Re: [mailop] What am I supposed to do with abuse complaints on legit mail?
On 1/13/22 20:24, Scott Mutter via mailop wrote: The issue is that big name mail service providers, like Gmail, Microsoft, Yahoo - do not offer a way to get effective feedback loops. Again, this is why I say the AOL feedback loop system of the 2000's was so great. I've NEVER gotten anything from Gmail's Postmaster tools for any of the servers (which asks for a domain name and not an IP address). Once in a blue moon I get something from Microsoft's JMRP, but they still block IPs with out any reports. Yahoo's FBL is based on DomainKeys. Have you done the following? This is a very basic first step. 1. Go to https://www.whois.com 2. Enter the IP address of your mail server. 3. Verify at OrgAbuseName, OrgAbusePhone, and OrgAbuseEmail point to you. If not, fix it so that they do. You may need to contact your ISP to have them SWIP your subnet to you. 4. Send email to the OrgAbuseEmail address. Did you receive it? Do you check that mailbox regularly? Many feedback loops depend on the WHOIS record being correct. -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] What am I supposed to do with abuse complaints on legit mail?
The issue is that big name mail service providers, like Gmail, Microsoft, Yahoo - do not offer a way to get effective feedback loops. Again, this is why I say the AOL feedback loop system of the 2000's was so great. I've NEVER gotten anything from Gmail's Postmaster tools for any of the servers (which asks for a domain name and not an IP address). Once in a blue moon I get something from Microsoft's JMRP, but they still block IPs with out any reports. Yahoo's FBL is based on DomainKeys. The oft rumor with Gmail's Postmaster tools is that you have to reach a certain mail sending limit for Google to generate reports, I suspect that our servers all fall below that threshold. I suspect it's the same or similar thing with Microsoft's JMRP. But both services block our IPs from time to time. How - pray, tell - am I supposed to know that these services are seeing bad things or abuse from our IPs if they don't tell me? Look, I get it. It's difficult to justify expending resources generating feedback reports for IPs that don't really send a lot of mail. But that doesn't mean that those IPs can't be sending out unwanted emails. So I can understand why these providers don't send out reports for IPs that fall under a certain threshold. BUT - that's got to work both ways. You can't expect me to know that you're receiving unwanted emails from my server's IP if you do not tell me. If I can understand your reasons for not sending out all feedback reports then you have to understand why small mail server operators get upset when you suddenly block our IPs and then give us the runaround to get the IP unblocked. If you think it's completely unreasonable for us small time mail server operators to get upset when you block an IP without giving us any feedback - that's where you've lost touch with reality. On Thu, Jan 13, 2022 at 9:13 PM Jay Hennigan via mailop wrote: > On 1/13/22 16:08, Scott Mutter via mailop wrote: > > I'm not sure what value of Recipients is really referring to - but I > > think this is kind of the question that needs to be asked. Should the > > administrator of a sending server (the IP address) be responsible for > > removing addresses from a mailing list? Probably. > > Absolutely. Not specifically removing addresses from mailing lists, but > ensuring that the server associated with that IP address doesn't send > UBE. If abuse originates from that IP address, the administrator of the > machine bound to that IP is responsible for stopping it whether the > abuse is spam, brute-force SSH attacks, viruses, SIP attacks, ping > floods, or any other form of abuse. > > > But in order for the > > administrator of the sending server to know about this, reports are > > going to have to come to the administrator of the sending server based > > on it's IP address. > > Yes, and that is accomplished by parsing headers, WHOIS, and having a > working and responsive abuse contact. > > > I'm an administrator of a mail server (many mail servers). > > Then you should have a vested interest in running a clean shop. > > > I (personally) don't really send out emails through these servers. > > Most administrators of multi-user mail servers don't personally send > much mail through them on a percentage basis. > > > We sell a service to customers that allows them to use the server to > > send out emails. > > In other words, you profit from allowing others to use your server. You > charge for the service of delivering mail on behalf of your customers. > > > It's those customers that are sending out mailing lists and/or > > questionable marketing messages, etc. > > Then you need to fire the customers who you are presently allowing to > abuse the Internet. "I don't personally robocall people to pitch car > warranty scams. I sell phone service to customers. It's those customers > that are placing the robocalls, etc. I just take their money and enable > them to annoy people." Whose facility do you think is going to get > blocked by other carriers and tracked down by the FTC/FCC? You or your > customers? > > > When those customers send messages to Yahoo or any other email service > > ... they really don't care if the individual recipient at Yahoo or > > whoever flags that message as spam. Is this wrong? Absolutely! But > > this is the disconnect from reality that I think a lot of Mailops seem > > to discount. > > Where's the disconnect? You profit by sending mail on behalf of > customers. Those customers don't care if they are spamming. They aren't > going to stop spamming because it's profitable for them. You may choose > not to police your customers because it's profitable for you. The > victims of the abuse don't know of or care about your relationship with > your customers. They can easily find you by your IP, however. By > blocking your IP they avoid abuse from any and all of your customers. It > sounds like this has gotten your attention and you now realize that > there is a problem. > > > We've reached a
Re: [mailop] What am I supposed to do with abuse complaints on legit mail?
On 1/13/22 16:08, Scott Mutter via mailop wrote: I'm not sure what value of Recipients is really referring to - but I think this is kind of the question that needs to be asked. Should the administrator of a sending server (the IP address) be responsible for removing addresses from a mailing list? Probably. Absolutely. Not specifically removing addresses from mailing lists, but ensuring that the server associated with that IP address doesn't send UBE. If abuse originates from that IP address, the administrator of the machine bound to that IP is responsible for stopping it whether the abuse is spam, brute-force SSH attacks, viruses, SIP attacks, ping floods, or any other form of abuse. But in order for the administrator of the sending server to know about this, reports are going to have to come to the administrator of the sending server based on it's IP address. Yes, and that is accomplished by parsing headers, WHOIS, and having a working and responsive abuse contact. I'm an administrator of a mail server (many mail servers). Then you should have a vested interest in running a clean shop. I (personally) don't really send out emails through these servers. Most administrators of multi-user mail servers don't personally send much mail through them on a percentage basis. We sell a service to customers that allows them to use the server to send out emails. In other words, you profit from allowing others to use your server. You charge for the service of delivering mail on behalf of your customers. It's those customers that are sending out mailing lists and/or questionable marketing messages, etc. Then you need to fire the customers who you are presently allowing to abuse the Internet. "I don't personally robocall people to pitch car warranty scams. I sell phone service to customers. It's those customers that are placing the robocalls, etc. I just take their money and enable them to annoy people." Whose facility do you think is going to get blocked by other carriers and tracked down by the FTC/FCC? You or your customers? When those customers send messages to Yahoo or any other email service ... they really don't care if the individual recipient at Yahoo or whoever flags that message as spam. Is this wrong? Absolutely! But this is the disconnect from reality that I think a lot of Mailops seem to discount. Where's the disconnect? You profit by sending mail on behalf of customers. Those customers don't care if they are spamming. They aren't going to stop spamming because it's profitable for them. You may choose not to police your customers because it's profitable for you. The victims of the abuse don't know of or care about your relationship with your customers. They can easily find you by your IP, however. By blocking your IP they avoid abuse from any and all of your customers. It sounds like this has gotten your attention and you now realize that there is a problem. We've reached a point in society where individuals can't read and can't be expected to take the 90 seconds it takes to read and understand something, they want to be spoon fed information. ... If an individual in the general public gets a feedback loop report about a message being spam... they're not going to read it... they're not going to take the time to understand it... they're just going to keep sending out to their list just ignoring that report But you're not the general public. You operate a mail server. Maybe you should ensure that the feedback loop reports come to you as the operator of the mail server that's originating the abuse. You are a professional generating revenue by sending mail on behalf of others. When you get a feedback loop report, wouldn't it be a good idea to take the 90 seconds to read, understand, and actually act on it? Now, eventually, Yahoo or whatever mail service, will say that the mail server that I'm an administrator to has sent them too much spam and they start to block/blacklist/throttle mail from the server. Indeed. Hopefully that will get your attention and cause you to reduce the spam that the server that you administer is sending. This may require you to fire your bad customers and take steps to ensure that any new customers you acquire aren't bad actors. I'm left out in the cold because 1) I'm not the one sending out the mailing list messages Yes. You. Are. Technically, the server that you administer is, but you are in control of that server and thus the messages that it sends. You are in control of who you take on as a customer. 2) I have no way of getting feedback loop messages from Yahoo or whatever mail service for this sending IP Why not? Have you tried? FBLs are generally tied to IPs, not domains. Is your sending IP associated with you in WHOIS? Do you have a working abuse contact listed for it? If so, do you monitor it? 3) there's a severe lack of ways to get in touch with a human person at
Re: [mailop] What am I supposed to do with abuse complaints on legit mail?
On 1/13/22 16:08, Scott Mutter via mailop wrote: I'm not sure what value of Recipients is really referring to - but I think this is kind of the question that needs to be asked. Should the administrator of a sending server (the IP address) be responsible for removing addresses from a mailing list? Probably. Absolutely. Not specifically removing addresses from mailing lists, but ensuring that the server associated with that IP address doesn't send UBE. If abuse originates from that IP address, the administrator of the machine bound to that IP is responsible for stopping it whether the abuse is spam, brute-force SSH attacks, viruses, SIP attacks, ping floods, or any other form of abuse. But in order for the administrator of the sending server to know about this, reports are going to have to come to the administrator of the sending server based on it's IP address. Yes, and that is accomplished by parsing headers, WHOIS, and having a working and responsive abuse contact. I'm an administrator of a mail server (many mail servers). Then you should have a vested interest in running a clean shop. I (personally) don't really send out emails through these servers. Most administrators of multi-user mail servers don't personally send much mail through them on a percentage basis. We sell a service to customers that allows them to use the server to send out emails. In other words, you profit from allowing others to use your server. You charge for the service of delivering mail on behalf of your customers. It's those customers that are sending out mailing lists and/or questionable marketing messages, etc. Then you need to fire the customers who you are presently allowing to abuse the Internet. "I don't personally robocall people to pitch car warranty scams. I sell phone service to customers. It's those customers that are placing the robocalls, etc. I just take their money and enable them to annoy people." Whose facility do you think is going to get blocked by other carriers and tracked down by the FTC/FCC? You or your customers? When those customers send messages to Yahoo or any other email service ... they really don't care if the individual recipient at Yahoo or whoever flags that message as spam. Is this wrong? Absolutely! But this is the disconnect from reality that I think a lot of Mailops seem to discount. Where's the disconnect? You profit by sending mail on behalf of customers. Those customers don't care if they are spamming. They aren't going to stop spamming because it's profitable for them. You may choose not to police your customers because it's profitable for you. The victims of the abuse don't know of or care about your relationship with your customers. They can easily find you by your IP, however. By blocking your IP they avoid abuse from any and all of your customers. It sounds like this has gotten your attention and you now realize that there is a problem. We've reached a point in society where individuals can't read and can't be expected to take the 90 seconds it takes to read and understand something, they want to be spoon fed information. ... If an individual in the general public gets a feedback loop report about a message being spam... they're not going to read it... they're not going to take the time to understand it... they're just going to keep sending out to their list just ignoring that report But you're not the general public. You operate a mail server. Maybe you should ensure that the feedback loop reports come to you as the operator of the mail server that's originating the abuse. You are a professional generating revenue by sending mail on behalf of others. When you get a feedback loop report, wouldn't it be a good idea to take the 90 seconds to read, understand, and actually act on it? Now, eventually, Yahoo or whatever mail service, will say that the mail server that I'm an administrator to has sent them too much spam and they start to block/blacklist/throttle mail from the server. Indeed. Hopefully that will get your attention and cause you to reduce the spam that the server that you administer is sending. This may require you to fire your bad customers and take steps to ensure that any new customers you acquire aren't bad actors. I'm left out in the cold because 1) I'm not the one sending out the mailing list messages Yes. You. Are. Technically, the server that you administer is, but you are in control of that server and thus the messages that it sends. You are in control of who you take on as a customer. 2) I have no way of getting feedback loop messages from Yahoo or whatever mail service for this sending IP Why not? Have you tried? FBLs are generally tied to IPs, not domains. Is your sending IP associated with you in WHOIS? Do you have a working abuse contact listed for it? If so, do you monitor it? 3) there's a severe lack of ways to get in touch with a human person at
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
> Domain reputation is a thing though. If your IP really gets blocked (and not just throttled; that's a signal you have access to btw) you usually have a bigger problem. Unfortunately, that's not what I'm seeing in the real world. Everything is IP based. Go through the archives here at Mailops. Over the past month how many messages has this list gotten with request for help from Microsoft, Comcast, T-Mobile, etc all concerning their mail server IPs being blocked? They block by IP address. I'm not really saying that blocking by IP address is a bad idea. I get it. I get why it's so effective. I'm just saying you can't say you're acknowledging spam from certain domains or DomainKeys and then go and block the IP that's sending. You're comparing apples to oranges. I remember the early 00's with AOL's feedback loop. This was a wonderful, wonderful thing. It helped that a lot of people still had AOL email addresses. I could sign up all of my SMTP server IPs to funnel in spam feedback to a single email address. I could monitor that email address for feedback reports. The reports included all of the headers, including the message ID that I could parse through my logs to identify the sender. And then I could take action against that account on our server. But eventually AOL addresses died off and that FBL became dormant. I wish Gmail, Yahoo, Microsoft, all had similar feedback loops - that would be the most useful thing to me as a server administrator. I think Gmail may have something similar but it's useless because you have to send 100 million messages a day (or some absurd high number) to get the feedback loop to register a single incident. AOL's feedback loop from the 2000s was the pinnacle of feedback loops. I think instead of looking at something that lowly AOL did successfully, all of these big name mail service providers are taking the idea and trying to "improve" it to the point that it's ineffective. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
On Thu, Jan 13, 2022 at 4:14 PM Scott Mutter via mailop wrote: If a service is going to block/blacklist/throttle messages by the sending > IP, then what good does it do to base feedback loops and spam reports on a > domain basis? A sending IP could have 1000 domains sending from it and > only 1 of those domains is sending spam or sending to a list that is being > flagged as spam, but the recipient server isn't going to block based on > domain, it's going to block based on IP. > If one (authenticated) domain from 1000 is spamming from your IP (and all the other (authenticated) traffic is fine) then no, blocking your IP based on that is/should not really be a thing. Domain reputation is a thing though. If your IP really gets blocked (and not just throttled; that's a signal you have access to btw) you usually have a bigger problem. - Marcel ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] What am I supposed to do with abuse complaints on legit mail?
On 1/13/22 5:08 PM, Scott Mutter via mailop wrote: I'm not sure what value of Recipients is really referring to - but I think this is kind of the question that needs to be asked. I was purposely nebulous specifically because what the exact list is doesn't matter. ;-) Should the administrator of a sending server (the IP address) be responsible for removing addresses from a mailing list? Probably. I feel like the SMTP administrator ~> postmaster / hostmaster probably wants to /not/ be involved, but that it behooves them to be somewhat involved, especially when the reputation of the server / IP / etc. is involved ~> at risk. But in order for the administrator of the sending server to know about this, reports are going to have to come to the administrator of the sending server based on it's IP address. Point of order: I don't think that the reports /must/ go /directly/ to -- whom I'm going to refer as -- the postmaster / hostmaster. But I do believe that the messages need to make it to said postmaster / hostmaster /in/ /a/ /timely/ /manner/!!! Meaning that the messages can come into a system where the messages ~> tickets are routed to the postmaster / hostmaster /in/ /a/ /timely/ /manner/. I'm going to define a timely manner to be ≤ 24 (wall clock) hours. I'll accept 1 business day / give some slack for a weekend / holiday / etc. Note: That's how long I think it should take for the message ~> ticket to be routed to the postmaster / hostmaster. That's completely independent of how long said postmaster / hostmaster has to respond to it. Aside: I'd like to see a response from the postmaster / hostmaster within 72 (wall clock) hours / 3 business days. I (personally) don't really send out emails through these servers. I suspect that's quite common, particularly for subscribers of this mailing list. When those customers send messages to Yahoo or any other email service ... they really don't care if the individual recipient at Yahoo or whoever flags that message as spam. Agreed. Is this wrong? Absolutely! Reluctantly agreed. But this is the disconnect from reality that I think a lot of Mailops seem to discount. ? We've reached a point in society where individuals can't read and can't be expected to take the 90 seconds it takes to read and understand something, they want to be spoon fed information. With heavy resignation in my heart, I agree with your description. However, I would /require/ that clients using my server to do something notoriously questionable, e.g. sending mass email, to actually spend the 90 seconds to read and act on such bounces / abuse reports / complaints. Because if they don't do so as the list administrator and I receive enough (copies of) notices / abuse reports myself, I would (eventually) suspend their services. Eventually because there would be multiple strikes with escalating responses. ... If an individual in the general public gets a feedback loop report about a message being spam... they're not going to read it... they're not going to take the time to understand it... they're just going to keep sending out to their list just ignoring that report Agreed. However I do not acknowledge that a mailing list administrator is /simply/ a member of the /general/ /public/. Rather they are a (paying) customer and they have agreed to my companies terms of service. As such, they have a responsibility to keep their use of my services clean, lest they find themselves looking for a new service provider. Now, eventually, Yahoo or whatever mail service, will say that the mail server that I'm an administrator to has sent them too much spam and they start to block/blacklist/throttle mail from the server. Yep. Which is why you have the responsibility to keep your server(s) as clean as possible. I'm left out in the cold because 1) I'm not the one sending out the mailing list messages 2) I have no way of getting feedback loop messages from Yahoo or whatever mail service for this sending IP 3) there's a severe lack of ways to get in touch with a human person at Yahoo or whatever mail service to discuss the situation. I made sure that I received a copy of anything and everything that was sent to abuse@, postmaster@, and hostmaster@ for any of the domains that ran through my servers. I *REQUIRED* it as a condition of using my servers. -- I would periodically send test messages to the aforementioned addresses to confirm that I received copies. It's not a perfect method by any stretch of the imagination. But I do believe that it is a step in the correct direction. Some people seem to assume that 1 IP address = 1 domain sending out mail = 1 person responsible for managing that. I assume that these people you speak of have never actually administered a server since the '90s when we could just throw IPs at things. And that is just simply not true. Agreed. If a service is going to
Re: [mailop] What am I supposed to do with abuse complaints on legit mail?
I'm not sure what value of Recipients is really referring to - but I think this is kind of the question that needs to be asked. Should the administrator of a sending server (the IP address) be responsible for removing addresses from a mailing list? Probably. But in order for the administrator of the sending server to know about this, reports are going to have to come to the administrator of the sending server based on it's IP address. I'm an administrator of a mail server (many mail servers). I (personally) don't really send out emails through these servers. We sell a service to customers that allows them to use the server to send out emails. It's those customers that are sending out mailing lists and/or questionable marketing messages, etc. When those customers send messages to Yahoo or any other email service ... they really don't care if the individual recipient at Yahoo or whoever flags that message as spam. Is this wrong? Absolutely! But this is the disconnect from reality that I think a lot of Mailops seem to discount. We've reached a point in society where individuals can't read and can't be expected to take the 90 seconds it takes to read and understand something, they want to be spoon fed information. ... If an individual in the general public gets a feedback loop report about a message being spam... they're not going to read it... they're not going to take the time to understand it... they're just going to keep sending out to their list just ignoring that report Now, eventually, Yahoo or whatever mail service, will say that the mail server that I'm an administrator to has sent them too much spam and they start to block/blacklist/throttle mail from the server. I'm left out in the cold because 1) I'm not the one sending out the mailing list messages 2) I have no way of getting feedback loop messages from Yahoo or whatever mail service for this sending IP 3) there's a severe lack of ways to get in touch with a human person at Yahoo or whatever mail service to discuss the situation. Some people seem to assume that 1 IP address = 1 domain sending out mail = 1 person responsible for managing that. And that is just simply not true. 1 IP address may have 1000s of domains sending out emails, which may refer to 1000s of different individuals. The common denominator is the sending IP address and that's why abuse reports, feedback loops, and all discussion about the quality/quantity of mail coming from that IP address needs to refer to the individual that is managing the SMTP service at that IP address. If a service is going to block/blacklist/throttle messages by the sending IP, then what good does it do to base feedback loops and spam reports on a domain basis? A sending IP could have 1000 domains sending from it and only 1 of those domains is sending spam or sending to a list that is being flagged as spam, but the recipient server isn't going to block based on domain, it's going to block based on IP. On Thu, Jan 13, 2022 at 4:23 PM Grant Taylor via mailop wrote: > On 1/13/22 1:00 PM, Scott Mutter via mailop wrote: > > The person sending out the mails or mailing list often doesn't care if > > their recipients are flagging messages as spam or if their messages are > > being treated as spam or unsolicited. > > Does this imply that the person sending out the mails to the mailing > list cares more about the message going to $RECIPIENTS and less about > the actual value of $RECIPIENTS? Sort of implying that the SMTP server > operators have some leeway to remove / unsubscribe a few specific > recipients from the larger $RECIPIENTS list in the spirit of protecting > the larger overall system operation and flow? > > > > -- > Grant. . . . > unix || die > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] What am I supposed to do with abuse complaints on legit mail?
On 1/13/22 00:32, Alessandro Vesely via mailop wrote: As an extra courtesy you could add something like "We're sorry that our mail was considered spam, it's not our intent to send unsolicited mail." That's appropriate for the specific case where the MUA flags the list owner that the message was moved to the recipient's spam folder, likely a corner case overall but one that has been discussed in this thread. I'm not aware of any client-side IMAP implementations that do this, but it seems that major provider webmail and IMAP implementations (Yahoo, etc.) may. Also appropriate if the unsubscribe link offers a menu of reasons for the unsub and the user selects the "this is spam" option. Heck, spam is not the reason why one unsubs from a mailing list. For example, one may join a list about a product when she first installed it and leave after a while. Then yes, there are mailing lists with no moderators, which send spam. If the signal to noise ration drops below some level one can loose interest in the discussion and then unsubscribe from the list. One situation on which I'm on the receiving end far too frequently is email that is totally unsolicited but very obviously "targeted". I get unsolicited email on a daily basis for webinars and white papers from companies with which I have zero prior interaction but are in my industry. I get at least two or three a day, they typically have an unsubscribe link, and the vast majority are sent via ESPs with plenty of apologists on this list. I'm looking at you, Marketo and Sendgrid. Complaints to their abuse addresses rarely even get so much as a "You've been listwashed" ignore-bot response. Of course, you only do that when you really didn't send unsolicited mail. As long as ESPs don't vet customer-provided lists and don't require COI, either of which would cut into their bottom line, they send a ton of unsolicited mail but claim plausible deniability. Unsolicited means without subscription, which we don't call "mailing list". Perhaps UCE? Yes, they often sport unsubscribe URIs, since they're mandatory in many countries, so as to masquerade as newsletters. Precisely this. Rampantly this. -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] What am I supposed to do with abuse complaints on legit mail?
On 1/13/22 1:00 PM, Scott Mutter via mailop wrote: The person sending out the mails or mailing list often doesn't care if their recipients are flagging messages as spam or if their messages are being treated as spam or unsolicited. Does this imply that the person sending out the mails to the mailing list cares more about the message going to $RECIPIENTS and less about the actual value of $RECIPIENTS? Sort of implying that the SMTP server operators have some leeway to remove / unsubscribe a few specific recipients from the larger $RECIPIENTS list in the spirit of protecting the larger overall system operation and flow? -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] What am I supposed to do with abuse complaints on legit mail?
