|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: Ray Corbin <rcorbin@traffiq.com> To: Richey <mylists@battleop.com>, "nanog@nanog.org" <nanog@nanog.org> Date: Wed, 25 Feb 2009 10:14:31 -0600 In-Reply-To: <05e701c99762$eb810460$c2830d20$@com> Errors-To: nanog-bounces@nanog.org It depends on your environment. I've seen where it is helpful and where it = is overwhelming. If you are a smaller company and want to know why you keep= getting blocked then those should help. If you are a larger company and ge= t a several hundred a day, but you send 100k emails to AOL then it is not a= s big of a deal. If you are a shared hosting provider and you get a lot of = them you should look into what is being sent to AOL, such as forwarded spam= from customers 'auto forwards' (isolate the auto forwards to a separate IP= address and simply don't sign up for the FBL for it).... If you have a goo= d setup where only customer-originated email is being sent through the IP's= you have a FBL on, then it is useful and you shouldn't get as many complai= nts. -r -----Original Message----- From: Richey [mailto:mylists@battleop.com]=20 Sent: Wednesday, February 25, 2009 11:06 AM To: nanog@nanog.org Subject: RE: Yahoo and their mail filters.. > Feedback loops often aren't that useful either. We're on the AOL Scomp=20 > feedback loop, and we've often got fairly personal email sent to our=20 > abuse desk because the users simply press spam rather than delete. AOL's Scomp is spam it's self. If I read though 100 messages maybe one message is really spam. The other 99 are jokes, regular emails, maybe a news letter from their church, etc. Most people are lazy and would rather click on the Spam button instead of unsubscribing for a list they subscribe= d to in the first place. Richey -----Original Message----- From: Ray Corbin [mailto:rcorbin@traffiq.com]=20 Sent: Wednesday, February 25, 2009 9:27 AM To: Suresh Ramasubramanian; Niall Donegan Cc: nanog@nanog.org Subject: RE: Yahoo and their mail filters.. Funny we were just having similar conversation on mailop.org :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their spam@yahoo.com account, those simply got notified that it was removed.=20 -r -----Original Message----- From: Suresh Ramasubramanian [mailto:ops.lists@gmail.com]=20 Sent: Wednesday, February 25, 2009 6:42 AM To: Niall Donegan Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <niall@blacknight.com> wrote= : > > Another interesting side effect of that is email forwarder accounts. > Take a user who gets a domain on our shared hosting setup and forwards > the email for certain users to a Yahoo account. If those mails are > marked as spam, it seems to be our server that gets blacklisted rather > than the originating server. > No surprise. Guess whose IP is the one handing off to yahoo? If you have forwarding users - * Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know. > Feedback loops often aren't that useful either. We're on the AOL Scomp > feedback loop, and we've often got fairly personal email sent to our > abuse desk because the users simply press spam rather than delete. You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues. And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so] -srs
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |