Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
> On 14 Jan 2022, at 02:30, Scott Mutter via mailop wrote: > > > Domain reputation is a thing though. If your IP really gets blocked (and > > not just throttled; that's a signal you have access to btw) you usually > > have a bigger problem. > > Unfortunately, that's not what I'm seeing in the real world. Everything is > IP based. Go through the archives here at Mailops. Over the past month how > many messages has this list gotten with request for help from Microsoft, > Comcast, T-Mobile, etc all concerning their mail server IPs being blocked? > They block by IP address. Yes. But that’s often because the warning signals were ignored by the sending systems. Spam filtering has an escalation pathway, by the time someone is at the level of an IP block, there is a significant and huge problem with that IP or that IP range. IP blocking is not the warning shot, it’s the nuclear option. > I'm not really saying that blocking by IP address is a bad idea. I get it. > I get why it's so effective. I'm just saying you can't say you're > acknowledging spam from certain domains or DomainKeys and then go and block > the IP that's sending. You're comparing apples to oranges. Who is doing that? > I remember the early 00's with AOL's feedback loop. This was a wonderful, > wonderful thing. It helped that a lot of people still had AOL email > addresses. I could sign up all of my SMTP server IPs to funnel in spam > feedback to a single email address. I could monitor that email address for > feedback reports. The reports included all of the headers, including the > message ID that I could parse through my logs to identify the sender. And > then I could take action against that account on our server. But eventually > AOL addresses died off and that FBL became dormant. I wish Gmail, Yahoo, > Microsoft, all had similar feedback loops - that would be the most useful > thing to me as a server administrator. I think Gmail may have something > similar but it's useless because you have to send 100 million messages a day > (or some absurd high number) to get the feedback loop to register a single > incident. AOL's feedback loop from the 2000s was the pinnacle of feedback > loops. I think instead of looking at something that lowly AOL did > successfully, all of these big name mail service providers are taking the > idea and trying to "improve" it to the point that it's ineffective. Microsoft does have a FBL. Gmails sending limit is in the low 100s of messages a day, not 100s of millions - I’ve got clients sending a few thousand messages and see data from them. Yahoo’s FBL is domain based and that’s their choice and is kinda annoying, but does manage to miss some of the problems with multiple layers of providers I mentioned in my last email. laura -- Having an Email Crisis? 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: http://wordtothewise.com/blog ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
> Domain reputation is a thing though. If your IP really gets blocked (and not just throttled; that's a signal you have access to btw) you usually have a bigger problem. Unfortunately, that's not what I'm seeing in the real world. Everything is IP based. Go through the archives here at Mailops. Over the past month how many messages has this list gotten with request for help from Microsoft, Comcast, T-Mobile, etc all concerning their mail server IPs being blocked? They block by IP address. I'm not really saying that blocking by IP address is a bad idea. I get it. I get why it's so effective. I'm just saying you can't say you're acknowledging spam from certain domains or DomainKeys and then go and block the IP that's sending. You're comparing apples to oranges. I remember the early 00's with AOL's feedback loop. This was a wonderful, wonderful thing. It helped that a lot of people still had AOL email addresses. I could sign up all of my SMTP server IPs to funnel in spam feedback to a single email address. I could monitor that email address for feedback reports. The reports included all of the headers, including the message ID that I could parse through my logs to identify the sender. And then I could take action against that account on our server. But eventually AOL addresses died off and that FBL became dormant. I wish Gmail, Yahoo, Microsoft, all had similar feedback loops - that would be the most useful thing to me as a server administrator. I think Gmail may have something similar but it's useless because you have to send 100 million messages a day (or some absurd high number) to get the feedback loop to register a single incident. AOL's feedback loop from the 2000s was the pinnacle of feedback loops. I think instead of looking at something that lowly AOL did successfully, all of these big name mail service providers are taking the idea and trying to "improve" it to the point that it's ineffective. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
On Thu, Jan 13, 2022 at 4:14 PM Scott Mutter via mailop wrote: If a service is going to block/blacklist/throttle messages by the sending > IP, then what good does it do to base feedback loops and spam reports on a > domain basis? A sending IP could have 1000 domains sending from it and > only 1 of those domains is sending spam or sending to a list that is being > flagged as spam, but the recipient server isn't going to block based on > domain, it's going to block based on IP. > If one (authenticated) domain from 1000 is spamming from your IP (and all the other (authenticated) traffic is fine) then no, blocking your IP based on that is/should not really be a thing. Domain reputation is a thing though. If your IP really gets blocked (and not just throttled; that's a signal you have access to btw) you usually have a bigger problem. - Marcel ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
Dnia 11.01.2022 o godz. 19:12:14 Andrew C Aitchison via mailop pisze: > > But yes, if the user downloads the message with something like fetchmail, > then uses thunderbird to read the *local* inbox. In recent Thunderbird versions the support for "movemail" type accounts, ie. local system mailboxes, has been removed. ;) -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
Dnia 11.01.2022 o godz. 16:57:21 Matthias Leisi via mailop pisze: > >> How would it know the difference if it was Thunderbird, or the user? > > > > You can guess by timing. > > > > If the message is moved to spam folder immediately after being fetched by > > client, then it is an automated filter action. If there is at least a few > > seconds delay, then it is probably the user manually moving the message into > > spam folder (the user needs some time to look at least at the subject of > > the message and click the appropriate button). > > The mail client with its local spam filter may not be connected at the > time the message arrives in the inbox. It may come online at a later > point and move messages to the spam folder with considerable delay. I'm afraid I don't understand. If the client is not connected, then it will not fetch (download) the message at that time. If it later downloads the message and immediately moves it into spam folder (immediately after download, not after the message arrives) then it is a mark of a filter action. The client must download the message first in order for the filter to analyze it and move it into spam folder; it can't move it to the spam filter without downloading. So if move to the spam folder occurs immediately after downloading, it is probably caused by a filter. It has nothing to do with message arrival time. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
On 2022-01-11 03:29, Jaroslaw Rafa via mailop wrote: Dnia 10.01.2022 o godz. 19:30:02 Dave Warren via mailop pisze: How would it know the difference if it was Thunderbird, or the user? You can guess by timing. If the message is moved to spam folder immediately after being fetched by client, then it is an automated filter action. If there is at least a few seconds delay, then it is probably the user manually moving the message into spam folder (the user needs some time to look at least at the subject of the message and click the appropriate button). It's a start. But I don't think it can be particularly reliable since IMAP allows multiple connections to a mailbox and can't link a particular connection to a particular client. For example, it is quite reasonable to make connections that check a folder and use IDLE in that folder while other connections service explicit user actions (regardless of folder). And I suspect most users use more than one client at the same time (mobile clients don't magically disconnect when you start your desktop/laptop client). Plus all the server-based "assists" that so many mobile clients use. I suspect one could study enough mail clients to figure it out, and I don't really even know how many behave poorly out of the box or can be configured to perform automated actions. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
On 2022-01-11 03:29, Jaroslaw Rafa via mailop wrote: Dnia 10.01.2022 o godz. 19:30:02 Dave Warren via mailop pisze: How would it know the difference if it was Thunderbird, or the user? You can guess by timing. If the message is moved to spam folder immediately after being fetched by client, then it is an automated filter action. If there is at least a few seconds delay, then it is probably the user manually moving the message into spam folder (the user needs some time to look at least at the subject of the message and click the appropriate button). Or conversely, what steps should an IMAP user take to report spam properly? Maybe set up an address like spamrep...@your-provider.com where users should forward all messages they consider to be spam? Over the last 1-2 decades I implemented just this! A spam/non-spam address that users could forward mail to, plus dedicated shared #ReportAsSpam #ReportAsNotSpam folders that users could use. I don't think I managed to get a single person to forward an EML file to the spam/non-spam addresses even once in over a decade. Teaching users to forward spam is just bad for a whole number of reasons and I wouldn't do it today. Even though the intent is only an internal "send your spam to spam@localdomain or spam@provider-name", good luck getting users to understand that forwarding spam is otherwise bad. The "we hacked your email and watched you do private things" are especially bad because users legitimately get worried and forward these to their partners or others to get advice. Forwarded non-spam without the EML was useful if their client bothered to forward enough of the original From header that I could toss the address on a "User wants this mail" list, although that wasn't particularly scalable, and didn't actually give me anything that webmail address books and whitelisting outbound mail didn't also give me. User's "Archive" folders seem to be a good proxy for not-spam, if a user had a lot of messages over a reasonable period of time in their Archive folder I'd point SA's bayesian learning at it. A few used the #ReportAs shared folders. This was safer because it didn't use their mailbox's own Junk folder so it required explicit action. These got used by the webmail interface too so it is hard to judge if users explicitly used the folders. If we were to redesign protocols from scratch, having an explicit "The user marked this as junk and wants to unsubscribe, or have it blocked, or file a report" would all be excellent things, but outside of webmail providers who control their servers and interface, this won't be a thing. (EML, meaning anything that attached the original message with headers and at least some body). ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