I think some of what's lost in this discussion - and it's true this may be dragging the discussion off-topic, but seems as good a time as any to bring this up. Often times the individual maintaining the mailing list or sending out the emails, is not the same individual that administers and maintains the SMTP server that's doing the actual sending out. Props to a mailing list administrators that actually handles unsubscribing members that flag messages as spam or email senders that actually care about how their messages are being treated. But this is most often, not the case. The person sending out the mails or mailing list often doesn't care if their recipients are flagging messages as spam or if their messages are being treated as spam or unsolicited. It's only until it comes to the desk of the SMTP server administrator that the server is blocked/blacklisted that this then becomes a problem. That's why I think it's better for mail servers to focus their feedback loops or however else they report spam/abuse back to the SMTP server administrator and not the emailing domain owner. On Thu, Jan 13, 2022 at 1:13 PM Matt Vernhout via mailop wrote: > On Thu, Jan 13, 2022 at 1:41 AM Jay Hennigan via mailop > wrote: > >> Agreed 100%. >> >> A single acknowledgement of a successful unsubscribe is fine, but don't >> make them jump through another flaming hoop. This goes double if the >> "subscription" is the typical webinar/whitepaper spam that they never >> wanted in the first place. >> >> In my opinion, a single reply email, "You have been unsubscribed from >> xyz mailing list" is a good thing to do. >> > > A number of years ago while working at an ESP we tried this, sending a > notice that was along the lines of "Thank you for reporting this message as > spam, we have taken action to remove you from the mailing list and will > review the sending practices of XYZ Brand ." > > Two things happened: > > 1 - People replied in large numbers "I never reported this as spam, I want > to continue receiving these emails" - depending on the day >20% of the > messages generated this reply > 2 - People reported the reply/notification as spam. > > Needless to say it was a short-lived experiment as it just created more > support overhead for us having to undo the unsubscribe or deal with angry > customers getting calls from their subscribers. Which is actually in line > with where this whole conversation started... > > ~ Matt > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] What am I supposed to do with abuse complaints on legit mail?
On Thu, Jan 13, 2022 at 1:41 AM Jay Hennigan via mailop wrote: > Agreed 100%. > > A single acknowledgement of a successful unsubscribe is fine, but don't > make them jump through another flaming hoop. This goes double if the > "subscription" is the typical webinar/whitepaper spam that they never > wanted in the first place. > > In my opinion, a single reply email, "You have been unsubscribed from > xyz mailing list" is a good thing to do. > A number of years ago while working at an ESP we tried this, sending a notice that was along the lines of "Thank you for reporting this message as spam, we have taken action to remove you from the mailing list and will review the sending practices of XYZ Brand ." Two things happened: 1 - People replied in large numbers "I never reported this as spam, I want to continue receiving these emails" - depending on the day >20% of the messages generated this reply 2 - People reported the reply/notification as spam. Needless to say it was a short-lived experiment as it just created more support overhead for us having to undo the unsubscribe or deal with angry customers getting calls from their subscribers. Which is actually in line with where this whole conversation started... ~ Matt ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] blocked by microsoft -- support procedure?
Hi, On Thu, Jan 13, 2022 at 12:35:25AM -0800, Jyri J. Virkki via mailop wrote: > On Tue, Jan 11, 2022 at 02:04:56PM -0500, Mark G Thomas via mailop wrote: > > > > I'm not generally involved in our support issues, but a coworker at > > my work (Linode) reached out to me about what looks to be a new problem > > involving hosting customers being blocked by by Microsoft. We have > > 150-200 new support tickets about this, starting on December 21, 2021. > > Our support goes back and forth with the customers and tries to help, > > typically 4 responses, but up to 48, per ticket, and both support and > > customers are growing increasingly frustrated. > > Thanks for the support! > > Mine is one of those hundreds of tickets (FYI 16748061). ... > I got the same response that Linode got (based on the support ticket) > > "Not qualified for mitigation 66.175.223.185/32 Our investigation has > determined that the above IP(s) do not qualify for mitigation." > > However, today I tried writing to my friend at hotmail.com again and > this time didn't get the IP-based block bounce, so at least something > has changed. I'll follow up offline with him later to see if anything > got delivered or not. Linode is taking immediate and drastic measures. Since yesterday 50 accounts represnting several hundred IPs have been cancelled as fraud for this specific SMTP-enabled-customer plus high IP churn abuse pattern. A new policy will be going into effect today, putting further restrictions on when support may grant outbound-SMTP-filter removal to requesting customers. Would Linode meet the criteria for getting someone from the Linode's Trust and Safety department on this list? Mark -- Mark G. Thomas , KC3DRE ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] What am I supposed to do with abuse complaints on legit mail?
> On Jan 12, 2022, at 11:30 PM, Jay Hennigan via mailop > wrote: > > A single acknowledgement of a successful unsubscribe is fine, but don't make > them jump through another flaming hoop. It's also a violation of Federal law, which requires a "one-step unsubscribe method". Anne -- Anne P. Mitchell, Attorney at Law CEO Get to the Inbox by SuretyMail Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Author: The Email Deliverability Handbook Board of Directors, Denver Internet Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop In-house Counsel: Mail Abuse Prevention System (MAPS) (Closed in 2004) ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] What am I supposed to do with abuse complaints on legit mail?
