Re: Yahoo and their mail filters..
On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <niall@blacknight.com> wrote:
Another interesting side effect of that is email forwarder accounts. Take a user who gets a domain on our shared hosting setup and forwards the email for certain users to a Yahoo account. If those mails are marked as spam, it seems to be our server that gets blacklisted rather than the originating server.
No surprise. Guess whose IP is the one handing off to yahoo? If you have forwarding users - * Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know.
Feedback loops often aren't that useful either. We're on the AOL Scomp feedback loop, and we've often got fairly personal email sent to our abuse desk because the users simply press spam rather than delete.
You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues. And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so] -srs
Funny we were just having similar conversation on mailop.org :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their spam@yahoo.com account, those simply got notified that it was removed. -r -----Original Message----- From: Suresh Ramasubramanian [mailto:ops.lists@gmail.com] Sent: Wednesday, February 25, 2009 6:42 AM To: Niall Donegan Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <niall@blacknight.com> wrote:
Another interesting side effect of that is email forwarder accounts. Take a user who gets a domain on our shared hosting setup and forwards the email for certain users to a Yahoo account. If those mails are marked as spam, it seems to be our server that gets blacklisted rather than the originating server.
No surprise. Guess whose IP is the one handing off to yahoo? If you have forwarding users - * Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know.
Feedback loops often aren't that useful either. We're on the AOL Scomp feedback loop, and we've often got fairly personal email sent to our abuse desk because the users simply press spam rather than delete.
You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues. And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so] -srs
We pretty constantly are deferred on yahoo, and at one point had all outbound mail for yahoo logged at the sender/recipient/subject/size level to get an idea what was up. In an experiment, I found that after being 'clean' (not being deferred) for close to a week, simply sending myself 1 single email, then hitting spam in the yahoo box was enough to get us being blocked for another 24 hours. I would sign up for a FBL if they had one; I find the others I have very valuable (though about 90% of what I get back is 'spam rather than delete' ). Ray Corbin wrote:
Funny we were just having similar conversation on mailop.org :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their spam@yahoo.com account, those simply got notified that it was removed.
-r
-----Original Message----- From: Suresh Ramasubramanian [mailto:ops.lists@gmail.com] Sent: Wednesday, February 25, 2009 6:42 AM To: Niall Donegan Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters..
On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <niall@blacknight.com> wrote:
Another interesting side effect of that is email forwarder accounts. Take a user who gets a domain on our shared hosting setup and forwards the email for certain users to a Yahoo account. If those mails are marked as spam, it seems to be our server that gets blacklisted rather than the originating server.
No surprise. Guess whose IP is the one handing off to yahoo?
If you have forwarding users -
* Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know.
Feedback loops often aren't that useful either. We're on the AOL Scomp feedback loop, and we've often got fairly personal email sent to our abuse desk because the users simply press spam rather than delete.
You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues.
And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so]
-srs
-- Eric Esslinger Information Services Manager Fayetteville Public Utilities Fayetteville, TN 37334 Phone: 931-433-1522x165 Fax: 931-433-0646 eesslinger@fpu-tn.com
Feedback loops often aren't that useful either. We're on the AOL Scomp feedback loop, and we've often got fairly personal email sent to our abuse desk because the users simply press spam rather than delete.
AOL's Scomp is spam it's self. If I read though 100 messages maybe one message is really spam. The other 99 are jokes, regular emails, maybe a news letter from their church, etc. Most people are lazy and would rather click on the Spam button instead of unsubscribing for a list they subscribed to in the first place. Richey -----Original Message----- From: Ray Corbin [mailto:rcorbin@traffiq.com] Sent: Wednesday, February 25, 2009 9:27 AM To: Suresh Ramasubramanian; Niall Donegan Cc: nanog@nanog.org Subject: RE: Yahoo and their mail filters.. Funny we were just having similar conversation on mailop.org :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their spam@yahoo.com account, those simply got notified that it was removed. -r -----Original Message----- From: Suresh Ramasubramanian [mailto:ops.lists@gmail.com] Sent: Wednesday, February 25, 2009 6:42 AM To: Niall Donegan Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <niall@blacknight.com> wrote:
Another interesting side effect of that is email forwarder accounts. Take a user who gets a domain on our shared hosting setup and forwards the email for certain users to a Yahoo account. If those mails are marked as spam, it seems to be our server that gets blacklisted rather than the originating server.
No surprise. Guess whose IP is the one handing off to yahoo? If you have forwarding users - * Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know.
Feedback loops often aren't that useful either. We're on the AOL Scomp feedback loop, and we've often got fairly personal email sent to our abuse desk because the users simply press spam rather than delete.
You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues. And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so] -srs
It depends on your environment. I've seen where it is helpful and where it is overwhelming. If you are a smaller company and want to know why you keep getting blocked then those should help. If you are a larger company and get a several hundred a day, but you send 100k emails to AOL then it is not as big of a deal. If you are a shared hosting provider and you get a lot of them you should look into what is being sent to AOL, such as forwarded spam from customers 'auto forwards' (isolate the auto forwards to a separate IP address and simply don't sign up for the FBL for it).... If you have a good setup where only customer-originated email is being sent through the IP's you have a FBL on, then it is useful and you shouldn't get as many complaints. -r -----Original Message----- From: Richey [mailto:mylists@battleop.com] Sent: Wednesday, February 25, 2009 11:06 AM To: nanog@nanog.org Subject: RE: Yahoo and their mail filters..
Feedback loops often aren't that useful either. We're on the AOL Scomp feedback loop, and we've often got fairly personal email sent to our abuse desk because the users simply press spam rather than delete.
AOL's Scomp is spam it's self. If I read though 100 messages maybe one message is really spam. The other 99 are jokes, regular emails, maybe a news letter from their church, etc. Most people are lazy and would rather click on the Spam button instead of unsubscribing for a list they subscribed to in the first place. Richey -----Original Message----- From: Ray Corbin [mailto:rcorbin@traffiq.com] Sent: Wednesday, February 25, 2009 9:27 AM To: Suresh Ramasubramanian; Niall Donegan Cc: nanog@nanog.org Subject: RE: Yahoo and their mail filters.. Funny we were just having similar conversation on mailop.org :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their spam@yahoo.com account, those simply got notified that it was removed. -r -----Original Message----- From: Suresh Ramasubramanian [mailto:ops.lists@gmail.com] Sent: Wednesday, February 25, 2009 6:42 AM To: Niall Donegan Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <niall@blacknight.com> wrote:
Another interesting side effect of that is email forwarder accounts. Take a user who gets a domain on our shared hosting setup and forwards the email for certain users to a Yahoo account. If those mails are marked as spam, it seems to be our server that gets blacklisted rather than the originating server.
No surprise. Guess whose IP is the one handing off to yahoo? If you have forwarding users - * Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know.
Feedback loops often aren't that useful either. We're on the AOL Scomp feedback loop, and we've often got fairly personal email sent to our abuse desk because the users simply press spam rather than delete.
You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues. And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so] -srs
On Feb 25, 2009, at 8:14 AM, Ray Corbin wrote:
It depends on your environment. I've seen where it is helpful and where it is overwhelming. If you are a smaller company and want to know why you keep getting blocked then those should help. If you are a larger company and get a several hundred a day, but you send 100k emails to AOL then it is not as big of a deal. If you are a shared hosting provider and you get a lot of them you should look into what is being sent to AOL, such as forwarded spam from customers 'auto forwards' (isolate the auto forwards to a separate IP address and simply don't sign up for the FBL for it).... If you have a good setup where only customer-originated email is being sent through the IP's you have a FBL on, then it is useful and you shouldn't get as many complaints.
Ray, you don't get it. What comes from AOL is literally every step in a mother-daughter conversion. You get to read the entire thread. Loving chat, mother and daughter back and forth. But one of them is hitting SPAM on the e-mail *AFTER* replying to it and writing a nice letter back. This is abuse of the abuse department. This isn't spam. Reading through ~3k of these not-spams every day doesn't help us solve any actual abuse problems. Feedback loops will not be useful until the providers of the feedback loops accept reports about use of the spam reporting tools, and are willing to go fix their user behavior. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
I'm quite aware of what comes from AOL's feedback loops, I used it for years when I was an email administrator for a large shared webhosting company processing ~2.5million outbound emails per day. I remember getting thousand reports per day. You can automate the process and that is why they use a standard format (Parse the message and run reports on who is getting spam complaints etc etc). If you are sending them X emails per day you can expect at least 0.3% or so to be marked as spam (including forwarders). I cant imagine you receiving 'thousands' of complaints like the one you are referring to...and if you are then you are sending them a larger volume then 100,000 emails per day (non-forwarded). If the feedback loop becomes more of a burden then a helpful notification tool unsubscribe. -r ________________________________________ From: Jo Rhett [jrhett@netconsonance.com] Sent: Thursday, February 26, 2009 11:26 PM To: Ray Corbin Cc: Richey; nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On Feb 25, 2009, at 8:14 AM, Ray Corbin wrote:
It depends on your environment. I've seen where it is helpful and where it is overwhelming. If you are a smaller company and want to know why you keep getting blocked then those should help. If you are a larger company and get a several hundred a day, but you send 100k emails to AOL then it is not as big of a deal. If you are a shared hosting provider and you get a lot of them you should look into what is being sent to AOL, such as forwarded spam from customers 'auto forwards' (isolate the auto forwards to a separate IP address and simply don't sign up for the FBL for it).... If you have a good setup where only customer-originated email is being sent through the IP's you have a FBL on, then it is useful and you shouldn't get as many complaints.
Ray, you don't get it. What comes from AOL is literally every step in a mother-daughter conversion. You get to read the entire thread. Loving chat, mother and daughter back and forth. But one of them is hitting SPAM on the e-mail *AFTER* replying to it and writing a nice letter back. This is abuse of the abuse department. This isn't spam. Reading through ~3k of these not-spams every day doesn't help us solve any actual abuse problems. Feedback loops will not be useful until the providers of the feedback loops accept reports about use of the spam reporting tools, and are willing to go fix their user behavior. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Jo Rhett wrote:
On Feb 25, 2009, at 8:14 AM, Ray Corbin wrote:
It depends on your environment. I've seen where it is helpful and where it is overwhelming. If you are a smaller company and want to know why you keep getting blocked then those should help. If you are a larger company and get a several hundred a day, but you send 100k emails to AOL then it is not as big of a deal. If you are a shared hosting provider and you get a lot of them you should look into what is being sent to AOL, such as forwarded spam from customers 'auto forwards' (isolate the auto forwards to a separate IP address and simply don't sign up for the FBL for it).... If you have a good setup where only customer-originated email is being sent through the IP's you have a FBL on, then it is useful and you shouldn't get as many complaints.
Ray, you don't get it. What comes from AOL is literally every step in a mother-daughter conversion. You get to read the entire thread. Loving chat, mother and daughter back and forth. But one of them is hitting SPAM on the e-mail *AFTER* replying to it and writing a nice letter back.
This is abuse of the abuse department. This isn't spam. Reading through ~3k of these not-spams every day doesn't help us solve any actual abuse problems.
Feedback loops will not be useful until the providers of the feedback loops accept reports about use of the spam reporting tools, and are willing to go fix their user behavior.
I agree that aol could do a better job of filtering the outbound, but I don't think it's a useless system. We get a few dozen from aol a day unless we have a real problem. I see the mother-daughter conversations (worst), the subscribed lazy user emails - we encourage our mailing list senders to include unsub links - partly to make it easy for _us_ to click and unsub these dummies. And we see the 'real deal' now and then; usually an exploited php script being abused by spammers, or someone who has had their password sniffed, or stolen. Most of these are users who travel and don't use secure protocols, or have a teenager in the house (the most insecure protocol is adolescence). We appreciate aol's efforts, imperfect as they are. Ken -- Ken Anderson Pacific Internet - http://www.pacific.net
On Feb 27, 2009, at 7:10 AM, Ken A wrote:
I agree that aol could do a better job of filtering the outbound, but I don't think it's a useless system. We get a few dozen from aol a day unless we have a real problem. I see the mother-daughter conversations (worst), the subscribed lazy user emails - we encourage our mailing list senders to include unsub links - partly to make it easy for _us_ to click and unsub these dummies.
And we see the 'real deal' now and then; usually an exploited php script being abused by spammers, or someone who has had their password sniffed, or stolen. Most of these are users who travel and don't use secure protocols, or have a teenager in the house (the most insecure protocol is adolescence). We appreciate aol's efforts, imperfect as they are.
The math here is easy. 1. The time cost of reading AOL's feedback loop was greater than 2 working hours every day. 2. The number of exploited systems that we received notification about was total of 3 in 2 years of reading that loop. 3. Every one of those exploited systems also got SpamCop reports. 365 x 2 years x 2 hours = 1460 hours minimum (because it rarely took only 2 hours) 1460 hours of effort / 3 compromises = 487 hours, or 3 months of work per compromise. In short, AOL provided zero value to us. Because if a SpamCop user is reporting valid receipts, I report it back to the SpamCop admins and they go have a talk with the user. NOTE: for a small mail sending provider who controls every mail server and customer in their netblock, it probably is useful. It's just useless for colocation providers and generic ISPs. And let's be honest. AOL's effort shouldn't be applauded. It's an autobot which sends false spam reports, nothing more and nothing less. Any autobot which sends false spam reports needs to be shut down. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Sheesh. I thought I was replying to another mailing list, until I cleaned up the recipient list. Jo Rhett wrote:
NOTE: for a small mail sending provider who controls every mail server and customer in their netblock, it probably is useful. It's just useless for colocation providers and generic ISPs.
It works fine for large ISPs and colocation providers; especially those who run abacus to process large volumes of reports and keep their time well spent. If you spend 2 hours on a feedback loop without any actions having to be taken, you're definitely doing something wrong.
And let's be honest. AOL's effort shouldn't be applauded. It's an autobot which sends false spam reports, nothing more and nothing less. Any autobot which sends false spam reports needs to be shut down.
It's not a false spam report? The recipient obviously didn't think they wanted the email. For mailing lists/broadcasters, this means it's an opt out request. For one to one mail, it's only an issue when it's repetitive, in which case, the sender probably needs to be informed that the recipient address they are using might not be correct (or the person doesn't like their style of email). Jack P.S. This really isn't operational and I should probably be shot for even replying to the thread, so feel free to reply to me off-list.
Jack Bates wrote:
It works fine for large ISPs and colocation providers; especially those who run abacus to process large volumes of reports and keep their time well spent. If you spend 2 hours on a feedback loop without any actions having to be taken, you're definitely doing something wrong.
The large national tier 1 that I work for gets about 40,000 automated emails from AOL every day. I thought it was one for every email that was sent from our netblocks, but are these actually from people that have reported something as spam? There are SO many that it's a significant load on our mail server. Our Exchange server could never have hoped to keep up. And our abuse department has no chance to keep up. I'll have to look into abacus to see if it can be of some service to our abuse department. -Sean
On Wed, Mar 25, 2009 at 2:54 AM, Sean Figgins <sean@labrats.us> wrote:
something as spam? There are SO many that it's a significant load on our mail server. Our Exchange server could never have hoped to keep up. And our abuse department has no chance to keep up.
I'll have to look into abacus to see if it can be of some service to our abuse department.
In case you havent found out yet, AOL (and most other large ISPs) feedback loops are in ARF format - which means they are quite easy to parse and aggregate using scripts. Or using readymade software like abacus. http://wordtothewise.com/resources/arf.html has links to the arf spec and other docs, plus check out the 'tools for senders, recipients' section. http://wordtothewise.com/resources/arfrecipient.html links to arffilter - a free script to parse ARF email and feed it into your MUA / ticketing system in a much more usable format. And once you have it in that format - well, you can get counts of complaints per IP, tie it to account data drawn from your billing / radius etc systems .. most of the work you are having your abuse team do is entirely automatable. And a waste of their time to do manually. As providers, I suppose we must apologize for not making this sufficiently clear even to normally clued admins at other sites .. though several sites do seem to be consuming it just fine, and we send high volume feedback loops to hotmail/yahoo/aol etc, and they to us, without my team having to do anything much manually, its mostly automated. http://postmaster.info.aol.com/fbl/ does link to arffilter by the way. --srs
Suresh, in theory I like what you say but this caught my eye: On Mar 24, 2009, at 6:50 PM, Suresh Ramasubramanian wrote:
though several sites do seem to be consuming it just fine, and we send high volume feedback loops to hotmail/yahoo/aol etc, and they to us, without my team having to do anything much manually, its mostly automated.
I would like to point out that gmail abuse reports appear to be entirely ignored. I've been reporting and rereporting everything from spam floods to phishing attacks that were very good looking/tricky to abuse@gmail.com and report them again in 2 days, report the exact same one again in 2 days, etc. Yes, you've automated your report processing to the point you don't actually have to do any work. The problem is... you aren't doing the work. You aren't stopping the offenders. That's the goal. Automation should be a tool to help you do the job better, not avoid doing the job at all. -- Jo Rhett an abuse response administrator who reads *every* report sent to us, and takes action on *every* one of them.
On Wed, Mar 25, 2009 at 9:16 AM, Jo Rhett <jrhett@netconsonance.com> wrote:
Yes, you've automated your report processing to the point you don't actually have to do any work.
The problem is... you aren't doing the work. You aren't stopping the offenders. That's the goal. Automation should be a tool to help you do the job better, not avoid doing the job at all.
And yes indeed, its a way for us to automate termination of spammers, and to discover other patterns (in signup methods / spam content etc) that we can use to update our filters. There's a whole lot of maawg best practices (some work in progress, on outbound abuse / webmail abuse) that deal with these issues. To others in this thread - If your feedback loops are actually very low volume - you are likely to find a higher percentage of person to person email. And you may not have a problem at all, in which case you can simply treat feedback loops as an irritant, or as an early warning mechanism in case something does go wrong. If on the other hand your loop traffic is actually high volume (thousands a day or more) then you probably do have a spam problem, and ARF is there to provide you near real time notification about such problems -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Wed, Mar 25, 2009 at 9:16 AM, Jo Rhett <jrhett@netconsonance.com> wrote:
The problem is... you aren't doing the work. You aren't stopping the offenders. That's the goal. Automation should be a tool to help you do the job better, not avoid doing the job at all.
On Mar 24, 2009, at 9:00 PM, Suresh Ramasubramanian wrote:
And yes indeed, its a way for us to automate termination of spammers, and to discover other patterns (in signup methods / spam content etc) that we can use to update our filters.
That's a great theory. Would you be willing to post an update to this list if and when your technology and automation actually get to the point of actually shutting down a spammer?
There's a whole lot of maawg best practices (some work in progress, on outbound abuse / webmail abuse) that deal with these issues.
No, see, that's the problem. Best Practices don't deal with abuse reports. Humans deal with abuse reports. You can collect and sort and collate your spam reports all day. What about the part where a human looks at the report, confirms that it is spam, and terminates the customer? You've got to do that. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
On Wed, Mar 25, 2009 at 11:52 AM, Jo Rhett <jrhett@netconsonance.com> wrote:
That's a great theory. Would you be willing to post an update to this list if and when your technology and automation actually get to the point of actually shutting down a spammer?
I am not sure that'd be a very productive use of my time seeing you dont seem to believe me in any case. But yes, we do terminate quite a few spammer accounts based on this automation. --srs
And yes indeed, its a way for us to automate termination of spammers, and to discover other patterns (in signup methods / spam content etc) that we can use to update our filters.
That's a great theory. Would you be willing to post an update to this list if and when your technology and automation actually get to the point of actually shutting down a spammer?
Um, perhaps this would be a good time to do a little background research and see who Suresh is and what he does. R's, John
On 25 Mar 2009 11:52:20 -0000 John Levine <johnl@iecc.com> wrote:
And yes indeed, its a way for us to automate termination of spammers, and to discover other patterns (in signup methods / spam content etc) that we can use to update our filters.
That's a great theory. Would you be willing to post an update to this list if and when your technology and automation actually get to the point of actually shutting down a spammer?
Um, perhaps this would be a good time to do a little background research and see who Suresh is and what he does.
Indeed it would; I know from experience that Suresh's automation works. -- John
I thought that this was discussed not too long ago... Since these are standardized emails you can easily automate this to generate reports for your employees to look through. This way you can see patterns and take action. For instance if you get a single complaint against a customer then it likely isn't a big deal, but if you start getting multiple complaints about a user you might want to investigate the account and read further into what the message included says. Alternatively you could remove yourself from the voluntary FBL since you don't see the benefit of it. They aren't saying 'this is spam', they are saying 'this is what was reported to us as spam'. The ma & pa emails that get flagged aren't going to cause you to be blocked if you have some mail volume. -r
-----Original Message----- From: Jo Rhett [mailto:jrhett@netconsonance.com] Sent: Wednesday, March 25, 2009 2:23 AM To: Suresh Ramasubramanian Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters..
On Wed, Mar 25, 2009 at 9:16 AM, Jo Rhett <jrhett@netconsonance.com> wrote:
The problem is... you aren't doing the work. You aren't stopping the offenders. That's the goal. Automation should be a tool to help you do the job better, not avoid doing the job at all.
On Mar 24, 2009, at 9:00 PM, Suresh Ramasubramanian wrote:
And yes indeed, its a way for us to automate termination of spammers, and to discover other patterns (in signup methods / spam content etc) that we can use to update our filters.
That's a great theory. Would you be willing to post an update to this list if and when your technology and automation actually get to the point of actually shutting down a spammer?
There's a whole lot of maawg best practices (some work in progress, on outbound abuse / webmail abuse) that deal with these issues.
No, see, that's the problem. Best Practices don't deal with abuse reports. Humans deal with abuse reports. You can collect and sort and collate your spam reports all day. What about the part where a human looks at the report, confirms that it is spam, and terminates the customer? You've got to do that.
-- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
On Tue, 24 Mar 2009 15:18:16 CDT, Jack Bates said:
It's not a false spam report? The recipient obviously didn't think they wanted the email.
I've seen people subscribe to a list, then *reply* to the subscription confirmation - and then hit "spam" not 5 minutes later when something gets posted to the list. Did they change their minds in the 5 minutes? I've see people hit "spam" for e-mail from immediate family members. Does this mean it's a dysfunctional family? The only correct part is "The recipient obviously didn't think". Period.
Valdis.Kletnieks@vt.edu wrote:
On Tue, 24 Mar 2009 15:18:16 CDT, Jack Bates said:
It's not a false spam report? The recipient obviously didn't think they wanted the email.
I've seen people subscribe to a list, then *reply* to the subscription confirmation - and then hit "spam" not 5 minutes later when something gets posted to the list. Did they change their minds in the 5 minutes?
I've see people hit "spam" for e-mail from immediate family members. Does this mean it's a dysfunctional family?
The only correct part is "The recipient obviously didn't think". Period.
No, sorry, Valdis this is just wrongheaded. The problem here isn't stupid users, but stupid providers not giving users what they clearly want: an "i don't want this" button. Until providers start matching users expectations about what _they_ think the "junk" button means, "st00pid l00sers -- ha ha" proclamations will continue to show that providers aren't serving their customers well. Mike
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Michael! On Tue, 24 Mar 2009, Michael Thomas wrote:
I've seen people subscribe to a list, then *reply* to the subscription confirmation - and then hit "spam" not 5 minutes later when something gets posted to the list. Did they change their minds in the 5 minutes?
No, sorry, Valdis this is just wrongheaded.
Every day I have people sign up for our $30 a month service then report their confirmation email as spam 5 mins later. A month later when they get their Credit Card bill we hear from them that they never got their sign-up credentials and they are mad. This is just user stupidity. RGDS GARY - --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFJyWA4BmnRqz71OvMRAiN4AJsGZ0QvJLXBKiTyXqw/tZHuoIZ/mwCgsRMY fFvFlIobFYuLOoI6hfnwmSY= =e6pm -----END PGP SIGNATURE-----
On 2/25/09 9:05 AM, Richey wrote:
AOL's Scomp is spam it's self. If I read though 100 messages maybe one message is really spam. The other 99 are jokes, regular emails, maybe a news letter from their church, etc. Most people are lazy and would rather click on the Spam button instead of unsubscribing for a list they subscribed to in the first place.
My favorites for AOL Scomp reports are when people report sub/unsub as spam, then send nasty e-mails 20 minutes later that they either never got confirmation of what they did, or that it never actually removed them. Had one user in particular, who reported mailing list as spam, purged them from said list myself, then 30 mins later signed back up, reported the subscription confirmation as spam, then complained after I removed him again. Not exactly brightest bulb some of them are. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
On Wed, 25 Feb 2009, Richey wrote:
AOL's Scomp is spam it's self. If I read though 100 messages maybe one message is really spam. The other 99 are jokes, regular emails, maybe a news letter from their church, etc. Most people are lazy and would rather click on the Spam button instead of unsubscribing for a list they subscribed to in the first place.
Why the hell can't AOL integrate the standard listserv commands integrated into many subscription emails into a friggin' button in their email client, right next to "Spam" (or even in place of it) that says "Unsubscribe?" I realize it could be used badly if globalized, but if AOL got off their duff and vetted some of the higher volume truly honest subscription emailers and allowed their emails to activate the Spam->Unsub button, it might save everyone some headaches. --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
On Wed, Feb 25, 2009 at 10:38 PM, Peter Beckman <beckman@angryox.com> wrote:
Why the hell can't AOL integrate the standard listserv commands integrated into many subscription emails into a friggin' button in their email client, right next to "Spam" (or even in place of it) that says "Unsubscribe?"
Because a lot of spammers would prefer that people simply unsub from their lists rather than they get blocked? And because unsub urls could lead to a lot of nastiness if theres a truly malicious spammer? And because .. [lots of other reasons] There are a few (sender driven) initiatives to move towards a trusted unsubscribe, but .. --srs -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Wed, 25 Feb 2009, Suresh Ramasubramanian wrote:
On Wed, Feb 25, 2009 at 10:38 PM, Peter Beckman <beckman@angryox.com> wrote:
Why the hell can't AOL integrate the standard listserv commands integrated into many subscription emails into a friggin' button in their email client, right next to "Spam" (or even in place of it) that says "Unsubscribe?"
Because a lot of spammers would prefer that people simply unsub from their lists rather than they get blocked?
And because unsub urls could lead to a lot of nastiness if theres a truly malicious spammer?
And because .. [lots of other reasons]
On Wed, Feb 25, 2009 at 10:38 PM, Peter Beckman ALSO wrote:
I realize it could be used badly if globalized, but if AOL got off their duff and vetted some of the higher volume truly honest subscription emailers and allowed their emails to activate the Spam->Unsub button, it might save everyone some headaches.
As I said (but you clipped), the suggestion could (and would likely) be abused if turned on globally, but if AOL vetted some of the more popular subscription mailings where people were clicking spam rather than unsubscribe for trusted sources, it could work.
There are a few (sender driven) initiatives to move towards a trusted unsubscribe, but ..
I think in order for an Unsubscribe button to be implemented by Gmail, Yahoo, AOL, etc, there would have to be some sort of internally reviewed list of trusted senders for which each company had a mail admin contact for (technical implementation not applicable for this discussion). Working together to communicate openly about subscription email with trusted parties would help (in theory) to reduce the effects of clueless end users who lazily click "Spam" and cause headaches for both senders and receivers of legitimate subscription email. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
I think a major reason why recipients click the 'Spam' button is because often times its not obvious how to identify the opt out link in the email. You can perhaps put the opt out link on the top of the email so that the user clicks that instead of the 'Spam' button. There is also the issue of weather the user trusts the opt out link, I have been in discussions where data shows that most users don't generally trust it. On the subject of feedback loop I think that if you sign up to receive FBL emails then you must do something about it. I think its useless to sign up for FBL's and not take any action because ESP's monitor FBL rate so if they feel that you are not taking action then you can expect to see your emails go to a junk folder or be subjected to greylisting. Zaid ----- Original Message ----- From: "Peter Beckman" <beckman@angryox.com> To: "Suresh Ramasubramanian" <ops.lists@gmail.com> Cc: nanog@nanog.org Sent: Wednesday, February 25, 2009 12:28:46 PM GMT -08:00 US/Canada Pacific Subject: Re: Yahoo and their mail filters.. On Wed, 25 Feb 2009, Suresh Ramasubramanian wrote:
On Wed, Feb 25, 2009 at 10:38 PM, Peter Beckman <beckman@angryox.com> wrote:
Why the hell can't AOL integrate the standard listserv commands integrated into many subscription emails into a friggin' button in their email client, right next to "Spam" (or even in place of it) that says "Unsubscribe?"
Because a lot of spammers would prefer that people simply unsub from their lists rather than they get blocked?
And because unsub urls could lead to a lot of nastiness if theres a truly malicious spammer?
And because .. [lots of other reasons]
On Wed, Feb 25, 2009 at 10:38 PM, Peter Beckman ALSO wrote:
I realize it could be used badly if globalized, but if AOL got off their duff and vetted some of the higher volume truly honest subscription emailers and allowed their emails to activate the Spam->Unsub button, it might save everyone some headaches.
As I said (but you clipped), the suggestion could (and would likely) be abused if turned on globally, but if AOL vetted some of the more popular subscription mailings where people were clicking spam rather than unsubscribe for trusted sources, it could work.
There are a few (sender driven) initiatives to move towards a trusted unsubscribe, but ..
I think in order for an Unsubscribe button to be implemented by Gmail, Yahoo, AOL, etc, there would have to be some sort of internally reviewed list of trusted senders for which each company had a mail admin contact for (technical implementation not applicable for this discussion). Working together to communicate openly about subscription email with trusted parties would help (in theory) to reduce the effects of clueless end users who lazily click "Spam" and cause headaches for both senders and receivers of legitimate subscription email. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
On Feb 25, 2009, at 1:08 PM, Zaid Ali wrote:
There is also the issue of weather the user trusts the opt out link, I have been in discussions where data shows that most users don't generally trust it.
Zaid
Nor should they. Anyone who actually researches this stuff knows that the vast majority of "unsub" links simply confirm you as a live target who will click on random links sent to them through e-mail. Incidentally, what option is specified by the CAN-SPAM act? Oh yeah, opt-out. Genius. You will never be able to educate the masses on the difference between a legit unsub link and a malicious one. The safest thing for lusers is to ignore them all. It would be nice if the webmail providers simply mapped the "report spam" function to "add sender to personal blacklist", that way lusers who report their mailing list as spam would simply stop seeing it. Unfortunately that would also result in a lot more storage requirements on the part of said webmail providers, which is probably a major reason why they don't do it. Frankly the best approach is probably to make "report as spam" a NOP. Users get it wrong the vast majority of the time. Automated honeypot analysis with oversight from clueful e-mail operators is the best way to handle uncaught spam. -- bk
Nor should they. Anyone who actually researches this stuff knows that the vast majority of "unsub" links simply confirm you as a live target who will click on random links sent to them through e-mail.
That's the conventional wisdom, not confirmed by research. The FTC tried it in 2002 and found that opt-out made the spam load drop slightly, and I don't see any reason to think it would be different today. http://www.wired.com/techbiz/media/news/2002/04/51517 R's, John
On Feb 26, 2009, at 6:59 AM, John Levine wrote:
Nor should they. Anyone who actually researches this stuff knows that the vast majority of "unsub" links simply confirm you as a live target who will click on random links sent to them through e-mail.
That's the conventional wisdom, not confirmed by research. The FTC tried it in 2002 and found that opt-out made the spam load drop slightly, and I don't see any reason to think it would be different today.
http://www.wired.com/techbiz/media/news/2002/04/51517
R's, John
The number of messages in their test is not that large, and it also sounds like a large majority of those were mailto: links. It's unsurprising they didn't go any where. These days they're pretty much all http: links going to botnet webhosts. Also, from the same article: "Nonetheless, the risks of responding to spammers are far from illusory, said Jeff Richards, vice president of the consulting firm ePrivacy Group. ... when he sent removal requests to spammers of the more obvious con artist variety, in particular for messages emanating from exotic locales in Eastern Europe and Asia, Richards said he frequently wound up receiving more e-mail." From my own experience with a Hotmail account a few years earlier (late '90s), I tried to unsubscribe from every single e-mail I got and went from a few dozen spams a week to several hundred very quickly. This also pre-dates organized crime becoming heavily involved, and pre- dates the obsession with browser exploits. Back then a lot of spam was sent by semi-legitimate marketers from the US. These days all the bad guys are out to get you to click on a single link. -- bk
This also pre-dates organized crime becoming heavily involved, and pre-dates the obsession with browser exploits. Back then a lot of spam was sent by semi-legitimate marketers from the US. These days all the bad guys are out to get you to click on a single link.
Right. Back in the 90s spammers were trying to build their lists, and used fake opt outs to do so. These days through a combination of web scraping and dictionary attacks, they have more addresses than they know what to do with. My advice to people these days is to unsub if a message is from someone you've corresponded with before, or if it looks like someone who is legit but clueless. Then hit the spam button. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly.
On Thu, Feb 26, 2009 at 5:28 PM, John R. Levine <johnl@iecc.com> wrote:
This also pre-dates organized crime becoming heavily involved, and
pre-dates the obsession with browser exploits. Back then a lot of spam was sent by semi-legitimate marketers from the US. These days all the bad guys are out to get you to click on a single link.
Right. Back in the 90s spammers were trying to build their lists, and used fake opt outs to do so. These days through a combination of web scraping and dictionary attacks, they have more addresses than they know what to do with.
My advice to people these days is to unsub if a message is from someone you've corresponded with before, or if it looks like someone who is legit but clueless. Then hit the spam button.
Of course, the browsploit issue means that clicking on ANY links in dubious e-mail is highly unwise.
On Feb 26, 2009, at 12:05 PM, Alexander Harrowell wrote:
On Thu, Feb 26, 2009 at 5:28 PM, John R. Levine <johnl@iecc.com> wrote:
This also pre-dates organized crime becoming heavily involved, and
pre-dates the obsession with browser exploits. Back then a lot of spam was sent by semi-legitimate marketers from the US. These days all the bad guys are out to get you to click on a single link.
Right. Back in the 90s spammers were trying to build their lists, and used fake opt outs to do so. These days through a combination of web scraping and dictionary attacks, they have more addresses than they know what to do with.
My advice to people these days is to unsub if a message is from someone you've corresponded with before, or if it looks like someone who is legit but clueless. Then hit the spam button.
My advice is to always check the full email headers for anything you are the least bit suspicious of. Does it appear to come from whom it purports to come from ? Is the path likely ? (Big US companies do not as a general rule forward their email through small Eastern European ISPs, for example.) If it fails this test, treat it as radioactive and don't click, respond, etc. If it passes, and if the sender is in your field, then use your judgement. (I unsubscribe to the "newsletters" that keep popping up from Chinese ethernet switch makers, for example.) Regards Marshall
Of course, the browsploit issue means that clicking on ANY links in dubious e-mail is highly unwise.
On Feb 26, 2009, at 8:28 AM, John R. Levine wrote:
This also pre-dates organized crime becoming heavily involved, and pre-dates the obsession with browser exploits. Back then a lot of spam was sent by semi-legitimate marketers from the US. These days all the bad guys are out to get you to click on a single link.
Right. Back in the 90s spammers were trying to build their lists, and used fake opt outs to do so. These days through a combination of web scraping and dictionary attacks, they have more addresses than they know what to do with.
My advice to people these days is to unsub if a message is from someone you've corresponded with before, or if it looks like someone who is legit but clueless. Then hit the spam button.
Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex- Mayor "More Wiener schnitzel, please", said Tom, revealingly.
You're that confident people know the difference between a real communication from a party they conversed with before and a phish designed to look like the same thing? Anyone knowledgeable enough to determine the difference won't need to be educated, and anyone needing education is not going to be capable of reliably differentiating. The only advice that makes sense is "don't click links in e-mail". The exceptions are (expected) personal communication, or messages that you fully expected to arrive at the time and date you received them. There are all kinds of corner cases that could be argued, but I suspect this is rapidly heading off-topic. The gist of my point is that users should never be trained to trust e- mail that hasn't been authenticated. -- bk
You're that confident people know the difference between a real communication from a party they conversed with before and a phish designed to look like the same thing?
If it's a bank, probably not. If it's a random online store, there's about a 99.9% chance it's actual junk mail and .01% that it's anything else. R's, John
On Feb 26, 2009, at 2:00 PM, John R. Levine wrote:
You're that confident people know the difference between a real communication from a party they conversed with before and a phish designed to look like the same thing?
What I worry about is when software is used to scrape lists such as this and used to create phishing based on actual emails, so you get phishes apparently from people you know using their actual words. When the botnets start doing that things could get nasty fast. Regards Marshall
If it's a bank, probably not. If it's a random online store, there's about a 99.9% chance it's actual junk mail and .01% that it's anything else.
R's, John
Peter Beckman wrote:
On Wed, 25 Feb 2009, Richey wrote:
AOL's Scomp is spam it's self. If I read though 100 messages maybe one message is really spam. The other 99 are jokes, regular emails, maybe a news letter from their church, etc. Most people are lazy and would rather click on the Spam button instead of unsubscribing for a list they subscribed to in the first place.
Why the hell can't AOL integrate the standard listserv commands integrated into many subscription emails into a friggin' button in their email client, right next to "Spam" (or even in place of it) that says "Unsubscribe?"
I realize it could be used badly if globalized, but if AOL got off their duff and vetted some of the higher volume truly honest subscription emailers and allowed their emails to activate the Spam->Unsub button, it might save everyone some headaches.
In a perfect world, the spam button would only affect delivery to that user, not everyone. Especially when they go all rabid click crazy on the spam button for personal correspondence from their mom. ~Seth
Seth Mattinen wrote:
In a perfect world, the spam button would only affect delivery to that user, not everyone. Especially when they go all rabid click crazy on the spam button for personal correspondence from their mom.
I accuse postini of having exactly this vulnerabillity - that one user classing mail as spam automatically means it marks all other mail from that user to everyone else. There really outta be some transparency here so that everyone understands the how and the why of 'spam' classification. Mike-
On Wed, 25 Feb 2009, mike wrote:
I accuse postini of having exactly this vulnerabillity - that one user classing mail as spam automatically means it marks all other mail from that user to everyone else. There really outta be some transparency here so that everyone understands the how and the why of 'spam' classification.
I like to imagine the consequences of forwarding spam complaints to my users when I can be sure who sent the original message. That ought to reduce the number of people who mark messages from friends / family / colleagues as spam... Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
Maybe its me...but I don't recall seeing a 'this is spam button' for Postini. I know there is an email you can report spam to, but I doubt there is an automated process for it. I have had great success with Postini thus far and have used them for a few years. -r -----Original Message----- From: mike [mailto:mike-nanog@tiedyenetworks.com] Sent: Wednesday, February 25, 2009 12:26 PM To: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. Seth Mattinen wrote:
In a perfect world, the spam button would only affect delivery to that user, not everyone. Especially when they go all rabid click crazy on the spam button for personal correspondence from their mom.
I accuse postini of having exactly this vulnerabillity - that one user classing mail as spam automatically means it marks all other mail from that user to everyone else. There really outta be some transparency here so that everyone understands the how and the why of 'spam' classification. Mike-
Why the hell can't AOL integrate the standard listserv commands integrated into many subscription emails into a friggin' button in their email client, right next to "Spam" (or even in place of it) that says "Unsubscribe?"
AOL sends its spam button feedback in industry standard ARF format. It took me about 20 minutes to write a perl script that picks out the relevant bits from AOL and Hotmail feedback messages and sends unsub commands to my list manager. As to why they don't have a separate Unsub button, users wouldn't use it. AOL are not stupid, they know that people hit the spam button for all sorts of reasons, many of which have only the vaguest connection to spam. If you run a small well-run network, the only stuff you're going to see from the spam button is unsubs and false alarms. That doesn't mean the spam button is broken; it means that you're not the kind of sender they're worried about. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly.
On Wed, 25 Feb 2009, John Levine wrote:
Why the hell can't AOL integrate the standard listserv commands integrated into many subscription emails into a friggin' button in their email client, right next to "Spam" (or even in place of it) that says "Unsubscribe?"
AOL sends its spam button feedback in industry standard ARF format. It took me about 20 minutes to write a perl script that picks out the relevant bits from AOL and Hotmail feedback messages and sends unsub commands to my list manager.
As to why they don't have a separate Unsub button, users wouldn't use it. AOL are not stupid, they know that people hit the spam button for all sorts of reasons, many of which have only the vaguest connection to spam. If you run a small well-run network, the only stuff you're going to see from the spam button is unsubs and false alarms. That doesn't mean the spam button is broken; it means that you're not the kind of sender they're worried about.
Cool! Didn't know that. My props to AOL and Hotmail for making it easier for mail admins to deal with claims of spam. Your point on "Users wouldn't Use it" makes sense, they wouldn't. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
On Wed, 25 Feb 2009, John Levine wrote:
AOL sends its spam button feedback in industry standard ARF format. It took me about 20 minutes to write a perl script that picks out the relevant bits from AOL and Hotmail feedback messages and sends unsub commands to my list manager.
Yes, but you're using qmail and ezmlm which send separate copies of the message to each recipient, with the recipient's address embedded in the return path. If, like us, you have a setup that's optimised to de-duplicate multi-recipient messages, AOL's redaction makes their ARF messages mosly useless for anything but rough detection (or confirmation) of a compromise. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
AOL sends its spam button feedback in industry standard ARF format. It took me about 20 minutes to write a perl script that picks out the relevant bits from AOL and Hotmail feedback messages and sends unsub commands to my list manager.
Yes, but you're using qmail and ezmlm which send separate copies of the message to each recipient, with the recipient's address embedded in the return path.
Actually I'm using majordomo2, but you're right, it does single deliveries which helps do
If, like us, you have a setup that's optimised to de-duplicate multi-recipient messages, AOL's redaction makes their ARF messages mosly useless for anything but rough detection (or confirmation) of a compromise.
Sounds like it might be time to reconsider your mailing list config. A decade ago, bandwidth was really expensive and it made sense to try to load up lots of recipients per delivery. These days it's essentially free, and any saving in bandwidth is swamped by the extra manual effort of having to do bounce management by hand. R's, John
On Thu, 26 Feb 2009, John R. Levine wrote:
Sounds like it might be time to reconsider your mailing list config. A decade ago, bandwidth was really expensive and it made sense to try to load up lots of recipients per delivery. These days it's essentially free, and any saving in bandwidth is swamped by the extra manual effort of having to do bounce management by hand.
Mailman's bounce parser is clever enough that there's no manualarity. AOL's ARF redaction also causes problems identifying problem .forwarders. I don't understand what they are trying to defend against. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
AOL's ARF redaction also causes problems identifying problem .forwarders. I don't understand what they are trying to defend against.
Oh, I went around with them a few times and finally got a reasonable explanation. They're concerned about disclosing the recipient of a message to someone who didn't send it. That's why they redact the recipient address, but not an ever-so-lightly encoded version of it elsewhere in the headers. If you can decode it, you presumably must have put it there in the first place. They've redacted more heavily than that in the past, but it turns out that was buggy software, not policy. So if it's a problem, just add and X-forwarded-for header with a rot13 version of the address and you can always recover that. I also gather that if you happen to have run your mail through a filter and have an opinion of its spamminess, an X-Spam-Status header is treated as a hint to deliver to the spam folder where it won't counted against you, but it's still there for the user in case you guessed wrong. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly.
On Thu, Feb 26, 2009 at 7:27 PM, Tony Finch <dot@dotat.at> wrote:
Mailman's bounce parser is clever enough that there's no manualarity.
AOL's ARF redaction also causes problems identifying problem .forwarders. I don't understand what they are trying to defend against.
If you want to enable verp with mailman and exim .. # Use VERP with mailman VERP_PASSWORD_REMINDERS = 1 VERP_PERSONALIZED_DELIVERIES = 1 VERP_DELIVERY_INTERVAL = 1 VERP_CONFIRMATIONS = 1 That takes care of what you want. -srs
participants (23)
-
Alexander Harrowell
-
Brian Keefer
-
Brielle Bruns
-
Eric Esslinger
-
Gary E. Miller
-
Jack Bates
-
Jo Rhett
-
John Levine
-
John Peach
-
John R. Levine
-
Ken A
-
Marshall Eubanks
-
Michael Thomas
-
mike
-
Peter Beckman
-
Ray Corbin
-
Richey
-
Sean Figgins
-
Seth Mattinen
-
Suresh Ramasubramanian
-
Tony Finch
-
Valdis.Kletnieks@vt.edu
-
Zaid Ali