Yahoo and their mail filters..

Jo Rhett jrhett at netconsonance.com
Tue Mar 24 14:51:30 CDT 2009


On Feb 27, 2009, at 7:10 AM, Ken A wrote:
> I agree that aol could do a better job of filtering the outbound,  
> but I don't think it's a useless system. We get a few dozen from aol  
> a day unless we have a real problem.
> I see the mother-daughter conversations (worst), the subscribed lazy  
> user emails - we encourage our mailing list senders to include unsub  
> links - partly to make it easy for _us_ to click and unsub these  
> dummies.
>
> And we see the 'real deal' now and then; usually an exploited php  
> script being abused by spammers, or someone who has had their  
> password sniffed, or stolen.
> Most of these are users who travel and don't use secure protocols,  
> or have a teenager in the house (the most insecure protocol is  
> adolescence). We appreciate aol's efforts, imperfect as they are.


The math here is easy.

1. The time cost of reading AOL's feedback loop was greater than 2  
working hours every day.
2. The number of exploited systems that we received notification about  
was total of 3 in 2 years of reading that loop.
3. Every one of those exploited systems also got SpamCop reports.

365 x 2 years x 2 hours = 1460 hours minimum (because it rarely took  
only 2 hours)
1460 hours of effort / 3 compromises = 487 hours, or 3 months of work  
per compromise.

In short, AOL provided zero value to us.  Because if a SpamCop user is  
reporting valid receipts, I report it back to the SpamCop admins and  
they go have a talk with the user.

NOTE: for a small mail sending provider who controls every mail server  
and customer in their netblock, it probably is useful.  It's just  
useless for colocation providers and generic ISPs.

And let's be honest.   AOL's effort shouldn't be applauded.  It's an  
autobot which sends false spam reports, nothing more and nothing  
less.  Any autobot which sends false spam reports needs to be shut down.

-- 
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source  
and other randomness




More information about the NANOG mailing list