13. Januar 2022 09:32, "Alessandro Vesely via mailop" schrieb: > On Thu 13/Jan/2022 08:01:56 +0100 Hans-Martin Mosner via mailop wrote: > >> Am 13.01.22 um 07:30 schrieb Jay Hennigan via mailop: >>> In my opinion, a single reply email, "You have been unsubscribed from xyz >>> mailing list" is a good thing to do. >> >> As an extra courtesy you could add something like "We're sorry that our mail >> was considered spam, it's not our intent to send unsolicited mail." > > Heck, spam is not the reason why one unsubs from a mailing list. For example, > one may join a list about a product when she first installed it and leave > after > a while. Then yes, there are mailing lists with no moderators, which send > spam. If the signal to noise ration drops below some level one can loose > interest in the discussion and then unsubscribe from the list. Yes, but the context here was abuse reports and unsubscribing the recipients in response to those reports. Of course you don't need to explain anything if someone unsubscribes themselves. My goal is transparency and veracity in communication. If someone is unsubscribed due to any other reason than themselves hitting an unsubscribe button or send mail to the "list-leave" address, it is prudent to tell them the reason they were unsubscribed. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] blocked by microsoft -- support procedure?
On Tue, Jan 11, 2022 at 02:04:56PM -0500, Mark G Thomas via mailop wrote: > > I'm not generally involved in our support issues, but a coworker at > my work (Linode) reached out to me about what looks to be a new problem > involving hosting customers being blocked by by Microsoft. We have > 150-200 new support tickets about this, starting on December 21, 2021. > Our support goes back and forth with the customers and tries to help, > typically 4 responses, but up to 48, per ticket, and both support and > customers are growing increasingly frustrated. Thanks for the support! Mine is one of those hundreds of tickets (FYI 16748061). relay=hotmail-com.olc.protection.outlook.com[104.47.14.33]:25, delay=0.85, delays=0.04/0.02/0.63/0.16, dsn=5.7.1, status=bounced (host hotmail-com.olc.protection.outlook.com[104.47.14.33] said: 550 5.7.1 Unfortunately, messages from [66.175.223.185] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [VI1EUR04FT006.eop-eur04.prod.protection.outlook.com] (in reply to MAIL FROM command)) Based on discussion in HN, it seems Microsoft has suddenly blocked off large parts of the Internet sometime in late December, the delivery problem is much broader than Linode IP space. Aside from filing a ticket with Linode (due to the "Please contact your Internet service provider since part of their network is on our block list" part in the message) I also tried various ways to contact Microsoft directly with limited success. I received prompt replies but they are the same bot-reply form letter, so not clear if anyone is reading them. I got the same response that Linode got (based on the support ticket) "Not qualified for mitigation 66.175.223.185/32 Our investigation has determined that the above IP(s) do not qualify for mitigation." However, today I tried writing to my friend at hotmail.com again and this time didn't get the IP-based block bounce, so at least something has changed. I'll follow up offline with him later to see if anything got delivered or not. -- Jyri J. Virkki - Santa Cruz, CA -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] What am I supposed to do with abuse complaints on legit mail?
On Thu 13/Jan/2022 08:01:56 +0100 Hans-Martin Mosner via mailop wrote: Am 13.01.22 um 07:30 schrieb Jay Hennigan via mailop: In my opinion, a single reply email, "You have been unsubscribed from xyz mailing list" is a good thing to do. As an extra courtesy you could add something like "We're sorry that our mail was considered spam, it's not our intent to send unsolicited mail." Heck, spam is not the reason why one unsubs from a mailing list. For example, one may join a list about a product when she first installed it and leave after a while. Then yes, there are mailing lists with no moderators, which send spam. If the signal to noise ration drops below some level one can loose interest in the discussion and then unsubscribe from the list. Of course, you only do that when you really didn't send unsolicited mail. Unsolicited means without subscription, which we don't call "mailing list". Perhaps UCE? Yes, they often sport unsubscribe URIs, since they're mandatory in many countries, so as to masquerade as newsletters. Best Ale -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop