place to discuss company xys's mail issue. What benefit do they have participating here? Likely they'll be hounded by people who have some disdain for their company and no matter what they do they will still be evil or wrong in some way.
I've never seen someone treated badly for trying to help resolve problems. I think we all know that it can be hard to get things done within a large company and that often the folks who participate on a list like this are taking on work that isn't strictly speaking "their job" when they try to help resolve mail issues. And when a large company that was a mess does a turnaround, they also get praised: just look at the many positive comments about AOL on this and other lists over the past few years.
I have seen plenty of people working for isps being abused even when trying to help solve problems, maybe not on this list but definitely on others. In many larger companies people have defined roles and structured goals they need to accomplish or face termination so they may not have time to participate in other venues. Companies that give their management/employees latitude and encourage working in the community should be praised but not all companies are setup this way. If you don't like how yahoo is responding to issues I would suggest sending certified letters to every person in upper management you can find as these people can typically implement changes.
It is easy for someone who has 10,000 users to tell someone who has 50 million users what to do when they don't have to work with such a large scale enterprise.
I wouldn't presume to tell them how to accomplish something within their particular configuration. But I will, without apology, tell them that they need to accomplish it. For example, I'm quite comfortable saying that Earthlink should follow the minimum timeouts in RFC 1123, though I wouldn't presume to guess whether they should accomplish that by having separate fast and slow queues on different servers, on the same server, or not at all. Likewise, a working abuse role account is a minimum requirement for participation in the Internet email system, and I'm comfortable saying that the email it receives should be read by a competent human.
You can tell Earthlink whatever you want but it doesn't mean they need to follow it. Please read my previous reply about business decisions. I would agree that it is good for business to try and follow industry standards but sometimes business decisions need to be made where standards cannot be implemented. I'm not saying that is the case here and it could just be utter incompetence but not everything is black and white. A working abuse account is not the minimum requirement, I can run a mail system without that abuse account but may get blocked from sending mail to certain systems. Read above for my thoughts on standards. With that being said I do believe all companies should have a working abuse email that is appropriately staffed that can respond to complaints within 72 hours.
I find it funny when smaller companies always tell larger companies what they need to be doing.
When what the larger companies do enables criminal behavior that impacts the very viability of the smaller companies through de factor DoS attacks, it's not funny at all. Yahoo, for example, has chosen a business model (free email with little to no verification) that inevitably leads to spam being originated from their systems. Why should they be able to shift the cost of their business model to me, just because I run a much smaller business?
I would say that you may being a bit over dramatic but that may just be me. The cost of their business model isn't shifted to you, you have the choice to block yahoo email from your systems or you have the choice to deal with the issues that comes along with accepting their mail. Comparing this to DoS attacks is just a little bit over the edge to me. -- Ross ross [at] dillio.net 314-558-6455
Ross: It seems like you're saying that there's no law when it comes to internet best-practices, and that's true, there's very little legislated. But there's a lots of best practices out there that are definitely worth following. Unfortunately business decisions don't always align themselves with the BCPs. Yes, internet service providers and operators don't need to listen, but I can't see how Yahoo's e-mail and abuse handling history arises out of good business decisions. Tell my users and tell the members of this list that -- we won't agree. As posted elsewhere, delayed delivery queues are well-represented by Yahoo. If an single operator dominates my 99% of delivery delay that's pretty close to black and white for me. 72 hours to respond to e-mail sent to the abuse account? That's much too long -- it should be at least a 4 hour response time during business hours, and for service providers and operators large enough to staff their network 24x7 for other reasons, 4 hour response time all the time. Frank -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Ross Sent: Sunday, April 13, 2008 4:11 PM To: Rob Szarka Cc: nanog@merit.edu Subject: Re: Yahoo Mail Update <snip> You can tell Earthlink whatever you want but it doesn't mean they need to follow it. Please read my previous reply about business decisions. I would agree that it is good for business to try and follow industry standards but sometimes business decisions need to be made where standards cannot be implemented. I'm not saying that is the case here and it could just be utter incompetence but not everything is black and white. A working abuse account is not the minimum requirement, I can run a mail system without that abuse account but may get blocked from sending mail to certain systems. Read above for my thoughts on standards. With that being said I do believe all companies should have a working abuse email that is appropriately staffed that can respond to complaints within 72 hours.
Frank Bulk - iNAME wrote:
Yes, internet service providers and operators don't need to listen, but I can't see how Yahoo's e-mail and abuse handling history arises out of good business decisions.
How would Yahoo benefit from better staffing of their abuse desk? What do they gain, besides the respect of their peers in the ISP industry? Do you know of anyone (outside the ISP industry) who knows anything about Yahoo's email and abuse handling history, and who uses this information as part of a buying decision WRT the services sold by Yahoo? I don't. Through my participation on dozens of discussion groups (mailing lists, usenet groups, web forums, etc.) I know hundreds of people who collectively: 1) Have a free Yahoo email address 2) Have a paid Yahoo email address 3) Pay for a website and/or domain name hosted by Yahoo 4) Pay for advertising on Yahoo 5) Click on ads on Yahoo 6) Have SBC-Global/Yahoo as their DSL provider 7) Have Yahoo as their Home page (a result of 6) etc. None of them know or care that the ISP industry thinks Yahoo is irresponsible in their email and abuse handling practices. Staffing an abuse desk is costly. If you are big enough that you can get away with doing it at the lowest levels possible - if it doesn't hurt your bottom line to shift some of your spam problem onto the abuse desks of other ISPs, if you are big enough that other ISPs can't afford to play hardball with you because your abuse handling practices aren't up to their standards, then it makes perfect financial sense to do it at the lowest level you can get away with. Yahoo knows that if it comes to a game of chicken that the other side will be hurt more, and blink first. (Same thing with Cogent and the Tier 1 networks that try to de-peer with Cogent - they know that a Tier 1 can't afford the complaints they get from their end users if they can't reach a site hosted on Cogent, so Cogent can afford to let the Tier 1 break peering, and then reestablish it after they suffer the expense of the support calls from their angry customer. Cogent just rides out the storm, knowing that if they simply "do nothing" the other side will blink first.) Now, if a major *website/webhost* (Cogent-sized) wanted to play chicken with Yahoo and block access to the website from Yahoo IPs because of the spam problem coming from Yahoo, then maybe THAT would be a game of chicken that Yahoo couldn't afford to wait out (because of all the complaints that would flood Yahoo's support center, etc.). However the website/webhost would need to be able to afford the drop in traffic that this ban would produce, and what's in it for them? Again, where is the benefit of this action? It would cost them lost revenue (lost advertising revenue for the website, lost bandwidth revenue for a webhost) - for what purpose? If anyone else (a smaller ISP that is mainly eyeballs, or a small website or web host) tries it, they will be hurting themselves rather than putting any real pressure on Yahoo to change. "I urge all my competitors to do that." jc
participants (6)
-
Frank Bulk - iNAME -
JC Dill -
Joel Jaeggli -
Rob Szarka -
Ross -
Suresh Ramasubramanian