/24 blocking by ISPs - Re: Problems sending mail to yahoo?

mark seiden-via mac mis at seiden.com
Mon Apr 14 15:08:41 UTC 2008

(all opinions below my own...   comments are intended to address a  
number of points made previously in this extended thread, by rick and  

are you saying you don't consider the sending ip address or the  
envelope sender or the envelope recipient to be
a. useful for spam detection
b. personally identifiable information

having done quite a lot of spam filtering (and having worked on big  
mail before, e.g. on the original AOL internet gateways)
i think they are in both categories. (the HELO strings can be pretty  
useful also)...

the scale of mail at yahoo, gmail, hotmail, aol (maybe brightmail and  
postini, too) is well beyond the numbers anyone else here
is citing.  i can assure you there are lots of smart and caring people  
working on problems of mail abuse (both
incoming from the internet and outgoing, too).  both of these cost us  
a lot of money, and we know it.

yahoo receives > 500M visitors per month, and collects about 25 TB of  
logs every day.  analyze that!

my understanding is the chinese govt has specific requirements  
regarding logging and log retention
that are compulsory for any company with servers in china.  europe and  
other countries are trying to promulgate
laws about log retention.

logs cut both ways, by the way.  they can be exculpatory as well,  
particularly in the case of a phished or cracked account used
for something illegal.  with the ip addresses of the abuse, the  
defense can assert that the account owner was not whodunit.
with no logs, it's much harder to substantially defend against the  
govt in such cases, presumption of innocence notwithstanding.

on the original issue (as i work for yahoo, but in the security group,  
not in mail),  we *do* try to follow the lists, at least as
lurkers.  as a big and public company, somewhat in the spotlight from  
time to time, we are restricted from making statements
that could be misinterpreted as "speaking for the company" without  
going through various approval channels.

i  summarized the substantive bits of this thread for yahoo mail  
management for their comments, and particularly seconding
the suggestion that yahoo provide more transparency to isps to make it  
possible for them to clean/keep clean their own houses.
there is dialog going on about improving the process so it's more  
predictable and less frustrating for ISPs.  the forms really do
work, they tell me.  (not fast enough for you, we hear clearly.)

(i just hope more transparency doesn't make things easier for, say,  
the Russian Business Network or the Storm gang.)

on the question of greylisting, you're right that there are delays  
imposed on senders of email who are perceived as spam senders
but  "first connect fails" greylisting is not used.  the documentation  
could be improved.  (all documentation, except guy steele's
or mary claire van leunen's, could be improved.)

unfortunately, we're all pretty much in the same boat on this one, so  
let's not fight about it (at least, don't fight with me...)

On Apr 12, 2008, at 7:08 PM, Rich Kulawiec wrote:

> On Sat, Apr 12, 2008 at 09:36:43AM -0700, Matthew Petach wrote:
>> *heh*  And yet just last year, Yahoo was loudly dennounced for
>> keeping logs that allowed the Chinese government to imprison
>> political dissidents.  Talk about damned if you do, damned if  
>> don't...
> But those are very different kinds of logs -- with personally
> identifiable information.  I see a sharp difference between those
> and logs which record (let's say) SMTP abuse incidents/attempts by
> originating IP address.
> ---Rsk

More information about the NANOG mailing list