Am 07.08.20 um 19:14 schrieb Alain Gaudreau via mailop: > > I disagree Hans-Martin. > I sympathize with you. Constantly fighting mail blocks is certainly as tiring as constantly fighting mail abuse. > > > > We have been using ovh for years and years and enforce strict abuse policies > on our clients who are mostly notaries, > lawyers, dental clinics and so on that have specific needs of having their > data hosted in their own jurisdiction for > privacy concerns, etc. > I know that OVH has legit customers as well. Reason enough not to fully block on the IP level but log and check the list regularly. With > 95% obvious crap, my motivation isn't stellar, though. > > > > If you are going to block the entire address space, you would also need to > block most of the vps providers out there > which are all as difficult to deal with in terms of abuse be it email or > various other brute force and ddos attacks > who generally ignore reports. > I do. OVH is just a very big player and the topic of the original post. > > > > I have personally reported hundreds of abuse incidents originating from > dozens of major players in the hosting and > cloud industries that generally disregard the reports or return generic > messages that they cannot be held responsible > for data passing through their network. > And that's a widespread problem. If they hide their clients' identity from me so I can not complain to their client or keep my block list finely tuned to just list the spammers, they have no reason to complain if I instead tune it coarsely. > > > > There are still many mailops out there aside from Microsoft/Google that apply > strict policies and get swept up in wide > range ip bans for nothing pushing clients to migrate to MS/Google and giving > them even more control over the market. > MS/Google and many others still have their share of emitted spam. But those are mostly abused mailboxes, not spam operations, so a temporary block of a compromised server until the abuse report has been acted upon is most often all that's needed. OVH on the other hand tolerates spammer operations for much too long, regularly providing them with fresh IP addresses all around their network. They are not the only ones who do that, but one of the biggest ones. > > > > We need to find better, smarter ways to fight undesirables than simply carpet > banning large blocks of ip’s and killing > off smaller operators one after another especially now, during this global > pandemic where most companies are suffering > massive financial losses and depend on email as their primary means of > communication with their suppliers and clients. > Yes. Listing individual IPs has been tried, and it fails because some big players hand out lots of addresses (often not even contiguous) to snowshoe spammers. I'm not for killing smaller operators (unless they're spammers, and even then killing their business is sufficient in my opinion) but I'd like to be able to poke the largest ones until they realize they need to handle their abusive customers differently. And if that doesn't work (apparently it does not) then I want to at least keep most of the spam out of my users' inboxes. My users need working e-mail, too, and they are often not tech-savvy enough to reliably detect fraud and phishing which would also hurt them financially. > > > > Perhaps the time has come to change how we have all been doing it for decades > with the current hundreds of RBL’s and > local block lists and put in place a low cost or no cost to mailops neutral > world wide “governing body” built on fast > response, information for mailops and best practices. > Would be nice, but from just wishing it won't become a reality. > > > > Over the past decades, the only time we have had spam/bulk mail go through > our systems has been due to compromised > wordpress/joomla/etc websites that communicate with external smtp servers > that bypassed for the most part our mail > filtering systems entirely which meant waiting for that server’s ip to be > blocked on some RBL or through MS to get > notified of the issue then factor in the time it takes for the team to > investigate and shut down the offending web > site/account, it all adds up to slow response and more junk floating out > there. > Yes, that's why you should pressure your provider to accept and handle abuse reports. They need to put some energy into this (for example, a blanket "we will forward your report to the customer" will make me prefer to block without reporting) but after some time their spamming customers will find their situation uncomfortable and will leave. After that happens I'm ok with my reports being forwarded to the folks responsible for the compromised server. > > > > If we had a widely adopted “central” organisation with better, faster, more > detailed mail reports or a database on > greymail and undesirables we could cut down the response time and > consequently the number of undesirables and downtime > for legitimate clients and mailops dramatically and even force the > mailops/uplink providers that would normally ignore > reports to pay attention. > Every organization that has a face will be subject to bullying and lawsuits to the point of being forced to shut down. As Mailops we certainly would like to use their services, but shelling out real money for them to fight against litigious lawsuits would be a bit much for me - I'm investing my own time, I don't have a legal budget. > > > > Microsoft’s JMRP and SNDS are great tools although lacking in usability and > information, something along those lines > with a searchable database for our registered mail servers and more detailed > information on the reports would be perfect. > I must admit I'm not familiar with JMRP and SNDS at all. But yes, a reputation-based information resource that isn't a simple yes/no oracle as most RDNSBLs are would be great. > > > > It’s a vast undertaking of course but in the end, might be our best bet to > fight spam, shady companies and maintain a > healthy market for smaller upstanding operators regardless of their ip space, > uplink provider or geolocation. > I'm working in my little corner towards something that might be part of a solution. But I know how hard it is to gather a group of people working together for a common goal, so my hopes are pretty slim.
Cheers, Hans-Martin
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
