> I don't think so. I'm primarily a datacenter operator and > commercial-only ISP and my AUP says no spamming. As the proactive type > that prefers to prevent spamming instead of ignoring it for profit, I do > like to know if anyone is emitting spam from any of our IP space. > Feedback loops based on our IP ranges help with that goal, and provide > effective evidence of AUP violations.
> I can't do that with DKIM. Feedback loops are also faster than waiting > for someone to email abuse@ after looking in whois, if anyone bothers to > go that far. If my abuse@ is already in whois, then why should I not be > allowed to request automated reporting of the same? I think there is a subset of people that don't really understand how widespread IP space is being shared. That subset seems to believe that 1 IP address means 1 domain name and 1 individual. But that's just simply not the case. 1 IP address may be sending out mail for 500 or more domain names - each that may have 10 to 20 email accounts. And that means there's a lot of mail being sent out from a single IP address that doesn't necessarily relate to each other. The majority of these email account owners and domain name owners care nothing about DKIM, DMARC reports, or any feedback loop reports. The people that do care? They're the ones that serve as server administrators (i.e. have root access) to those servers. That is who these reports need to be aimed at. It then becomes the server administrator's responsibility to keep those 500 domain names or 10,000 email email accounts in line when it comes to spamming or abuse. There also needs to be a distinction made between the "owner" of an IP address and the "administrator" responsible for the server using that IP address. I don't own any of the IP addresses that are used to send out mail from our servers, but I administer all the servers we use. If spam is sent from one of our servers - the IP address of one of our servers - it's me you ultimately want to contact, not the owner of the IP address. If you contact the owner of the IP address - they don't have root access to the server - they will have to filter that report down to me, for me to take action. And whether or not if that happens or if that happens in a timely manner is anybody's guess. Now, it's entirely possible that I'm the one that has tunnel vision with this... but this is how I see things. Maybe there are a lot of folks that host one domain name on one IP address. Or maybe everyone on this list owns the IP address space that they send out mail from. I don't know. But I think it's at least worth an open-mind in looking at how IP address space is used and dispersed amongst people that can actually take actionable changes from that IP address space. My advice would be to have a centralized database of IP addresses that lists 1) a human contact email address (or probably a form to disguise the actual email address) and 2) a feedback loop address (which again would be disguised). Force server administrators of these IP addresses to verify these email addresses (or I suppose you could do a callback URL) once a month to ensure that the information remains up to date. Then when spam is identified as being sent from an IP address it is sent to the FBL address listed in this central database. Back in the day, AOL had a great feedback loop system. This system was immensely helpful for us, because it allowed us to find spammers on our servers very quickly. But either that feedback loop system died off or AOL diminished in use (I suspect the latter). Microsoft is suppose to have the JMRP that was supposed to be similar, but I never found it useful - I very, very rarely ever got anything from those reports, yet our servers would get blocked by Microsoft - and it was a hassle to sign up for (again the distinction between OWNER of the IP address and ADMINISTRATOR of the server using the IP address). Google also allegedly has a feedback loop system - but I've never, ever received anything in that system, I'm guessing maybe we don't have the volume of mail to gmail to register for this? The bottom line is that the IP address is the only thing that is common throughout the whole email infrastructure when it comes to identifying abuse. Every email message received, every spam message received, was sent to the recipient's server by another server with an IP address. So that's the structure that makes sense for identifying where abuse is coming from.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop