Re: Problems sending mail to yahoo?
At 04:41 PM 4/13/2008, Geo. wrote: of abuse might be useful for large providers, but since we can't even get many domains even to set up the already-specified abuse@ address, much less read the mail we send to it, When someone like AOL offloads their user complaints of spams to all the abuse@ addresses instead of verifying that they actually are spams before sending off complaints, is it any surprise that everyone else is refusing to do their jobs for them? I'm not sure I know what you mean. Are you talking about the optional feedback loop? When I was signed up for that I did get a bunch of bogus reports, but other than that I've never received a spam report from AOL at all. The reason abuse@ addresses are useless is because what is being sent to them is useless. I'm sure that a lot of useless reports come in--my servers never originate spam, but we still get the occasional bogus report due to forged headers. At the same time, I certainly send dozens of real spam reports every day and they all contain actionable information (that would be supplemented further if an actual human were to ask). What I've found is that "too big to fail" ISPs respond (if they accept the email at all!) with either an automated response or a canned response from a help desk monkey who is actually wrong close to half the time, while many boutique providers and most US-based .edu sites respond personally and cluefully. (Don't get me started about the US government, especially the military...) My conclusion is that the problem is not crappy reports but rather under-investment in clue at big ISP help desks. All the fancy standards and tools in the world are not going to help this basic problem: stemming the tide of abuse from their networks is simply not a high enough priority for companies like Yahoo, Hotmail, AT&T, et al. Until they start losing money every time spam leaves their network, I don't see their behavior changing.
Re: Problems sending mail to yahoo?
At 02:18 PM 4/13/2008, Barry Shein wrote: Is it [EMAIL PROTECTED] or [EMAIL PROTECTED] or [EMAIL PROTECTED] or [EMAIL PROTECTED] (very commonly used) or [EMAIL PROTECTED] Who cares? But let's pick ONE, stuff it in an RFC or BCP and try to get each other to conform to it. [EMAIL PROTECTED] is *already* specified (in RFC 2142). Granted, separating reports of email abuse from those for other forms of abuse might be useful for large providers, but since we can't even get many domains even to set up the already-specified abuse@ address, much less read the mail we send to it, I'm not convinced that it would help. OTOH, many email providers seem to think it's my job to know what their internal organization is and re-route email to some spam-specific email reporting address. While that is just rude and ignorant behavior in my book, at least having a single standardized address would be an improvement...
Re: Yahoo Mail Update
At 08:49 AM 4/13/2008, Suresh Ramasubramanian wrote: There are other lists, far more relevant than spam-l or nanae. Feel free to suggest some that you feel would be more appropriate or effective. Since reaching them via [EMAIL PROTECTED] or any of their published phone numbers doesn't seem to work, backchannels are all that's left. (I do, however, subscribe to many lists and have yet to notice a presence of clueful Yahoo people on any of them.) Yahoo, for example, has chosen a business model (free email with little to no verification) that inevitably leads to spam being originated from their systems. So has hotmail, so have several of the domains that we host. Indeed, and I didn't mean to imply that Yahoo was necessarily worse than Hotmail (and several free email providers based outside the US, as far as I can tell). The difference, as I'm sure you're aware, is that some free email providers seem to care enough to minimize the costs they impose on the rest of us by responding appropriately to the inevitable abuse.
Re: Yahoo Mail Update
At 01:58 AM 4/13/2008, you wrote: Why should large companies participate here about mail issues? Last I checked this wasn't the mailing list for these issues: True, though some aspects of mail service are inextricably tied to broader networking issues, and thus participation here might still benefit them. But sadly Yahoo doesn't even seem to participate in more relevant forums, such as the spam-l list. But lets just say for a second this is the place to discuss company xys's mail issue. What benefit do they have participating here? Likely they'll be hounded by people who have some disdain for their company and no matter what they do they will still be evil or wrong in some way. I've never seen someone treated badly for trying to help resolve problems. I think we all know that it can be hard to get things done within a large company and that often the folks who participate on a list like this are taking on work that isn't strictly speaking "their job" when they try to help resolve mail issues. And when a large company that was a mess does a turnaround, they also get praised: just look at the many positive comments about AOL on this and other lists over the past few years. It is easy for someone who has 10,000 users to tell someone who has 50 million users what to do when they don't have to work with such a large scale enterprise. I wouldn't presume to tell them how to accomplish something within their particular configuration. But I will, without apology, tell them that they need to accomplish it. For example, I'm quite comfortable saying that Earthlink should follow the minimum timeouts in RFC 1123, though I wouldn't presume to guess whether they should accomplish that by having separate fast and slow queues on different servers, on the same server, or not at all. Likewise, a working abuse role account is a minimum requirement for participation in the Internet email system, and I'm comfortable saying that the email it receives should be read by a competent human. I find it funny when smaller companies always tell larger companies what they need to be doing. When what the larger companies do enables criminal behavior that impacts the very viability of the smaller companies through de factor DoS attacks, it's not funny at all. Yahoo, for example, has chosen a business model (free email with little to no verification) that inevitably leads to spam being originated from their systems. Why should they be able to shift the cost of their business model to me, just because I run a much smaller business?
Re: Problems sending mail to yahoo?
At 10:22 AM 4/11/2008, Joe Abley wrote: It turns out that if Y! doesn't want to receive mail from me, suddenly I can't send mail to anybody in my extended family, or to most people I know in the town where I live. These involve domains like ROGERS.COM and BTINTERNET.COM, and not just the obvious Y! domains. Good point. I think this also includes AT&T/SBC/SNET in some fashion (with which many of my customers have been having different problems this week). To return to the topic at hand, you may already have outsourced the coordination of your boycott to Yahoo!, too! They're already not accepting your mail. There's no need to stop sending it! :-) Yes, but it's the flow of mail (spam) *from* them I'm worried about...
Re: Problems sending mail to yahoo?
At 10:33 AM 4/11/2008, you wrote: I gave up sending abuse reports to Yahoo (and Hotmail) many years ago. I gave up on Hotmail, too, though occasionally I try a sample to see if they've improved. The latest came back with a message saying that I had to resubmit my report to any entirely different address. As if their inability to forward mail internally is now my problem... So in the short term, advising customers that Yahoo's and Hotmail's freemail services are of very poor quality and should never be relied on for anything, and that Gmail is a better choice, is probably viable. In the long term, though, I think it may only delay the inevitable. OTOH, as someone who provides services to small business customers who want their own domains, this may be to my benefit: one of the main selling points of a domain is that it makes you the master of your own fate, not tied to the fate of a particular provider. (At least, if you're smart enough to use a registrar and a service provider who doesn't make it almost-impossible to switch)
Re: Problems sending mail to yahoo?
At 02:23 PM 4/10/2008, you wrote: Maybe we all should do the same to them until they quit spewing out all the Nigerian scams and the like that I've been seeing from their servers lately! Chris If there were an coordinated boycott, I would participate. Yahoo is *by far* the worst single abuser of our server among the "legitimate" email providers. I report dozens of spams from my personal account alone every day and never receive anything other than automated messages claiming to have dealt with the same abuse that continues around the clock or, worse, bogus/clueless claims that the IP in question is not theirs and suggestions that I check the same ARIN database that I used to confirm the responsible party in the first place. Until I read this thread, my suspicion was that all my spam reports were triggering the 4xx delays, and I'm still not sure that's not the case. (I only have one customer forwarding to yahoo.com, and that's post-filters.) Naturally, they delay mail to [EMAIL PROTECTED] the same as any other mail. And, yes, I've tried to reach a human there. The only humans I ever reached briskly forwarded me to voice mail hell for customer support. So, I will start sending 5XX or 4XX messages to Yahoo if you guys will. I don't care if I have to spend all day on the phone with my customers explaining why. They hate spam, too, and they'll understand.
Re: Looking for Clue at Earthlink
At 05:31 PM 3/24/2008, Barry Shein wrote: > Specifically, the issue relates to the servers in 209.86.89.0/24, in > case anyone here is already aware of an issue with the servers in > this block and can help. Do you mean how they're pwned and just spew dictionary attacks? No, that's a problem that I've given up on trying to solve. Unfortunately, those servers also occasionally send some legitimate email, and my customers want to receive that, so not receiving email from those servers is actually a problem despite the welcome respite from Earthlink spam... I figured out that the problem has to do with their servers being very impatient and not wanting to wait for mine to check the RBLs. Which is, of course, pretty ironic considering how much spam they spew. You'd think that their servers would shuffle the mail off to another, more tolerant server, but instead the same server just keeps retrying it with the same aggressive timeout... *sigh* Seems as if over the past decade Earthlink and AOL have nearly traded places!
Looking for Clue at Earthlink
If someone here is from Earthlink, or knows someone who is, please get in touch with me off-list. I have a mail-related issue to resolve. (Sadly the ARIN-listed contact is not valid and mail to postmaster seems to go into the same black hole as mail to abuse.) Specifically, the issue relates to the servers in 209.86.89.0/24, in case anyone here is already aware of an issue with the servers in this block and can help. -- Rob Szarka, Bizgrok Inc. http://bizgrok.com/ 860-887-5600 800-954-INET
