[112368] in North American Network Operators' Group
Re: Yahoo and their mail filters..
daemon@ATHENA.MIT.EDU (Eric Esslinger)
Wed Feb 25 09:47:51 2009
Date: Wed, 25 Feb 2009 08:47:36 -0600
From: Eric Esslinger <eesslinger@fpu-tn.com>
To: nanog@nanog.org
In-Reply-To: <CBCD445C8338A84CB9EB4F96747D0D5F24FFC999F4@34093-MBX-C05.mex07a.mlsrvr.com>
Errors-To: nanog-bounces@nanog.org
We pretty constantly are deferred on yahoo, and at one point had all=20
outbound mail for yahoo logged at the sender/recipient/subject/size=20
level to get an idea what was up.
In an experiment, I found that after being 'clean' (not being deferred)=20
for close to a week, simply sending myself 1 single email, then hitting=20
spam in the yahoo box was enough to get us being blocked for another 24=20
hours.
I would sign up for a FBL if they had one; I find the others I have very =
valuable (though about 90% of what I get back is 'spam rather than=20
delete' ).
Ray Corbin wrote:
> Funny we were just having similar conversation on mailop.org :) . Sures=
h is right about the feedback loops (you also should subscribe to comcast=
s/hotmails/trend micro's (mail-abuse.com)). If you don't have an external=
gateway that makes doing reports easy then they are a good way to find o=
ut when spam problems arise, such as the pesky Nigerian spammers who cons=
tantly find new ways to thwart all anti-fraud checks prior to creating th=
e accounts. One thing that I did, when being an email admin for a very la=
rge shared hosting company, was when I ran reports of emails going to @ya=
hoo.com I took the top 10 or so recipients and figured out who had the fo=
rwarders setup to send to them. I talked to the customer and even gave th=
em alternative solutions (such as giving them 6months free for Postini in=
bound anti-spam service for that forward account). The worst ones were th=
ose who had catchalls setup to forward to their spam@yahoo.com account, t=
hose simply got notified that it was removed.=20
>
> -r
>
>
> -----Original Message-----
> From: Suresh Ramasubramanian [mailto:ops.lists@gmail.com]=20
> Sent: Wednesday, February 25, 2009 6:42 AM
> To: Niall Donegan
> Cc: nanog@nanog.org
> Subject: Re: Yahoo and their mail filters..
>
> On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <niall@blacknight.com> w=
rote:
> =20
>> Another interesting side effect of that is email forwarder accounts.
>> Take a user who gets a domain on our shared hosting setup and forwards=
>> the email for certain users to a Yahoo account. If those mails are
>> marked as spam, it seems to be our server that gets blacklisted rather=
>> than the originating server.
>>
>> =20
>
> No surprise. Guess whose IP is the one handing off to yahoo?
>
> If you have forwarding users -
>
> * Spam filter them to reject spam rather than simply tag and forward it=
=2E
> * Isolate your forwarding traffic through a single IP, Let ISPs know.
>
> =20
>> Feedback loops often aren't that useful either. We're on the AOL Scomp=
>> feedback loop, and we've often got fairly personal email sent to our
>> abuse desk because the users simply press spam rather than delete.
>> =20
>
> You have a far smaller userbase, and a userbase you know. For us, with
> random nigerians and other spammers signing up / trying to sign up all
> the time, FBLs are invaluable as a realtime notification of spam
> issues.
>
> And as I said random misdirected spam reports wont trigger a block as
> much as your leaking forwarded spam. Or your getting a hacked cgi/php
> or a spammer installed direct to mx spamware. [so if you are cpanel -
> smtp tweak/csf firewall and mod_security for apache should be default
> on your install if you havent already done so]
>
> -srs
>
>
> =20
--=20
Eric Esslinger
Information Services Manager
Fayetteville Public Utilities
Fayetteville, TN 37334
Phone: 931-433-1522x165 Fax: 931-433-0646
eesslinger@fpu-tn.com
