Re: [mailop] [E] Re: IP based reporting for Yahoo feedback loop gone?
Am 31.12.20 um 22:07 schrieb Hal Murray via mailop: > Scott Mutter said: >> If spam is sent from one of our servers - the IP address of one of our >> servers - it's me you ultimately want to contact, not the owner of the IP >> address. If you contact the owner of the IP address - they don't have root >> access to the server - they will have to filter that report down to me, for >> me to take action. And whether or not if that happens or if that happens in a >> timely manner is anybody's guess. > That's correct if you are white-hat. If you are black-hat, I want to contact > the owner in hopes that you will become an ex-customer. > > This pretty much nails it - if you're the bad guy I don't want to talk to you, if not, I want to talk to a competent entity. Simplified, these are the possible cases: * Blackhat provider (owner), any customer: reject, possibly with an SMTP error message indicating that you will have to move to a different provider if you want to reach us. * Greyhat provider, whitehat customer: I might whitelist you. * Greyhat provider, blackhat customer: I will blacklist you or the IP range, depending on the perceived unwillingness of the provider to handle spam problems at all. * Greyhat provider, compromised customer: I will send a spamcop report and block the IP range. If the info gets to you, and you fix the problem, and you or the provider gets back with that info to me, then I will unblock. Fat chance, sorry. * Whitehat provider, whitehat customer: no problem except a possible data entry error which I'll fix as soon as I get notified. * Whitehat provider, blackhat customer: Of course I contact the provider hoping to get you booted. If that does not happen, provider has apparently turned greyhat. * Whitehat provider, compromised customer: That's the only case where it would make any sense to talk to the customer. However, if your services are compromised, you're probably not very competent or you have an organizational problem, and getting this resolved might take some time and energy. You're not my customer, why should I spend my time and energy helping you fix that problem? I'll notify the owner of the IP so they work with you (their paying customer) to fix your problem. Given the additional hurdles of identifying the responsible entity beyond the IP space owner (domain whois? mostly unusable), why should I jump through the hoops of identifying the customer whose service was used to send spam? The owner of the IP space is much better equipped to do that. In very isolated situations, I may decide to do something different. But in general, the IP space owner is the right person for me to talk to. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: IP based reporting for Yahoo feedback loop gone?
Scott Mutter said: > If spam is sent from one of our servers - the IP address of one of our > servers - it's me you ultimately want to contact, not the owner of the IP > address. If you contact the owner of the IP address - they don't have root > access to the server - they will have to filter that report down to me, for > me to take action. And whether or not if that happens or if that happens in a > timely manner is anybody's guess. That's correct if you are white-hat. If you are black-hat, I want to contact the owner in hopes that you will become an ex-customer. -- These are my opinions. I hate spam. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: IP based reporting for Yahoo feedback loop gone?
On Thu, Dec 31, 2020 at 11:00 Scott Mutter via mailop wrote: > > Back in the day, AOL had a great feedback loop system. This system was > immensely helpful for us, because it allowed us to find spammers on our > servers very quickly. But either that feedback loop system died off or AOL > diminished in use (I suspect the latter). > Well: https://blog.postmaster.verizonmedia.com/post/175121113628/oath-mail-migration-update (And ignore that oath branding piece...) > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: IP based reporting for Yahoo feedback loop gone?
> I don't think so. I'm primarily a datacenter operator and > commercial-only ISP and my AUP says no spamming. As the proactive type > that prefers to prevent spamming instead of ignoring it for profit, I do > like to know if anyone is emitting spam from any of our IP space. > Feedback loops based on our IP ranges help with that goal, and provide > effective evidence of AUP violations. > I can't do that with DKIM. Feedback loops are also faster than waiting > for someone to email abuse@ after looking in whois, if anyone bothers to > go that far. If my abuse@ is already in whois, then why should I not be > allowed to request automated reporting of the same? I think there is a subset of people that don't really understand how widespread IP space is being shared. That subset seems to believe that 1 IP address means 1 domain name and 1 individual. But that's just simply not the case. 1 IP address may be sending out mail for 500 or more domain names - each that may have 10 to 20 email accounts. And that means there's a lot of mail being sent out from a single IP address that doesn't necessarily relate to each other. The majority of these email account owners and domain name owners care nothing about DKIM, DMARC reports, or any feedback loop reports. The people that do care? They're the ones that serve as server administrators (i.e. have root access) to those servers. That is who these reports need to be aimed at. It then becomes the server administrator's responsibility to keep those 500 domain names or 10,000 email email accounts in line when it comes to spamming or abuse. There also needs to be a distinction made between the "owner" of an IP address and the "administrator" responsible for the server using that IP address. I don't own any of the IP addresses that are used to send out mail from our servers, but I administer all the servers we use. If spam is sent from one of our servers - the IP address of one of our servers - it's me you ultimately want to contact, not the owner of the IP address. If you contact the owner of the IP address - they don't have root access to the server - they will have to filter that report down to me, for me to take action. And whether or not if that happens or if that happens in a timely manner is anybody's guess. Now, it's entirely possible that I'm the one that has tunnel vision with this... but this is how I see things. Maybe there are a lot of folks that host one domain name on one IP address. Or maybe everyone on this list owns the IP address space that they send out mail from. I don't know. But I think it's at least worth an open-mind in looking at how IP address space is used and dispersed amongst people that can actually take actionable changes from that IP address space. My advice would be to have a centralized database of IP addresses that lists 1) a human contact email address (or probably a form to disguise the actual email address) and 2) a feedback loop address (which again would be disguised). Force server administrators of these IP addresses to verify these email addresses (or I suppose you could do a callback URL) once a month to ensure that the information remains up to date. Then when spam is identified as being sent from an IP address it is sent to the FBL address listed in this central database. Back in the day, AOL had a great feedback loop system. This system was immensely helpful for us, because it allowed us to find spammers on our servers very quickly. But either that feedback loop system died off or AOL diminished in use (I suspect the latter). Microsoft is suppose to have the JMRP that was supposed to be similar, but I never found it useful - I very, very rarely ever got anything from those reports, yet our servers would get blocked by Microsoft - and it was a hassle to sign up for (again the distinction between OWNER of the IP address and ADMINISTRATOR of the server using the IP address). Google also allegedly has a feedback loop system - but I've never, ever received anything in that system, I'm guessing maybe we don't have the volume of mail to gmail to register for this? The bottom line is that the IP address is the only thing that is common throughout the whole email infrastructure when it comes to identifying abuse. Every email message received, every spam message received, was sent to the recipient's server by another server with an IP address. So that's the structure that makes sense for identifying where abuse is coming from. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: IP based reporting for Yahoo feedback loop gone?
On 12/28/20 1:22 PM, Marcel Becker via mailop wrote: Your example is in fact addressing part of the “sense” question: Why should you be getting all abuse reports for an IP when it’s shared and all you really should be getting is the stuff for your own domain you are responsible for. I don't think so. I'm primarily a datacenter operator and commercial-only ISP and my AUP says no spamming. As the proactive type that prefers to prevent spamming instead of ignoring it for profit, I do like to know if anyone is emitting spam from any of our IP space. Feedback loops based on our IP ranges help with that goal, and provide effective evidence of AUP violations. I can't do that with DKIM. Feedback loops are also faster than waiting for someone to email abuse@ after looking in whois, if anyone bothers to go that far. If my abuse@ is already in whois, then why should I not be allowed to request automated reporting of the same? BTW: Some ESPs solve the “not practical” problem by double signing their mail with their own DKIM domain. I can't double sign emails that are coming from IP space reassigned to customers. (And before someone says filter port 25 this is not residential or dynamic IP.) But I also understand that other mail operators don't want to maintain a system that can work with IP-based reporting. My only point is that it's helpful to those of us that want to help prevent spam. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: IP based reporting for Yahoo feedback loop gone?
On Tue, Dec 29, 2020 at 12:27 Al Iverson via mailop wrote: > Seth, if that still exists, Verizon (Yahoo parent company) Postmaster Lili > Crowley likely can help > No. See https://postmaster.verizonmedia.com/faq: “IP address-based feedback loops are not supported.” ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: IP based reporting for Yahoo feedback loop gone?
On Tue, Dec 29, 2020 at 7:48 AM Laura Atkins via mailop wrote: > I don’t think it survived the VMG merger. > > It ceased to exist long before that. There are other IP based feeds now. Cheers, Marcel ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: IP based reporting for Yahoo feedback loop gone?
On Mon, Dec 28, 2020 at 11:14 Scott Mutter via mailop wrote: > I only ever knew of the DKIM one. Which never made a lot of sense to me - > since with shared hosting there can be multiple domains sending mail from > an IP. To configure DKIM and the DKIM feedback loop for every domain > wasn't practical. > Your example is in fact addressing part of the “sense” question: Why should you be getting all abuse reports for an IP when it’s shared and all you really should be getting is the stuff for your own domain you are responsible for. BTW: Some ESPs solve the “not practical” problem by double signing their mail with their own DKIM domain. > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: IP based reporting for Yahoo feedback loop gone?
On Mon, Dec 28, 2020 at 9:36 AM Seth Mattinen via mailop wrote: > > It asks for DKIM stuff; I need IP based. > That hasn't been a thing for many years. Everything else is at https://postmaster.verizonmedia.com. Cheers, Marcel ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop