Funny we were just having similar conversation on mailop.org :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their s...@yahoo.com account, those simply got notified that it was removed.
-r -----Original Message----- From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Wednesday, February 25, 2009 6:42 AM To: Niall Donegan Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <ni...@blacknight.com> wrote: > > Another interesting side effect of that is email forwarder accounts. > Take a user who gets a domain on our shared hosting setup and forwards > the email for certain users to a Yahoo account. If those mails are > marked as spam, it seems to be our server that gets blacklisted rather > than the originating server. > No surprise. Guess whose IP is the one handing off to yahoo? If you have forwarding users - * Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know. > Feedback loops often aren't that useful either. We're on the AOL Scomp > feedback loop, and we've often got fairly personal email sent to our > abuse desk because the users simply press spam rather than delete. You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues. And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so] -srs