On Tue, 11 Jan 2022, Matthias Leisi via mailop wrote: How would it know the difference if it was Thunderbird, or the user? You can guess by timing. If the message is moved to spam folder immediately after being fetched by client, then it is an automated filter action. If there is at least a few seconds delay, then it is probably the user manually moving the message into spam folder (the user needs some time to look at least at the subject of the message and click the appropriate button). The mail client with its local spam filter may not be connected at the time the message arrives in the inbox. It may come online at a later point and move messages to the spam folder with considerable delay. Delay relative to arrival in inbox, yes. Delay relative to message being fetched by mail client, no. But yes, if the user downloads the message with something like fetchmail, then uses thunderbird to read the *local* inbox. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
>> How would it know the difference if it was Thunderbird, or the user? > > You can guess by timing. > > If the message is moved to spam folder immediately after being fetched by > client, then it is an automated filter action. If there is at least a few > seconds delay, then it is probably the user manually moving the message into > spam folder (the user needs some time to look at least at the subject of > the message and click the appropriate button). The mail client with its local spam filter may not be connected at the time the message arrives in the inbox. It may come online at a later point and move messages to the spam folder with considerable delay. — Matthias ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
/ > Maybe set up an address like mailto:spamrep...@your-provider.com where users > should > forward all messages they consider to be spam? Not helpful. And please don't encourage regular users to forward spam to abuse addresses. Forwarded mails are usually missing most relevant information which might be helpful to do anything. - Marcel \ FULLACK and even worse, we (@t-online.de) will suspend your account for (forward) sending SPAM/PHISH/... if you do so. Florian ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
On Tue, Jan 11, 2022 at 2:39 AM Jaroslaw Rafa via mailop wrote: > > Maybe set up an address like spamrep...@your-provider.com where users > should > forward all messages they consider to be spam? > Not helpful. And please don't encourage regular users to forward spam to abuse addresses. Forwarded mails are usually missing most relevant information which might be helpful to do anything. - Marcel ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
On Mon, Jan 10, 2022 at 4:12 PM Russell Clemings via mailop < mailop@mailop.org> wrote: Not sure about Yahoo -- looking quickly I don't see a way to autofilter > into spam > We don't allow that -- for precisely the obvious reasons. - Marcel ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
On Mon, Jan 10, 2022 at 1:38 PM Marcel Becker wrote: > > We only send FBL/CFL reports if the user actually hits the "Report as > Spam" button in our apps. > Well. Turns out I lied. A little. There might be *some* ARFs being generated if we have reason to believe that it was a valid spam vote / user action involving an IMAP MOVE command (moving mail to the spam folder). However -- as I mentioned in this thread -- there are stupid spam filters in some apps... We can look at our logic and tweak. - Marcel ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
On Mon, Jan 10, 2022 at 2:16 PM Marcel Becker via mailop wrote: > > We only send FBL/CFL reports if the user actually hits the "Report as > Spam" button in our apps. > > This is very good to know, thank you for sharing this. Only going by users telling us they never clicked the spam button, I assumed there was some automation behind the FBL reports. Mark ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
On Mon, Jan 10, 2022 at 2:01 PM Matt Vernhout via mailop wrote: > Also check which email client they are using. For example Thunderbird, or > another plugin, may move mail from the inbox to the junk folder without the > user taking action. > > That will not (or rather *should* not) not trigger an ARF report. I'll double check that. - Marcel ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?
On Mon, Jan 10, 2022 at 12:09 PM Hans-Martin Mosner via mailop < mailop@mailop.org> wrote: > If it was sent by Yahoo on behalf of their user (I don't know whether that > happens), you might want to reach out to > Yahoo to clear things up. > We only send FBL/CFL reports if the user actually hits the "Report as Spam" button in our apps. - Marcel ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop