On Mar 6, 2011, at 3:37 AM, Mynabbler wrote: > The amount of junkmail coming from your systems is unbelievable. How hard is > it to implement a cap on the amount of messages people can send out daily > with your systems.
They do that. > And that includes the number of Cc's and Bcc's one > message generates. And that. > If you would cap that on, say, a 1000 users, you would be > doing us an incredible favor. And how hard is it, if that cap is reached, to > check the messages that are being generated and when spam (which it will be > in 99999 of 100000 cases) to block the originating IP or cap the originating > IP to a maximum of 100 addresses that can be spammed daily. Not that, exactly (last I heard), but they do have a variety of IP-based rate limits. > Oh, and while > you are at it, to block that account abusing your service as well. Yep, that happens already too. > There is no filtering in the world more effective then you taking this > action and it would take an intern about two hours to implement. Are you offering yourself up as the intern? Yahoo! Mail is looking for an anti-spam intern right now: http://careers.yahoo.com/jdescription.php?frm=search_results&oid=35925 I don't see a similar listing at Microsoft, but I could ask some folks if you're interested. > Sigh. Yeah, I know it's frustrating. It's even more frustrating to constantly work on implementing and improving rate limits and other features to handle outbound spam, and know that it's still not enough. What's hard to see from the outside is exactly how much work the bad guys are putting into attacking the big webmail providers. When I worked there, we watched the spammers reduce their output to fewer than five messages per fake or stolen account per day, each message just different enough to be hard to detect, rotating through an effectively infinite number of IP addresses -- and this was BEFORE botnets got as big and as cheap as they are now. I'm not saying you should forgive the amount of spam that still gets through -- you should still block it, and outside pressure helps those teams get the resources they need to continue improving the systems. But when you do complain, do it effectively. Consider that they might have already thought of the simple stuff that's been discussed here, and on other lists, and at every academic anti-spam conference for years. And, remember that the people who make actual decisions at big companies don't read this list. Or if that was just a rant and not actually intended as a positive contribution towards reducing spam for the internet, I do understand. Ranting is necessary sometimes. The anti-spam folks at Microsoft and Yahoo! do it too. -- J.D. Falk the leading purveyor of industry counter-rhetoric solutions
