-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Matt Baldwin wrote:
mostly. It feels like a poorly implemented spam prevention system. Doing some Google searches will turn up some more background on the issue. We've been telling our users that Yahoo mail is problematic and if they can to switch away from using them as their private email or hosted email.
Maybe we all should do the same to them until they quit spewing out all the Nigerian scams and the like that I've been seeing from their servers lately! Chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iD8DBQFH/lscnSVip47FEdMRCpwyAJ45+ARClupjQ6TlTJ37r+Yumk8F1ACcDVto WVQtKwWk5uKMq16KvnqwZXc= =ecRV -----END PGP SIGNATURE-----
On Thu, Apr 10, 2008 at 12:23:24PM -0600, Chris Stone wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Matt Baldwin wrote:
mostly. It feels like a poorly implemented spam prevention system. Doing some Google searches will turn up some more background on the issue. We've been telling our users that Yahoo mail is problematic and if they can to switch away from using them as their private email or hosted email.
Maybe we all should do the same to them until they quit spewing out all the Nigerian scams and the like that I've been seeing from their servers lately!
Naaah. I hear that Microsoft is going to buy Yahoo!, so this problem will go away once Yahoo! mail gets folded into Microsoft hotmail, whereupon things will get soooooo much better!
I hope that's sarcasm? Instead of getting the bounces your messages will simply go missing after they accepted it...or you will get bounces sent to you a few years after you sent the message...(happened to a client yesterday...). -Ray -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Henry Yen Sent: Thursday, April 10, 2008 4:17 PM To: nanog@merit.edu Subject: Re: Problems sending mail to yahoo? On Thu, Apr 10, 2008 at 12:23:24PM -0600, Chris Stone wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Matt Baldwin wrote:
mostly. It feels like a poorly implemented spam prevention system. Doing some Google searches will turn up some more background on the issue. We've been telling our users that Yahoo mail is problematic and if they can to switch away from using them as their private email or hosted email.
Maybe we all should do the same to them until they quit spewing out all the Nigerian scams and the like that I've been seeing from their servers lately!
Naaah. I hear that Microsoft is going to buy Yahoo!, so this problem will go away once Yahoo! mail gets folded into Microsoft hotmail, whereupon things will get soooooo much better!
HY> Date: Thu, 10 Apr 2008 16:17:08 -0400 HY> From: Henry Yen HY> Naaah. I hear that Microsoft is going to buy Yahoo!, so this HY> problem will go away once Yahoo! mail gets folded into Microsoft HY> hotmail, whereupon things will get soooooo much better! Maybe all the 42x responses are an attempt to cut load while migrating things onto Exchange. ;-) Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc@brics.com -*- jfconmaapaq@intc.net -*- sam@everquick.net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
At 02:23 PM 4/10/2008, you wrote:
Maybe we all should do the same to them until they quit spewing out all the Nigerian scams and the like that I've been seeing from their servers lately!
Chris
If there were an coordinated boycott, I would participate. Yahoo is *by far* the worst single abuser of our server among the "legitimate" email providers. I report dozens of spams from my personal account alone every day and never receive anything other than automated messages claiming to have dealt with the same abuse that continues around the clock or, worse, bogus/clueless claims that the IP in question is not theirs and suggestions that I check the same ARIN database that I used to confirm the responsible party in the first place. Until I read this thread, my suspicion was that all my spam reports were triggering the 4xx delays, and I'm still not sure that's not the case. (I only have one customer forwarding to yahoo.com, and that's post-filters.) Naturally, they delay mail to abuse@yahoo.com the same as any other mail. And, yes, I've tried to reach a human there. The only humans I ever reached briskly forwarded me to voice mail hell for customer support. So, I will start sending 5XX or 4XX messages to Yahoo if you guys will. I don't care if I have to spend all day on the phone with my customers explaining why. They hate spam, too, and they'll understand.
On 10 Apr 2008, at 23:58 , Rob Szarka wrote:
At 02:23 PM 4/10/2008, you wrote:
Maybe we all should do the same to them until they quit spewing out all the Nigerian scams and the like that I've been seeing from their servers lately!
If there were an coordinated boycott, I would participate. Yahoo is *by far* the worst single abuser of our server among the "legitimate" email providers.
Having done my own share of small-scale banging-of-heads-against-yahoo recently, the thing that surprised me was how many people with non- yahoo addresses had their mail handled by yahoo. It turns out that if Y! doesn't want to receive mail from me, suddenly I can't send mail to anybody in my extended family, or to most people I know in the town where I live. These involve domains like ROGERS.COM and BTINTERNET.COM, and not just the obvious Y! domains. In my more paranoid moments I have wondered how big a market share Y! now has in personal e-mail, given the number of large cable/telcos who have outsourced mail handling to them for their residential products. Once you pass a certain threshold, the fact that Y! subscribers are the only people who can reliably deliver mail to other Y! subscribers provides a competitive advantage and a sales hook to make the resi mail empire even larger. At that point it makes no sense for Y! to expend effort to accept *more* mail from subscribers of other services. To return to the topic at hand, you may already have outsourced the coordination of your boycott to Yahoo!, too! They're already not accepting your mail. There's no need to stop sending it! :-) Joe
At 10:22 AM 4/11/2008, Joe Abley wrote:
It turns out that if Y! doesn't want to receive mail from me, suddenly I can't send mail to anybody in my extended family, or to most people I know in the town where I live. These involve domains like ROGERS.COM and BTINTERNET.COM, and not just the obvious Y! domains.
Good point. I think this also includes AT&T/SBC/SNET in some fashion (with which many of my customers have been having different problems this week).
To return to the topic at hand, you may already have outsourced the coordination of your boycott to Yahoo!, too! They're already not accepting your mail. There's no need to stop sending it! :-)
Yes, but it's the flow of mail (spam) *from* them I'm worried about...
JA> Date: Fri, 11 Apr 2008 10:22:11 -0400 JA> From: Joe Abley JA> To return to the topic at hand, you may already have outsourced the JA> coordination of your boycott to Yahoo!, too! They're already not JA> accepting your mail. There's no need to stop sending it! :-) Except for queue management. I just got off the phone with one client who requested precisely: "Can you just have [the servers] refuse to send mail to Yahoo?" Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc@brics.com -*- jfconmaapaq@intc.net -*- sam@everquick.net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
Sounds like the obvious thing to tell customers complaining about their e-mail not getting to Yahoo! is to tell them that Yahoo! doesn't want it. Frank -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Edward B. DREGER Sent: Friday, April 11, 2008 2:44 PM To: nanog@merit.edu Subject: Re: Problems sending mail to yahoo? JA> Date: Fri, 11 Apr 2008 10:22:11 -0400 JA> From: Joe Abley JA> To return to the topic at hand, you may already have outsourced the JA> coordination of your boycott to Yahoo!, too! They're already not JA> accepting your mail. There's no need to stop sending it! :-) Except for queue management. I just got off the phone with one client who requested precisely: "Can you just have [the servers] refuse to send mail to Yahoo?" Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc@brics.com -*- jfconmaapaq@intc.net -*- sam@everquick.net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
FBi> Date: Sat, 12 Apr 2008 15:42:29 -0500 FBi> From: Frank Bulk - iNAME FBi> Sounds like the obvious thing to tell customers complaining about FBi> their e-mail not getting to Yahoo! is to tell them that Yahoo! FBi> doesn't want it. Obviously. That's when the client asked if their servers (perhaps I should have been more clear) could be configured not even to attempt sending mail to Yahoo. "If it's not going to get there, anyway, can we just block it when it's sent?" Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc@brics.com -*- jfconmaapaq@intc.net -*- sam@everquick.net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
The lesson one should get from all this is that the ultimate harm of spammers et al is that they are succeeding in corrupting the idea of a standards-based internet. Sites invent policies to try to survive in a deluge of spam and implement those policies in software. Usually they're loathe to even speak about how any of it works either for fear that disclosure will help spammers get around the software or fear that someone, maybe a customer maybe a litigious marketeer who feels unfairly excluded, will hold their feet to the fire. So it's a vast sea of security by obscurity and standards be damned. It's a real and serious failure of the IETF et al. P.S. Anyone else getting hit by sales calls for DDoS appliances and other salespeople as a result of this thread? This fishing in NANOG waters by salespeople is irritating and a good reason not to do business with these companies. I don't take my time to post on NANOG to invite a deluge of sales calls. -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Barry Shein Sent: Friday, April 11, 2008 5:04 PM To: nanog@merit.edu Subject: Re: Problems sending mail to yahoo?
The lesson one should get from all this is that the ultimate harm of spammers et al is that they are succeeding in corrupting the idea of a standards-based internet.
Sites invent policies to try to survive in a deluge of spam and implement those policies in software.
Usually they're loathe to even speak about how any of it works either for fear that disclosure will help spammers get around the software or fear that someone, maybe a customer maybe a litigious marketeer who feels unfairly excluded, will hold their feet to the fire.
So it's a vast sea of security by obscurity and standards be damned.
It's a real and serious failure of the IETF et al.
Has anyone ever figured out what percentage of a connection to the internet is now overhead i.e. spam, scan, viruses, etc? More than 5%? If we put everyone behind 4to6 gateways would the spam crush the gateways or would the gateways stop the spam? Would we add code to these transitional gateways to make them do more than act like protocol converters and then end up making them permanent because of "benefit"? Perhaps there's more to transitioning to a new technology after all? Maybe we could get rid of some of the cruft and right a few wrongs while we're at it?
P.S. Anyone else getting hit by sales calls for DDoS appliances and other salespeople as a result of this thread?
This fishing in NANOG waters by salespeople is irritating and a good reason not to do business with these companies.
I don't take my time to post on NANOG to invite a deluge of sales calls.
<nanog admin> If we catch them, we'll act. We added some language related to that to the new AUP and have been able to act on it as a result. </nanog admin> -- Martin Hannigan http://www.verneglobal.com/ Verne Global Datacenters e: hannigan@verneglobal.com Keflavik, Iceland p: +16178216079
The lesson one should get from all this is that the ultimate harm of spammers et al is that they are succeeding in corrupting the idea of a standards-based internet.
Sites invent policies to try to survive in a deluge of spam and implement those policies in software.
Usually they're loathe to even speak about how any of it works either for fear that disclosure will help spammers get around the software or fear that someone, maybe a customer maybe a litigious marketeer who feels unfairly excluded, will hold their feet to the fire.
So it's a vast sea of security by obscurity and standards be damned.
It's a real and serious failure of the IETF et al.
Has anyone ever figured out what percentage of a connection to the internet is now overhead i.e. spam, scan, viruses, etc? More than 5%? If we put everyone behind 4to6 gateways would the spam crush the gateways or would the gateways stop the spam? Would we add code to these transitional gateways to make them do more than act like protocol converters and then end up making them permanent because of "benefit"? Perhaps there's more to transitioning to a new technology after all? Maybe we could get rid of some of the cruft and right a few wrongs while we're at it?
We(*) can't even get BCP38 to work. Ha. Having nearly given up in disgust on trying to devise workable anti-spam solutions that would reliably deliver requested/desired mail to my own mailbox, I came to the realization that the real problem with the e-mail system is so fundamental that there's no trivial way to "save" it. Permission to mail is implied by simply knowing an e-mail address. If I provide "jgreco@ns.sol.net" to a vendor in order to receive updates to an online order, the vendor may retain that address and then mail it again at a later date. Worse, if the vendor shares the address list with someone else, we eventually have the Millions CD problem - and I have no idea who was responsible. Giving out tagged addresses gave a somewhat useful way to track back the "who was responsible," but didn't really offload the spam from the mail server. I've "solved" my spam problem (or, more accurately, am in the process of slowly solving my spam problem) by changing the paradigm. If the problem is that knowing an e-mail address acts as the key to the mail box, then giving the same key to everyone is stupid. For vendors, I now give them a crypto-signed e-mail address(*2). By making the key a part of the DNS name, I can turn off reception for a "bad" sender (anyone I don't want to hear from anymore!) or a sender who's shared "my" address with their "affiliates" (block two for the price of one!) All other validated mail makes it to my mailbox without further spam filtering of any kind. This has been excessively effective, though doing it for random consumers poses a lot of interesting problems. However, it proves to me that one of the problems is the permission model currently used. The spam problem is potentially solvable, but there's a failure to figure out (at a leadership level) paradigm changes that could actually make a difference. There's a lot of resistance to changing anything about the way e-mail works, and understandably so. However, these are the sorts of things that we have to contemplate and evaluate if we're really interested in making fundamental changes that reduce or eliminate abuse. (*) fsvo "we" that doesn't include AS14536. (*2) I've omitted a detailed description of the strategy in use because it's not necessarily relevant to NANOG. I'm happy to discuss it with anyone interested. It has technical merit going for it, but it represents a significant divergence from current practice. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Sat, Apr 12, 2008 at 2:34 AM, Barry Shein <bzs@world.std.com> wrote:
The lesson one should get from all this is that the ultimate harm of spammers et al is that they are succeeding in corrupting the idea of a standards-based internet.
The lesson here is that different groups at the same ISPs go to different places Packet pushers go to *NOG. And the abuse desks mostly all go to MAAWG. And any CERTs / security types the ISP has go to FIRST and related events. And most of them never do coordinate internally, run by different groups probably in different cities ... --srs
Suresh Ramasubramanian wrote:
On Sat, Apr 12, 2008 at 2:34 AM, Barry Shein <bzs@world.std.com> wrote:
The lesson one should get from all this is that the ultimate harm of spammers et al is that they are succeeding in corrupting the idea of a standards-based internet.
huh? i think that, with their attacks, they are actually helping to drive improvements in the standards. of course, the disfunction of the standards organizations does not make this as clean a process and as much of a win as it could be. but considering that security was not very thoroughly designed in the original standards, we're not doing all that badly. it's always gonna be a chase.
The lesson here is that different groups at the same ISPs go to different places
i am not sure that is so much a lesson as an observation. the lesson may be, in part, that this is sub-optimal. can it be changed? how?
Packet pushers go to *NOG. And the abuse desks mostly all go to MAAWG. And any CERTs / security types the ISP has go to FIRST and related events. And most of them never do coordinate internally, run by different groups probably in different cities ...
"dear coo/ceo/whomever: i want approval to send the five folk who go to nanog, and the five folk who go to maawg, and the five folk who go to first to *all* go to the new frobnitz joint conference." think that'll fly? otoh, being on the frobnitz program committee would be an interesting lesson and exercise in industry physics. when i first joined acm ('67), i could keep up with a significant portion of the literature. now i maybe see a single digit percentage. the field has broadened. the ops and other applied areas have similarly broadened and specialized. we are victims of our own success. randy
On Sat, Apr 12, 2008 at 9:02 AM, Randy Bush <randy@psg.com> wrote:
Packet pushers go to *NOG. And the abuse desks mostly all go to MAAWG. And any CERTs / security types the ISP has go to FIRST and related events. And most of them never do coordinate internally, run by different groups probably in different cities ...
"dear coo/ceo/whomever: i want approval to send the five folk who go to nanog, and the five folk who go to maawg, and the five folk who go to first to *all* go to the new frobnitz joint conference."
Collocation would be a useful idea - save airfare, hotel etc. I had this lovely little experience where the lead CERT guy at ISP X was talking about a particular trojan that was hitting his ISP, and was hitting [ISP Y] and hitting [ISP Z]. He says "I saw these trojans hitting ISPs Y and Z but didnt know anybody there". If he'd just bothered to step across the hall and talk to his colleagues at ISP X's abuse desk.. they are, and have been for years, in regular contact with their counterparts at Y and Z - email, face to face, phone, IM etc.
otoh, being on the frobnitz program committee would be an interesting lesson and exercise in industry physics.
You think there's not enough convergence + shared interests in such programs? I mean, abuse + security teams could care less about MPLS and peering, but there is a lot they're discussing (walled gardens, botnet mitigation etc) that does get discussed in far better detail at nanog. Or at FIRST. srs
[ should this move to nanog-futures? well, it's a quiet saturday ]
Collocation would be a useful idea - save airfare, hotel etc.
immensely difficult. the nanog sc could not even get the nanog administrative structure to avoid a direct and damaging conflict with afnog for the next meeting. if successful, it will have taken over two years of work to get a meeting in the dominican republic. ... not that this might not be worth trying. just that it is extremely far from simple.
otoh, being on the frobnitz program committee would be an interesting lesson and exercise in industry physics. You think there's not enough convergence + shared interests in such programs?
different question. what i meant was that the synergies and tensions between the subject areas would be quite evident on a joint pc, and have to be worked out. doing so would be an educational experience.
I mean, abuse + security teams could care less about MPLS and peering, but there is a lot they're discussing (walled gardens, botnet mitigation etc) that does get discussed in far better detail at nanog. Or at FIRST.
yes. randy
"dear coo/ceo/whomever: i want approval to send the five folk who go to nanog, and the five folk who go to maawg, and the five folk who go to first to *all* go to the new frobnitz joint conference."
think that'll fly?
Why not? We already solved that problem for the five folk who go to the ARIN meetings. --Michael Dillon P.S. Thinking out of the box would suggest that the person funding these conference trips should force people to rotate the conferences that they go to. Want to get approval to go to another NANOG? Then you have to attend the next MAAWG and the next FIRST conference before you can attend NANOG again. It is now standard enterprise practice to rotate their best managers through various different functions of the company. Why don't we do this with some of the technical management functions as well?
On Thu, Apr 10, 2008 at 11:58:05PM -0400, Rob Szarka wrote:
I report dozens of spams from my personal account alone every day and never receive anything other than automated messages claiming to have dealt with the same abuse that continues around the clock or, worse, bogus/clueless claims that the IP in question is not theirs and suggestions that I check the same ARIN database that I used to confirm the responsible party in the first place.
I gave up sending abuse reports to Yahoo (and Hotmail) many years ago. All available evidence strongly indicates that there is nobody there who understands them, is capable of taking effective action, or cares to take any effective action. That evidence includes not just their complete failure to control outbound abuse, but their ill-advised and ineffective attempts to control inbound abuse (as we see in this thread), their complete failure to participate in abuse forums such as Spam-L, their complete failure to shut down spammer/phisher domains they're hosting, and their complete failure to shut down spammer/phisher dropboxes they're providing. Sadly, Google's Gmail appears to be on the first steps down this same path. I had hoped for a display of markedly higher clue level from them, but -- for whatever reason -- it hasn't manifested itself yet. So in the short term, advising customers that Yahoo's and Hotmail's freemail services are of very poor quality and should never be relied on for anything, and that Gmail is a better choice, is probably viable. In the long term, though, I think it may only delay the inevitable. ---Rsk
At 10:33 AM 4/11/2008, you wrote:
I gave up sending abuse reports to Yahoo (and Hotmail) many years ago.
I gave up on Hotmail, too, though occasionally I try a sample to see if they've improved. The latest came back with a message saying that I had to resubmit my report to any entirely different address. As if their inability to forward mail internally is now my problem...
So in the short term, advising customers that Yahoo's and Hotmail's freemail services are of very poor quality and should never be relied on for anything, and that Gmail is a better choice, is probably viable. In the long term, though, I think it may only delay the inevitable.
OTOH, as someone who provides services to small business customers who want their own domains, this may be to my benefit: one of the main selling points of a domain is that it makes you the master of your own fate, not tied to the fate of a particular provider. (At least, if you're smart enough to use a registrar and a service provider who doesn't make it almost-impossible to switch....)
participants (14)
-
Barry Shein -
Chris Stone -
Edward B. DREGER -
Frank Bulk - iNAME -
Henry Yen -
Joe Abley -
Joe Greco -
Martin Hannigan -
michael.dillon@bt.com -
Randy Bush -
Raymond L. Corbin -
Rich Kulawiec -
Rob Szarka -
Suresh Ramasubramanian