Re: switch speed question
> Not every bit in results in just one bit out. Broadcast, multicast, > flooding for unknown MACs (or switching failures), ... They were talking about a simple scenario where a bit that enters a port will leave a port. With 24 gigabit ports, for all intents and purposes, you will only ever have 24 gigabits at the most traversing the backplane.
Re: Yahoo and their mail filters..
On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan wrote: > > Another interesting side effect of that is email forwarder accounts. > Take a user who gets a domain on our shared hosting setup and forwards > the email for certain users to a Yahoo account. If those mails are > marked as spam, it seems to be our server that gets blacklisted rather > than the originating server. > No surprise. Guess whose IP is the one handing off to yahoo? If you have forwarding users - * Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know. > Feedback loops often aren't that useful either. We're on the AOL Scomp > feedback loop, and we've often got fairly personal email sent to our > abuse desk because the users simply press spam rather than delete. You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues. And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so] -srs
Re: switch speed question
Doesn't that assume that the communicarion is unidirectional? If two hosts are exchanging 1Gbps flows, the traffic across the bus will be 2Gbps, right? And of course, this doesn't include any bus-intensive operations like multicast or things which require cpu processing - those can consume a lot more resources than the input rate of the port. -David Barak Tom Storey wrote: >> Not every bit in results in just one bit out. Broadcast, multicast, >> flooding for unknown MACs (or switching failures), ... > They were talking about a simple scenario where a bit that enters a port > will leave a port. With 24 gigabit ports, for all intents and purposes, > you will only ever have 24 gigabits at the most traversing the backplane.
Re: switch speed question
Were not considering anything other than basic switching in this scenario, as is my understanding. 2 hosts will create 2gbps of traffic as each host is inputting 1gbps into the switch (just multiply it by 12 to give you 24 ports). 3 hosts will create 3gbps of traffic as each inputs 1gbps into the switch (e.g. each host could be sending 500mbps to each of the other hosts). And thus and so forth. :-) You can only input a maximum of 24gbps into the switch, which means that only 24gbps will cross the backplane. Yes there is 48gbps if you combine tx and rx of each port, but traffic only has to cross the backplane once, from rx on one port to tx on another. Sorry if I have hijacked this thread from the OP. :-) Tom On 26/02/2009, at 12:18 AM, David Barak wrote: Doesn't that assume that the communicarion is unidirectional? If two hosts are exchanging 1Gbps flows, the traffic across the bus will be 2Gbps, right? And of course, this doesn't include any bus-intensive operations like multicast or things which require cpu processing - those can consume a lot more resources than the input rate of the port. -David Barak Tom Storey wrote: Not every bit in results in just one bit out. Broadcast, multicast, flooding for unknown MACs (or switching failures), ... They were talking about a simple scenario where a bit that enters a port will leave a port. With 24 gigabit ports, for all intents and purposes, you will only ever have 24 gigabits at the most traversing the backplane.
Re: switch speed question
On 26/02/2009, at 2:48 AM, David Barak wrote: Doesn't that assume that the communicarion is unidirectional? ... No. If two hosts are exchanging 1Gbps flows, the traffic across the bus will be 2Gbps, right? Yes. 1Gbps backplane impact per host. You have two hosts, right? One host per port? That's 1Gbps per port. So, 24 ports = 24Gbps, right? Let's try look at it another way: - A 24 port gig switch can receive at most 24Gbps. - That same switch can transmit at most 24Gbps. You don't get to add transmit and receive together to get 48Gbps. Packets don't go across the backplane once to receive, and then once more to transmit. They go across once, from the receiving port to the transmitting port. (sure, sometimes perhaps packets do go across twice, but not normally) And of course, this doesn't include any bus-intensive operations like multicast or things which require cpu processing - those can consume a lot more resources than the input rate of the port. Of course multicast/broadcast consumes more resources than the input rate. That's the point. If you receive multicast or broadcast at 1Gbps, and the multicast needs to go out all the ports, you need to transmit at 24Gbps. That's 24 x the transmit resources (and probably backplane resources, depending on architecture etc. etc.) than a single 1Gbps unicast stream. Of course, with unicast it is only getting to one host. Let's assume we have data at 1Gbps that we need to get to 24 hosts. - If we unicast, we need 24 input ports, and 24 output ports, assuming we only have gig ports (or say 3x10GE, or whatever). - If we multicast, we need 1 input port, and 24 output ports. When you compare the end result, multicast uses significantly less resources, right? In fact, perhaps some bus architectures know about how multicast works, and it consumes *less* resources than doing the same thing with many unicast streams. If the bus does not know about multicast, then the bus would treat it as 24 unicast streams, surely. -- Nathan Ward
RE: Yahoo and their mail filters..
Funny we were just having similar conversation on mailop.org :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their s...@yahoo.com account, those simply got notified that it was removed. -r -Original Message- From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Wednesday, February 25, 2009 6:42 AM To: Niall Donegan Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan wrote: > > Another interesting side effect of that is email forwarder accounts. > Take a user who gets a domain on our shared hosting setup and forwards > the email for certain users to a Yahoo account. If those mails are > marked as spam, it seems to be our server that gets blacklisted rather > than the originating server. > No surprise. Guess whose IP is the one handing off to yahoo? If you have forwarding users - * Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know. > Feedback loops often aren't that useful either. We're on the AOL Scomp > feedback loop, and we've often got fairly personal email sent to our > abuse desk because the users simply press spam rather than delete. You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues. And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so] -srs
RE: Yahoo and their mail filters..
On hotmail's defense at least their support contacts will respond to your emails. It may take a few rounds of proving that they are 'blackholing' your email and them saying 'no were not'..but after a few times of that you know exactly what to say when submitting a ticket to them (ie I sent this email to your testing account at xx:xx pm, I cc'ed my address x...@hotmail.com and it wasn't received and here are the logs showing your servers accepted the email.). -r -Original Message- From: Erik (Caneris) [mailto:erik_l...@caneris.com] Sent: Tuesday, February 24, 2009 10:11 PM To: Joe Abley; Micheal Patterson Cc: nanog@nanog.org Subject: RE: Yahoo and their mail filters.. Ditto. They appear to use some strange form of greylisting combined with blocking. What seems to help is SPF and PTRs that match the EHLO your MTAs will send. We didn't implement Domain Keys / DKIM. On a related note, don't get me started on Hotmail. They used to (still do?) silently swallow mail into a black hole after accepting it. No NDR, no spam folder, just good ol' mail shredding without anyone knowing. Again, SPF and PTRs seem to help. Oh yeah, make sure you're not sending spam to them. That might help too. ;) Erik From: Joe Abley [jab...@hopcount.ca] Sent: Tuesday, February 24, 2009 9:41 PM To: Micheal Patterson Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On 24 Feb 2009, at 21:27, Micheal Patterson wrote: > This may be old news, but I've not been in the list for quite some > time. At any rate, is anyone else having issues with Yahoo > blocking / deferring legitimate emails? Yes. Everybody else. Joe
Re: Yahoo and their mail filters..
We pretty constantly are deferred on yahoo, and at one point had all outbound mail for yahoo logged at the sender/recipient/subject/size level to get an idea what was up. In an experiment, I found that after being 'clean' (not being deferred) for close to a week, simply sending myself 1 single email, then hitting spam in the yahoo box was enough to get us being blocked for another 24 hours. I would sign up for a FBL if they had one; I find the others I have very valuable (though about 90% of what I get back is 'spam rather than delete' ). Ray Corbin wrote: Funny we were just having similar conversation on mailop.org :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their s...@yahoo.com account, those simply got notified that it was removed. -r -Original Message- From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Wednesday, February 25, 2009 6:42 AM To: Niall Donegan Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan wrote: Another interesting side effect of that is email forwarder accounts. Take a user who gets a domain on our shared hosting setup and forwards the email for certain users to a Yahoo account. If those mails are marked as spam, it seems to be our server that gets blacklisted rather than the originating server. No surprise. Guess whose IP is the one handing off to yahoo? If you have forwarding users - * Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know. Feedback loops often aren't that useful either. We're on the AOL Scomp feedback loop, and we've often got fairly personal email sent to our abuse desk because the users simply press spam rather than delete. You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues. And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so] -srs -- Eric Esslinger Information Services Manager Fayetteville Public Utilities Fayetteville, TN 37334 Phone: 931-433-1522x165 Fax: 931-433-0646 eesslin...@fpu-tn.com
slightly OT: wall mount UPS for demarc
I'm looking to buy several small wall mounted UPS's to power a telco's metro ethernet switches. (Yes, they should have provided some kind of protection, but won't). The closest suitable UPS I've found is this: http://www.tripplite.com/EN/products/model.cfm?txtSeriesID=419&EID=361&txtModelID=3640 Can anyone suggest a better alternative? I want something sturdy, preferably metal, that can screw to a wall and be worry free for years at a time.
Legislation and its effects in our world
After having a brief conversation with a friend of mine over the weekend about this new proposed legislation I was horrified to find that I could not dig anything up on it in NANOG. Surely this sort of short minded legislation should have been a bit more thought through in its effects on those that would have to implement these changes. My major concern is not just for myself but for a much broader picture. "Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations." http://www.cnn.com/2009/TECH/02/20/internet.records.bill/index.html I understand and agree that minors should be protected and I think child pornography is awful, however I think how the government is going about catching these criminals with this new legislation will not really be any more efficient than there current methods. Having a log of all IP's that come across my or anyone in America's "home" Wi-Fi for two years is not going to help "police investigations" but will cause me to have to go buy a more expensive router. So I'm just wondering, how would this legislation effect some of you on the NANOG list? -Jim
RE: [SPAM-HEADER] - Legislation and its effects in our world - Email has different SMTP TO: and MIME TO: fields in the email addresses
Another issue is civil rights. Do we want to create a surveillance society? It has already happened to a large extent in the UK and the US, but this is significant step forward ... I'll leave it at that since I am writing on corporate email and I do not represent my company on this issue. Regards, Roderick. After having a brief conversation with a friend of mine over the weekend about this new proposed legislation I was horrified to find that I could not dig anything up on it in NANOG. Surely this sort of short minded legislation should have been a bit more thought through in its effects on those that would have to implement these changes. My major concern is not just for myself but for a much broader picture. "Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations." http://www.cnn.com/2009/TECH/02/20/internet.records.bill/index.html I understand and agree that minors should be protected and I think child pornography is awful, however I think how the government is going about catching these criminals with this new legislation will not really be any more efficient than there current methods. Having a log of all IP's that come across my or anyone in America's "home" Wi-Fi for two years is not going to help "police investigations" but will cause me to have to go buy a more expensive router. So I'm just wondering, how would this legislation effect some of you on the NANOG list? -Jim
Re: switch speed question
Nathan Ward wrote: > On 26/02/2009, at 2:48 AM, David Barak wrote: >> If two hosts are exchanging 1Gbps flows, the traffic across the bus >> will be 2Gbps, right? > > You don't get to add transmit and receive together to get 48Gbps. > Packets don't go across the backplane once to receive, and then once > more to transmit. They go across once, from the receiving port to the > transmitting port. (sure, sometimes perhaps packets do go across > twice, but not normally) Assuming a crossbar switch, sure. If your ports individually look up the outgoing port for an incoming packet, request backplane to that port, and transmit, then you only need 24Gbps. If your ports need to connect to an intelligent entity on the backplane to do your routing/switching/IGMP snooping/QoS enforcement/etc, then you are indeed going to cross the backplane twice, and need both transmit and receive bandwidth. Since many of us are routing goons with store-and-forward roots, we tend to think along those lines. And it is still wise, even in this day and age, to make sure that backplane bandwidth doesn't include a central switching point, or, if it doesn't, the marketing folks haven't doubled the backplane numbers because they took it out. -Dave
Re: Legislation and its effects in our world
Hi Jim, Avoiding the politics of this issue, I suspect that many more home users will be affected than corporate or backbone admins. I already log all access to my wireless, though currently I don't keep outgoing access logs for that long. I suspect that if this were to become law, the logging mechanisms in the provided home wireless routers would need a revamp. Or at least their storage method would. -DS On Wed, Feb 25, 2009 at 8:06 AM, Jim Willis wrote: > After having a brief conversation with a friend of mine over the weekend > about this new proposed legislation I was horrified to find that I could > not > dig anything up on it in NANOG. Surely this sort of short minded > legislation > should have been a bit more thought through in its effects on those that > would have to implement these changes. My major concern is not just for > myself but for a much broader picture. > > "Republican politicians on Thursday called for a sweeping new federal law > that would require all Internet providers and operators of millions of > Wi-Fi > access points, even hotels, local coffee shops, and home users, to keep > records about users for two years to aid police investigations." > > http://www.cnn.com/2009/TECH/02/20/internet.records.bill/index.html > > > I understand and agree that minors should be protected and I think child > pornography is awful, however I think how the government is going about > catching these criminals with this new legislation will not really be any > more efficient than there current methods. Having a log of all IP's that > come across my or anyone in America's "home" Wi-Fi for two years is not > going to help "police investigations" but will cause me to have to go buy a > more expensive router. > > So I'm just wondering, how would this legislation effect some of you on the > NANOG list? > > -Jim >
Re: Legislation and its effects in our world
If it's at all like the EU Date Retention provisions, it would be in the ISP, not the home router. The Danish want the moral equivalent of a netflow trace for each user (log of the kind of information netflow records for a session for each TCP/UDP/SCTP session the user initiates or terminates, produced on presentation of a warrant or subpoena), but the EU provisions are more application layer - when did the user "sign on" to the wireless network, and when did "s/he sign off", to whom did they send emails via the ISP's servers, and so on? Without commenting on police states and such, instantiating legislation is required in each country signatory to the Cybercrime Treaty. Both major parties have been on deck during that discussion... On Feb 25, 2009, at 7:30 AM, David Stearns wrote: Hi Jim, Avoiding the politics of this issue, I suspect that many more home users will be affected than corporate or backbone admins. I already log all access to my wireless, though currently I don't keep outgoing access logs for that long. I suspect that if this were to become law, the logging mechanisms in the provided home wireless routers would need a revamp. Or at least their storage method would. -DS On Wed, Feb 25, 2009 at 8:06 AM, Jim Willis wrote: After having a brief conversation with a friend of mine over the weekend about this new proposed legislation I was horrified to find that I could not dig anything up on it in NANOG. Surely this sort of short minded legislation should have been a bit more thought through in its effects on those that would have to implement these changes. My major concern is not just for myself but for a much broader picture. "Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations." http://www.cnn.com/2009/TECH/02/20/internet.records.bill/index.html I understand and agree that minors should be protected and I think child pornography is awful, however I think how the government is going about catching these criminals with this new legislation will not really be any more efficient than there current methods. Having a log of all IP's that come across my or anyone in America's "home" Wi-Fi for two years is not going to help "police investigations" but will cause me to have to go buy a more expensive router. So I'm just wondering, how would this legislation effect some of you on the NANOG list? -Jim
RE: Yahoo and their mail filters..
> Feedback loops often aren't that useful either. We're on the AOL Scomp > feedback loop, and we've often got fairly personal email sent to our > abuse desk because the users simply press spam rather than delete. AOL's Scomp is spam it's self. If I read though 100 messages maybe one message is really spam. The other 99 are jokes, regular emails, maybe a news letter from their church, etc. Most people are lazy and would rather click on the Spam button instead of unsubscribing for a list they subscribed to in the first place. Richey -Original Message- From: Ray Corbin [mailto:rcor...@traffiq.com] Sent: Wednesday, February 25, 2009 9:27 AM To: Suresh Ramasubramanian; Niall Donegan Cc: nanog@nanog.org Subject: RE: Yahoo and their mail filters.. Funny we were just having similar conversation on mailop.org :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their s...@yahoo.com account, those simply got notified that it was removed. -r -Original Message- From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Wednesday, February 25, 2009 6:42 AM To: Niall Donegan Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan wrote: > > Another interesting side effect of that is email forwarder accounts. > Take a user who gets a domain on our shared hosting setup and forwards > the email for certain users to a Yahoo account. If those mails are > marked as spam, it seems to be our server that gets blacklisted rather > than the originating server. > No surprise. Guess whose IP is the one handing off to yahoo? If you have forwarding users - * Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know. > Feedback loops often aren't that useful either. We're on the AOL Scomp > feedback loop, and we've often got fairly personal email sent to our > abuse desk because the users simply press spam rather than delete. You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues. And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so] -srs
Re: Legislation and its effects in our world
Sorry to intrude, but it is based on the reading of the law and at least according to ars technica's article ( http://arstechnica.com/tech-policy/news/2009/02/are-you-an-electronic-communication-service-provider.ars) that excludes home routers. That's not to say it couldn't be reinterpreted in the future. Also worth noting is that this is a Republican proposition and both sides still seem a bit bitter about the stimulus. ~Sean On Wed, Feb 25, 2009 at 9:58 AM, Fred Baker wrote: > If it's at all like the EU Date Retention provisions, it would be in the > ISP, not the home router. The Danish want the moral equivalent of a netflow > trace for each user (log of the kind of information netflow records for a > session for each TCP/UDP/SCTP session the user initiates or terminates, > produced on presentation of a warrant or subpoena), but the EU provisions > are more application layer - when did the user "sign on" to the wireless > network, and when did "s/he sign off", to whom did they send emails via the > ISP's servers, and so on? > > Without commenting on police states and such, instantiating legislation is > required in each country signatory to the Cybercrime Treaty. Both major > parties have been on deck during that discussion... > > > On Feb 25, 2009, at 7:30 AM, David Stearns wrote: > > Hi Jim, >> Avoiding the politics of this issue, I suspect that many more home users >> will be affected than corporate or backbone admins. I already log all >> access to my wireless, though currently I don't keep outgoing access logs >> for that long. I suspect that if this were to become law, the logging >> mechanisms in the provided home wireless routers would need a revamp. Or >> at >> least their storage method would. >> -DS >> >> On Wed, Feb 25, 2009 at 8:06 AM, Jim Willis >> wrote: >> >> After having a brief conversation with a friend of mine over the weekend >>> about this new proposed legislation I was horrified to find that I could >>> not >>> dig anything up on it in NANOG. Surely this sort of short minded >>> legislation >>> should have been a bit more thought through in its effects on those that >>> would have to implement these changes. My major concern is not just for >>> myself but for a much broader picture. >>> >>> "Republican politicians on Thursday called for a sweeping new federal law >>> that would require all Internet providers and operators of millions of >>> Wi-Fi >>> access points, even hotels, local coffee shops, and home users, to keep >>> records about users for two years to aid police investigations." >>> >>> http://www.cnn.com/2009/TECH/02/20/internet.records.bill/index.html >>> >>> >>> I understand and agree that minors should be protected and I think child >>> pornography is awful, however I think how the government is going about >>> catching these criminals with this new legislation will not really be any >>> more efficient than there current methods. Having a log of all IP's that >>> come across my or anyone in America's "home" Wi-Fi for two years is not >>> going to help "police investigations" but will cause me to have to go buy >>> a >>> more expensive router. >>> >>> So I'm just wondering, how would this legislation effect some of you on >>> the >>> NANOG list? >>> >>> -Jim >>> >>> > >
RE: Yahoo and their mail filters..
It depends on your environment. I've seen where it is helpful and where it is overwhelming. If you are a smaller company and want to know why you keep getting blocked then those should help. If you are a larger company and get a several hundred a day, but you send 100k emails to AOL then it is not as big of a deal. If you are a shared hosting provider and you get a lot of them you should look into what is being sent to AOL, such as forwarded spam from customers 'auto forwards' (isolate the auto forwards to a separate IP address and simply don't sign up for the FBL for it) If you have a good setup where only customer-originated email is being sent through the IP's you have a FBL on, then it is useful and you shouldn't get as many complaints. -r -Original Message- From: Richey [mailto:myli...@battleop.com] Sent: Wednesday, February 25, 2009 11:06 AM To: nanog@nanog.org Subject: RE: Yahoo and their mail filters.. > Feedback loops often aren't that useful either. We're on the AOL Scomp > feedback loop, and we've often got fairly personal email sent to our > abuse desk because the users simply press spam rather than delete. AOL's Scomp is spam it's self. If I read though 100 messages maybe one message is really spam. The other 99 are jokes, regular emails, maybe a news letter from their church, etc. Most people are lazy and would rather click on the Spam button instead of unsubscribing for a list they subscribed to in the first place. Richey -Original Message- From: Ray Corbin [mailto:rcor...@traffiq.com] Sent: Wednesday, February 25, 2009 9:27 AM To: Suresh Ramasubramanian; Niall Donegan Cc: nanog@nanog.org Subject: RE: Yahoo and their mail filters.. Funny we were just having similar conversation on mailop.org :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their s...@yahoo.com account, those simply got notified that it was removed. -r -Original Message- From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Wednesday, February 25, 2009 6:42 AM To: Niall Donegan Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan wrote: > > Another interesting side effect of that is email forwarder accounts. > Take a user who gets a domain on our shared hosting setup and forwards > the email for certain users to a Yahoo account. If those mails are > marked as spam, it seems to be our server that gets blacklisted rather > than the originating server. > No surprise. Guess whose IP is the one handing off to yahoo? If you have forwarding users - * Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know. > Feedback loops often aren't that useful either. We're on the AOL Scomp > feedback loop, and we've often got fairly personal email sent to our > abuse desk because the users simply press spam rather than delete. You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues. And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so] -srs
Re: Legislation and its effects in our world
I agree - Although this isn't legal advice and I'm not a lawyer: It amends 18 U.S.C. §2703 which is entitled "Required Disclosure of Customer Communications or Records" which refers to providers, not home users... Better question: 1) Is there a reasonable expectation of privacy in the communications between end users and their providers so as to give rise to a 4th amendment issue? (Might have already been asked and answered...) On Feb 25, 2009, at 11:12 AM, Sean Hunter wrote: Sorry to intrude, but it is based on the reading of the law and at least according to ars technica's article ( http://arstechnica.com/tech-policy/news/2009/02/are-you-an-electronic-communication-service-provider.ars) that excludes home routers. That's not to say it couldn't be reinterpreted in the future. Also worth noting is that this is a Republican proposition and both sides still seem a bit bitter about the stimulus. ~Sean On Wed, Feb 25, 2009 at 9:58 AM, Fred Baker wrote: If it's at all like the EU Date Retention provisions, it would be in the ISP, not the home router. The Danish want the moral equivalent of a netflow trace for each user (log of the kind of information netflow records for a session for each TCP/UDP/SCTP session the user initiates or terminates, produced on presentation of a warrant or subpoena), but the EU provisions are more application layer - when did the user "sign on" to the wireless network, and when did "s/he sign off", to whom did they send emails via the ISP's servers, and so on? Without commenting on police states and such, instantiating legislation is required in each country signatory to the Cybercrime Treaty. Both major parties have been on deck during that discussion... On Feb 25, 2009, at 7:30 AM, David Stearns wrote: Hi Jim, Avoiding the politics of this issue, I suspect that many more home users will be affected than corporate or backbone admins. I already log all access to my wireless, though currently I don't keep outgoing access logs for that long. I suspect that if this were to become law, the logging mechanisms in the provided home wireless routers would need a revamp. Or at least their storage method would. -DS On Wed, Feb 25, 2009 at 8:06 AM, Jim Willis wrote: After having a brief conversation with a friend of mine over the weekend about this new proposed legislation I was horrified to find that I could not dig anything up on it in NANOG. Surely this sort of short minded legislation should have been a bit more thought through in its effects on those that would have to implement these changes. My major concern is not just for myself but for a much broader picture. "Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations." http://www.cnn.com/2009/TECH/02/20/internet.records.bill/index.html I understand and agree that minors should be protected and I think child pornography is awful, however I think how the government is going about catching these criminals with this new legislation will not really be any more efficient than there current methods. Having a log of all IP's that come across my or anyone in America's "home" Wi-Fi for two years is not going to help "police investigations" but will cause me to have to go buy a more expensive router. So I'm just wondering, how would this legislation effect some of you on the NANOG list? -Jim
Music Industry vs ISPs
As a lot of you probably heard about the agreement involving one of the largest ISPs and the music industry ... In the followup the music industry decided to threaten ALL ISPs in Ireland: http://blog.blacknight.com/irma-threatens-irish-isps.html Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
RE: slightly OT: wall mount UPS for demarc
This is what we have used in the past. http://www.apc.com/resource/include/techspec_index.cfm?base_sku=BH500NET Hope that helps. -- Date: Wed, 25 Feb 2009 09:57:35 -0500 From: Peter Pauly Subject: slightly OT: wall mount UPS for demarc To: nanog@nanog.org Message-ID: Content-Type: text/plain; charset=ISO-8859-1 I'm looking to buy several small wall mounted UPS's to power a telco's metro ethernet switches. (Yes, they should have provided some kind of protection, but won't). The closest suitable UPS I've found is this: http://www.tripplite.com/EN/products/model.cfm?txtSeriesID=419&EID=361&t xtModelID=3640 Can anyone suggest a better alternative? I want something sturdy, preferably metal, that can screw to a wall and be worry free for years at a time.
Re: Yahoo and their mail filters..
On 2/25/09 9:05 AM, Richey wrote: AOL's Scomp is spam it's self. If I read though 100 messages maybe one message is really spam. The other 99 are jokes, regular emails, maybe a news letter from their church, etc. Most people are lazy and would rather click on the Spam button instead of unsubscribing for a list they subscribed to in the first place. My favorites for AOL Scomp reports are when people report sub/unsub as spam, then send nasty e-mails 20 minutes later that they either never got confirmation of what they did, or that it never actually removed them. Had one user in particular, who reported mailing list as spam, purged them from said list myself, then 30 mins later signed back up, reported the subscription confirmation as spam, then complained after I removed him again. Not exactly brightest bulb some of them are. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
RE: slightly OT: wall mount UPS for demarc
We use a product similar to this: http://www.rackmountsolutions.net/Wallmount_Rack_V_Series.asp - d. On Wed, 25 Feb 2009, ryan.sla...@tac.com wrote: This is what we have used in the past. http://www.apc.com/resource/include/techspec_index.cfm?base_sku=BH500NET Hope that helps. -- Date: Wed, 25 Feb 2009 09:57:35 -0500 From: Peter Pauly Subject: slightly OT: wall mount UPS for demarc To: nanog@nanog.org Message-ID: Content-Type: text/plain; charset=ISO-8859-1 I'm looking to buy several small wall mounted UPS's to power a telco's metro ethernet switches. (Yes, they should have provided some kind of protection, but won't). The closest suitable UPS I've found is this: http://www.tripplite.com/EN/products/model.cfm?txtSeriesID=419&EID=361&t xtModelID=3640 Can anyone suggest a better alternative? I want something sturdy, preferably metal, that can screw to a wall and be worry free for years at a time. -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli http://www.dominiceidson.com/
RE: Yahoo and their mail filters..
On Wed, 25 Feb 2009, Richey wrote: AOL's Scomp is spam it's self. If I read though 100 messages maybe one message is really spam. The other 99 are jokes, regular emails, maybe a news letter from their church, etc. Most people are lazy and would rather click on the Spam button instead of unsubscribing for a list they subscribed to in the first place. Why the hell can't AOL integrate the standard listserv commands integrated into many subscription emails into a friggin' button in their email client, right next to "Spam" (or even in place of it) that says "Unsubscribe?" I realize it could be used badly if globalized, but if AOL got off their duff and vetted some of the higher volume truly honest subscription emailers and allowed their emails to activate the Spam->Unsub button, it might save everyone some headaches. --- Peter Beckman Internet Guy beck...@angryox.com http://www.angryox.com/ ---
Re: Yahoo and their mail filters..
On Wed, 25 Feb 2009, Suresh Ramasubramanian wrote: > > Christ .. Yahoo did say "complaints". And it can take a very low > level of complaints before a block goes into place - especially for > low volume (corporate etc) mailservers. I don't think this is Yahoo reacting to spam complaints because a large number of sites (many universities, for instance) are being affected by this problem at the same time. Tony. -- f.anthony.n.finchhttp://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
Re: Legislation and its effects in our world
I am not a lawyer; I am a person that can read something that is written in the English language, and considered by some to be a "reasonable man". So please don't consider this to be legal advice. Also, although I am posting from a Cisco account, this note represents my understanding based on a reading of the text of the bill, not an opinion of or advice by Cisco. Further, I do not represent myself as either for or against the legislation or the implied technology. I have opinions on all that, but I'll save them for another email. #include The text of the bill, which is in committee, is at http://www.govtrack.us/congress/billtext.xpd?bill=s111-436 . Read the text of the bill before continuing with my comments on it or on Declan's article. Most of the bill is about defining "child pornography", such as " inserting ‘1466A (relating to obscene visual representation of the abuse of children),’ before ‘section 1708’", or about changing penalties. Data retention is discussed in section 5: SEC. 5. RETENTION OF RECORDS BY ELECTRONIC COMMUNICATION SERVICE PROVIDERS. Section 2703 of title 18, United States Code, is amended by adding at the end the following: ‘(h) Retention of Certain Records and Information- A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.’. In context, this is about providers of a service. BTW, it doesn't talk about *creating* a record that doesn't exist, it talks about *retaining* records that have already been created, such as billing records or other records that would support billing and maintenance. IANAL, so run this by your lawyers, but a provider of a service is in the FCC definitions someone that sells a service to random purchasers, not someone that provides communications to his own employees, students, or family members. This came up during the discussion by the FCC about lawful intercept and what constituted a network that had to implement it several years ago. This is confirmed, says the "reasonable man", by the definition of the offense in Section 3: ‘(a) Offense- Whoever, being an Internet content hosting provider or email service provider, knowingly engages in any conduct the provider knows or has reason to believe facilitates access to, or the possession of, child pornography (as defined in section 2256) shall be fined under this title or imprisoned not more than 10 years, or both. Note the lack of reference to home routers, wireless in any form, or any of the other stuff Declan mentions in his article: (CNET) -- Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations. I would ask you, how many local coffee shops or hotels that you know of operate their own Internet access? How many instead contract with T- Mobile or some other provider? Since the billing record is done with the provider (you somehow pay a bill to T-Mobile-or-whoever for use of the wifi and you identify yourself to them at the time you access the service), whom would you expect might be required to "retain" those records? I would also be a trifle careful with Declan's repeated references to the party of the person who submitted the bill. The bill is, or at least looks like, enabling legislation required by the Cybercrime Treaty (http://tinyurl.com/6m9ey, Article 20 of which calls for what is now called "Data Retention"), and is pretty much in line with the current EU directive on the topic (http://tinyurl.com/2maatj). Both major parties in the US have been on deck during the negotiation of the CyberCrime Treaty, and whatever your opinion of it might be, this bill is in line with Obama campaign promises and actions as president as I understand them. I personally tend to ignore stuff written by Declan. It requires too much work to drill through the political activism and sensationalism- portrayed-as-journalism to find the germ of truth that inspired the article. On Feb 25, 2009, at 7:06 AM, Jim Willis wrote: After having a brief conversation with a friend of mine over the weekend about this new proposed legislation I was horrified to find that I could not dig anything up on it in NANOG. Surely this sort of short minded legislation should have been a bit more thought through in its effects on those that would have to implement these changes. My major concern is not just for myself but for a much broader picture. "Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers
Re: Yahoo and their mail filters..
On Wed, Feb 25, 2009 at 10:38 PM, Peter Beckman wrote: > Why the hell can't AOL integrate the standard listserv commands integrated > into many subscription emails into a friggin' button in their email > client, right next to "Spam" (or even in place of it) that says > "Unsubscribe?" Because a lot of spammers would prefer that people simply unsub from their lists rather than they get blocked? And because unsub urls could lead to a lot of nastiness if theres a truly malicious spammer? And because .. [lots of other reasons] There are a few (sender driven) initiatives to move towards a trusted unsubscribe, but .. --srs -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: Yahoo and their mail filters..
Peter Beckman wrote: > On Wed, 25 Feb 2009, Richey wrote: > >> AOL's Scomp is spam it's self. If I read though 100 messages maybe one >> message is really spam. The other 99 are jokes, regular emails, maybe a >> news letter from their church, etc. Most people are lazy and would >> rather >> click on the Spam button instead of unsubscribing for a list they >> subscribed >> to in the first place. > > Why the hell can't AOL integrate the standard listserv commands integrated > into many subscription emails into a friggin' button in their email > client, right next to "Spam" (or even in place of it) that says > "Unsubscribe?" > > I realize it could be used badly if globalized, but if AOL got off their > duff and vetted some of the higher volume truly honest subscription > emailers and allowed their emails to activate the Spam->Unsub button, it > might save everyone some headaches. > In a perfect world, the spam button would only affect delivery to that user, not everyone. Especially when they go all rabid click crazy on the spam button for personal correspondence from their mom. ~Seth
Re: Legislation and its effects in our world
ha, funny you should say that; do a quick search for "plain language of the statute" and let me know how many dissenting views in court opinions you find. Big fallacy to say that even though it's 'plain English' it means *one* thing... This is a big tangled web of statutory and common law; plain English will get you as far as a nickel in a dime store... On Feb 25, 2009, at 12:06 PM, Fred Baker wrote: I am a person that can read something that is written in the English language Ernie
Re: Yahoo and their mail filters..
Seth Mattinen wrote: In a perfect world, the spam button would only affect delivery to that user, not everyone. Especially when they go all rabid click crazy on the spam button for personal correspondence from their mom. I accuse postini of having exactly this vulnerabillity - that one user classing mail as spam automatically means it marks all other mail from that user to everyone else. There really outta be some transparency here so that everyone understands the how and the why of 'spam' classification. Mike-
Re: Yahoo and their mail filters..
On Wed, 25 Feb 2009, mike wrote: > > I accuse postini of having exactly this vulnerabillity - that one user > classing mail as spam automatically means it marks all other mail from that > user to everyone else. There really outta be some transparency here so that > everyone understands the how and the why of 'spam' classification. I like to imagine the consequences of forwarding spam complaints to my users when I can be sure who sent the original message. That ought to reduce the number of people who mark messages from friends / family / colleagues as spam... Tony. -- f.anthony.n.finchhttp://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
RE: Yahoo and their mail filters..
Maybe its me...but I don't recall seeing a 'this is spam button' for Postini. I know there is an email you can report spam to, but I doubt there is an automated process for it. I have had great success with Postini thus far and have used them for a few years. -r -Original Message- From: mike [mailto:mike-na...@tiedyenetworks.com] Sent: Wednesday, February 25, 2009 12:26 PM To: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. Seth Mattinen wrote: > > In a perfect world, the spam button would only affect delivery to that > user, not everyone. Especially when they go all rabid click crazy on the > spam button for personal correspondence from their mom. > > > I accuse postini of having exactly this vulnerabillity - that one user classing mail as spam automatically means it marks all other mail from that user to everyone else. There really outta be some transparency here so that everyone understands the how and the why of 'spam' classification. Mike-
Re: Yahoo and their mail filters..
Micheal Patterson wrote: This may be old news, but I've not been in the list for quite some time. At any rate, is anyone else having issues with Yahoo blocking / deferring legitimate emails? My situation is that I host our corporate mx'ers on my network, one of the companies that we recently purchased has Yahoo hosting their domains mail. Mail traffic to them is getting temporarily deferred with the "421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html"; The admin of the facility has contacted Yahoo about this but their response was for "more information" when they were told that traffic from my mx to their domain was to being deferred. I may end up just having them migrate to my systems just to maintain company communications if we can't clear this up in a timely manner. -- Micheal Patterson Yep, it's been happening to us - various explanations - and I've got at least one annoyed customer because of it. -- Jeff Shultz
Re: Yahoo and their mail filters..
On February 25, 2009 at 04:26 ste...@csudsu.com (Stefan Molnar) wrote: > For our userbase with yahoo/hotmail/aol accouts they hit the spam button > more often than delete. Then complain they do not get emails anymore from > us, then want discounts on a bill of sale they missed. It is a never ending > story. > I realize this is easier in theory than practice but I wonder how much better the whole AOL (et al) spam button would get if they ignored the spam button unless two (to pick a number) different customers clicked the same sender (I know, forged sender etc but something like that) as spam in a reasonably short amount of time like an hour or a day at most. I know of the 99.99% false positives I get I am pretty sure if the threshold were two related complaints it'd get rid of, well, probably 99.99% of them (percentages not scientifically accurate!) Ok, that's not an algorithm but I hope you see my point. My point is that what makes spam "spam" is not that some one clicks a spam button, it's that more than one person, and just two might be a sufficient threshold in practice, believes it's spam. At least from the POV of a network operator trying to id spam sources from spam button clicks. If they ever get it down to fretting about spams really sent to only one AOL (et al) customer then one could revisit this idea. P.S. I thought about this a little and decided it's more in the realm of network operations than spam per se, the same idea could be applied to any number of customer-reported problems which ripple outwards. It reminds me of years ago when I worked with the Boston Fire Dept and as you ran for the trucks the sure sign there really was a fire was fire alarm shouting over the house loudspeaker "CALLS COMING IN!" which meant hq was getting more than one unrelated report (fire box, phone) in the same general location. Then your heartbeat increased. That is, one call, who knows, two or more unrelated? Must be something. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide Software Tool & Die| Public Access Internet | SINCE 1989 *oo*
RE: Yahoo and their mail filters..
We found this issue to be associated usually with users forwarding email to a Yahoo account. If spam slips by our spam filters and gets forwarded where the enduser reports it as spam not realizing the impact on their actions. In the last couple of years we have been not allowing people to forward their accounts to yahoo, aol, hotmail, etc. Too much of a headache. Chuck -Original Message- From: Micheal Patterson [mailto:mich...@spmedicalgroup.com] Sent: Tuesday, February 24, 2009 7:28 PM To: nanog@nanog.org Subject: Yahoo and their mail filters.. This may be old news, but I've not been in the list for quite some time. At any rate, is anyone else having issues with Yahoo blocking / deferring legitimate emails? My situation is that I host our corporate mx'ers on my network, one of the companies that we recently purchased has Yahoo hosting their domains mail. Mail traffic to them is getting temporarily deferred with the "421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html"; The admin of the facility has contacted Yahoo about this but their response was for "more information" when they were told that traffic from my mx to their domain was to being deferred. I may end up just having them migrate to my systems just to maintain company communications if we can't clear this up in a timely manner. -- Micheal Patterson
Peering Wars of 1998
Hi, I'm rsrching the Peering Wars of 1998...anyone able to provide info wd be greatly appreciated. Nancy Paterson YorkU
Re: slightly OT: wall mount UPS for demarc
Peter Pauly wrote: I'm looking to buy several small wall mounted UPS's to power a telco's metro ethernet switches. (Yes, they should have provided some kind of protection, but won't). The closest suitable UPS I've found is this: http://www.tripplite.com/EN/products/model.cfm?txtSeriesID=419&EID=361&txtModelID=3640 Can anyone suggest a better alternative? I want something sturdy, preferably metal, that can screw to a wall and be worry free for years at a time. Any UPS will have batteries, probably sealed lead-acid for a small UPS. That is likely to negate "worry free for years at a time", especially if wall-mounted in an unconditioned demarc/MPOE closet as opposed to a temperature-controlled data center. At a minimum, plan on an annual visit to do routine maintenance and load test the batteries. You'll be lucky to get more than three years of service out of them. A typical Chatsworth, etc. 19-inch rack shelf available in various depths can be flipped around and screwed to a wall to support many of the stand-alone UPSes. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: Yahoo and their mail filters..
