On Mon, Jan 17, 2022 at 6:06 PM Grant Taylor via mailop <mailop@mailop.org> wrote:
> Why can't automated and manual reports go to the same address? Isn't > that what recipient side filtering is for? E.g. separating RFC standard > DSNs / MDNs from human generated messages, each handled by different teams. > > My problem with FBLs is that I have to know to sign up for FBLs. > Conversely, mailbox operators can probably more easily send push > notifications to published addresses, whatever the industry accepted > method is. > > I keep going back to the AOL Feedback Loop of yesteryear. I didn't actually READ every message in that mailbox. But I could run a script through a procmail recipe to increment counts by IP that AOL was sending back to that FBL. So that when an IP got 10 or so messages within a certain period it would alert me at another email address that I watched. The abuse email address and feedback loop email address don't have to be different. But, for me (which may not be the same thing for everyone else), the FBL address was just means to tally information. Sure, I could go back into that address and manually review the feedback reports I got and often that was the next step after being alerted to high number of reports for a certain IP, but it's main purpose was just to automate a tally. I actually like feedback loops. To my knowledge Microsoft is the only one that has anything any where close to what the AOL Feedback Loop was like. But it's a hassle to sign up for it, and it either goes through periods where it's broken or it only sends reports if X number of mailings come into Microsoft from an IP address. Or maybe I just have some really nice users that always send legitimate mail to Microsoft/Hotmail/Outlook addresses and none of our servers ever get flagged as spam (begs the question as to why Microsoft blocks our servers from time to time though). Gmail and Yahoo all base their feedback loops on DomainKeys or something, it's not IP based. I know Comcast and some of the other ReturnPath customers have feedback loops, but traffic on those are low too. As a responsible server administrator - I don't mind signing up for feedback loops to help safeguard my servers. I would think any other responsible server administrator would feel the same way. I just want those feedback loops to work. If Microsoft is going to block my server IP claiming that we sent them spam, but I never get anything in their feedback loop - then that's an ineffective feedback loop. Same for Yahoo and Gmail and really any email service provider that's going to block my server IP. Now if others in this discussion are arguing that Microsoft/Yahoo/Gmail/etc are sending feedback loop reports to abuse contacts listed in RDAP, RP, rWhois, any where else - then my bone to pick is with my IP delegation provider because they're not forwarding these on to me. Perhaps it's just a lack of communication and they don't know that I want to receive these - that's a fair point. Or perhaps there's so many different ways to define an abuse contact address (RDAP, RP, rWhois, etc) that different service providers look for different contact structures and the feedback reports all end up in a gobbled mess. If that's the case then there needs to be a SINGLE defined way to publish a contact address that receives feedback reports. BUT... I just really don't think Microsoft/Yahoo/Gmail/etc are sending feedback reports for EVERY single spam message they get back to these RDAP, RP, rWhois abuse contacts. But I'm a big enough man to admit that I've been wrong before.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop