Re: Abuse response [Was: RE: Yahoo Mail Update]
William Herrin wrote: On Tue, Apr 15, 2008 at 8:49 PM, Martin Hannigan [EMAIL PROTECTED] wrote: Abuse desk is a $0 revenue operation. Is it not obvious what the issue is? Martin, So is marketing, yet marketing does have an impact on revenue. It can be useful to explain the abuse desk as being just another form of marketing, another form of reputation management that happens to be specific to Internet companies. Handling the abuse desk well (or poorly) builds (or damages) the brand. Even IF the reputation of an abuse desk had any effect at all on bringing in revenue (doubtful) ... I'm quite certain that dollar for dollar, the ROI on investment in Marketing generates MUCH greater revenue returns than investment in Abuse desk staff. Properly staffing an abuse desk is something a business does because It Is The Right Thing To Do, not because it's the best investment for their marketing dollars. jc
RE: Abuse response [Was: RE: Yahoo Mail Update]
So how do the little guys play in this sandbox? 3rd-party aggregation. Where do RBLs get there data? They act as a 3rd party to aggregate data from many others. - It needs to be simple to use. Web forms are a non-starter. If you have the ability to accept reports via an HTTP REST application, it wouldn't hurt to put up a web form so that people can try it out. - The output from any parsers needs to be human readable. ARF is the only thing that meets this requirement http://mipassoc.org/arf/ However, you should consider accepting input as IODEF as well. Just use ARF for the ouput that you submit to the abuse desks. - I'd like to see an actual response beyond an autoreply saying that you can't tell me who the customer is or what actions were taken. Now you are asking the abuse desks to modify their software and processes to meet your needs. I can't see them ever providing a response per report, however if enough people buy into a standard reporting system, like ARF, then you might get ISPs to accept some kind of report-origin code and then allow you to periodically request resolution reports for all reports coming from that report-origin. - I like dealing with other small operations and edus because humans actually do read the reports, and things get done (Thanks!). If people had succeeded in cleaning up the abuse problems in 1995 when the human touch was still feasible, we would not have the situation that we have today. Automation is the only way to address the flood of abuse email, the huge number of people originating abuse, and the agile tactics of the abusers. You just have to accept that people will not read your reports, and will not act on your reports. What they will do is feed your reports into automated systems that use AI techniques to define tasks for the abuse desk to act upon. Consider this. Any single point source of abuse, say a single broadband PC in a botnet, will spew out spam or DDOS to hundreds of destinations. If 20 of these destinations submit ARF reports, and you are one of these 20, then there is a 5% chance that your report has anything wort acting upon. 95% of the time, you will be reporting something that the abuse desk has already acted upon and it would be a waste of abuse desk resources to read and reply to your report. On the other hand, it can be very useful for the automated system to process your report for statistical purposes and to provide a better understanding of how that particular botnet functions. I've given up sending abuse reports to large consumer ISPs and all freemail providers because I'm not a member of the club. Any response that I'm lucky enough to get generally says something like You did not include the email headers in your complaint so we are closing this incident when I reported and FTP brute force. This is why we need *MORE* automation between providers. Then there is less room for human error in wading through a mass of reports trying to pick out the ones which can be fixed. --Michael Dillon
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, Apr 15, 2008 at 08:49:39PM -0400, Martin Hannigan wrote: Abuse desk is a $0 revenue operation. Is it not obvious what the issue is? Two points, the first of which is addressed to this and the second of which is more of a recommended attitude. 1. There is no doubt that many operations consider it so, but it's really not. Operations which don't adequately deal with abuse issues are going to incur tangible and intangible costs (e.g., money spent cleaning up local messes and getting off numerous blacklists, loss of business due to reputation, etc.). Those costs are likely to increase as more and more people become increasingly annoyed with abuse-source operations and express that via software and business decisions. I'll concede that this is really difficult to measure (at the moment) but it's not zero. 2. When one's network operation abuses someone (or someone else's operation), you owe them a fix, an explanation, and an apology. After all, it happened in your operation on your watch, therefore you're personally responsible for it. And when someone in that position -- a victim of abuse -- has magnanimously documented the incident and reported it to you, thus providing you with free consulting services -- you owe them your thanks. After all, they caught something that got by you -- and they've shared that with you, thus enabling you to run a better operation, which in turn means fewer future abuse incidents, which in turn means lower tangible and intangible costs. And far more importantly, it means being a better network neighbor, something we should all be working toward all the time. ---Rsk
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Wed, Apr 16, 2008 at 11:07:42AM +0100, [EMAIL PROTECTED] wrote: If people had succeeded in cleaning up the abuse problems in 1995 when the human touch was still feasible, we would not have the situation that we have today. Automation is the only way to address the flood of abuse email, the huge number of people originating abuse, and the agile tactics of the abusers. I agree with this and with pretty much everything else you wrote. But... If an operation is permitting itself to be such a systemic, persistent source of abuse that the number of abuse reports it's receiving (which everyone knows is tiny fraction of the number it *could* be receiving) requires automation...isn't that a pretty good sign that whatever's being done to control abuse isn't working? The solution to that isn't to put in place higher levels of automation: the solution to to that is to *solve the underlying problems* so that higher levels of automation aren't necessary. ---Rsk
RE: Abuse response [Was: RE: Yahoo Mail Update]
So who's the third-party for the little guy that aggregates abuse reports? I know we consume Spamcop reports which works very well for us. I'm not sure who feeds them data. Ideally I would like to be able to submit data to them in an automated fashion, but the spam appliance I have doesn't have that checkbox. If the abuse desk has already acted upon it, why not have the automated system let me know? Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, April 16, 2008 5:08 AM To: nanog@merit.edu Subject: RE: Abuse response [Was: RE: Yahoo Mail Update] So how do the little guys play in this sandbox? 3rd-party aggregation. Where do RBLs get there data? They act as a 3rd party to aggregate data from many others. snip Consider this. Any single point source of abuse, say a single broadband PC in a botnet, will spew out spam or DDOS to hundreds of destinations. If 20 of these destinations submit ARF reports, and you are one of these 20, then there is a 5% chance that your report has anything wort acting upon. 95% of the time, you will be reporting something that the abuse desk has already acted upon and it would be a waste of abuse desk resources to read and reply to your report. On the other hand, it can be very useful for the automated system to process your report for statistical purposes and to provide a better understanding of how that particular botnet functions. snip --Michael Dillon
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Wed, 16 Apr 2008 00:38:33 CDT, Chris Boyd said: - I'd like to see an actual response beyond an autoreply saying that you can't tell me who the customer is or what actions were taken. Well, let's see. If you're reporting abuse coming from my AS, it's almost certainly one of 2 things: 1) Some poor soul got zombied in a drive-by fruiting and was part of a botnet. At this point, it doesn't really matter *who* the customer was, because he was essentially a Joe Sixpack. Action taken is almost certainly some variant on he's been told to disinfect the machine before getting back on the net. So it's unclear what, if anything, you want us to do, except possibly send you a canned We found the machine and dealt with it after the fact. 2) Somebody decided to intentionally do something naughty. At that point, it's a very good likelyhood that we *can't* tell you who it was, because there may be some combination of litigation and prosecution (and in our case, most likely some internal judicial action) so there's a whole swarm of privacy laws and we don't comment on ongoing investigations/litigations policy. And since these things can drag on for weeks or months, there may not be any final resolution for quite some time, so all you'll get back is a We found the problem and it will eventually be disposed of... Basically, 99.8% of the time, no response other than We found it and dealt with it is actually suitable, and the other 0.2% of the time, you're about to get dragged into an ongoing investigation, so expect a Hold Evidence order on your fax in a few minutes.. ;) So what sort of response did you actually *want*? pgpwl7fz8B5YY.pgp Description: PGP signature
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, Apr 15, 2008 at 8:49 PM, Martin Hannigan [EMAIL PROTECTED] wrote: Abuse desk is a $0 revenue operation. Is it not obvious what the issue is? Martin, So is marketing, yet marketing does have an impact on revenue. It can be useful to explain the abuse desk as being just another form of marketing, another form of reputation management that happens to be specific to Internet companies. Handling the abuse desk well (or poorly) builds (or damages) the brand. Regards, Bill Herrin -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Abuse response [Was: RE: Yahoo Mail Update]
It can be useful to explain the abuse desk as being just another form of marketing, another form of reputation management that happens to be specific to Internet companies. Is it? I mean, I may know that (a hypothetical) example.com is a pink-contract-signing batch of incompetents who spew spam like a bulemic firehose. You may know that. 10,000 other mail administrators may know that. But once they have signed up 2.3 million users with example.com they are too big (for most email administrators) to block, so at that point the cost of disbanding their abuse desk and pointing complaints to /dev/null is nil. Handling the abuse desk well (or poorly) builds (or damages) the brand. ...among people who are educated among such things. Unfortunately, people with clue are orders of magnitude short of a majority, and the rest of the world (ie: potential customers) wouldn't know an abuse desk from a self-abuse desk. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Wednesday 16 April 2008 17:47, Dave Pooser wrote: It can be useful to explain the abuse desk as being just another form of marketing, another form of reputation management that happens to be specific to Internet companies. Is it? .. SNIP good points about abuse desks .. In the specific case that started this (Yahoo), then I think there is a marketing issue. Ask anyone in the business if I want a free email account who do I use.. and you'll get the almost universal answer Gmail. Mostly this is because Hotmail delete email randomly, Yahoo struggle with the volumes, and everyone forgets AOL do free accounts (although it is painfully slow and the documentation is incomplete). But it is in part that Google do actually answer enquiries still, be they abuse or support. Yahoo occassionally manage an answer, usually not to the question you asked, or asking for information already supplied. AOL - well you can get an answer from their employee who watches Spam-L, but directly not a chance. So it is a competitive market, and the opinion of those in the know matters (a little -- we could make more noise!). Although the tough one to compete with is Hotmail, since their computer offers it to them every time they reinstall, and those reinstalling more often have least clue, but eventually realise having their email on THEIR(!) PC is a bad idea. But yes, abuse desk is only a minor issue in that market, but if you don't deal with abuse, it will cost the bottom line for email providers. I think for people mostly providing bandwidth, email is still largely irrelevant, even at the hugely inflated levels the spammers cause it is still a minor %age, favicons (missing or otherwise) probably cause nearly as much traffic.
Re: Abuse response [Was: RE: Yahoo Mail Update]
Dave Pooser wrote: Handling the abuse desk well (or poorly) builds (or damages) the brand. ...among people who are educated among such things. Unfortunately, people with clue are orders of magnitude short of a majority, and the rest of the world (ie: potential customers) wouldn't know an abuse desk from a self-abuse desk. I think that depends on the nature of the abuse desk, how it interfaces with other networks and the customer base. Of course, I get to be the NOC guy and the abuse guy here. It's nice to have less than a million customers. However, I find that how NOC issues and abuse issues are handled are very similar. It is, of course, easier to reach another NOC than it is the senior abuse staff that actually have clue, generally. Both departments need a certain amount of front line protection to keep them from being swamped with issues that can be handled by others. Never the less, when they can interface with customers and with the other departments that spend more time with customers, it does improve the company's service level. If there is a routing, firewalling, or email delivery issue with a much larger network, the effectiveness of the NOC/Abuse Dept will determine how well the customers will handle the interruption. If the company has built trust with the customer and related to them in a personal way, then the customer will in turn tend to be more understanding of the issues involved, or in some cases at least point their anger at the right company. -Jack Learning to mitigate the damage caused by Murphy's law.
Re: Abuse response [Was: RE: Yahoo Mail Update]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- [EMAIL PROTECTED] wrote: So what sort of response did you actually *want*? Actually, I'm more concerned with alerting you that someone inserted a nasty .js or iFrame on one of your websites and I'd like to you to clean it up, thanks. ;-) I'm not so concerned about alerting you to botted student computers... that's another issue entirely. :-) - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBj/nq1pz9mNUZTMRAmlKAJ4v/KIvHlKvO1MDF97Ed1T9RkpnjgCgvvRC CLUNjfK4mZcQOga42UgY9og= =7OPB -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Abuse response [Was: RE: Yahoo Mail Update]
On 16 Apr 2008, at 13:33 , Simon Waters wrote: Ask anyone in the business if I want a free email account who do I use.. and you'll get the almost universal answer Gmail. I think amongst those not in the business there are regional trends, however. Around this neck of the woods (for some reason) the answer amongst your average, common-or-garden man in the street is yahoo!. I don't know why this is. But that's my observation. There are also the large number of people using Y! mail who don't realise they're using Y! mail, because the telco or cableco they use for access have outsourced mail operations to Y!, and there are still (apparently) many people who assume that access providers and mail providers should match. In those cases choice of mail provider may have far more to do with price of tv channel selections or availability of long-distance voice plans than anything to do with e- mail. So, with respect to your other comments, correlation between technical/ operational competence and customer choice seems weak, from my perspective. If there's competition, it may not driven by service quality, and the conclusion that well-staffed abuse desks promote subscriber growth is, I think, faulty. Joe
Re: Abuse response [Was: RE: Yahoo Mail Update]
Subject: Re: Abuse response [Was: RE: Yahoo Mail Update]
From: [EMAIL PROTECTED]
Date: Wed, 16 Apr 2008 12:02:02 -0400
On Wed, 16 Apr 2008 00:38:33 CDT, Chris Boyd said:
- I'd like to see an actual response beyond an autoreply saying that you
can't tell me who the customer is or what actions were taken.
Well, let's see. If you're reporting abuse coming from my AS, it's almost
certainly one of 2 things:
[[ sneckcausations ]]
Basically, 99.8% of the time, no response other than We found it and dealt
with it is actually suitable, and the other 0.2% of the time, you're about
to get dragged into an ongoing investigation, so expect a Hold Evidence
order on your fax in a few minutes.. ;)
So what sort of response did you actually *want*?
Speaking strictly for myself, the wish-list for an ack is (not necessarily in
priority order):
1) appreciation for my contributed time/effort in helping them keep _their_
network clean.
2) an ack that they _have_found_ the source. I generally don't care 'who'
it was, just that they *have* been found, and STOPPED.
3) an indication that the immediate issue has been fixed, and that steps
have been taken to prevent future recurrance.Again, the actual
'details' of what has been done are relatively unimportant.
4) *WHEN* the 'fix' was implemented. Then I know if I see 'more of the
same _before_ that time, I don't need to report it, =AND= if I see
stuff occuring _after_ that time, that it is a 'new and different'
problem that _does_ need to be reported.
This is more about _how_ you say things, than the details of what you actually
say.
Replies -- _days_ later -- along the lines of thanks for the report, due to
volume of complaints we won't be able to tell you anything about what we find,
or do cause much grinding of teeth.
Replies that say: This appears to be the same as something that has already
been reported to us by others. We have looked into things, confirmed it was
happening, and put a stop to it as of {timestamp}. If you see any more of this
activity from that source _after_ that time please email us immediately with
the string {token} in the subject line. _do_ give the originater 'warm
fuzzies', and can be more-or-less trivially generated by a good trouble-
ticket system. Especially with reasonable front-end automation for recognizing
'duplicate' complaints.
At the good end, I've gotten replies saying: the customer has been contacted,
and they immediately took the affected machine off-line for sterilization;
even we have been unable to contact the customer, and have pulled their
circuit until they *do* contact us.
Note: that last message was received about 4 hours after sending the problem
notice, and about 2 hours after what would have been the normal 'start of
business' in the locale of the problem. That provider wears a *BIG* white
hat in my books. Not so much for telling me what they did, but for the speed
of reaction.
Contrast those responses with a major national who doesn't send any responses
*and* has an admitted policy of giving customers _a_week_after_notification_
of having an infected machine on their network to get the machine off-line or
otherwise dealt with. And it can take _days_ to get the notification to the
customer. (they just send an email to the business contact -- notify them late
friday and the clock doesn't start running until Monday morning. *sigh*)
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Wed, Apr 16, 2008 at 03:39:05PM -0400, Joe Abley wrote: On 16 Apr 2008, at 13:33 , Simon Waters wrote: Ask anyone in the business if I want a free email account who do I use.. and you'll get the almost universal answer Gmail. I think amongst those not in the business there are regional trends, however. Around this neck of the woods (for some reason) the answer amongst your average, common-or-garden man in the street is yahoo!. I don't know why this is. But that's my observation. In my experience, Gmail tends to be the preferred freemail acount among geeks and techies. Y! mail and Hotmail are preferred by the (non-techie) man and woman on the street. I think this is largely due to branding. So, with respect to your other comments, correlation between technical/ operational competence and customer choice seems weak, from my perspective. If there's competition, it may not driven by service quality, and the conclusion that well-staffed abuse desks promote subscriber growth is, I think, faulty. Also, IME, the business community tends to perceive marketing as a profit center (whether or not it actually is), because they understand it and can measure the ROI they get from it. This may not be the case in companies with executives who came from the tech side, however, but it's still more common for executives to have more of a business than technical background. --gregbo
Re: Abuse response [Was: RE: Yahoo Mail Update]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote: If you send reports with lots of legal boilerplate, or reports with long lectures on why you expect an INSTANT TAKEDOWN, and send them to a busy abuse queue, there is no way - and zero reason - for the ISP people to prioritize your complaint above all the other complaints coming in. Having elided the rest of this exchange, and also understanding exactly what you are talking about, I encourage you to elaborate on the point you are trying to make... As you well know, there are many of us who have been working on this particular issue for years, with wildly varying degrees of success. There is no pat answer... - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBEFTq1pz9mNUZTMRArvBAJ0XvKGXrL5yCKttE/0g1cxpkuWwAwCcCnw8 7Y8Q1TPWRnpvVH/5fdh5r2c= =Gcoo -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, Apr 15, 2008 at 11:04 AM, Paul Ferguson [EMAIL PROTECTED] wrote: In fact, we have done just that -- develop a standard boilerplate very similar to what PIRT uses in its notification(s) to the stakeholders in phishing incidents. The boilerplate is no damned use. PIRT - and you - should be focusing on feedback loops, and that would practically guarantee instant takedown, especially when the notification is sent by trusted parties. Again, our success rate is somewhere in the 50% neighborhood. With the larger providers it will get to 100% once you go the feedback loop route. Do ARF, do IODEF etc. You will find it much easier for abuse desks that care to process your reports. You will also find it easier to feed these into nationwide incident response / alert systems like Australia's AISI (google it up, you will like the concept I think) srs
Re: Abuse response [Was: RE: Yahoo Mail Update]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote: Do ARF, do IODEF etc. You will find it much easier for abuse desks that care to process your reports. You will also find it easier to feed these into nationwide incident response / alert systems like Australia's AISI (google it up, you will like the concept I think) Really. How many people are actually doing IODEF? http://www.terena.org/activities/tf-csirt/iodef/ Honestly? And the other regional formats? This is kind of what I mean when I talk about disjointed and discombobiulated processes of reporting abuse. It should be simple -- not require a freeking full-blown standard. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBEo/q1pz9mNUZTMRAvphAKCTmSmbRHBCq9wuK9U+PDR+PFxWtQCgpV8s z5EJEitF6mIhHspeNuVNMOU= =x2Qh -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Abuse response [Was: RE: Yahoo Mail Update]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote: Do ARF, do IODEF etc. You will find it much easier for abuse desks that care to process your reports. You will also find it easier to feed these into nationwide incident response / alert systems like Australia's AISI (google it up, you will like the concept I think) And further, looking at IODEF in particular, this is doomed: it requires more than two simple steps to report abuse. The proof is in the pudding. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBEuNq1pz9mNUZTMRAt94AJ9NYRFDM1UKMs5GEO9klDeLDWajdwCfaB7M NLS2W3SAD9fZiV1ScGthlPI= =+V6W -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, Apr 15, 2008 at 11:55 AM, Paul Ferguson [EMAIL PROTECTED] wrote: Really. How many people are actually doing IODEF? http://www.terena.org/activities/tf-csirt/iodef/ AISI - for example - and AISI feeds the top 25 australian ISPs - takes IODEF as an input And MAAWG does ARF, quite simple to use as well .. but they would take a standard format (with an RFC yet) if you and some other major players 1. Offer iodef (or say ARF) feeds 2. Tell them youre offering these feeds It should be simple -- not require a freeking full-blown standard. Its a standard. And it allows automated parsing of these complaints. And automation increases processing speeds by orders of magnitude.. you dont have to wait for an abuse desker to get to your email and pick it out of a queue with hundreds of other report emails, and several thousand pieces of spam [funny how [EMAIL PROTECTED] type addresses end up in so many spammer lists..] srs
Re: Yahoo Mail Update
Frank Bulk - iNAME wrote: Yes, internet service providers and operators don't need to listen, but I can't see how Yahoo's e-mail and abuse handling history arises out of good business decisions. How would Yahoo benefit from better staffing of their abuse desk? What do they gain, besides the respect of their peers in the ISP industry? Do you know of anyone (outside the ISP industry) who knows anything about Yahoo's email and abuse handling history, and who uses this information as part of a buying decision WRT the services sold by Yahoo? I don't. Through my participation on dozens of discussion groups (mailing lists, usenet groups, web forums, etc.) I know hundreds of people who collectively: 1) Have a free Yahoo email address 2) Have a paid Yahoo email address 3) Pay for a website and/or domain name hosted by Yahoo 4) Pay for advertising on Yahoo 5) Click on ads on Yahoo 6) Have SBC-Global/Yahoo as their DSL provider 7) Have Yahoo as their Home page (a result of 6) etc. None of them know or care that the ISP industry thinks Yahoo is irresponsible in their email and abuse handling practices. Staffing an abuse desk is costly. If you are big enough that you can get away with doing it at the lowest levels possible - if it doesn't hurt your bottom line to shift some of your spam problem onto the abuse desks of other ISPs, if you are big enough that other ISPs can't afford to play hardball with you because your abuse handling practices aren't up to their standards, then it makes perfect financial sense to do it at the lowest level you can get away with. Yahoo knows that if it comes to a game of chicken that the other side will be hurt more, and blink first. (Same thing with Cogent and the Tier 1 networks that try to de-peer with Cogent - they know that a Tier 1 can't afford the complaints they get from their end users if they can't reach a site hosted on Cogent, so Cogent can afford to let the Tier 1 break peering, and then reestablish it after they suffer the expense of the support calls from their angry customer. Cogent just rides out the storm, knowing that if they simply do nothing the other side will blink first.) Now, if a major *website/webhost* (Cogent-sized) wanted to play chicken with Yahoo and block access to the website from Yahoo IPs because of the spam problem coming from Yahoo, then maybe THAT would be a game of chicken that Yahoo couldn't afford to wait out (because of all the complaints that would flood Yahoo's support center, etc.). However the website/webhost would need to be able to afford the drop in traffic that this ban would produce, and what's in it for them? Again, where is the benefit of this action? It would cost them lost revenue (lost advertising revenue for the website, lost bandwidth revenue for a webhost) - for what purpose? If anyone else (a smaller ISP that is mainly eyeballs, or a small website or web host) tries it, they will be hurting themselves rather than putting any real pressure on Yahoo to change. I urge all my competitors to do that. jc
Re: Abuse response [Was: RE: Yahoo Mail Update]
do you remember the days when some of us would only take routing table updates from andrew partan, because we trusted him? that's what it's like now wrt takedowns. do not minimize the use of malicious takedowns by twits and bad guys, who fabricate a report of misfeasance to get their enemies taken down. On Apr 15, 2008, at 7:47 AM, Paul Ferguson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote: If you send reports with lots of legal boilerplate, or reports with long lectures on why you expect an INSTANT TAKEDOWN, and send them to a busy abuse queue, there is no way - and zero reason - for the ISP people to prioritize your complaint above all the other complaints coming in. Having elided the rest of this exchange, and also understanding exactly what you are talking about, I encourage you to elaborate on the point you are trying to make... As you well know, there are many of us who have been working on this particular issue for years, with wildly varying degrees of success. There is no pat answer... - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBEFTq1pz9mNUZTMRArvBAJ0XvKGXrL5yCKttE/0g1cxpkuWwAwCcCnw8 7Y8Q1TPWRnpvVH/5fdh5r2c= =Gcoo -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, Apr 15, 2008 at 12:31:33PM +0530, Suresh Ramasubramanian wrote: On Tue, Apr 15, 2008 at 11:55 AM, Paul Ferguson [EMAIL PROTECTED] wrote: [snip] It should be simple -- not require a freeking full-blown standard. Its a standard. And it allows automated parsing of these complaints. And automation increases processing speeds by orders of magnitude.. you dont have to wait for an abuse desker to get to your email and pick it out of a queue with hundreds of other report emails, and several thousand pieces of spam [funny how [EMAIL PROTECTED] type addresses end up in so many spammer lists..] It cannot be understated that even packet pushers and code grinders who care get stranded in companies where abuse handling is deemed by management to be a cost center that only saps resources. Paul, you are doing a serious disservice to those folks in specific, and working around such suit-induced damage in general, by dismissing any steps involving automation. Cheers, Joe -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
Re: Abuse response [Was: RE: Yahoo Mail Update]
I largely concur with the points that Paul's making, and would like to augment them with these: - Automation is far less important than clue. Attempting to compensate for lack of a sufficient number of sufficiently-intelligent, experienced, diligent staff with automation is a known-losing strategy, as anyone who has ever dealt with an IVR system knows. - Trustability is unrelated to size. There are one-person operations out there that are obviously far more trustable than huge ones. - Don't built what you can't control. Abuse handling needs to be factored into service offerings and growth decisions, not blown off and thereby forcibly delegated to the entire rest of the Internet. - Poorly-desigged and poorly-run operations markedly increase the workload for their own abuse desks. - A nominally competent abuse desk handles reports quickly and efficiently. A good abuse desk DOES NOT NEED all those reports because it already knows. (For example, large email providers should have large numbers of spamtraps scattered all over the 'net and should be using simple methods to correlate what arrives at them to provide themselves with an early heads up. This won't catch everything, of course, but it doesn't have to.) ---Rsk
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, Apr 15, 2008 at 8:34 AM, Rich Kulawiec [EMAIL PROTECTED] wrote: - Automation is far less important than clue. Attempting to compensate for lack of a sufficient number of sufficiently-intelligent, experienced, diligent staff with automation is a known-losing strategy, as anyone who has ever dealt with an IVR system knows. Rich, That is one place that modern antispam efforts fall apart. It's the same problem that afflicts tech support in general. The problem exists for the same reason that large-city McDonalds workers don't speak English: Anyone with sufficient clue to run an abuse desk is well qualified for more interesting, important and higher-paid work where they don't get yelled at all the time. Like administering mail servers or writing mail software. There's a reason we pay garbage collectors a small fortune to do a job that requires no skill whatsoever. Regards, Bill Herrin -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Apr 15, 2008, at 9:43 AM, William Herrin wrote: On Tue, Apr 15, 2008 at 8:34 AM, Rich Kulawiec [EMAIL PROTECTED] wrote: - Automation is far less important than clue. Attempting to compensate for lack of a sufficient number of sufficiently-intelligent, experienced, diligent staff with automation is a known-losing strategy, as anyone who has ever dealt with an IVR system knows. Rich, That is one place that modern antispam efforts fall apart. It's the same problem that afflicts tech support in general. The problem exists for the same reason that large-city McDonalds workers don't speak English: Anyone with sufficient clue to run an abuse desk is well qualified for more interesting, important and higher-paid work where they don't get yelled at all the time. Like administering mail servers or writing mail software. There's a reason we pay garbage collectors a small fortune to do a job that requires no skill whatsoever. Do you _know_ any garbage collectors ? I do, and I would disagree with both clauses of that sentence. Regards Marshall Regards, Bill Herrin -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, Apr 15, 2008 at 10:00 AM, Marshall Eubanks [EMAIL PROTECTED] wrote: On Apr 15, 2008, at 9:43 AM, William Herrin wrote: That is one place that modern antispam efforts fall apart. It's the same problem that afflicts tech support in general. The problem exists for the same reason that large-city McDonalds workers don't speak English: Anyone with sufficient clue to run an abuse desk is well qualified for more interesting, important and higher-paid work where they don't get yelled at all the time. Like administering mail servers or writing mail software. There's a reason we pay garbage collectors a small fortune to do a job that requires no skill whatsoever. Do you _know_ any garbage collectors ? I do, and I would disagree with both clauses of that sentence. Marshall, No, but I know a few people who have (briefly) worked abuse desks and neither the tech support nor the McDonalds problem are difficult to observe. Without conceding the garbage collection issue, let me ask you directly: how do you propose to motivate qualified folks to keep working the abuse desk? Regards, Bill Herrin -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Apr 15, 2008, at 10:31 AM, William Herrin wrote: On Tue, Apr 15, 2008 at 10:00 AM, Marshall Eubanks [EMAIL PROTECTED] wrote: On Apr 15, 2008, at 9:43 AM, William Herrin wrote: That is one place that modern antispam efforts fall apart. It's the same problem that afflicts tech support in general. The problem exists for the same reason that large-city McDonalds workers don't speak English: Anyone with sufficient clue to run an abuse desk is well qualified for more interesting, important and higher-paid work where they don't get yelled at all the time. Like administering mail servers or writing mail software. There's a reason we pay garbage collectors a small fortune to do a job that requires no skill whatsoever. Do you _know_ any garbage collectors ? I do, and I would disagree with both clauses of that sentence. Marshall, No, but I know a few people who have (briefly) worked abuse desks and neither the tech support nor the McDonalds problem are difficult to observe. Without conceding the garbage collection issue, let me ask you directly: how do you propose to motivate qualified folks to keep working the abuse desk? That is a good question. (I feel sure that many actually doing the job would opt for a rise in pay.) Maybe certain jobs should become apprentice-like positions that you need to get through to rise in a networking organization. I know that Craig Newmark (of Craig's List) spends a couple of hours per day going through abuse complaints and user issues personally. I haven't heard too many complaints about Craig's List, and it seems reasonable to suspect a connection there. That has the advantage of being cheap to implement, in dollars if not in political capital. Regards Marshall Regards, Bill Herrin -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, Apr 15, 2008 at 10:55 AM, Marshall Eubanks [EMAIL PROTECTED] wrote: On Apr 15, 2008, at 10:31 AM, William Herrin wrote: how do you propose to motivate qualified folks to keep working the abuse desk? That is a good question. (I feel sure that many actually doing the job would opt for a rise in pay.) Maybe certain jobs should become apprentice-like positions that you need to get through to rise in a networking organization. Marshall, There's a novel idea. Require incoming senior staff at an email company to work a month at the abuse desk before they can assume the duties for which they were hired. My hunch says that's a non-starter. It also doesn't keep qualified folks at the abuse desk; it shuffles them through. Any other ideas? Regards, Bill Herrin -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Abuse response [Was: RE: Yahoo Mail Update]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Joe Provo [EMAIL PROTECTED] wrote: It cannot be understated that even packet pushers and code grinders who care get stranded in companies where abuse handling is deemed by management to be a cost center that only saps resources. Paul, you are doing a serious disservice to those folks in specific, and working around such suit-induced damage in general, by dismissing any steps involving automation. Well, I did not intend to do disservice to anyone's efforts, but the point I am trying to make is that there still is no good way for people to report malicious activity to the legitimate owners of the content or the netblock. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBMyPq1pz9mNUZTMRAoiwAKDrdTSosQIT0r1BeRh2tvIQ5+at1QCgmS5W gdgRZ+CokBXlcfCehWtJKQg= =QDXi -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Abuse response [Was: RE: Yahoo Mail Update]
William Herrin wrote: Without conceding the garbage collection issue, let me ask you directly: how do you propose to motivate qualified folks to keep working the abuse desk? Ask AOL? -Jack
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, Apr 15, 2008 at 11:22:59AM -0400, William Herrin wrote: There's a novel idea. Require incoming senior staff at an email company to work a month at the abuse desk before they can assume the duties for which they were hired. My hunch says that's a non-starter. It also doesn't keep qualified folks at the abuse desk; it shuffles them through. Require all technical staff and their management to work at the abuse desk on a rotating basis. This should provide them with ample motivation to develop effective methods for controlling abuse generation, thus reducing the requirement for abuse mitigation, thus reducing the time they have to spend doing it. ---Rsk
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Apr 15, 2008, at 10:33 AM, Rich Kulawiec wrote: On Tue, Apr 15, 2008 at 11:22:59AM -0400, William Herrin wrote: There's a novel idea. Require incoming senior staff at an email company to work a month at the abuse desk before they can assume the duties for which they were hired. My hunch says that's a non-starter. It also doesn't keep qualified folks at the abuse desk; it shuffles them through. Require all technical staff and their management to work at the abuse desk on a rotating basis. This should provide them with ample motivation to develop effective methods for controlling abuse generation, thus reducing the requirement for abuse mitigation, thus reducing the time they have to spend doing it. Unfortunately many of the skills required to be a competent abuse desk worker are quite specific to an abuse desk, and are not typically possessed by random technical staff. So, to bring this closer to nanog territory, it's a bit like saying that all the sales and customer support staff should be given enable access to your routers and encouraged to run them on a rotating basis, so that they understand the complexities of BGP and will better understand the impact their decisions will have on your peering. Cheers, Steve
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, Apr 15, 2008 at 10:56:02AM +0530, Suresh Ramasubramanian wrote: On Tue, Apr 15, 2008 at 10:16 AM, Paul Ferguson [EMAIL PROTECTED] wrote: As I mentioned in my presentation at NANOG 42 in San Jose, the biggest barrier we face in shrinking the time-to-exploit window with regards to contacting people responsible for assisting in mitigating malicious issues is finding someone to actually respond. Fergie.. you (and various others in the send emails, expect takedowns biz) - phish, IPR violations, whatever.. you're missing a huge, obvious point If you send manual notificattions (aka email to a crowded abuse queue) expect 24 - 72 hours response If you have high enough numbers of the stuff to report, do what large ISPs do among themselves, set up and offer an ARF'd / IODEF feedback loop or some other automated way to send complaints, that is machine parseable, and that's sent - by prior agreement - to a specific address where the ISP can process it, and quite probably prioritize it above all the j00 hxx0r3d m3 by doing dns lookups email. That kind of report can be handled within minutes. Is there an equivalent mechanism for those of us at the fringes of the galaxy to report problems? What is probably needed for little folks like me is not instant response but rather an address and formatting specs so that the information is of maximum usefullness to you and we don't get auto-naks. After all, I can probably generate a few reports a week, but not hundreds per day. -- -=[L]=- This work was funded by The Corporation for Public Bad Art despite their protestations.
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, Apr 15, 2008 at 2:04 PM, Steve Atkins [EMAIL PROTECTED] wrote: Unfortunately many of the skills required to be a competent abuse desk worker are quite specific to an abuse desk, and are not typically possessed by random technical staff. Steve, You don't, per chance, mean to suggest that random back-office technical staff might not have the temper and disposition to remain polite and helpful with the gentleman from the state capital so upset about the interdiction of his political mailings that he's ready to sic the regulators on you and wipe you off the map? The problem is that the individual who -does- have those skills along with the technical know-how to deal with the complaint itself usually ALSO has the skills to be the customer contact for a multi-million dollar contract. If you're a manager at a company that wants to, well, make money, which chair will you ask that individual to sit in? Regards, Bill -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Apr 15, 2008, at 11:54 AM, William Herrin wrote: On Tue, Apr 15, 2008 at 2:04 PM, Steve Atkins [EMAIL PROTECTED] wrote: Unfortunately many of the skills required to be a competent abuse desk worker are quite specific to an abuse desk, and are not typically possessed by random technical staff. Steve, You don't, per chance, mean to suggest that random back-office technical staff might not have the temper and disposition to remain polite and helpful with the gentleman from the state capital so upset about the interdiction of his political mailings that he's ready to sic the regulators on you and wipe you off the map? The problem is that the individual who -does- have those skills along with the technical know-how to deal with the complaint itself usually ALSO has the skills to be the customer contact for a multi-million dollar contract. If you're a manager at a company that wants to, well, make money, which chair will you ask that individual to sit in? Not really. IMO, with decent automation[1] and a reasonably close working relationship between the abuse desk, the NOC and an internal sysadmin/developer or two, there's not that much need for a high level of technical know-how in the abuse desk staff. Good people skills are certainly important, and it'd be good to have at least one abuse desk staffer with a modicum of technical knowledge to handle basic technical questions, and help channel more complex ones to to NOC or developers efficiently, but the level of technical know-how needed to be an extremely effective abuse desk staffer is pretty low. The specific technical details they do need to know they can pick up from their peers (both within the abuse desk, in other groups of their company and, perhaps most importantly, from their peer at other companies abuse desks). It's closer to a customer support position, in skillset needed, than anything deeply technical, though an innate ability to remain calm under pressure is far more important in abuse than support. If you're big enough that you need more than one person staffing your abuse desk you can mix-n-match skills across the team too, of course. Cheers, Steve [1] Yeah, I develop abuse desk automation software, so I'm both reasonably exposed to practices at a range of ISPs and fairly biased in favor of good automation. :)
RE: Abuse response [Was: RE: Yahoo Mail Update]
So, to bring this closer to nanog territory, it's a bit like saying that all the sales and customer support staff should be given enable access to your routers and encouraged to run them on a rotating basis, so that they understand the complexities of BGP and will better understand the impact their decisions will have on your peering. We encourage managers, designers, engineers, project managers, etc. to spend a day handling customer support calls so that they understand the impacts of their decisions/work on the customer, who ultimately pays our paychecks. We run even more people through workshops where they spend some time listening to recorded customer support calls, and then plan how to prevent such problems in future so that the customers don't feel the need to call us. Of course, none of these people are expected to go in and reconfigure BGP sessions on routers, because there are working on first-line support. One of the duties of first-line support is to sift through the incoming and identify which cases need to be escalated to second or third-line support. Unless you have very good automated systems in place to ensure that the abuse desk only gets real cases to deal with, then you should be able to rotate managers and other employees through the abuse department to do some of that first-line sifting. If the outcome of this is that you make a business case for changes to abuse-desk systems and processes, then you should involve the abuse desk staff in this development work to give them some variety. Once those staff have automated themselves out of a job, you can move them to some other tools development project, or incident response work. --Michael Dillon
Re: Abuse response [Was: RE: Yahoo Mail Update]
On 15 Apr 2008, at 11:22 , William Herrin wrote: There's a novel idea. Require incoming senior staff at an email company to work a month at the abuse desk before they can assume the duties for which they were hired. At a long-previous employer we once toyed with the idea of having everybody in the (fairly small) operations and architecture/ development groups spend at least a day on the helpdesk every month. The downside to such a plan from the customer's perspective is that I'm pretty sure most of us would have been really bad helpdesk people. There's a lot of skill in dealing with end-users that is rarely reflected in the org chart or pay scale. Joe
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, 15 Apr 2008 19:14:52 EDT, Joe Abley said: The downside to such a plan from the customer's perspective is that I'm pretty sure most of us would have been really bad helpdesk people. There's a lot of skill in dealing with end-users that is rarely reflected in the org chart or pay scale. Of course - you're asking people who are *hired* because they're good at talking to inanimate objects made of melted sand, and asking them to relate to animate objects (namely, customers). Sounds like a recipe for disaster. :) pgphykYhcItQN.pgp Description: PGP signature
Re: Abuse response [Was: RE: Yahoo Mail Update]
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is? Some of the folks that are complaining about abuse response generate revenue addressing these issues. Give me some of that. I'll give you a priority line to the NOC. Disclaimer; No offense intended to security providers, I'm just stating a fact. Best, Marty On 4/15/08, Joe Abley [EMAIL PROTECTED] wrote: On 15 Apr 2008, at 11:22 , William Herrin wrote: There's a novel idea. Require incoming senior staff at an email company to work a month at the abuse desk before they can assume the duties for which they were hired. At a long-previous employer we once toyed with the idea of having everybody in the (fairly small) operations and architecture/ development groups spend at least a day on the helpdesk every month. The downside to such a plan from the customer's perspective is that I'm pretty sure most of us would have been really bad helpdesk people. There's a lot of skill in dealing with end-users that is rarely reflected in the org chart or pay scale. Joe
Re: Abuse response [Was: RE: Yahoo Mail Update]
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is? They're too busy spamming and phishing to respond to abuse reports? brandon
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, 2008-04-15 at 10:56 +0530, Suresh Ramasubramanian wrote: If you have high enough numbers of the stuff to report, do what large ISPs do among themselves, set up and offer an ARF'd / IODEF feedback loop or some other automated way to send complaints, that is machine parseable, and that's sent - by prior agreement - to a specific address where the ISP can process it, and quite probably prioritize it above all the j00 hxx0r3d m3 by doing dns lookups email. So how do the little guys play in this sandbox? My log files and spam reports are just as legit as the super-secret-handshake club guys are, and I'd like to get some respect. After all, I may be the first one to report it. Please keep a few things in mind though: - It needs to be simple to use. Web forms are a non-starter. - The output from any parsers needs to be human readable. There are too many auto-whatsit formatters for us to sit down and code to every one. - I'd like to see an actual response beyond an autoreply saying that you can't tell me who the customer is or what actions were taken. - I like dealing with other small operations and edus because humans actually do read the reports, and things get done (Thanks!). I've given up sending abuse reports to large consumer ISPs and all freemail providers because I'm not a member of the club. Any response that I'm lucky enough to get generally says something like You did not include the email headers in your complaint so we are closing this incident when I reported and FTP brute force. --Chris
Re: Yahoo Mail Update
On Sun, Apr 13, 2008 at 03:55:13PM -0500, Ross wrote: Again I disagree with the principle that this list should be used for mail operation issues but maybe I'm just in the wrong here. I don't think you're getting what I'm saying, although perhaps I'm not saying it very well. What I'm saying is that operational staff should be *listening* to relevant lists (of which this is one) and that operational staff should be *talking* on lists relevant to their particular issue(s). Clearly, NANOG is probably not the best place for most SMTP or HTTP issues, but some of the time, when those issues appear related to topics appropriate for NANOG, it might be. The rest of the time, the mailop list is probably more appropriate. While I prefer to see topics discussed in the best place (where there is considerable debate over what that might be) I think that things have gotten so bad that I'm willing to settle for, in the short term, a place, because it's easier to redirect a converation once it's underway that it seems to be to start one. For example: the silence from Yahoo on this very thread is deafening. ---Rsk
Re: Yahoo Mail Update
On Mon, Apr 14, 2008 at 6:18 AM, Rich Kulawiec [EMAIL PROTECTED] wrote: On Sun, Apr 13, 2008 at 03:55:13PM -0500, Ross wrote: Again I disagree with the principle that this list should be used for mail operation issues but maybe I'm just in the wrong here. I don't think you're getting what I'm saying, although perhaps I'm not saying it very well. What I'm saying is that operational staff should be *listening* to relevant lists (of which this is one) and that operational staff should be *talking* on lists relevant to their particular issue(s). Completely agree. Clearly, NANOG is probably not the best place for most SMTP or HTTP issues, but some of the time, when those issues appear related to topics appropriate for NANOG, it might be. The rest of the time, the mailop list is probably more appropriate. While I prefer to see topics discussed in the best place (where there is considerable debate over what that might be) I think that things have gotten so bad that I'm willing to settle for, in the short term, a place, because it's easier to redirect a converation once it's underway that it seems to be to start one. For example: the silence from Yahoo on this very thread is deafening. I think if you check historically, you'll find that Yahoo network operations team members are doing exactly as you indicate, and are *talking* on lists relevant to their particular issue(s) that is to say, here on NANOG, when it comes to networking issues, deafening silence has not been the modus operandus. The mistaken notion that a *network operations* list should have people on it to address mail server response code complaints is where I disagree with you. Ask about a BGP leakage, it'll get fixed. Enquire about how to engage in peering with Yahoo, you'll get flooded with answers; those are items the folks who read the list are empowered to deal with. Asking about topics not related to the list that they aren't empowered to deal with are going to be met with silence, because you're trying to talk to the wrong people in the wrong forum. ---Rsk Matt --always speaking for himself--his employer is more likely to pay him to shut up.
RE: Yahoo Mail Update
Ross: It seems like you're saying that there's no law when it comes to internet best-practices, and that's true, there's very little legislated. But there's a lots of best practices out there that are definitely worth following. Unfortunately business decisions don't always align themselves with the BCPs. Yes, internet service providers and operators don't need to listen, but I can't see how Yahoo's e-mail and abuse handling history arises out of good business decisions. Tell my users and tell the members of this list that -- we won't agree. As posted elsewhere, delayed delivery queues are well-represented by Yahoo. If an single operator dominates my 99% of delivery delay that's pretty close to black and white for me. 72 hours to respond to e-mail sent to the abuse account? That's much too long -- it should be at least a 4 hour response time during business hours, and for service providers and operators large enough to staff their network 24x7 for other reasons, 4 hour response time all the time. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross Sent: Sunday, April 13, 2008 4:11 PM To: Rob Szarka Cc: nanog@merit.edu Subject: Re: Yahoo Mail Update snip You can tell Earthlink whatever you want but it doesn't mean they need to follow it. Please read my previous reply about business decisions. I would agree that it is good for business to try and follow industry standards but sometimes business decisions need to be made where standards cannot be implemented. I'm not saying that is the case here and it could just be utter incompetence but not everything is black and white. A working abuse account is not the minimum requirement, I can run a mail system without that abuse account but may get blocked from sending mail to certain systems. Read above for my thoughts on standards. With that being said I do believe all companies should have a working abuse email that is appropriately staffed that can respond to complaints within 72 hours.
Abuse response [Was: RE: Yahoo Mail Update]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Frank Bulk - iNAME [EMAIL PROTECTED] wrote: 72 hours to respond to e-mail sent to the abuse account? That's much too long -- it should be at least a 4 hour response time during business hours, and for service providers and operators large enough to staff their network 24x7 for other reasons, 4 hour response time all the time. Right. You're dreaming. As I mentioned in my presentation at NANOG 42 in San Jose, the biggest barrier we face in shrinking the time-to-exploit window with regards to contacting people responsible for assisting in mitigating malicious issues is finding someone to actually respond. I'd personally jump for joy if I could count on 72 hours, or less. Unfortunately, most abuse requests/inquiries fall into a black-hole, or bounce. Very rarely do I find a helpful individual at the end of an abuse address, and that is truly unfortunate. Me, I have pretty much given up on any domain-related avenues, since they generally end up in disappointment, and found more successes in going directly to the owners of the IP allocation, and upstream ISP, a regional/national CERT/CSIRT, or law enforcement. Mow, this has no bearing on the original subject (which I have now forgotten what it is -- oh yeah, something about Yahoo! mail), but it should be additional proof that the Bad Guys know how to manipulate the system, the system is broken, and the Bad Guys are now making much more money than we are. :-) - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBDMNq1pz9mNUZTMRAtuVAJ9dP9ptygn/OrEWu7XsrffzorB5NACgz6dg vGCfQkUgbyB3QMfcR076VO0= =0fOY -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Abuse response [Was: RE: Yahoo Mail Update]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Paul Ferguson [EMAIL PROTECTED] wrote: Mow, this has no bearing on the original subject (which I have now forgotten what it is -- oh yeah, something about Yahoo! mail), but it should be additional proof that the Bad Guys know how to manipulate the system, the system is broken, and the Bad Guys are now making much more money than we are. :-) Actually, that was supposed to read: Meow, this has no bearing... Just kidding. :-) http://imdb.com/title/tt0247745/ - - ferg p.s. I guess we should all lighten up a little and actually figure out out to do abuse notification/communications a bit better. Meow. -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBDq/q1pz9mNUZTMRAos2AJ9Rv3jRNc3Dmx/31Vtk8p3y0MTJ+QCfc2z8 kM2w7GkCJVc2WU6dbsp0+FI= =cp/T -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, Apr 15, 2008 at 10:16 AM, Paul Ferguson [EMAIL PROTECTED] wrote: As I mentioned in my presentation at NANOG 42 in San Jose, the biggest barrier we face in shrinking the time-to-exploit window with regards to contacting people responsible for assisting in mitigating malicious issues is finding someone to actually respond. Fergie.. you (and various others in the send emails, expect takedowns biz) - phish, IPR violations, whatever.. you're missing a huge, obvious point If you send manual notificattions (aka email to a crowded abuse queue) expect 24 - 72 hours response If you have high enough numbers of the stuff to report, do what large ISPs do among themselves, set up and offer an ARF'd / IODEF feedback loop or some other automated way to send complaints, that is machine parseable, and that's sent - by prior agreement - to a specific address where the ISP can process it, and quite probably prioritize it above all the j00 hxx0r3d m3 by doing dns lookups email. That kind of report can be handled within minutes. If you send reports with lots of legal boilerplate, or reports with long lectures on why you expect an INSTANT TAKEDOWN, and send them to a busy abuse queue, there is no way - and zero reason - for the ISP people to prioritize your complaint above all the other complaints coming in. Unfortunately, most abuse requests/inquiries fall into a black-hole, or bounce. Not you, but several companies that do this as a business model need to learn how to do this properly. Some of them are spectacularly incompetent at what they do too. Me, I have pretty much given up on any domain-related avenues, since they generally end up in disappointment, and found more successes in going directly to the owners of the IP allocation, and upstream ISP, a regional/national CERT/CSIRT, or law enforcement. Yeah? And by the time your request filters right back down to where it actualy belongs.. guess what, it takes much longer than 72 hours. Mow, this has no bearing on the original subject (which I have now forgotten what it is -- oh yeah, something about Yahoo! mail), but it should be additional proof that the Bad Guys know how to manipulate the system, the system is broken, and the Bad Guys are now making much more money than we are. :-) And proof that various good guys dont know how to cooperate, and various other good guys are in the business only to score points off other providers to make themselves look good. http://blog.washingtonpost.com/securityfix/2007/12/top_10_best_worst_antiphishing.html for example.. I think Brian Krebs - given what I know of his usual high standards - would certainly have regretted publishing PR and marketing generated, highly debatable, statistics like the ones referenced in that article. --srs
Re: Abuse response [Was: RE: Yahoo Mail Update]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote: If you send reports with lots of legal boilerplate, or reports with long lectures on why you expect an INSTANT TAKEDOWN, and send them to a busy abuse queue, there is no way - and zero reason - for the ISP people to prioritize your complaint above all the other complaints coming in. In fact, we have done just that -- develop a standard boilerplate very similar to what PIRT uses in its notification(s) to the stakeholders in phishing incidents. Again, our success rate is somewhere in the 50% neighborhood. And that is after a few months of fine-tuning -- and 15 years of experience in these matters. :-) Nothing to write home about... - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBD5wq1pz9mNUZTMRAtyzAJ9yeVdLNPQYgCoacK5sNwe3N9xZ9QCeLSlS /JALeFX6VwD6Qb430CSt6yI= =f3fI -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Yahoo Mail Update
On Thu, Apr 10, 2008 at 8:54 PM, Rich Kulawiec [EMAIL PROTECTED] wrote: On Thu, Apr 10, 2008 at 05:51:23PM -0700, chuck goolsbee wrote: Thanks for the update Jared. I can understand your request to not be used as a proxy, but it exposes the reason why Yahoo is thought to be clueless: They are completely opaque. They can not exist in this community without having some visibity and interaction on an operational level. I heartily second this. Yahoo (and Hotmail) (and Comcast and Verizon) mail system personnel should be actively participating here, on mailop, on spam-l, etc. A lot of problems could be solved (and some avoided) with some interaction. ---Rsk Why should large companies participate here about mail issues? Last I checked this wasn't the mailing list for these issues: NANOG is an educational and operational forum for the coordination and dissemination of technical information related to backbone/enterprise networking technologies and operational practices. But lets just say for a second this is the place to discuss company xys's mail issue. What benefit do they have participating here? Likely they'll be hounded by people who have some disdain for their company and no matter what they do they will still be evil or wrong in some way. It is easy for someone who has 10,000 users to tell someone who has 50 million users what to do when they don't have to work with such a large scale enterprise. I find it funny when smaller companies always tell larger companies what they need to be doing. -- Ross ross [at] dillio.net 314-558-6455
Re: Yahoo Mail Update
At 01:58 AM 4/13/2008, you wrote: Why should large companies participate here about mail issues? Last I checked this wasn't the mailing list for these issues: True, though some aspects of mail service are inextricably tied to broader networking issues, and thus participation here might still benefit them. But sadly Yahoo doesn't even seem to participate in more relevant forums, such as the spam-l list. But lets just say for a second this is the place to discuss company xys's mail issue. What benefit do they have participating here? Likely they'll be hounded by people who have some disdain for their company and no matter what they do they will still be evil or wrong in some way. I've never seen someone treated badly for trying to help resolve problems. I think we all know that it can be hard to get things done within a large company and that often the folks who participate on a list like this are taking on work that isn't strictly speaking their job when they try to help resolve mail issues. And when a large company that was a mess does a turnaround, they also get praised: just look at the many positive comments about AOL on this and other lists over the past few years. It is easy for someone who has 10,000 users to tell someone who has 50 million users what to do when they don't have to work with such a large scale enterprise. I wouldn't presume to tell them how to accomplish something within their particular configuration. But I will, without apology, tell them that they need to accomplish it. For example, I'm quite comfortable saying that Earthlink should follow the minimum timeouts in RFC 1123, though I wouldn't presume to guess whether they should accomplish that by having separate fast and slow queues on different servers, on the same server, or not at all. Likewise, a working abuse role account is a minimum requirement for participation in the Internet email system, and I'm comfortable saying that the email it receives should be read by a competent human. I find it funny when smaller companies always tell larger companies what they need to be doing. When what the larger companies do enables criminal behavior that impacts the very viability of the smaller companies through de factor DoS attacks, it's not funny at all. Yahoo, for example, has chosen a business model (free email with little to no verification) that inevitably leads to spam being originated from their systems. Why should they be able to shift the cost of their business model to me, just because I run a much smaller business?
Re: Yahoo Mail Update
On Sun, Apr 13, 2008 at 3:57 PM, Rob Szarka [EMAIL PROTECTED] wrote: True, though some aspects of mail service are inextricably tied to broader networking issues, and thus participation here might still benefit them. But sadly Yahoo doesn't even seem to participate in more relevant forums, such as the spam-l list. There are other lists, far more relevant than spam-l or nanae. There's a way to present spam issues and mail filtering operationally.. and I see it all the time at MAAWG meetings, just for example. The issue here is that 90% of the comments on a thread related to this are from people who might be wizards at packet pushing, but cant filter spam. Or on mailserver lists you might find people who can write sendmail.cf from scratch instead of building it from a .mc file and still dont know about the right way to do spam filtering. When what the larger companies do enables criminal behavior that impacts the very viability of the smaller companies through de factor DoS attacks, it's not funny at all. Yahoo, for example, has chosen a business model (free email with little to no verification) that inevitably leads to spam being originated from their systems. Why should they be able to shift the cost of their business model to me, just because I run a much smaller business? So has hotmail, so have several of the domains that we host. srs -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Yahoo Mail Update
On Sun, Apr 13, 2008 at 1:58 AM, Ross [EMAIL PROTECTED] wrote: [ clip ] I heartily second this. Yahoo (and Hotmail) (and Comcast and Verizon) mail system personnel should be actively participating here, on mailop, on spam-l, etc. A lot of problems could be solved (and some avoided) with some interaction. ---Rsk Why should large companies participate here about mail issues? Last I checked this wasn't the mailing list for these issues: It is an operations list and part of operating a network is delivering content of protocols whether it be http or smtp. [ clip ] But lets just say for a second this is the place to discuss company xys's mail issue. What benefit do they have participating here? Likely they'll be hounded by people who have some disdain for their company and no matter what they do they will still be evil or wrong in some way. They can use an alias if they don't want to publish under their company banner. It is easy for someone who has 10,000 users to tell someone who has 50 million users what to do when they don't have to work with such a large scale enterprise. I find it funny when smaller companies always tell larger companies what they need to be doing. When lots of smaller companies tell larger companies what to do, they typically do it. Part of the value of a community like NANOG is for groups of smaller companies to demonstrate both the positive and negative aspects of products(routers) or services(mail) of others so that these other companies (cisco, Yahoo!, et. al.) can learn from us and either create new products(Nexus 7000) or add features(LISP) and fixes(autosecure) or (abuse desk). The fact that a bunch of little companies are pointing out the operational inefficiencies of large providers (of mail services) should offer some value to them, and to us. The reason why these operations are not open and friendly is because they are overhead and cost of doing business. I doubt you'll see any investments in making it easier, but if the interaction process was better explained or simplified, it might be helpful. Having some provider or group(MAAWG?) explain the new and improved overhead driven mail/abuse desk would make an excellent NANOG presentation, IMHO, and it could include a V6 slant like and to handle V6 abuse issues the plan is.. Best, -M
Re: Yahoo Mail Update
On Sun, Apr 13, 2008 at 8:24 PM, Martin Hannigan [EMAIL PROTECTED] wrote: Having some provider or group(MAAWG?) explain the new and improved overhead driven mail/abuse desk would make an excellent NANOG presentation, IMHO, and it could include a V6 slant like and to handle V6 abuse issues the plan is.. MAAWG spent three entire meetings drafting this - and a very interactive drafting process it was too (hang flipcharts on the walls, each with a key question, people circulate around the room with marker pens, write their ideas. Other people rate these ideas. The flipcharts are then taken down, the contents edited to produce a BCP Here's the abuse desk management BCP - one that includes several things that I personally regard as a very good idea indeed - http://www.maawg.org/about/publishedDocuments/Abuse_Desk_Common_Practices.pdf And by the time v6 actually gets used for exchanging email except between guy with personal colo and a tunneled /48, and freebsd.org / isc.org etc hosted lists .. you'll probably find that the basic concepts of filtering remain much the same, v4, v6 (or perhaps even Jim Fleming's or that Chinese vendor's IPv9) srs -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Yahoo Mail Update
Suresh Ramasubramanian wrote: On Sun, Apr 13, 2008 at 3:57 PM, Rob Szarka [EMAIL PROTECTED] wrote: True, though some aspects of mail service are inextricably tied to broader networking issues, and thus participation here might still benefit them. But sadly Yahoo doesn't even seem to participate in more relevant forums, such as the spam-l list. There are other lists, far more relevant than spam-l or nanae. There's a way to present spam issues and mail filtering operationally.. and I see it all the time at MAAWG meetings, just for example. MAAWG, is fine but the requirements for participation are substantially higher than the nanog list. The issue here is that 90% of the comments on a thread related to this are from people who might be wizards at packet pushing, but cant filter spam. Or on mailserver lists you might find people who can write sendmail.cf from scratch instead of building it from a .mc file and still dont know about the right way to do spam filtering. People who have operational problems don't generally get to pick the skillset they already have just because a problem appears, some cognizance of that is surely in order. If the discussion is headed further in the meta-direction we should take it to futures.
Re: Yahoo Mail Update
On Sun, Apr 13, 2008 at 10:09 PM, Joel Jaeggli [EMAIL PROTECTED] wrote: MAAWG, is fine but the requirements for participation are substantially higher than the nanog list. * Quite a lot of ISPs who already attend nanog are also maawg members * Lots of independent tech experts (Dave Crocker, Chris Lewis, Joe St.Sauver from UOregon etc) are regulars at maawg, designated as senior tech advisors * Quite a few other invited guest type people So, not as bad as it sounds People who have operational problems don't generally get to pick the skillset they already have just because a problem appears, some cognizance of that is surely in order. That was the only meta comment I had here. I'll stop now. srs -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Yahoo Mail Update
At 08:49 AM 4/13/2008, Suresh Ramasubramanian wrote: There are other lists, far more relevant than spam-l or nanae. Feel free to suggest some that you feel would be more appropriate or effective. Since reaching them via [EMAIL PROTECTED] or any of their published phone numbers doesn't seem to work, backchannels are all that's left. (I do, however, subscribe to many lists and have yet to notice a presence of clueful Yahoo people on any of them.) Yahoo, for example, has chosen a business model (free email with little to no verification) that inevitably leads to spam being originated from their systems. So has hotmail, so have several of the domains that we host. Indeed, and I didn't mean to imply that Yahoo was necessarily worse than Hotmail (and several free email providers based outside the US, as far as I can tell). The difference, as I'm sure you're aware, is that some free email providers seem to care enough to minimize the costs they impose on the rest of us by responding appropriately to the inevitable abuse.
Re: Yahoo Mail Update
On Sun, Apr 13, 2008 at 12:58:59AM -0500, Ross wrote: On Thu, Apr 10, 2008 at 8:54 PM, Rich Kulawiec [EMAIL PROTECTED] wrote: I heartily second this. Yahoo (and Hotmail) (and Comcast and Verizon) mail system personnel should be actively participating here, on mailop, on spam-l, etc. A lot of problems could be solved (and some avoided) with some interaction. Why should large companies participate here about mail issues? Last I checked this wasn't the mailing list for these issues: It's got nothing to do with size (large); Joe's ISP in Podunk should be on this lists as well. And one of the reasons I suggested multiple lists is that each has its own focus, so those involved with the care and feeding of mail systems should probably be on a number of them, in order to interact with something approximating the right set of peers at other operations. (Of course not all lists are appropriate for all topics.) But lets just say for a second this is the place to discuss company xys's mail issue. What benefit do they have participating here? Likely they'll be hounded by people who have some disdain for their company and no matter what they do they will still be evil or wrong in some way. They're more likely to be hounded by people who have disdain for their incompetence and the resulting operational issues they impose on their peers. But if they're reluctant to face the unhappiness of their peers -- those whose networks, systems and users are abused on a daily basis and who thus have ample reason to be unhappy -- then maybe they should try something different, such as doing their jobs properly. It is easy for someone who has 10,000 users to tell someone who has 50 million users what to do when they don't have to work with such a large scale enterprise. This is mythology. Someone who can *competently* run a 10,000 user operation will have little-to-no difficulty running a 50 million user operation. (In some ways, the latter is considerably easier.) It's not a matter of the size of anyone's operation, it's a matter of how well it's run, which in turn speaks to the knowledge, experience, diligence, etc. of those running it. ---Rsk
Re: Yahoo Mail Update
On Sun, Apr 13, 2008 at 3:24 PM, Rich Kulawiec [EMAIL PROTECTED] wrote: On Sun, Apr 13, 2008 at 12:58:59AM -0500, Ross wrote: On Thu, Apr 10, 2008 at 8:54 PM, Rich Kulawiec [EMAIL PROTECTED] wrote: I heartily second this. Yahoo (and Hotmail) (and Comcast and Verizon) mail system personnel should be actively participating here, on mailop, on spam-l, etc. A lot of problems could be solved (and some avoided) with some interaction. Why should large companies participate here about mail issues? Last I checked this wasn't the mailing list for these issues: It's got nothing to do with size (large); Joe's ISP in Podunk should be on this lists as well. And one of the reasons I suggested multiple lists is that each has its own focus, so those involved with the care and feeding of mail systems should probably be on a number of them, in order to interact with something approximating the right set of peers at other operations. (Of course not all lists are appropriate for all topics.) Again I disagree with the principle that this list should be used for mail operation issues but maybe I'm just in the wrong here. Maybe this list is intended for everything internet related, if so I have some complaints I'd like to post about slow download speeds at my current isp. I think maybe there should be a better mission statement to clarify what it is intended for. Again large companies don't need to participate here. They have the user base so you either have to deal with them or block them. Then you have the business decisions of who is going to be more unhappy, their users who can't reach 10k in email accounts or your user base who can't reach 50 million in email accounts. This is the cost of doing business and yes it sucks at times but these choices you have to make as an operator. The businesses that do participate here and on other lists should be commended but it isn't an operational necessity for their business. But lets just say for a second this is the place to discuss company xys's mail issue. What benefit do they have participating here? Likely they'll be hounded by people who have some disdain for their company and no matter what they do they will still be evil or wrong in some way. They're more likely to be hounded by people who have disdain for their incompetence and the resulting operational issues they impose on their peers. But if they're reluctant to face the unhappiness of their peers -- those whose networks, systems and users are abused on a daily basis and who thus have ample reason to be unhappy -- then maybe they should try something different, such as doing their jobs properly. I'll say it again, it is easy to tell someone who has a much larger economy of scale how to do their job properly when you are the small fish in the pond. These guys have a lot of politics in their jobs to deal with so where you may be the sole shot caller in your organization they may have to work through the layers in their organization. I fully believe we could work out some of the operational inefficiencies if I were the only person making decisions but I'm not and that is the reality of big business. It is easy for someone who has 10,000 users to tell someone who has 50 million users what to do when they don't have to work with such a large scale enterprise. This is mythology. Someone who can *competently* run a 10,000 user operation will have little-to-no difficulty running a 50 million user operation. (In some ways, the latter is considerably easier.) It's not a matter of the size of anyone's operation, it's a matter of how well it's run, which in turn speaks to the knowledge, experience, diligence, etc. of those running it. ---Rsk If you say so, I find this comment pretty darn humorous saying 10k users should be easily scalable to 50 million. *sending to list this time -- Ross ross [at] dillio.net 314-558-6455
Re: Yahoo Mail Update
On Sun, Apr 13, 2008 at 5:27 AM, Rob Szarka [EMAIL PROTECTED] wrote: At 01:58 AM 4/13/2008, you wrote: Why should large companies participate here about mail issues? Last I checked this wasn't the mailing list for these issues: True, though some aspects of mail service are inextricably tied to broader networking issues, and thus participation here might still benefit them. But sadly Yahoo doesn't even seem to participate in more relevant forums, such as the spam-l list. Maybe their management or legal has told them not to. I know when I worked for a certain company we were forbidden from replying to operational lists or forums for fear of employees responses being used against the company in court or in the news. But lets just say for a second this is the place to discuss company xys's mail issue. What benefit do they have participating here? Likely they'll be hounded by people who have some disdain for their company and no matter what they do they will still be evil or wrong in some way. I've never seen someone treated badly for trying to help resolve problems. I think we all know that it can be hard to get things done within a large company and that often the folks who participate on a list like this are taking on work that isn't strictly speaking their job when they try to help resolve mail issues. And when a large company that was a mess does a turnaround, they also get praised: just look at the many positive comments about AOL on this and other lists over the past few years. I have seen plenty of people working for isps being abused even when trying to help solve problems, maybe not on this list but definitely on others. In many larger companies people have defined roles and structured goals they need to accomplish or face termination so they may not have time to participate in other venues. Companies that give their management/employees latitude and encourage working in the community should be praised but not all companies are setup this way. If you don't like how yahoo is responding to issues I would suggest sending certified letters to every person in upper management you can find as these people can typically implement changes. It is easy for someone who has 10,000 users to tell someone who has 50 million users what to do when they don't have to work with such a large scale enterprise. I wouldn't presume to tell them how to accomplish something within their particular configuration. But I will, without apology, tell them that they need to accomplish it. For example, I'm quite comfortable saying that Earthlink should follow the minimum timeouts in RFC 1123, though I wouldn't presume to guess whether they should accomplish that by having separate fast and slow queues on different servers, on the same server, or not at all. Likewise, a working abuse role account is a minimum requirement for participation in the Internet email system, and I'm comfortable saying that the email it receives should be read by a competent human. You can tell Earthlink whatever you want but it doesn't mean they need to follow it. Please read my previous reply about business decisions. I would agree that it is good for business to try and follow industry standards but sometimes business decisions need to be made where standards cannot be implemented. I'm not saying that is the case here and it could just be utter incompetence but not everything is black and white. A working abuse account is not the minimum requirement, I can run a mail system without that abuse account but may get blocked from sending mail to certain systems. Read above for my thoughts on standards. With that being said I do believe all companies should have a working abuse email that is appropriately staffed that can respond to complaints within 72 hours. I find it funny when smaller companies always tell larger companies what they need to be doing. When what the larger companies do enables criminal behavior that impacts the very viability of the smaller companies through de factor DoS attacks, it's not funny at all. Yahoo, for example, has chosen a business model (free email with little to no verification) that inevitably leads to spam being originated from their systems. Why should they be able to shift the cost of their business model to me, just because I run a much smaller business? I would say that you may being a bit over dramatic but that may just be me. The cost of their business model isn't shifted to you, you have the choice to block yahoo email from your systems or you have the choice to deal with the issues that comes along with accepting their mail. Comparing this to DoS attacks is just a little bit over the edge to me. -- Ross ross [at] dillio.net 314-558-6455
Re: Yahoo Mail Update
On 4/10/08, chuck goolsbee [EMAIL PROTECTED] wrote: An anonymous source at Yahoo told me that they have pushed a config update sometime today out to their servers to help with these deferral issues. Please don't ask me to play proxy on this one of any other issues you may have, but take a look at your queues and they should be getting better. - Jared Thanks for the update Jared. I can understand your request to not be used as a proxy, but it exposes the reason why Yahoo is thought to be clueless: They are completely opaque. They can not exist in this community without having some visibity and interaction on an operational level. Yahoo should have a look at how things are done at AOL. While the feedback loop from the *users* at AOL is mostly a source of entertainment, dealing with the postmaster staff at AOL is a benchmark in how it should be done. *heh* Well, depending upon how the battle turns out, Yahoo is likely to go the way of whomever its new partner will be--which will either be more like AOL, or more like Hotmail. Sounds like there's already some amount of preference at least among this group as to which way they'd prefer to see the battle go. ^_^; Matt Proxy that message over and perhaps this issue of Yahoo's perennially broken mail causing the rest of us headaches will go away. It seems to come up here on nanog and over on the mailop list every few weeks. --chuck
Re: Yahoo Mail Update
An anonymous source at Yahoo told me that they have pushed a config update sometime today out to their servers to help with these deferral issues. Please don't ask me to play proxy on this one of any other issues you may have, but take a look at your queues and they should be getting better. - Jared Thanks for the update Jared. I can understand your request to not be used as a proxy, but it exposes the reason why Yahoo is thought to be clueless: They are completely opaque. They can not exist in this community without having some visibity and interaction on an operational level. Yahoo should have a look at how things are done at AOL. While the feedback loop from the *users* at AOL is mostly a source of entertainment, dealing with the postmaster staff at AOL is a benchmark in how it should be done. Proxy that message over and perhaps this issue of Yahoo's perennially broken mail causing the rest of us headaches will go away. It seems to come up here on nanog and over on the mailop list every few weeks. --chuck
RE: Yahoo Mail Update
I've talked to employees in other departments who agree that something needs changed (especially when their own mail wasn't making it to their personal yahoo inboxes) You can reach yahoo's 'mail' department(s) after doing a lot of digging and googling... Their ' Bulk Mail Advocacy Agent' was somewhat helpful, but the anti-abuse manager seemed to get things done after you at least try the proper channels of submitting a ticket and waiting about a week and still having no resolve...I submitted a ticket to them to update my whitelisted IP's from adding/removing servers and it took about a month to get a reply. AOL's postmaster is easy to reach via their 1-800# however they seem to read off the screen and are really only general support. Their actual 'postmasters' (once you get passed their general support) are usually pretty helpful and quick to resolve issues. -Ray -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of chuck goolsbee Sent: Thursday, April 10, 2008 8:51 PM To: nanog@merit.edu Subject: Re: Yahoo Mail Update An anonymous source at Yahoo told me that they have pushed a config update sometime today out to their servers to help with these deferral issues. Please don't ask me to play proxy on this one of any other issues you may have, but take a look at your queues and they should be getting better. - Jared Thanks for the update Jared. I can understand your request to not be used as a proxy, but it exposes the reason why Yahoo is thought to be clueless: They are completely opaque. They can not exist in this community without having some visibity and interaction on an operational level. Yahoo should have a look at how things are done at AOL. While the feedback loop from the *users* at AOL is mostly a source of entertainment, dealing with the postmaster staff at AOL is a benchmark in how it should be done. Proxy that message over and perhaps this issue of Yahoo's perennially broken mail causing the rest of us headaches will go away. It seems to come up here on nanog and over on the mailop list every few weeks. --chuck
Re: Yahoo Mail Update
On Thu, Apr 10, 2008 at 05:51:23PM -0700, chuck goolsbee wrote: Thanks for the update Jared. I can understand your request to not be used as a proxy, but it exposes the reason why Yahoo is thought to be clueless: They are completely opaque. They can not exist in this community without having some visibity and interaction on an operational level. I heartily second this. Yahoo (and Hotmail) (and Comcast and Verizon) mail system personnel should be actively participating here, on mailop, on spam-l, etc. A lot of problems could be solved (and some avoided) with some interaction. ---Rsk
