Yahoo and their mail filters..

Ray Corbin rcorbin at traffiq.com
Wed Feb 25 08:26:33 CST 2009


Funny we were just having similar conversation on mailop.org :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their spam at yahoo.com account, those simply got notified that it was removed. 

-r


-----Original Message-----
From: Suresh Ramasubramanian [mailto:ops.lists at gmail.com] 
Sent: Wednesday, February 25, 2009 6:42 AM
To: Niall Donegan
Cc: nanog at nanog.org
Subject: Re: Yahoo and their mail filters..

On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <niall at blacknight.com> wrote:
>
> Another interesting side effect of that is email forwarder accounts.
> Take a user who gets a domain on our shared hosting setup and forwards
> the email for certain users to a Yahoo account. If those mails are
> marked as spam, it seems to be our server that gets blacklisted rather
> than the originating server.
>

No surprise. Guess whose IP is the one handing off to yahoo?

If you have forwarding users -

* Spam filter them to reject spam rather than simply tag and forward it.
* Isolate your forwarding traffic through a single IP,  Let ISPs know.

> Feedback loops often aren't that useful either. We're on the AOL Scomp
> feedback loop, and we've often got fairly personal email sent to our
> abuse desk because the users simply press spam rather than delete.

You have a far smaller userbase, and a userbase you know. For us, with
random nigerians and other spammers signing up / trying to sign up all
the time, FBLs are invaluable as a realtime notification of spam
issues.

And as I said random misdirected spam reports wont trigger a block as
much as your leaking forwarded spam.  Or your getting a hacked cgi/php
or a spammer installed direct to mx spamware.  [so if you are cpanel -
smtp tweak/csf firewall and mod_security for apache should be default
on your install if you havent already done so]

-srs





More information about the NANOG mailing list