Yahoo and their mail filters..

Ray Corbin rcorbin at
Wed Feb 25 14:26:33 UTC 2009

Funny we were just having similar conversation on :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's ( If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their spam at account, those simply got notified that it was removed. 


-----Original Message-----
From: Suresh Ramasubramanian [mailto:ops.lists at] 
Sent: Wednesday, February 25, 2009 6:42 AM
To: Niall Donegan
Cc: nanog at
Subject: Re: Yahoo and their mail filters..

On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <niall at> wrote:
> Another interesting side effect of that is email forwarder accounts.
> Take a user who gets a domain on our shared hosting setup and forwards
> the email for certain users to a Yahoo account. If those mails are
> marked as spam, it seems to be our server that gets blacklisted rather
> than the originating server.

No surprise. Guess whose IP is the one handing off to yahoo?

If you have forwarding users -

* Spam filter them to reject spam rather than simply tag and forward it.
* Isolate your forwarding traffic through a single IP,  Let ISPs know.

> Feedback loops often aren't that useful either. We're on the AOL Scomp
> feedback loop, and we've often got fairly personal email sent to our
> abuse desk because the users simply press spam rather than delete.

You have a far smaller userbase, and a userbase you know. For us, with
random nigerians and other spammers signing up / trying to sign up all
the time, FBLs are invaluable as a realtime notification of spam

And as I said random misdirected spam reports wont trigger a block as
much as your leaking forwarded spam.  Or your getting a hacked cgi/php
or a spammer installed direct to mx spamware.  [so if you are cpanel -
smtp tweak/csf firewall and mod_security for apache should be default
on your install if you havent already done so]


More information about the NANOG mailing list