Yahoo and their mail filters..

Ray Corbin rcorbin at traffiq.com
Wed Feb 25 10:14:31 CST 2009


It depends on your environment. I've seen where it is helpful and where it is overwhelming. If you are a smaller company and want to know why you keep getting blocked then those should help. If you are a larger company and get a several hundred a day, but you send 100k emails to AOL then it is not as big of a deal. If you are a shared hosting provider and you get a lot of them you should look into what is being sent to AOL, such as forwarded spam from customers 'auto forwards' (isolate the auto forwards to a separate IP address and simply don't sign up for the FBL for it).... If you have a good setup where only customer-originated email is being sent through the IP's you have a FBL on, then it is useful and you shouldn't get as many complaints.

-r


-----Original Message-----
From: Richey [mailto:mylists at battleop.com] 
Sent: Wednesday, February 25, 2009 11:06 AM
To: nanog at nanog.org
Subject: RE: Yahoo and their mail filters..

> Feedback loops often aren't that useful either. We're on the AOL Scomp 
> feedback loop, and we've often got fairly personal email sent to our 
> abuse desk because the users simply press spam rather than delete.

AOL's Scomp is spam it's self.   If I read though 100 messages maybe one
message is really spam.   The other 99 are jokes, regular emails, maybe a
news letter from their church, etc.   Most people are lazy and would rather
click on the Spam button instead of unsubscribing for a list they subscribed
to in the first place.

Richey

-----Original Message-----
From: Ray Corbin [mailto:rcorbin at traffiq.com] 
Sent: Wednesday, February 25, 2009 9:27 AM
To: Suresh Ramasubramanian; Niall Donegan
Cc: nanog at nanog.org
Subject: RE: Yahoo and their mail filters..

Funny we were just having similar conversation on mailop.org :) . Suresh is
right about the feedback loops (you also should subscribe to
comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an
external gateway that makes doing reports easy then they are a good way to
find out when spam problems arise, such as the pesky Nigerian spammers who
constantly find new ways to thwart all anti-fraud checks prior to creating
the accounts. One thing that I did, when being an email admin for a very
large shared hosting company, was when I ran reports of emails going to
@yahoo.com I took the top 10 or so recipients and figured out who had the
forwarders setup to send to them. I talked to the customer and even gave
them alternative solutions (such as giving them 6months free for Postini
inbound anti-spam service for that forward account). The worst ones were
those who had catchalls setup to forward to their spam at yahoo.com account,
those simply got notified that it was removed. 

-r


-----Original Message-----
From: Suresh Ramasubramanian [mailto:ops.lists at gmail.com] 
Sent: Wednesday, February 25, 2009 6:42 AM
To: Niall Donegan
Cc: nanog at nanog.org
Subject: Re: Yahoo and their mail filters..

On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <niall at blacknight.com> wrote:
>
> Another interesting side effect of that is email forwarder accounts.
> Take a user who gets a domain on our shared hosting setup and forwards
> the email for certain users to a Yahoo account. If those mails are
> marked as spam, it seems to be our server that gets blacklisted rather
> than the originating server.
>

No surprise. Guess whose IP is the one handing off to yahoo?

If you have forwarding users -

* Spam filter them to reject spam rather than simply tag and forward it.
* Isolate your forwarding traffic through a single IP,  Let ISPs know.

> Feedback loops often aren't that useful either. We're on the AOL Scomp
> feedback loop, and we've often got fairly personal email sent to our
> abuse desk because the users simply press spam rather than delete.

You have a far smaller userbase, and a userbase you know. For us, with
random nigerians and other spammers signing up / trying to sign up all
the time, FBLs are invaluable as a realtime notification of spam
issues.

And as I said random misdirected spam reports wont trigger a block as
much as your leaking forwarded spam.  Or your getting a hacked cgi/php
or a spammer installed direct to mx spamware.  [so if you are cpanel -
smtp tweak/csf firewall and mod_security for apache should be default
on your install if you havent already done so]

-srs







More information about the NANOG mailing list