Bounce action notifications - NANOG mailing list changes yahoo.com users

Fri Oct 10 22:19:27 UTC 2014

On Fri, Oct 10, 2014 at 09:48:26PM +0530, Suresh Ramasubramanian wrote:
> Call it triage. When a minuscule amount of mailing list traffic is weighed
> against huge volumes of forged spam and  phish...

Triage as an abuse mitigation tactic is fine.  But where that triage
needs to be applied, and where it can be most effective, is at the *source*
of the abuse.  Which is not here or any other of the myriad mailing lists
where most of the heavy lifting is done WRT to networking, security,
software and all the other things that make the 'net work.

Yahoo itself is a major source of abuse, it has been for many years, and
there is absolutely no visible sign that they've done anything about it,
that they're doing anything about it, or that they intend to do anything
about it.  Spam/phishes show up all day, every day, and yes they really
*are* from Yahoo, so there's not much need at the moment for anyone
to bother forging an @yahoo address.  (That's kind of like creating an
exquisitely detailed fake replica of a Mercedes-Benz sedan and then slapping
a Yugo logo on it.  Why would any forger good enough to pull that off
devalue their own effort by deliberately associating it with junk?)

So please, let's not pretend that Yahoo has suddenly had a come-to-Jebus
moment and is interested in stopping abuse.  They're not.  If they were,
they would have invested resources into their own operation many years ago,
they would deal with their abuse@ email promptly and professionally,
and Yahoo-sourced abuse would be an isolated/transient problem, rather
than a systemic/persistent one.  What they *are* interested in, given
the floundering state of their company, is anything they can do to
retain users -- and screwing up others' mailing lists (for which the
operators are being blamed, through no fault of their own) in favor of
their own offerings is one way to achieve that.

---rsk