Yahoo and their mail filters..

Barry Shein bzs at world.std.com
Wed Feb 25 21:29:23 CST 2009


On February 26, 2009 at 06:55 ops.lists at gmail.com (Suresh Ramasubramanian) wrote:
 > On Wed, Feb 25, 2009 at 11:28 PM, Barry Shein <bzs at world.std.com> wrote:
 > 
 > > I realize this is easier in theory than practice but I wonder how much
 > > better the whole AOL (et al) spam button would get if they ignored the
 > > spam button unless two (to pick a number) different customers clicked
 > > the same sender (I know, forged sender etc but something like that) as
 > > spam in a reasonably short amount of time like an hour or a day at
 > > most.
 > 
 > .. and you think AOL doesnt track these?  Come on, barry - try to give
 > large mailops shops with massive userbases some credit for clue level.

I have no idea what they track and it's completely irrelevant.

We get a steady stream of "spam" complaints from the AOL feedback loop
which is virtually all either (we assume) unsubscriptions from
legitimate mailing lists or random misfires, "it was nice seeing you
and dad last week" From joe blow, To susie blow, which just probably
isn't spam.

Now, if you're still following, none (or a microscopic amt) of that
would pass the "complaints came from two different sources in a fairly
short amount of time" sniff test I proposed.

If you track it and don't use it, well, tree falling in the forest and
all that.

I can see with my own eyes that nothing like this is being done.

As far as I can tell from here, and other sites may see it
diffferently, the feedback thing is mostly just a "please unsubscribe
me from this mailing list I subscribed to and can't remember how to
get off" and the occasional "oops, hit the spam button on mom's mail,
oh well!"

 >  You have all the clue in the world but you dont even begin to guess
 > at the firehose AOL / Yahoo / we etc have to deal with.  Or what we
 > routinely do, as a matter of best practice.

Nor is it my problem.

Why should my staff and I spend valuable time subsidizing your
business model? Hire more people if you feel overloaded, but don't
pass the workload off on others, particularly others in the biz, we
have workloads too.

 > I wont claim perfection, infallibility etc for any of the big 3
 > (hotmail / yahoo / aol) or even for us (large enough - 76 million
 > users we filter for, 40 million of which we host).  But a user report
 > based spam reporting system works quite well on the aggregate.

Perhaps it works for you, but we get a non-stop stream of false
positives; unsubscribes (a lot of it), Dad's out of the hospital would
love to see you next week, and on and on.

I was suggesting a simple improvement which would help: Don't send it
as a spam report unless you get two or more complaints about the same
msg/source within a short time period.

It's good and valuable advice, you can send me a PO...

The point is, I'm not complaining, I'm making what I think is a
constructive suggestion: Don't send it until you get two or more
complaints (as previously outlined.)

 > And yes, legitimate outfits can wind up blocked (universities because
 > of unfiltered machines on campus, and because of nigerians / phishers
 > hacking user accounts, webhosts because of hacked scripts, or because
 > they end up hosting a high volume spammer in part of a /24 with legit
 > customers near him ..)

I didn't say a word about any of this...

 > One thing that may need to be improved at one place or the other is
 > false positive handling - make that faster and more efficient, and
 > also publish the "unblock contact path"  in block messages you issue,
 > and you would find a lot of the gripes getting resolved.  To some
 > extent anyway.
 > 
 > Postmaster work is a place for people with decent mailops / routing
 > skills, yes - but far more than that, it is for people with both soft
 > skills for customer service plus a finely tuned b.s detector.  It is
 > complex, and far too long for nanog .. took maawg three or four
 > brainstorming sessions over a year to discuss.

Well, this is all nice, I'm sorry you entirely missed my rather simple
and straightforward suggestion, but whatever.

 > http://www.maawg.org/about/publishedDocuments/Abuse_Desk_Common_Practices.pdf
 > 
 > And then some others relevant to this thread -
 > 
 > http://www.maawg.org/about/publishedDocuments/MAAWG_Email_Forwarding_BP.pdf
 > http://www.maawg.org/port25
 > http://www.maawg.org/about/publishedDocuments/MAAWG_AWPG_Anti_Phishing_Best_Practices.pdf
 > http://www.maawg.org/about/publishedDocuments
 > 
 > --srs

-- 
        -Barry Shein

The World              | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Login: Nationwide
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*




More information about the NANOG mailing list