spam wanted :)
for a measurement experiment, i would like O(100k) *headers* from spam from europe and a similar sample from the states. this would be a straight sample, before filtering, ip address blocking, etc. if you can help, please drop me a note and we can discuss how the sample is taken and how delivered. thanks! randy
Re: spam wanted :)
On Thu, Apr 10, 2008 at 06:32:53PM +0900, Randy Bush wrote: for a measurement experiment, i would like O(100k) *headers* from spam from europe and a similar sample from the states. Request for clarification: do you mean spam originating at IP addresses believed to be in Europe or spam received at a mail server located in Europe or spam putatively from domains in Europe or something else? ---Rsk
Re: spam wanted :)
On Thu, Apr 10, 2008 at 08:55:21AM -0400, Rich Kulawiec wrote: On Thu, Apr 10, 2008 at 06:32:53PM +0900, Randy Bush wrote: for a measurement experiment, i would like O(100k) *headers* from spam from europe and a similar sample from the states. Request for clarification: do you mean spam originating at IP addresses believed to be in Europe or spam received at a mail server located in Europe or spam putatively from domains in Europe or something else? One thing that happened when I moved to Europe and started doing business in Germany is that relatively soon I began receiving spam in German (which seems to have quite different content, and sales strategy, actually, perhaps reflecting cultural differences in the manner of buying and selling between the anglophone world and Germany). Trying to separate out what in Europe means in this case seems to come down to having given out email addresses to web sites and collegues in a different language environment rather than physical presence of either myself or my mailserver in either North America or Europe. I guess the German spam I have been receiving is only european in that German speakers happen to be mostly in Europe, which is not true of English speakers. I wonder, is the (English language) spam set that one is likely to receive in Australia statistically different than what one is likely to receive in the US? -w
Re: spam wanted :)
On Apr 10, 2008, at 9:35 AM, William Waites wrote: On Thu, Apr 10, 2008 at 08:55:21AM -0400, Rich Kulawiec wrote: On Thu, Apr 10, 2008 at 06:32:53PM +0900, Randy Bush wrote: for a measurement experiment, i would like O(100k) *headers* from spam from europe and a similar sample from the states. Request for clarification: do you mean spam originating at IP addresses believed to be in Europe or spam received at a mail server located in Europe or spam putatively from domains in Europe or something else? One thing that happened when I moved to Europe and started doing business in Germany is that relatively soon I began receiving spam in German (which seems to have quite different content, and sales strategy, actually, perhaps reflecting cultural differences in the manner of buying and selling between the anglophone world and Germany). I receive serious amounts of spam in Hebrew and Russian, and haven't even been to either Israel or Russia recently. Regards Marshall Trying to separate out what in Europe means in this case seems to come down to having given out email addresses to web sites and collegues in a different language environment rather than physical presence of either myself or my mailserver in either North America or Europe. I guess the German spam I have been receiving is only european in that German speakers happen to be mostly in Europe, which is not true of English speakers. I wonder, is the (English language) spam set that one is likely to receive in Australia statistically different than what one is likely to receive in the US? -w
Re: spam wanted :)
Rich Kulawiec wrote: On Thu, Apr 10, 2008 at 06:32:53PM +0900, Randy Bush wrote: for a measurement experiment, i would like O(100k) *headers* from spam from europe and a similar sample from the states. Request for clarification: do you mean spam originating at IP addresses believed to be in Europe yes. and, because i have gotten a lot of well-meaning but non-reading offers, to repeat this would be a straight sample, before filtering, ip address blocking, etc. i realize this is difficult, as all of us go through much effort to reject this stuff as early as possible. but it will be a sample unbiased by your filtering techniques. randy
RE: spam wanted :)
s/recently/ever/ I'd be happy if I could tell Gmail to delete anything in a non Roman character set. I don't read Hebrew, Arabic, Kanji, Hangul, Cyrillic, or any of the other various character sets I get spam in. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marshall Eubanks Sent: Thursday, April 10, 2008 9:39 AM To: William Waites Cc: Rich Kulawiec; North American Network Operators Group Subject: Re: spam wanted :) On Apr 10, 2008, at 9:35 AM, William Waites wrote: On Thu, Apr 10, 2008 at 08:55:21AM -0400, Rich Kulawiec wrote: On Thu, Apr 10, 2008 at 06:32:53PM +0900, Randy Bush wrote: for a measurement experiment, i would like O(100k) *headers* from spam from europe and a similar sample from the states. Request for clarification: do you mean spam originating at IP addresses believed to be in Europe or spam received at a mail server located in Europe or spam putatively from domains in Europe or something else? One thing that happened when I moved to Europe and started doing business in Germany is that relatively soon I began receiving spam in German (which seems to have quite different content, and sales strategy, actually, perhaps reflecting cultural differences in the manner of buying and selling between the anglophone world and Germany). I receive serious amounts of spam in Hebrew and Russian, and haven't even been to either Israel or Russia recently. Regards Marshall Trying to separate out what in Europe means in this case seems to come down to having given out email addresses to web sites and collegues in a different language environment rather than physical presence of either myself or my mailserver in either North America or Europe. I guess the German spam I have been receiving is only european in that German speakers happen to be mostly in Europe, which is not true of English speakers. I wonder, is the (English language) spam set that one is likely to receive in Australia statistically different than what one is likely to receive in the US? -w
Re: spam wanted :)
Request for clarification: do you mean spam originating at IP addresses believed to be in Europe yes. blush a! speaking of non-reading blush i mean spam arriving at port 25 on a european host. and an unfiltered unblocked port 25, no dnsbl, ... it looks like i have a great stateside volunteer source, though the proof will be known when we have the data. and we're in asia and have data from here. so it's europe i need. randy
Re: nanog 43 draft agenda posted
On Apr 9, 2008, at 7:49 PM, Todd Underwood wrote: the program committee is excited about both the content that has already been selected and how early we have been able to get this announcement out to the community. we have received feedback indicating that announcing most of the agenda early significantly improves attendees' ability to obtain travel approvals and make travel plans. OUTSTANDING JOB! I think (or at least I hope) I speak for the entire community when I say thank you to the program committee for your time and effort getting this done, and done early. But - and please don't take this the wrong way - but I liked the original agenda posted a week or two ago better :) -- TTFN, patrick
Re: spam wanted :)
Randy Bush [EMAIL PROTECTED] writes: this would be a straight sample, before filtering, ip address blocking, etc. i realize this is difficult, as all of us go through much effort to reject this stuff as early as possible. but it will be a sample unbiased by your filtering techniques. How do you classify email as spam without adding bias? Bjørn
Re: spam wanted :)
Randy Bush [EMAIL PROTECTED] writes: this would be a straight sample, before filtering, ip address blocking, etc. i realize this is difficult, as all of us go through much effort to reject this stuff as early as possible. but it will be a sample unbiased by your filtering techniques. How do you classify email as spam without adding bias? You can always claim bias. There's often been debate, even in the anti-spam community, about what spam actually means. The meaning has repeatedly been diluted over the years, to a point where some now define it merely as that which we do not want, an attitude supported in code by some service providers who now sport great big Easy Buttons (with apologies to any office supply chain) labelled This Is Spam. Even so, there's some complexity - users making typos, for example. However, the easiest way to avoid bias is to look for a mail stream that has the quality of not having any valid recipients. There will be, of course, someone who will disagree with me that mail sent to an address that hasn't been valid in years, and whose parent domain was unresolvable in DNS for at least a year is spam. However, it's as unbiased as I can reasonably imagine being. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
RE: Bandwidth issues in the Sprint network
I tried this on three laptops (two different models), and none of them would fully boot. They would lock up at different points. Unless someone has some workarounds, I think I'll be trying another ISO package. Regards, Frank -Original Message- From: Tim Peiffer [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 09, 2008 9:50 AM To: [EMAIL PROTECTED] Cc: nanog@merit.edu Subject: Re: Bandwidth issues in the Sprint network http://e2epi.internet2.edu/network-performance-toolkit/network-performance-t oolkit.iso Frank Bulk wrote: Does anyone know of bootable Linux CD with iperf on it? Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Gonnason Sent: Wednesday, April 09, 2008 9:05 AM To: nanog@merit.edu Subject: Re: Bandwidth issues in the Sprint network On Tue, Apr 8, 2008 at 9:19 AM, Brian Raaen [EMAIL PROTECTED] wrote: I have been using the Java based versions of the speed test. At this point I have had some Sprint people get in contact with me so I will see what they find. Thank you for all your help to everyone. -- Brian Raaen Network Engineer [EMAIL PROTECTED] On Monday 07 April 2008, you wrote: I am currently having problems get upload bandwidth on a Sprint circuit. I am using a full OC3 circuit. I am doing fine on downloading data, but uploading data I can only get about 5Mbps with ftp or a speedtest. I have tested against multiple networks and this has stayed the same. Monitoring Cacti graphs and the router I do get about 30Mbps total traffic outbound, but individual (flows/ip?) test always seem limited. I would like to know if anyone else sees anything similar, or where I can get help. The assistance I have gotten from Sprint up to this point is that they find no problems. Due to the consistency of 5Mbps I am suspecting rate limiting, but wanted to know if I was overlooking something else. -- Brian Raaen Network Engineer [EMAIL PROTECTED] Most of the speed test sites on the Internet basically issue a HTTP GET request to a server and time the download. For upload they utilize a HTTP POST via a CGI script and time that. The main issue I have with these speed tests is that they only use a single TCP session for data transfer, which is fine if you have a large or self adjusting TCP window size and a relatively low latency link. However for high capacity links, it is unlikely (but possible) that you are planning to use a single TCP session and consume all the available capacity. Realistically you will have a few dozen server/applications/users and produce hundreds/thousands of TCP sessions which will fully utilize the link. For our PtP customers that have concerns regarding capacity, I generally they suggest setup iperf at both ends and run a few tests with multiple TCP sessions so they can independently verify. Hopefully Sprint will take your concerns to heart and assist you with testing. -Mike Gonnason
RE: Bandwidth issues in the Sprint network
Good idea, but the other side doesn't have a Cisco box. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 09, 2008 11:02 AM To: Michael Holstein Cc: [EMAIL PROTECTED]; nanog@merit.edu Subject: Re: Bandwidth issues in the Sprint network You can also use ttcp from the command line, useful if its cisco on both ends of the circuit. sr01#ttcp transmit or receive [receive]: transmit Target IP address: 1.1.1.1 calculate checksum during buffer write [y]: perform tcp half close [n]: send buflen [32768]: send nbuf [2048]: bufalign [16384]: bufoffset [0]: port [5001]: sinkmode [y]: buffering on writes [y]: show tcp information at end [n]: ttcp-t: buflen=32768, nbuf=2048, align=16384/0, port=5001 tcp - 1.1.1.1 sr02#ttcp transmit or receive [receive]: receive packets asynchronously [n]: perform tcp half close [n]: receive buflen [32768]: bufalign [16384]: bufoffset [0]: port [5001]: sinkmode [y]: rcvwndsize [32768]: ack frequency [0]: delayed ACK [y]: show tcp information at end [n]: ttcp-r: buflen=32768, align=16384/0, port=5001 rcvwndsize=32768, delayedack=yes tcp Michael Holstein [EMAIL PROTECTED] wrote: Does anyone know of bootable Linux CD with iperf on it? Knoppix STD (security tools distro) http://www.knoppix-std.org/tools.html Cheers, Michael Holstein Cleveland State University
Problems sending mail to yahoo?
Is it just us or are there general problems with sending email to yahoo in the past few weeks? Our queues to them are backed up though they drain slowly. They frequently return: 421 4.7.0 [TS01] Messages from MAILSERVERIP temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html (where MAILSERVERIP is one of our mail server ip addresses) Yes I followed the link and filled out the form but after several days no response or change. Despite the wording of their message we're not aware of any cause for user complaints. For example if there were a spam leak you'd expect to see complaints in general to postmaster, abuse, etc. None we're aware of. We host quite a few mailing lists and it seems like whatever they're using is being touched off by the volume of (legitimate) mailing list traffic. I'm automatically moving all their email to a slower delivery queue to see if that helps. Just wondering if this was a widespread problem or are we just so blessed, and any insights into what's going on over there. -- -Barry Shein The World | [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide Software Tool Die| Public Access Internet | SINCE 1989 *oo*
anybody else get mail from Cassel McWaters (xtracapacity.com) today?
i'm trying to keep track of which mailing list is getting scraped by whom, at least among those who coldcall me. anybody else get one of these today? re: ---BeginMessage--- Paul,Hi there!I came across your information while doing some research and wanted to contact you. We work with every major provider forIP Transit, Transport, and Collocation which allows usaccess to some of the lowest wholesale rates in the industry. Do you have anything up for bid? Let me know and I will put my best foot forward!I look forward to hearing from you soon!Warm Regards, Cassel McWaters702-997-4141[EMAIL PROTECTED] red-gray-xc-logo.bmp Description: Binary data ---End Message---
Re: Problems sending mail to yahoo?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Barry Shein wrote: Is it just us or are there general problems with sending email to yahoo in the past few weeks? Our queues to them are backed up though they drain slowly. They frequently return: 421 4.7.0 [TS01] Messages from MAILSERVERIP temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html (where MAILSERVERIP is one of our mail server ip addresses) Just wondering if this was a widespread problem or are we just so blessed, and any insights into what's going on over there. I see this a lot also and what I see causing it is accounts on my servers that don't opt for spam filtering and they have their accounts here set to forward mail to their yahoo.com accounts - spam and everything then gets sent there - they complain to yahoo.com about the spam and bingo - email delays from here to yahoo.com accounts Chris - Chris Stone, MCSE Vice President, CTO AxisInternet, Inc. 910 16th St., Suite 1110, Denver, CO 80202 - PH 303.592.AXIS x302 - 866.317.AXIS | FAX 303.893.AXIS - [EMAIL PROTECTED]| www.axint.net - -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iD8DBQFH/lMZnSVip47FEdMRClejAJwOeQjw3CHu7C0XCv1vbazfGrJLBQCeP1sd wDWM0m17XPSV1nOkebTmnJE= =aiBv -END PGP SIGNATURE-
Re: Problems sending mail to yahoo?
On Thu, Apr 10, 2008 at 01:30:06PM -0400, Barry Shein wrote: Is it just us or are there general problems with sending email to yahoo in the past few weeks? Our queues to them are backed up though they drain slowly. They frequently return: 421 4.7.0 [TS01] Messages from MAILSERVERIP temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html (where MAILSERVERIP is one of our mail server ip addresses) Yes I followed the link and filled out the form but after several days no response or change. I had a similar problem recently and found someone at yahoo who would tweak things so I was no longer getting delayed. The problem is dumb users reporting list mail as spam in an attempt to unsubscribe. This is common with a few mail services but the first time I personally was impacted as I tend to run a nice clean 'ship'. I do wish that the mail providers would do a better job of warning people what is happening, why and give some warning. I have 400+ unique yahoo accounts that get list mail so short of sending them all email saying they're idiots you have to wait for them to tweak their delays. Worst part is if the lists are active you can quickly end up with thousands of queued messages making it harder to clear the queue. - Jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Problems sending mail to yahoo?
I work for an ISP that seems to have the same exact problem. We're not even that large of an ISP, 5k customers maybe. We are not a SPAM haven either. We've tried to work with Yahoo! also and have gotten nowhere. If you find anything out on how to deal with it, let me know. I'll update you if I or my Systems guys find out more but it's been going on for a couple weeks and I don't see an end in sight. Regards, Steve InfoStructure Barry Shein wroteth on 4/10/2008 10:30 AM: Is it just us or are there general problems with sending email to yahoo in the past few weeks? Our queues to them are backed up though they drain slowly. They frequently return: 421 4.7.0 [TS01] Messages from MAILSERVERIP temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html (where MAILSERVERIP is one of our mail server ip addresses) Yes I followed the link and filled out the form but after several days no response or change. Despite the wording of their message we're not aware of any cause for user complaints. For example if there were a spam leak you'd expect to see complaints in general to postmaster, abuse, etc. None we're aware of. We host quite a few mailing lists and it seems like whatever they're using is being touched off by the volume of (legitimate) mailing list traffic. I'm automatically moving all their email to a slower delivery queue to see if that helps. Just wondering if this was a widespread problem or are we just so blessed, and any insights into what's going on over there. -- Steve Ryan Master Solvinator [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Office: 541*.* 773*.* 5000 Fax: 541*.* 535*.* 7599 288 S Pacific Hwy Talent, OR 97540
Re: Problems sending mail to yahoo?
Is it just us or are there general problems with sending email to yahoo in the past few weeks? Our queues to them are backed up though they drain slowly. I have ~3,000 messages (from today) stuck with this 421-ts01 problem. Mostly it's our campus mail bag which is a digest that goes out to students (many of whom forward their campus mail off-site). Interestingly, it's only on the newest of our outbound SMTP boxes that's affected. The others (which have been in use for some years) still work just fine. Our SPF record is a permissive 'ptr ~all', btw. Cheers, Michael Holstein Cleveland State University
Re: Problems sending mail to yahoo?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Matt Baldwin wrote: mostly. It feels like a poorly implemented spam prevention system. Doing some Google searches will turn up some more background on the issue. We've been telling our users that Yahoo mail is problematic and if they can to switch away from using them as their private email or hosted email. Maybe we all should do the same to them until they quit spewing out all the Nigerian scams and the like that I've been seeing from their servers lately! Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iD8DBQFH/lscnSVip47FEdMRCpwyAJ45+ARClupjQ6TlTJ37r+Yumk8F1ACcDVto WVQtKwWk5uKMq16KvnqwZXc= =ecRV -END PGP SIGNATURE-
Re: Problems sending mail to yahoo?
BS Date: Thu, 10 Apr 2008 13:30:06 -0400 (EDT) BS From: Barry Shein BS Is it just us or are there general problems with sending email to BS yahoo in the past few weeks? Our queues to them are backed up though BS they drain slowly. [ snip details ] BS Just wondering if this was a widespread problem or are we just so BS blessed, and any insights into what's going on over there. Not only been there, done that, but am there, doing that. We admin the server for a list in which one person sends out a weekly post. Subscriber base is about 14,000 people, with around 2000 of those subscribers using Yahoo boxes. Excessive bounces trigger automatic unsubscribes. Although Yahoo readership accounts for 14% of subscribers, it's not uncommon for 98% of automated unsubscribes to be Yahoo-based... followed by Yahoo-using people sending list-admin requests asknig why they were dropped, and wanting to sign back up. Following URLs in Yahoo's 4xx codes gives virtually-useless information. The easiest fix to date has been for people to use less-presumptive email services. Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
Re: Problems sending mail to yahoo?
FWIW: I've been tempted to implement sort of a reverse blacklisting. If an (MX|provider) trips a 4xx threshold, have the local MTA s/4/5/ on emails to the problem (MX|domain). If it trips a 5xx threshold, including upgraded 4xx responses, simply refuse delivery altogether at the local end. You don't like our email? Fine. You won't see it. We've observed good success convincing people to switch away from overly-draconian email providers... so a reverse blacklist might not be as _Wolkenkuckucksheim_ as it seems. Or, then again, it might. ;-) Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
Internet Reachability
Anyone noticing any issues reaching sites through their Internet tubes? Specifically it looks like DSLR is down. And I was having a problem reaching MSN earlier today. Regards, Edward A. Trdina III Senior Network/Systems Engineer Clayton Kendall, Inc. 150 West Street East Pittsburgh, PA 15112 Office (412)829-2201 x 31 Fax (412)829-5842 Cell (412)334-8000
RE: Problems sending mail to yahoo?
Hello, I have had to tell some dedicated server clients that they will need to disable their forwards to Yahoo or add something like postini for those accounts that forward to Yahoo...It generally works...however Yahoo! for the past three months is now blocking entire /24's if a few IP's get complaints. They have the feedback loops however when you have a network with 175,000 IP addresses and you sign up for a feedback loop for them all they tend to flood your abuse desk with false positives, or forwarded spam. They also don't keep track of which IP's are getting the complaints for you to investigate after the block on the /24 so asking them won't help :(. This potentially means one customer could easily effect the other customer. They offer whitelisting, but this won't get you passed their blocks on the entire /24. They apparently will eventually accept the message because they aren't necessarily 'blocked' but they are 'depriortized' meaning they don't believe your IP is important enough to deliver the message at that time, so they want you to keep trying and when their servers are not 'busy' or 'over loaded' they will accept the message. (Paraphrased from conversations with their 'Bulk Mail Advocacies and Anti-Abuse manager.) -Ray -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Stone Sent: Thursday, April 10, 2008 1:49 PM To: nanog@merit.edu Subject: Re: Problems sending mail to yahoo? -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Barry Shein wrote: Is it just us or are there general problems with sending email to yahoo in the past few weeks? Our queues to them are backed up though they drain slowly. They frequently return: 421 4.7.0 [TS01] Messages from MAILSERVERIP temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html (where MAILSERVERIP is one of our mail server ip addresses) Just wondering if this was a widespread problem or are we just so blessed, and any insights into what's going on over there. I see this a lot also and what I see causing it is accounts on my servers that don't opt for spam filtering and they have their accounts here set to forward mail to their yahoo.com accounts - spam and everything then gets sent there - they complain to yahoo.com about the spam and bingo - email delays from here to yahoo.com accounts Chris - Chris Stone, MCSE Vice President, CTO AxisInternet, Inc. 910 16th St., Suite 1110, Denver, CO 80202 - PH 303.592.AXIS x302 - 866.317.AXIS | FAX 303.893.AXIS - [EMAIL PROTECTED]| www.axint.net - -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iD8DBQFH/lMZnSVip47FEdMRClejAJwOeQjw3CHu7C0XCv1vbazfGrJLBQCeP1sd wDWM0m17XPSV1nOkebTmnJE= =aiBv -END PGP SIGNATURE-
Re: Problems sending mail to yahoo?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Raymond L. Corbin wrote: Hello, I have had to tell some dedicated server clients that they will need to disable their forwards to Yahoo or add something like postini for those accounts that forward to Yahoo...It generally works...however Yahoo! for the past three months is now blocking entire /24's if a few IP's get complaints. They have the feedback loops however when you have a network with 175,000 IP addresses and you sign up for a feedback loop for them all they tend to flood your abuse desk with false positives, or forwarded spam. They also don't keep track of which IP's are getting the complaints for you to investigate after the block on the /24 so asking them won't help :(. This potentially means one customer could easily effect the other customer. They offer whitelisting, but this won't get you passed their blocks on the entire /24. They apparently will eventually accept the message because they aren't necessarily 'blocked' but they are 'depriortized' meaning they don't believe your IP is importan t enough to deliver the message at that time, so they want you to keep trying and when their servers are not 'busy' or 'over loaded' they will accept the message. (Paraphrased from conversations with their 'Bulk Mail Advocacies and Anti-Abuse manager.) I've had to tell some of our customers the same and that if they wanted to continue the forwarding to their yahoo.com accounts, they'd need to add spam filtering to their accounts here so that the crap is not forwarded, resulting in the email delays for all customers. Works for some and generated more revenue ;-) Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iD8DBQFH/muAnSVip47FEdMRCthkAKCW80FIV2FvdctuCxT3JYI2q0MyfACfai2t YkgPN/PGEmxsS6tJplWKg90= =p9F7 -END PGP SIGNATURE-
Re: Problems sending mail to yahoo?
Barry Shein wrote: Is it just us or are there general problems with sending email to yahoo in the past few weeks? Our queues to them are backed up though they drain slowly. They frequently return: 421 4.7.0 [TS01] Messages from MAILSERVERIP temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html (where MAILSERVERIP is one of our mail server ip addresses) Just wondering if this was a widespread problem or are we just so blessed, and any insights into what's going on over there. I see this a lot also and what I see causing it is accounts on my servers that don't opt for spam filtering and they have their accounts here set to forward mail to their yahoo.com accounts - spam and everything then gets sent there - they complain to yahoo.com about the spam and bingo - email delays from here to yahoo.com accounts We had this happen when a user forwarded a non-filtered mail stream from here to Yahoo. The user indicated that no messages were reported to Yahoo as spam, despite the fact that it's certain some of them were spam. I wouldn't trust the error message completely. It seems likely that a jump in volume may trigger this too, especially of an unfiltered stream. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
RE: Problems sending mail to yahoo?
Yeah, but without them saying which IP's are causing the problems you can't really tell which servers in a datacenter are forwarding their spam/abusing Yahoo. Once the /24 block is in place then they claim to have no way of knowing who actually caused the block on the /24. The feedback loop would help depending on your network size. When you have a few hundred thousand clients, and those clients have clients, and they even have client, it simply floods your abuse desk with complaints from Yahoo when it is obviously forwarded spam. So it's more of pick your poison deal with customer complaints about not being able to send to yahoo for a few days or get your abuse desk flooded with complaints which hinders solving actual issues like compromised accounts. -Ray -Original Message- From: Chris Stone [mailto:[EMAIL PROTECTED] Sent: Thursday, April 10, 2008 3:33 PM To: Raymond L. Corbin Cc: nanog@merit.edu Subject: Re: Problems sending mail to yahoo? -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Raymond L. Corbin wrote: Hello, I have had to tell some dedicated server clients that they will need to disable their forwards to Yahoo or add something like postini for those accounts that forward to Yahoo...It generally works...however Yahoo! for the past three months is now blocking entire /24's if a few IP's get complaints. They have the feedback loops however when you have a network with 175,000 IP addresses and you sign up for a feedback loop for them all they tend to flood your abuse desk with false positives, or forwarded spam. They also don't keep track of which IP's are getting the complaints for you to investigate after the block on the /24 so asking them won't help :(. This potentially means one customer could easily effect the other customer. They offer whitelisting, but this won't get you passed their blocks on the entire /24. They apparently will eventually accept the message because they aren't necessarily 'blocked' but they are 'depriortized' meaning they don't believe your IP is importan t enough to deliver the message at that time, so they want you to keep trying and when their servers are not 'busy' or 'over loaded' they will accept the message. (Paraphrased from conversations with their 'Bulk Mail Advocacies and Anti-Abuse manager.) I've had to tell some of our customers the same and that if they wanted to continue the forwarding to their yahoo.com accounts, they'd need to add spam filtering to their accounts here so that the crap is not forwarded, resulting in the email delays for all customers. Works for some and generated more revenue ;-) Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iD8DBQFH/muAnSVip47FEdMRCthkAKCW80FIV2FvdctuCxT3JYI2q0MyfACfai2t YkgPN/PGEmxsS6tJplWKg90= =p9F7 -END PGP SIGNATURE-
Re: Problems sending mail to yahoo?
On Thu, Apr 10, 2008 at 12:23:24PM -0600, Chris Stone wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Matt Baldwin wrote: mostly. It feels like a poorly implemented spam prevention system. Doing some Google searches will turn up some more background on the issue. We've been telling our users that Yahoo mail is problematic and if they can to switch away from using them as their private email or hosted email. Maybe we all should do the same to them until they quit spewing out all the Nigerian scams and the like that I've been seeing from their servers lately! Naaah. I hear that Microsoft is going to buy Yahoo!, so this problem will go away once Yahoo! mail gets folded into Microsoft hotmail, whereupon things will get soo much better!
RE: Problems sending mail to yahoo?
In a large multi-datacenter environment you can't login to each users servers and tail their logs to see who's forwarding :( . I'm more of a windows person, but when working with a client on Linux using EXIM I think I did fgrep yahoo.com /etc/valiases/* yahoo-fwds.txt Something like that to get a list of all of the addresses that forward to Yahoo...I think they used CPanel on their server too. Other then that I believe I was grepping through other clients logs for the most popular Yahoo email addresses... I think that if they are going to do CIDR blocks they should at least keep logs as to what caused them to escalate it to that not simply say 'it's your network you figure it out..' -Ray -Original Message- From: Chris Stone [mailto:[EMAIL PROTECTED] Sent: Thursday, April 10, 2008 4:08 PM To: Raymond L. Corbin Cc: nanog@merit.edu Subject: Re: Problems sending mail to yahoo? -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Raymond L. Corbin wrote: Yeah, but without them saying which IP's are causing the problems you can't really tell which servers in a datacenter are forwarding their spam/abusing Yahoo. Once the /24 block is in place then they claim to have no way of knowing who actually caused the block on the /24. The feedback loop would help depending on your network size. When you have a few hundred thousand clients, and those clients have clients, and they even have client, it simply floods your abuse desk with complaints from Yahoo when it is obviously forwarded spam. So it's more of pick your poison deal with customer complaints about not being able to send to yahoo for a few days or get your abuse desk flooded with complaints which hinders solving actual issues like compromised accounts. I look at all my mail server log files and see which logs show obvious spam being forwarded (a lot of times the MAIL FROM address is a dead giveaway) or I tail -F the mail log for a bit and watch the spam coming in and forwarding back out. When I see the forwarding domain that's who I have contacted to upsell some spam filtering. But, we're a small ISP, so I don't have thousands, let alone hundreds of thousands of clients, to deal with... Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iD8DBQFH/nORnSVip47FEdMRCi+HAJ9CJoJ/VAkEssv6TznwcYQVGVWkIACfRwhI VYw0v4HWI8mWs2SHEF3jnq0= =YMQR -END PGP SIGNATURE-
RE: spam wanted :)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marshall Eubanks Sent: Thursday, April 10, 2008 9:39 AM To: William Waites Cc: Rich Kulawiec; North American Network Operators Group Subject: Re: spam wanted :) [ clip ] I receive serious amounts of spam in Hebrew and Russian, and haven't even been to either Israel or Russia recently. Regards Marshall I started getting spam in Icelandic 24 hours after my account was set up. I get Russian, Chinese, and Hebrew spam all the time. The most spam I receive is from an old domain that I turned off the MX records. Every now and then I turn them back on to see what's flowing and it never changes. Within seconds. [obOp] I think that the language change defeats many of the heuristics found in common spam appliances. -- Martin Hannigan http://www.verneglobal.com/ Verne Global e: [EMAIL PROTECTED] Keflavik, Icelandp: +16178216079
Re: anybody else get mail from Cassel McWaters (xtracapacity.com) today?
On Thu, Apr 10, 2008 at 05:47:20PM +, Paul Vixie wrote: i'm trying to keep track of which mailing list is getting scraped by whom, at least among those who coldcall me. anybody else get one of these today? I noticed one to our NOC address (at a university) - in that case, probably not scraped from this list, but probably scraped from whois. w
Re: Problems sending mail to yahoo?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Raymond L. Corbin wrote: Yeah, but without them saying which IP's are causing the problems you can't really tell which servers in a datacenter are forwarding their spam/abusing Yahoo. Once the /24 block is in place then they claim to have no way of knowing who actually caused the block on the /24. The feedback loop would help depending on your network size. When you have a few hundred thousand clients, and those clients have clients, and they even have client, it simply floods your abuse desk with complaints from Yahoo when it is obviously forwarded spam. So it's more of pick your poison deal with customer complaints about not being able to send to yahoo for a few days or get your abuse desk flooded with complaints which hinders solving actual issues like compromised accounts. I look at all my mail server log files and see which logs show obvious spam being forwarded (a lot of times the MAIL FROM address is a dead giveaway) or I tail -F the mail log for a bit and watch the spam coming in and forwarding back out. When I see the forwarding domain that's who I have contacted to upsell some spam filtering. But, we're a small ISP, so I don't have thousands, let alone hundreds of thousands of clients, to deal with... Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iD8DBQFH/nORnSVip47FEdMRCi+HAJ9CJoJ/VAkEssv6TznwcYQVGVWkIACfRwhI VYw0v4HWI8mWs2SHEF3jnq0= =YMQR -END PGP SIGNATURE-
Re: Problems sending mail to yahoo?
On Thu, Apr 10, 2008 at 01:30:06PM -0400, Barry Shein wrote: Is it just us or are there general problems with sending email to yahoo in the past few weeks? It's not you. Lots of people are seeing this, as Yahoo's mail servers are apparently too busy sending ever-increasing quantities of spam to have to accept inbound traffic. Sufficiently persistent and lucky people have sometimes managed to penetrate the outer clue-resistant shells of Yahoo and effect changes, but some of those seem ineffective and temporary. There doesn't seem to be any simple, universal fix for this other than advising people that Yahoo's email service is already miserable and continues to deteriorate, and hoping that they migrate elsewhere. ---Rsk
RE: Internet Reachability
DSLR is undergoing a DDoS attack from Russia. See here: http://www.dslreports.com/forum/r20312753-ddos Matthew Evans, MCSA Alpha Theory | the right decision, every time. 2201 Coronation Blvd., Suite 140 Charlotte, NC 28227 (704) 307-2914 x205 www.alphatheory.comhttp://www.alphatheory.com/ ALPHA THEORY QUICK DEMOhttps://www.alphatheory.com/demo/quickdemo.html (click here) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edward A. Trdina III Sent: Thursday, April 10, 2008 3:05 PM To: nanog@merit.edu Subject: Internet Reachability Anyone noticing any issues reaching sites through their Internet tubes? Specifically it looks like DSLR is down. And I was having a problem reaching MSN earlier today. Regards, Edward A. Trdina III Senior Network/Systems Engineer Clayton Kendall, Inc. 150 West Street East Pittsburgh, PA 15112 Office (412)829-2201 x 31 Fax (412)829-5842 Cell (412)334-8000
RE: Internet Reachability
Anyone noticing any issues reaching sites through their Internet tubes? It seems that a Chinese ping-pong ball factory recently started making balls that are slightly larger than the standard size. As a result, ISPs whose tubes are newer, are suffering from pneumatic congestion, kind of like pneumonia if you know what I mean. This isn't affecting the larger ISPs since their tubes are older, and have higher traffic levels. The increased wear on these high-traffic tubes means that they are a slightly larger diameter and the new balls fit through better. The FCC recommends ISPs affected by the flood of these Chinese ping-pong balls to increase air pressure on their tubes to compensate, or to block Chinese traffic from entering their networks. --Michael Dillon P.S. with a nod to Senator Ted Stevens...
RE: Problems sending mail to yahoo?
I hope that's sarcasm? Instead of getting the bounces your messages will simply go missing after they accepted it...or you will get bounces sent to you a few years after you sent the message...(happened to a client yesterday...). -Ray -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Henry Yen Sent: Thursday, April 10, 2008 4:17 PM To: nanog@merit.edu Subject: Re: Problems sending mail to yahoo? On Thu, Apr 10, 2008 at 12:23:24PM -0600, Chris Stone wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Matt Baldwin wrote: mostly. It feels like a poorly implemented spam prevention system. Doing some Google searches will turn up some more background on the issue. We've been telling our users that Yahoo mail is problematic and if they can to switch away from using them as their private email or hosted email. Maybe we all should do the same to them until they quit spewing out all the Nigerian scams and the like that I've been seeing from their servers lately! Naaah. I hear that Microsoft is going to buy Yahoo!, so this problem will go away once Yahoo! mail gets folded into Microsoft hotmail, whereupon things will get soo much better!
Re: Problems sending mail to yahoo?
HY Date: Thu, 10 Apr 2008 16:17:08 -0400 HY From: Henry Yen HY Naaah. I hear that Microsoft is going to buy Yahoo!, so this HY problem will go away once Yahoo! mail gets folded into Microsoft HY hotmail, whereupon things will get soo much better! Maybe all the 42x responses are an attempt to cut load while migrating things onto Exchange. ;-) Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
Re: spam wanted :)
this would be a straight sample, before filtering, ip address blocking, etc. i realize this is difficult, as all of us go through much effort to reject this stuff as early as possible. but it will be a sample unbiased by your filtering techniques. How do you classify email as spam without adding bias? reasonable question. i suspect you pull out the 0.5% of the inbound you actually wanted and consider the bias small. as the dnsbls alone block way over 90% of the inbound here, i would not classify that as small. randy
Re: Yahoo Mail Update
An anonymous source at Yahoo told me that they have pushed a config update sometime today out to their servers to help with these deferral issues. Please don't ask me to play proxy on this one of any other issues you may have, but take a look at your queues and they should be getting better. - Jared Thanks for the update Jared. I can understand your request to not be used as a proxy, but it exposes the reason why Yahoo is thought to be clueless: They are completely opaque. They can not exist in this community without having some visibity and interaction on an operational level. Yahoo should have a look at how things are done at AOL. While the feedback loop from the *users* at AOL is mostly a source of entertainment, dealing with the postmaster staff at AOL is a benchmark in how it should be done. Proxy that message over and perhaps this issue of Yahoo's perennially broken mail causing the rest of us headaches will go away. It seems to come up here on nanog and over on the mailop list every few weeks. --chuck
RE: Yahoo Mail Update
I've talked to employees in other departments who agree that something needs changed (especially when their own mail wasn't making it to their personal yahoo inboxes) You can reach yahoo's 'mail' department(s) after doing a lot of digging and googling... Their ' Bulk Mail Advocacy Agent' was somewhat helpful, but the anti-abuse manager seemed to get things done after you at least try the proper channels of submitting a ticket and waiting about a week and still having no resolve...I submitted a ticket to them to update my whitelisted IP's from adding/removing servers and it took about a month to get a reply. AOL's postmaster is easy to reach via their 1-800# however they seem to read off the screen and are really only general support. Their actual 'postmasters' (once you get passed their general support) are usually pretty helpful and quick to resolve issues. -Ray -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of chuck goolsbee Sent: Thursday, April 10, 2008 8:51 PM To: nanog@merit.edu Subject: Re: Yahoo Mail Update An anonymous source at Yahoo told me that they have pushed a config update sometime today out to their servers to help with these deferral issues. Please don't ask me to play proxy on this one of any other issues you may have, but take a look at your queues and they should be getting better. - Jared Thanks for the update Jared. I can understand your request to not be used as a proxy, but it exposes the reason why Yahoo is thought to be clueless: They are completely opaque. They can not exist in this community without having some visibity and interaction on an operational level. Yahoo should have a look at how things are done at AOL. While the feedback loop from the *users* at AOL is mostly a source of entertainment, dealing with the postmaster staff at AOL is a benchmark in how it should be done. Proxy that message over and perhaps this issue of Yahoo's perennially broken mail causing the rest of us headaches will go away. It seems to come up here on nanog and over on the mailop list every few weeks. --chuck
Re: Yahoo Mail Update
On Thu, Apr 10, 2008 at 05:51:23PM -0700, chuck goolsbee wrote: Thanks for the update Jared. I can understand your request to not be used as a proxy, but it exposes the reason why Yahoo is thought to be clueless: They are completely opaque. They can not exist in this community without having some visibity and interaction on an operational level. I heartily second this. Yahoo (and Hotmail) (and Comcast and Verizon) mail system personnel should be actively participating here, on mailop, on spam-l, etc. A lot of problems could be solved (and some avoided) with some interaction. ---Rsk
/24 blocking by ISPs - Re: Problems sending mail to yahoo?
On Fri, Apr 11, 2008 at 1:22 AM, Raymond L. Corbin [EMAIL PROTECTED] wrote: Yeah, but without them saying which IP's are causing the problems you can't really tell which servers in a datacenter are forwarding their spam/abusing Yahoo. Once the /24 block is in place then they claim to have no way of knowing who actually caused the block on the /24. The feedback loop would help depending on your network size. Almost every large ISP does that kind of complimentary upgrade There are enough networks around, like he.net, Yipes, PCCW Global / Cais etc, that host huge amounts of snowshoe spammers - http://www.spamhaus.org/faq/answers.lasso?section=Glossary#233 (you know, randomly named / named after a pattern domains, with anonymous whois or probably a PO box / UPS store in the whois contact, DNS served by the usual suspects like Moniker..) a /27 or /26 in a /24 might generate enough spam to drown the volume of legitimate email from the rest of the /24, and that would cause this kind of /24 block In some cases, such as 63.217/16 on CAIS / PCCW, there is NOTHING except spam coming from several /24s (and there's a /20 and a /21 out of it in spamhaus), and practically zero traffic from the rest of the /16. Or there's Cogent with a similar infestation spread around 38.106/16 ISPs with virtual hosting farms full of hacked cgi/php scripts, forwarders etc just dont trigger /24 blocks at the rate that ISPs hosting snowshoe spammers do. /24 blocks are simply a kind of motivation for large colo farms to try choosing between hosting spammers and hosting legitimate customers. srs ..
Re: Problems sending mail to yahoo?
At 02:23 PM 4/10/2008, you wrote: Maybe we all should do the same to them until they quit spewing out all the Nigerian scams and the like that I've been seeing from their servers lately! Chris If there were an coordinated boycott, I would participate. Yahoo is *by far* the worst single abuser of our server among the legitimate email providers. I report dozens of spams from my personal account alone every day and never receive anything other than automated messages claiming to have dealt with the same abuse that continues around the clock or, worse, bogus/clueless claims that the IP in question is not theirs and suggestions that I check the same ARIN database that I used to confirm the responsible party in the first place. Until I read this thread, my suspicion was that all my spam reports were triggering the 4xx delays, and I'm still not sure that's not the case. (I only have one customer forwarding to yahoo.com, and that's post-filters.) Naturally, they delay mail to [EMAIL PROTECTED] the same as any other mail. And, yes, I've tried to reach a human there. The only humans I ever reached briskly forwarded me to voice mail hell for customer support. So, I will start sending 5XX or 4XX messages to Yahoo if you guys will. I don't care if I have to spend all day on the phone with my customers explaining why. They hate spam, too, and they'll understand.