(all opinions below my own... comments are intended to address a
number of points made previously in this extended thread, by rick and
others)
are you saying you don't consider the sending ip address or the
envelope sender or the envelope recipient to be
a. useful for spam detection
b. personally identifiable information
having done quite a lot of spam filtering (and having worked on big
mail before, e.g. on the original AOL internet gateways)
i think they are in both categories. (the HELO strings can be pretty
useful also)...
the scale of mail at yahoo, gmail, hotmail, aol (maybe brightmail and
postini, too) is well beyond the numbers anyone else here
is citing. i can assure you there are lots of smart and caring people
working on problems of mail abuse (both
incoming from the internet and outgoing, too). both of these cost us
a lot of money, and we know it.
yahoo receives > 500M visitors per month, and collects about 25 TB of
logs every day. analyze that!
my understanding is the chinese govt has specific requirements
regarding logging and log retention
that are compulsory for any company with servers in china. europe and
other countries are trying to promulgate
laws about log retention.
logs cut both ways, by the way. they can be exculpatory as well,
particularly in the case of a phished or cracked account used
for something illegal. with the ip addresses of the abuse, the
defense can assert that the account owner was not whodunit.
with no logs, it's much harder to substantially defend against the
govt in such cases, presumption of innocence notwithstanding.
on the original issue (as i work for yahoo, but in the security group,
not in mail), we *do* try to follow the lists, at least as
lurkers. as a big and public company, somewhat in the spotlight from
time to time, we are restricted from making statements
that could be misinterpreted as "speaking for the company" without
going through various approval channels.
i summarized the substantive bits of this thread for yahoo mail
management for their comments, and particularly seconding
the suggestion that yahoo provide more transparency to isps to make it
possible for them to clean/keep clean their own houses.
there is dialog going on about improving the process so it's more
predictable and less frustrating for ISPs. the forms really do
work, they tell me. (not fast enough for you, we hear clearly.)
(i just hope more transparency doesn't make things easier for, say,
the Russian Business Network or the Storm gang.)
on the question of greylisting, you're right that there are delays
imposed on senders of email who are perceived as spam senders
but "first connect fails" greylisting is not used. the documentation
could be improved. (all documentation, except guy steele's
or mary claire van leunen's, could be improved.)
unfortunately, we're all pretty much in the same boat on this one, so
let's not fight about it (at least, don't fight with me...)
On Apr 12, 2008, at 7:08 PM, Rich Kulawiec wrote:
On Sat, Apr 12, 2008 at 09:36:43AM -0700, Matthew Petach wrote:
*heh* And yet just last year, Yahoo was loudly dennounced for
keeping logs that allowed the Chinese government to imprison
political dissidents. Talk about damned if you do, damned if
don't...
But those are very different kinds of logs -- with personally
identifiable information. I see a sharp difference between those
and logs which record (let's say) SMTP abuse incidents/attempts by
originating IP address.
---Rsk