- Original Message - From: "Barry Shein" To: Cc: "Suresh Ramasubramanian" ; "Micheal Patterson" ; Sent: Wednesday, February 25, 2009 11:58 AM Subject: Re: Yahoo and their mail filters.. On February 25, 2009 at 04:26 ste...@csudsu.com (Stefan Molnar) wrote: > For our userbase with yahoo/hotmail/aol accouts they hit the spam > button more often than delete. Then complain they do not get emails > anymore from us, then want discounts on a bill of sale they missed. > It is a never ending story. > I realize this is easier in theory than practice but I wonder how much better the whole AOL (et al) spam button would get if they ignored the spam button unless two (to pick a number) different customers clicked the same sender (I know, forged sender etc but something like that) as spam in a reasonably short amount of time like an hour or a day at most. I know of the 99.99% false positives I get I am pretty sure if the threshold were two related complaints it'd get rid of, well, probably 99.99% of them (percentages not scientifically accurate!) Ok, that's not an algorithm but I hope you see my point. My point is that what makes spam "spam" is not that some one clicks a spam button, it's that more than one person, and just two might be a sufficient threshold in practice, believes it's spam. At least from the POV of a network operator trying to id spam sources from spam button clicks. If they ever get it down to fretting about spams really sent to only one AOL (et al) customer then one could revisit this idea. Barry, there's also the honest accidental emailings that are being clicked as spam as well. In the days of old, spam was unsolicited bulk email. The problem that I see currently is what is Sally in Florida is sending mail to j...@thisdomain.com, hosted by yahoo, when they should have sent it to j...@thisdomain.com or j...@thisdomain.com and the recipient clicks it as spam. Bam, Sally's now a spammer in the eyes of yahoo. This is not much different in practice than what Spews used to do. Blow out an entire /16 to stop what they "percieved" as spam from someone deep in the trenches, without very little recourse to remove yourself from the axe path unless you switched providers. -- Micheal Patterson
Re: Yahoo and their mail filters..
Barry Shein wrote: I realize this is easier in theory than practice but I wonder how much better the whole AOL (et al) spam button would get if they ignored the spam button unless two (to pick a number) different customers clicked the same sender (I know, forged sender etc but something like that) as spam in a reasonably short amount of time like an hour or a day at most. Well there's a problem with that too. Lets say that you happen to need to deal with various office workers, who just happen to be the kind of folks who hold the public they serve in low regard and high contempt. Lets further say that these office workers feel no obligation to obey the law or demonstrate any consideration whatsoever for you or the trouble their callous inconsideration actions have caused you, requiring that you repeatedly and persistiently make contact and state your case. Lets further say that these same office workers - who are incompetent functionaries bewildered by that pointy thing on the screen and have zero forethought about the consequences of their actions - decide it's easier to deal with you by clicking 'spam' repeatedly instead of engaging in that conversation and working twords a resolution of the problem you need to report. We forget here on nanog that our list participants are (usually) high functioning people with substantial computer, technical, communications experience and who approach their personal communications a lot differently than the average 'end user', who has difficulty even finding the 'on' button let alone using it to any great effect. I run into the above described office worker stereotype on a frequent basis (the bearer of bad news, or having to represent someone or some cause) and the default action - spam - is almost universal amoungst these types. Just because THEY say it's spam, doesn't mean a whole lot of anything other than maybe you interrupted their coffee break or it would be too much work and maybe someone else will get the message so they don't have to do anything. The idea of using a group of users to effectively 'vote' only works when the group in question is comprised of reasonable people, and unfortunately, freemail users and office workers 'protected by postini' are the least likely candidates to make reasonable choices with votes for spam. $0.02 Mike-
Re: Yahoo and their mail filters..
Tony Finch wrote: On Wed, 25 Feb 2009, Suresh Ramasubramanian wrote: Christ .. Yahoo did say "complaints". And it can take a very low level of complaints before a block goes into place - especially for low volume (corporate etc) mailservers. I don't think this is Yahoo reacting to spam complaints because a large number of sites (many universities, for instance) are being affected by this problem at the same time. Universities are often major sources of spam. Spam is sent directly from virus-infected student computers, and spam is also sent to students at their university email address and then .forwarded on to the student's outside (or post-university) email account - when the student receives forwarded spam at their Yahoo account and clicks "this is spam" the university is considered the "source" of the spam. jc
Re: Yahoo and their mail filters..
- Original Message - From: "Chuck Schick" To: Sent: Wednesday, February 25, 2009 12:18 PM Subject: RE: Yahoo and their mail filters.. We found this issue to be associated usually with users forwarding email to a Yahoo account. If spam slips by our spam filters and gets forwarded where the enduser reports it as spam not realizing the impact on their actions. In the last couple of years we have been not allowing people to forward their accounts to yahoo, aol, hotmail, etc. Too much of a headache. Chuck I could see that if my situation was where I was forwarding to a personal yahoo account, but these are business customers that aren't able to whitelist who they recieve email from. I just checked in their domain panel and see no options of setting any whitelisting or spam settings in the yahoo's business email control panel. My current solution is to just move their email away from yahoo competely and just host it here with the rest of my corporate email users. -- Micheal Patterson
Re: Yahoo and their mail filters..
On Wed, 25 Feb 2009 10:44:13 PST, JC Dill said: > Universities are often major sources of spam. Spam is sent directly > from virus-infected student computers, Got any numbers to back up the claim that virus-infected student computers are anywhere near the problem that virus-infected student's-parents computers are? (I'm not saying universities are perfect - we have to nuke several users a day because their accounts or machines fall under enemy control. But I see a lot of people repeating the meme without any numbers to back it up) pgpab37eDb61s.pgp Description: PGP signature
Re: Legislation and its effects in our world
On Wed, 25 Feb 2009 09:06:13 -0800 Fred Baker wrote: > Data retention is discussed in section 5: > > > SEC. 5. RETENTION OF RECORDS BY ELECTRONIC COMMUNICATION SERVICE > > PROVIDERS. > > Section 2703 of title 18, United States Code, is amended by adding > > at the end the following: > > ‘(h) Retention of Certain Records and Information- A provider of > > an electronic communication service or remote computing service > > shall retain for a period of at least two years all records or > > other information pertaining to the identity of a user of a > > temporarily assigned network address the service assigns to that > > user.’. Doing a thorough analysis of this bill is on my to-do list, possibly for a flight home on Friday. For now, I think the applicability remains ambiguous, because it's amending a law that was written ~25 years ago, when the concept of home computers was fairly new, let alone home providers of services... That said -- the definitions for 18 USC 2703 are in 18 USC 2510 (http://www4.law.cornell.edu/uscode/18/2510.html) and 18 USC 2711 (http://www4.law.cornell.edu/uscode/18/usc_sec_18_2711000-.html). The former includes the following: (15) “electronic communication service” means any service which provides to users thereof the ability to send or receive wire or electronic communications; the latter says (2) the term “remote computing service” means the provision to the public of computer storage or processing services by means of an electronic communications system; Now -- the remote computing definition includes "to the public", which pretty clearly excludes home users. The definition of "electronic communication service” is not limited to those serving "the public". In other parts of the statute, the phrase "to the public" is sometimes used, sometimes not; see, for example, 18 USC 2511(2)(a)(i) and 18 USC 2702(a)(1). I'm not a lawyer, either, but as I understand things where parts of a statute use a qualifier and parts don't the courts tend to conclude that Congress knew what it was doing when it differentiated the two cases. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: Yahoo and their mail filters..
On Wed, 25 Feb 2009, Suresh Ramasubramanian wrote: On Wed, Feb 25, 2009 at 10:38 PM, Peter Beckman wrote: Why the hell can't AOL integrate the standard listserv commands integrated into many subscription emails into a friggin' button in their email client, right next to "Spam" (or even in place of it) that says "Unsubscribe?" Because a lot of spammers would prefer that people simply unsub from their lists rather than they get blocked? And because unsub urls could lead to a lot of nastiness if theres a truly malicious spammer? And because .. [lots of other reasons] On Wed, Feb 25, 2009 at 10:38 PM, Peter Beckman ALSO wrote: I realize it could be used badly if globalized, but if AOL got off their duff and vetted some of the higher volume truly honest subscription emailers and allowed their emails to activate the Spam->Unsub button, it might save everyone some headaches. As I said (but you clipped), the suggestion could (and would likely) be abused if turned on globally, but if AOL vetted some of the more popular subscription mailings where people were clicking spam rather than unsubscribe for trusted sources, it could work. There are a few (sender driven) initiatives to move towards a trusted unsubscribe, but .. I think in order for an Unsubscribe button to be implemented by Gmail, Yahoo, AOL, etc, there would have to be some sort of internally reviewed list of trusted senders for which each company had a mail admin contact for (technical implementation not applicable for this discussion). Working together to communicate openly about subscription email with trusted parties would help (in theory) to reduce the effects of clueless end users who lazily click "Spam" and cause headaches for both senders and receivers of legitimate subscription email. Beckman --- Peter Beckman Internet Guy beck...@angryox.com http://www.angryox.com/ ---
[ MDVSA-2009:054 ] nagios (fwd)
-- Forwarded message -- Date: Wed, 25 Feb 2009 01:05:01 +0100 From: secur...@mandriva.com Reply-To: xsecur...@mandriva.com To: bugt...@securityfocus.com Subject: [ MDVSA-2009:054 ] nagios -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:054 http://www.mandriva.com/security/ ___ Package : nagios Date: February 24, 2009 Affected: Corporate 4.0 ___ Problem Description: A vulnerability has been identified and corrected in nagios: Cross-site scripting (XSS) vulnerability in Nagios allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2007-5624 and CVE-2008-1360 (CVE-2007-5803). The updated packages have been upgraded to the latest version of nagios to prevent this. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5803 ___ Updated Packages: Corporate 4.0: 2f4eff0f154fb6b5470d1cb0fad177be corporate/4.0/i586/nagios-3.1.0-0.1.20060mlcs4.i586.rpm 97dd676d23af47a198b4d7d8a4a98772 corporate/4.0/i586/nagios-devel-3.1.0-0.1.20060mlcs4.i586.rpm 19658855978419d653aa3ad103d4a202 corporate/4.0/i586/nagios-theme-default-3.1.0-0.1.20060mlcs4.i586.rpm a6f6d5a202d2261977fc45fb5f0cf239 corporate/4.0/i586/nagios-www-3.1.0-0.1.20060mlcs4.i586.rpm 810578c6a17cd25e2c4b5c08f5363111 corporate/4.0/SRPMS/nagios-3.1.0-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: fcca43b9dfedae723b76beee215b4ae4 corporate/4.0/x86_64/nagios-3.1.0-0.1.20060mlcs4.x86_64.rpm f6051010aa536ff0943693e29a86dfea corporate/4.0/x86_64/nagios-devel-3.1.0-0.1.20060mlcs4.x86_64.rpm 485776dee99e096ce00e34a90f9b4af5 corporate/4.0/x86_64/nagios-theme-default-3.1.0-0.1.20060mlcs4.x86_64.rpm 3eecf54904721ef8ce9fb3c75a40be66 corporate/4.0/x86_64/nagios-www-3.1.0-0.1.20060mlcs4.x86_64.rpm 810578c6a17cd25e2c4b5c08f5363111 corporate/4.0/SRPMS/nagios-3.1.0-0.1.20060mlcs4.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJpGCOmqjQ0CJFipgRAu5OAJ9wt+wnm65Wvz1Nq7lumj/V6yvHVwCeO+6U efZ1ppeQ7XVjLx+IIeP8XjQ= =Vi1C -END PGP SIGNATURE-
Anybody from Godaddy abuse?
Can somebody from Godaddy contact me off-list about a malicious domain errantly listing our network as its DNS servers? Email to ab...@godaddy has gone unanswered and we're getting hit pretty hard.
Re: Yahoo and their mail filters..
On Feb 24, 2009, at 6:27 PM, Micheal Patterson wrote: This may be old news, but I've not been in the list for quite some time. At any rate, is anyone else having issues with Yahoo blocking / deferring legitimate emails? My situation is that I host our corporate mx'ers on my network, one of the companies that we recently purchased has Yahoo hosting their domains mail. Mail traffic to them is getting temporarily deferred with the "421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html"; The admin of the facility has contacted Yahoo about this but their response was for "more information" when they were told that traffic from my mx to their domain was to being deferred. I may end up just having them migrate to my systems just to maintain company communications if we can't clear this up in a timely manner. -- Micheal Patterson A few comments on this thread in general (speaking only for myself, not in any way representing my employer)... Yes, Yahoo! tend to throttle IPs at the drop of a hat, but those blocks are often gone in a few hours as well. Others have pointed out some procedures to follow to minimize the possibility of being blocked. At least they give you a useable SMTP error (usually). Incidentally this is why all my test accounts are on Gmail, because delivery to Yahoo! is often deferred for minutes to hours. Of course, given the recent Gmail outages I might have to diversify even more... As for "blackholes" that messages fall into, what is the alternative? You could say reject it in session with a readable error, but that would give spammers instant confirmation on whether their campaign is working. Also, the majority of anti-spam products I've seen have to spool the message before they scan it, so rejecting in session is simply not an option on a lot of commercial platforms. The other options is to stuff all the spam messages in a folder and expose them to the user, taking up a huge amount of storage space for something the vast majority of users are never going to look at any way. Again, a lot of commercial solutions have a scoring methodology where you can be pretty certain stuff at the top end of the scale is virtually never going to be a false positive. The amount of savings in not having to handle and store that crud massively outweighs one or two users missing a newsletter once in a while. It can make sense to expose the "mid-range spam" to users and let them decide, but why store terabytes of stuff that only a tiny fraction of the users may ever care about? If you're sending important mail that's not reaching the recipient, and you have the server logs to prove you handed it off to the destination MTA, open a ticket with them and they'll have logs to track it down. Regarding taking automatic action based on luser feedback, that is ridiculous in my opinion. From the data I see, the lusers classify mail incorrectly far more than correctly. In fact there's a running joke around here that we should simply flip the false-positive and false-negative feeds and enable auto-train, since the only thing you can reliably count on users to do is get things wrong. Submissions from administrators are _far_ more accurate (although even then, not to the point that it always makes sense to take automatic action). Blocking an entire site just because one John Doe user clicked a button they don't even understand just does not make sense. Last, anywhere that I've seen extensive use of forwards has had a maze of difficult to untangle abuse problems related to forwarded spam. Any site allowing forwarding should apply very robust filtering of outbound mail. -- bk
Re: Yahoo and their mail filters..
> Why the hell can't AOL integrate the standard listserv commands > integrated into many subscription emails into a friggin' button in > their email client, right next to "Spam" (or even in place of it) > that says "Unsubscribe?" AOL sends its spam button feedback in industry standard ARF format. It took me about 20 minutes to write a perl script that picks out the relevant bits from AOL and Hotmail feedback messages and sends unsub commands to my list manager. As to why they don't have a separate Unsub button, users wouldn't use it. AOL are not stupid, they know that people hit the spam button for all sorts of reasons, many of which have only the vaguest connection to spam. If you run a small well-run network, the only stuff you're going to see from the spam button is unsubs and false alarms. That doesn't mean the spam button is broken; it means that you're not the kind of sender they're worried about. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly.
RE: Yahoo and their mail filters..
Outbound filtering is a good idea..however after investing lots of money on hardware appliances (old company $100,000 on equipment to do just this...) you realize you have more issues then solutions. Now you allow forwarded mail, and as you stated most systems accept the messages into the queue process the message and then either bounce/quarentine/allow. You can't bounce the message because it goes back to the sender which is almost always spoofed and thus you create backscatter. You cant quarentine because then you may flag some of your customers legitimate email. Isolating your forwarded mail to a separate ip address is really, I think, the best way to handel forwarded mail. -r -Original Message- From: Brian Keefer [mailto:ch...@smtps.net] Sent: Wednesday, February 25, 2009 3:48 PM To: Micheal Patterson Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On Feb 24, 2009, at 6:27 PM, Micheal Patterson wrote: > This may be old news, but I've not been in the list for quite some > time. At any rate, is anyone else having issues with Yahoo blocking / > deferring legitimate emails? > > My situation is that I host our corporate mx'ers on my network, one of > the companies that we recently purchased has Yahoo hosting their > domains mail. Mail traffic to them is getting temporarily deferred > with the "421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily > deferred due to user complaints - 4.16.55.1; see > http://postmaster.yahoo.com/421-ts01.html"; > > The admin of the facility has contacted Yahoo about this but their > response was for "more information" when they were told that traffic > from my mx to their domain was to being deferred. I may end up just > having them migrate to my systems just to maintain company > communications if we can't clear this up in a timely manner. > > -- > Micheal Patterson A few comments on this thread in general (speaking only for myself, not in any way representing my employer)... Yes, Yahoo! tend to throttle IPs at the drop of a hat, but those blocks are often gone in a few hours as well. Others have pointed out some procedures to follow to minimize the possibility of being blocked. At least they give you a useable SMTP error (usually). Incidentally this is why all my test accounts are on Gmail, because delivery to Yahoo! is often deferred for minutes to hours. Of course, given the recent Gmail outages I might have to diversify even more... As for "blackholes" that messages fall into, what is the alternative? You could say reject it in session with a readable error, but that would give spammers instant confirmation on whether their campaign is working. Also, the majority of anti-spam products I've seen have to spool the message before they scan it, so rejecting in session is simply not an option on a lot of commercial platforms. The other options is to stuff all the spam messages in a folder and expose them to the user, taking up a huge amount of storage space for something the vast majority of users are never going to look at any way. Again, a lot of commercial solutions have a scoring methodology where you can be pretty certain stuff at the top end of the scale is virtually never going to be a false positive. The amount of savings in not having to handle and store that crud massively outweighs one or two users missing a newsletter once in a while. It can make sense to expose the "mid-range spam" to users and let them decide, but why store terabytes of stuff that only a tiny fraction of the users may ever care about? If you're sending important mail that's not reaching the recipient, and you have the server logs to prove you handed it off to the destination MTA, open a ticket with them and they'll have logs to track it down. Regarding taking automatic action based on luser feedback, that is ridiculous in my opinion. From the data I see, the lusers classify mail incorrectly far more than correctly. In fact there's a running joke around here that we should simply flip the false-positive and false-negative feeds and enable auto-train, since the only thing you can reliably count on users to do is get things wrong. Submissions from administrators are _far_ more accurate (although even then, not to the point that it always makes sense to take automatic action). Blocking an entire site just because one John Doe user clicked a button they don't even understand just does not make sense. Last, anywhere that I've seen extensive use of forwards has had a maze of difficult to untangle abuse problems related to forwarded spam. Any site allowing forwarding should apply very robust filtering of outbound mail. -- bk
Re: Yahoo and their mail filters..
On Wed, 25 Feb 2009, John Levine wrote: Why the hell can't AOL integrate the standard listserv commands integrated into many subscription emails into a friggin' button in their email client, right next to "Spam" (or even in place of it) that says "Unsubscribe?" AOL sends its spam button feedback in industry standard ARF format. It took me about 20 minutes to write a perl script that picks out the relevant bits from AOL and Hotmail feedback messages and sends unsub commands to my list manager. As to why they don't have a separate Unsub button, users wouldn't use it. AOL are not stupid, they know that people hit the spam button for all sorts of reasons, many of which have only the vaguest connection to spam. If you run a small well-run network, the only stuff you're going to see from the spam button is unsubs and false alarms. That doesn't mean the spam button is broken; it means that you're not the kind of sender they're worried about. Cool! Didn't know that. My props to AOL and Hotmail for making it easier for mail admins to deal with claims of spam. Your point on "Users wouldn't Use it" makes sense, they wouldn't. Beckman --- Peter Beckman Internet Guy beck...@angryox.com http://www.angryox.com/ ---
Re: Yahoo and their mail filters..
I think a major reason why recipients click the 'Spam' button is because often times its not obvious how to identify the opt out link in the email. You can perhaps put the opt out link on the top of the email so that the user clicks that instead of the 'Spam' button. There is also the issue of weather the user trusts the opt out link, I have been in discussions where data shows that most users don't generally trust it. On the subject of feedback loop I think that if you sign up to receive FBL emails then you must do something about it. I think its useless to sign up for FBL's and not take any action because ESP's monitor FBL rate so if they feel that you are not taking action then you can expect to see your emails go to a junk folder or be subjected to greylisting. Zaid - Original Message - From: "Peter Beckman" To: "Suresh Ramasubramanian" Cc: nanog@nanog.org Sent: Wednesday, February 25, 2009 12:28:46 PM GMT -08:00 US/Canada Pacific Subject: Re: Yahoo and their mail filters.. On Wed, 25 Feb 2009, Suresh Ramasubramanian wrote: > On Wed, Feb 25, 2009 at 10:38 PM, Peter Beckman wrote: >> Why the hell can't AOL integrate the standard listserv commands integrated >> into many subscription emails into a friggin' button in their email >> client, right next to "Spam" (or even in place of it) that says >> "Unsubscribe?" > > Because a lot of spammers would prefer that people simply unsub from > their lists rather than they get blocked? > > And because unsub urls could lead to a lot of nastiness if theres a > truly malicious spammer? > > And because .. [lots of other reasons] > > On Wed, Feb 25, 2009 at 10:38 PM, Peter Beckman ALSO wrote: >> I realize it could be used badly if globalized, but if AOL got off their >> duff and vetted some of the higher volume truly honest subscription >> emailers and allowed their emails to activate the Spam->Unsub button, it >> might save everyone some headaches. As I said (but you clipped), the suggestion could (and would likely) be abused if turned on globally, but if AOL vetted some of the more popular subscription mailings where people were clicking spam rather than unsubscribe for trusted sources, it could work. > There are a few (sender driven) initiatives to move towards a trusted > unsubscribe, but .. I think in order for an Unsubscribe button to be implemented by Gmail, Yahoo, AOL, etc, there would have to be some sort of internally reviewed list of trusted senders for which each company had a mail admin contact for (technical implementation not applicable for this discussion). Working together to communicate openly about subscription email with trusted parties would help (in theory) to reduce the effects of clueless end users who lazily click "Spam" and cause headaches for both senders and receivers of legitimate subscription email. Beckman --- Peter Beckman Internet Guy beck...@angryox.com http://www.angryox.com/ ---
Re: Yahoo and their mail filters...
Brian Keefer wrote: Regarding taking automatic action based on luser feedback, that is ridiculous in my opinion. It is that i.e., non-standard, but no more than many other things at Y! Many of their internal mailing lists, for internal use only, get more spam than actual mail. Just another example of profound extent of deferred maintenance that handicaps so much of what Yahoo does. Their new CEO knows this and is capable of addressing it. Look for changes soon, mostly to mid-level managers hired during the Semel years, managers who failed to keep their technical skills up to date. Roger Marquis
Re: Yahoo and their mail filters..
that could occur when a. student machines are botted (for institutions not blocking outbound port 25) b. student and alumni accounts are compromised by phishers (both of these just for the purposes of sending spam from well connected, reputable institutions.) and then consumers really do complain... i'm told (not just by yahoo insiders) that the forms at postmaster.yahoo.com actually do work, eventually. On Feb 25, 2009, at 9:08 AM, Tony Finch wrote: On Wed, 25 Feb 2009, Suresh Ramasubramanian wrote: Christ .. Yahoo did say "complaints". And it can take a very low level of complaints before a block goes into place - especially for low volume (corporate etc) mailservers. I don't think this is Yahoo reacting to spam complaints because a large number of sites (many universities, for instance) are being affected by this problem at the same time. Tony. -- f.anthony.n.finchhttp://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
Re: Yahoo and their mail filters..
On Feb 25, 2009, at 1:08 PM, Zaid Ali wrote: There is also the issue of weather the user trusts the opt out link, I have been in discussions where data shows that most users don't generally trust it. Zaid Nor should they. Anyone who actually researches this stuff knows that the vast majority of "unsub" links simply confirm you as a live target who will click on random links sent to them through e-mail. Incidentally, what option is specified by the CAN-SPAM act? Oh yeah, opt-out. Genius. You will never be able to educate the masses on the difference between a legit unsub link and a malicious one. The safest thing for lusers is to ignore them all. It would be nice if the webmail providers simply mapped the "report spam" function to "add sender to personal blacklist", that way lusers who report their mailing list as spam would simply stop seeing it. Unfortunately that would also result in a lot more storage requirements on the part of said webmail providers, which is probably a major reason why they don't do it. Frankly the best approach is probably to make "report as spam" a NOP. Users get it wrong the vast majority of the time. Automated honeypot analysis with oversight from clueful e-mail operators is the best way to handle uncaught spam. -- bk
RE: Yahoo and their mail filters..
We ran into this issue where we where tagging emails with ***SPAM*** and forwarding them on which got us blocked everyone once in a while pretty annoying. Carlos -Original Message- From: Chuck Schick [mailto:cha...@warp8.com] Sent: Wednesday, February 25, 2009 10:18 AM To: nanog@nanog.org Subject: RE: Yahoo and their mail filters.. We found this issue to be associated usually with users forwarding email to a Yahoo account. If spam slips by our spam filters and gets forwarded where the enduser reports it as spam not realizing the impact on their actions. In the last couple of years we have been not allowing people to forward their accounts to yahoo, aol, hotmail, etc. Too much of a headache. Chuck
Re: [ MDVSA-2009:054 ] nagios (fwd)
On Wed, Feb 25, 2009 at 1:35 PM, Gadi Evron wrote: > > > -- Forwarded message -- > Date: Wed, 25 Feb 2009 01:05:01 +0100 > From: secur...@mandriva.com > Reply-To: xsecur...@mandriva.com > To: bugt...@securityfocus.com > Subject: [ MDVSA-2009:054 ] nagios > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > ___ > > Mandriva Linux Security Advisory MDVSA-2009:054 > http://www.mandriva.com/security/ > ___ > > Package : nagios > Date : February 24, 2009 > Affected: Corporate 4.0 I hate to be pedantic but is this something that should get forwarded to NANOG? I guess the relevance is justified because a lot of network folks run Nagios...? -- Eric http://nixwizard.net
Re: [ MDVSA-2009:054 ] nagios (fwd)
Eric Gearhart wrote: I hate to be pedantic but is this something that should get forwarded to NANOG? I guess the relevance is justified because a lot of network folks run Nagios...? No, it's offtopic. I mean, CVE-2007-5803? Really? Even stranger, they mention a CVE which is 2.x based, and then upgrade the 3.1 packages. heh. I'm not sure who's slipping, mandriva or Gadi. Jack
Re: [ MDVSA-2009:054 ] nagios (fwd)
srsly? I didnt find this OT, considering its scope. Want to dictate policy? Join the MLC. Till then, /dev/null thx On Wed, Feb 25, 2009 at 4:00 PM, Jack Bates wrote: pew pew > Eric Gearhart wrote: > pew pew pew -- Jamie Rishaw // .com.a...@j <- reverse it. ish. [Impressive C-level Title Here], arpa / arpa labs
Re: Yahoo and their mail filters..
On Wed, Feb 25, 2009 at 11:28 PM, Barry Shein wrote: > I realize this is easier in theory than practice but I wonder how much > better the whole AOL (et al) spam button would get if they ignored the > spam button unless two (to pick a number) different customers clicked > the same sender (I know, forged sender etc but something like that) as > spam in a reasonably short amount of time like an hour or a day at > most. .. and you think AOL doesnt track these? Come on, barry - try to give large mailops shops with massive userbases some credit for clue level. You have all the clue in the world but you dont even begin to guess at the firehose AOL / Yahoo / we etc have to deal with. Or what we routinely do, as a matter of best practice. I wont claim perfection, infallibility etc for any of the big 3 (hotmail / yahoo / aol) or even for us (large enough - 76 million users we filter for, 40 million of which we host). But a user report based spam reporting system works quite well on the aggregate. And yes, legitimate outfits can wind up blocked (universities because of unfiltered machines on campus, and because of nigerians / phishers hacking user accounts, webhosts because of hacked scripts, or because they end up hosting a high volume spammer in part of a /24 with legit customers near him ..) One thing that may need to be improved at one place or the other is false positive handling - make that faster and more efficient, and also publish the "unblock contact path" in block messages you issue, and you would find a lot of the gripes getting resolved. To some extent anyway. Postmaster work is a place for people with decent mailops / routing skills, yes - but far more than that, it is for people with both soft skills for customer service plus a finely tuned b.s detector. It is complex, and far too long for nanog .. took maawg three or four brainstorming sessions over a year to discuss. http://www.maawg.org/about/publishedDocuments/Abuse_Desk_Common_Practices.pdf And then some others relevant to this thread - http://www.maawg.org/about/publishedDocuments/MAAWG_Email_Forwarding_BP.pdf http://www.maawg.org/port25 http://www.maawg.org/about/publishedDocuments/MAAWG_AWPG_Anti_Phishing_Best_Practices.pdf http://www.maawg.org/about/publishedDocuments --srs
ethr.net contact?
Can someone from ethr.net please contact me off list? Thanks, --paulv
Re: [ MDVSA-2009:054 ] nagios (fwd)
On Wed, Feb 25, 2009 at 3:23 PM, jamie rishaw wrote: > srsly? > > I didnt find this OT, considering its scope. > > Want to dictate policy? Join the MLC. > > Till then, /dev/null > > thx Thanks for the professional response there bud
Re: Yahoo and their mail filters..
On February 26, 2009 at 06:55 ops.li...@gmail.com (Suresh Ramasubramanian) wrote: > On Wed, Feb 25, 2009 at 11:28 PM, Barry Shein wrote: > > > I realize this is easier in theory than practice but I wonder how much > > better the whole AOL (et al) spam button would get if they ignored the > > spam button unless two (to pick a number) different customers clicked > > the same sender (I know, forged sender etc but something like that) as > > spam in a reasonably short amount of time like an hour or a day at > > most. > > .. and you think AOL doesnt track these? Come on, barry - try to give > large mailops shops with massive userbases some credit for clue level. I have no idea what they track and it's completely irrelevant. We get a steady stream of "spam" complaints from the AOL feedback loop which is virtually all either (we assume) unsubscriptions from legitimate mailing lists or random misfires, "it was nice seeing you and dad last week" From joe blow, To susie blow, which just probably isn't spam. Now, if you're still following, none (or a microscopic amt) of that would pass the "complaints came from two different sources in a fairly short amount of time" sniff test I proposed. If you track it and don't use it, well, tree falling in the forest and all that. I can see with my own eyes that nothing like this is being done. As far as I can tell from here, and other sites may see it diffferently, the feedback thing is mostly just a "please unsubscribe me from this mailing list I subscribed to and can't remember how to get off" and the occasional "oops, hit the spam button on mom's mail, oh well!" > You have all the clue in the world but you dont even begin to guess > at the firehose AOL / Yahoo / we etc have to deal with. Or what we > routinely do, as a matter of best practice. Nor is it my problem. Why should my staff and I spend valuable time subsidizing your business model? Hire more people if you feel overloaded, but don't pass the workload off on others, particularly others in the biz, we have workloads too. > I wont claim perfection, infallibility etc for any of the big 3 > (hotmail / yahoo / aol) or even for us (large enough - 76 million > users we filter for, 40 million of which we host). But a user report > based spam reporting system works quite well on the aggregate. Perhaps it works for you, but we get a non-stop stream of false positives; unsubscribes (a lot of it), Dad's out of the hospital would love to see you next week, and on and on. I was suggesting a simple improvement which would help: Don't send it as a spam report unless you get two or more complaints about the same msg/source within a short time period. It's good and valuable advice, you can send me a PO... The point is, I'm not complaining, I'm making what I think is a constructive suggestion: Don't send it until you get two or more complaints (as previously outlined.) > And yes, legitimate outfits can wind up blocked (universities because > of unfiltered machines on campus, and because of nigerians / phishers > hacking user accounts, webhosts because of hacked scripts, or because > they end up hosting a high volume spammer in part of a /24 with legit > customers near him ..) I didn't say a word about any of this... > One thing that may need to be improved at one place or the other is > false positive handling - make that faster and more efficient, and > also publish the "unblock contact path" in block messages you issue, > and you would find a lot of the gripes getting resolved. To some > extent anyway. > > Postmaster work is a place for people with decent mailops / routing > skills, yes - but far more than that, it is for people with both soft > skills for customer service plus a finely tuned b.s detector. It is > complex, and far too long for nanog .. took maawg three or four > brainstorming sessions over a year to discuss. Well, this is all nice, I'm sorry you entirely missed my rather simple and straightforward suggestion, but whatever. > http://www.maawg.org/about/publishedDocuments/Abuse_Desk_Common_Practices.pdf > > And then some others relevant to this thread - > > http://www.maawg.org/about/publishedDocuments/MAAWG_Email_Forwarding_BP.pdf > http://www.maawg.org/port25 > http://www.maawg.org/about/publishedDocuments/MAAWG_AWPG_Anti_Phishing_Best_Practices.pdf > http://www.maawg.org/about/publishedDocuments > > --srs -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide Software Tool & Die| Public Access Internet | SINCE 1989 *oo*
Re: Yahoo and their mail filters..
On Thu, Feb 26, 2009 at 8:59 AM, Barry Shein wrote: > We get a steady stream of "spam" complaints from the AOL feedback loop > which is virtually all either (we assume) unsubscriptions from > legitimate mailing lists or random misfires, "it was nice seeing you > and dad last week" From joe blow, To susie blow, which just probably > isn't spam. It depends. What WE get from the AOL fbl is by and large actual spam sent by our users. Yes there's a non trivial amount of misreported legit email but when you get near real time notification of actual spam too, that's incredibly useful. ARF - in which aol (and our) loops are sent is designed to be automatically parsed. So, go right ahead. Run the stuff through (say) SA and see what you come up with, besides running counts / numbers, user X signed up just a coupla days back and see, he's already got a couple of hundred complaints from AOL, Comcast, etc. > Why should my staff and I spend valuable time subsidizing your > business model? Hire more people if you feel overloaded, but don't > pass the workload off on others, particularly others in the biz, we > have workloads too. Well... If you think theres no value in the AOL or other feedback loops and your network is clean enough without that, well then, dont sign up to it and then bitch when all you get for your boutique network with users who are by and large fellow geeks doesnt generate any actual spam at all. On the other hand, for SPs that actually have real userbases to contend with, and on far larger scales than theworld has .. well, they'd certainly find it a lot more useful. > I was suggesting a simple improvement which would help: Don't send it > as a spam report unless you get two or more complaints about the same > msg/source within a short time period. Well .. set limits and you'll have spammers who work around those limits. Its a catch 22. Spammers have an almost infinite capacity to scale horizontally, you'll find. > I didn't say a word about any of this... It was a meta comment to the rest of this rather uninformed thread, but anyway .. > Well, this is all nice, I'm sorry you entirely missed my rather simple > and straightforward suggestion, but whatever. Saw it. Dismissed it as impractical. -srs
Re: Yahoo and their mail filters..
On Feb 25, 2009, at 5:25 PM, Suresh Ramasubramanian wrote: On Wed, Feb 25, 2009 at 11:28 PM, Barry Shein wrote: I realize this is easier in theory than practice but I wonder how much better the whole AOL (et al) spam button would get if they ignored the spam button unless two (to pick a number) different customers clicked the same sender (I know, forged sender etc but something like that) as spam in a reasonably short amount of time like an hour or a day at most. .. and you think AOL doesnt track these? Come on, barry - try to give large mailops shops with massive userbases some credit for clue level. You have all the clue in the world but you dont even begin to guess at the firehose AOL / Yahoo / we etc have to deal with. Or what we routinely do, as a matter of best practice. Whenever I see the words "best practice" I find my self wondering, "Best for who?"
Re: Yahoo and their mail filters..
On Thu, Feb 26, 2009 at 9:27 AM, Paul M. Moriarty wrote: > > Whenever I see the words "best practice" I find my self wondering, "Best for > who?" > For us, email hosting / mailbox providers, its kind of a shared best practice evolved in MAAWG meetings and elsewhere. What works for us may or may not work for say a corporate network, or a .. [etc] -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: Yahoo and their mail filters..
On February 26, 2009 at 09:14 ops.li...@gmail.com (Suresh Ramasubramanian) wrote: > > Well... If you think theres no value in the AOL or other feedback > loops and your network is clean enough without that, well then, dont > sign up to it and then bitch when all you get for your boutique > network with users who are by and large fellow geeks doesnt generate > any actual spam at all. Hey, I didn't bitch, I didn't say it was valueless, I didn't say any of this. Can't you make your point without amplifying and putting words in my mouth? It sounds to me like you just want to vent. I suggested that probably 99% of the false positives I see could be avoided by just waiting until there are two or more complaints from the same source before firing it back as spam. I'm sorry if you don't feel you got your money's worth. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide Software Tool & Die| Public Access Internet | SINCE 1989 *oo*
Re: Yahoo and their mail filters..
On Thu, Feb 26, 2009 at 9:37 AM, Barry Shein wrote: > I suggested that probably 99% of the false positives I see could be > avoided by just waiting until there are two or more complaints from > the same source before firing it back as spam. And the trouble is - that can and will be gamed by "horizontally scaling" spammers. Misreports of the sort you describe shouldnt trigger blocks anyway.
Re: Yahoo and their mail filters..
On 2/25/09, Barry Shein wrote: > On February 26, 2009 at 09:14 ops.li...@gmail.com (Suresh Ramasubramanian) > wrote: > > Well... If you think theres no value in the AOL or other feedback > > loops and your network is clean enough without that, well then, dont > > sign up to it and then bitch when all you get for your boutique > > network with users who are by and large fellow geeks doesnt generate > > any actual spam at all. > > Hey, I didn't bitch, I didn't say it was valueless, I didn't say any > of this. Can't you make your point without amplifying and putting > words in my mouth? It sounds to me like you just want to vent. > > I suggested that probably 99% of the false positives I see could be > avoided by just waiting until there are two or more complaints from > the same source before firing it back as spam. But aren't the spam messages sufficiently randomized these days to make it impossible to get *two* complaints about the same spam, since the messages are all uniquified with randomized strings in them? Matt
Re: [ MDVSA-2009:054 ] nagios (fwd)
On Wed, 25 Feb 2009, Eric Gearhart wrote: I hate to be pedantic but is this something that should get forwarded to NANOG? I guess the relevance is justified because a lot of network folks run Nagios...? As long as network operators related vulns don't start showing up every couple of months or so, I think so.
