Yahoo and their mail filters..

Eric Esslinger eesslinger at fpu-tn.com
Wed Feb 25 14:47:36 UTC 2009


We pretty constantly are deferred on yahoo, and at one point had all 
outbound mail for yahoo logged at the sender/recipient/subject/size 
level to get an idea what was up.

In an experiment, I found that after being 'clean' (not being deferred) 
for close to a week, simply sending myself 1 single email, then hitting 
spam in the yahoo box was enough to get us being blocked for another 24 
hours.

I would sign up for a FBL if they had one; I find the others I have very 
valuable (though about 90% of what I get back is 'spam rather than 
delete' ).
Ray Corbin wrote:
> Funny we were just having similar conversation on mailop.org :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their spam at yahoo.com account, those simply got notified that it was removed. 
>
> -r
>
>
> -----Original Message-----
> From: Suresh Ramasubramanian [mailto:ops.lists at gmail.com] 
> Sent: Wednesday, February 25, 2009 6:42 AM
> To: Niall Donegan
> Cc: nanog at nanog.org
> Subject: Re: Yahoo and their mail filters..
>
> On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <niall at blacknight.com> wrote:
>   
>> Another interesting side effect of that is email forwarder accounts.
>> Take a user who gets a domain on our shared hosting setup and forwards
>> the email for certain users to a Yahoo account. If those mails are
>> marked as spam, it seems to be our server that gets blacklisted rather
>> than the originating server.
>>
>>     
>
> No surprise. Guess whose IP is the one handing off to yahoo?
>
> If you have forwarding users -
>
> * Spam filter them to reject spam rather than simply tag and forward it.
> * Isolate your forwarding traffic through a single IP,  Let ISPs know.
>
>   
>> Feedback loops often aren't that useful either. We're on the AOL Scomp
>> feedback loop, and we've often got fairly personal email sent to our
>> abuse desk because the users simply press spam rather than delete.
>>     
>
> You have a far smaller userbase, and a userbase you know. For us, with
> random nigerians and other spammers signing up / trying to sign up all
> the time, FBLs are invaluable as a realtime notification of spam
> issues.
>
> And as I said random misdirected spam reports wont trigger a block as
> much as your leaking forwarded spam.  Or your getting a hacked cgi/php
> or a spammer installed direct to mx spamware.  [so if you are cpanel -
> smtp tweak/csf firewall and mod_security for apache should be default
> on your install if you havent already done so]
>
> -srs
>
>
>   

-- 
Eric Esslinger
Information Services Manager
Fayetteville Public Utilities
Fayetteville, TN 37334
Phone: 931-433-1522x165   Fax: 931-433-0646
eesslinger at fpu-tn.com




More information about the NANOG mailing list