|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: Ray Corbin <rcorbin@traffiq.com> To: Suresh Ramasubramanian <ops.lists@gmail.com>, Niall Donegan <niall@blacknight.com> Date: Wed, 25 Feb 2009 08:26:33 -0600 In-Reply-To: <bb0e440a0902250341j26502f69qd39f97362af40bb9@mail.gmail.com> Cc: "nanog@nanog.org" <nanog@nanog.org> Errors-To: nanog-bounces@nanog.org Funny we were just having similar conversation on mailop.org :) . Suresh is= right about the feedback loops (you also should subscribe to comcasts/hotm= ails/trend micro's (mail-abuse.com)). If you don't have an external gateway= that makes doing reports easy then they are a good way to find out when sp= am problems arise, such as the pesky Nigerian spammers who constantly find = new ways to thwart all anti-fraud checks prior to creating the accounts. On= e thing that I did, when being an email admin for a very large shared hosti= ng company, was when I ran reports of emails going to @yahoo.com I took the= top 10 or so recipients and figured out who had the forwarders setup to se= nd to them. I talked to the customer and even gave them alternative solutio= ns (such as giving them 6months free for Postini inbound anti-spam service = for that forward account). The worst ones were those who had catchalls setu= p to forward to their spam@yahoo.com account, those simply got notified tha= t it was removed.=20 -r -----Original Message----- From: Suresh Ramasubramanian [mailto:ops.lists@gmail.com]=20 Sent: Wednesday, February 25, 2009 6:42 AM To: Niall Donegan Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <niall@blacknight.com> wrote= : > > Another interesting side effect of that is email forwarder accounts. > Take a user who gets a domain on our shared hosting setup and forwards > the email for certain users to a Yahoo account. If those mails are > marked as spam, it seems to be our server that gets blacklisted rather > than the originating server. > No surprise. Guess whose IP is the one handing off to yahoo? If you have forwarding users - * Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know. > Feedback loops often aren't that useful either. We're on the AOL Scomp > feedback loop, and we've often got fairly personal email sent to our > abuse desk because the users simply press spam rather than delete. You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues. And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so] -srs
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |