North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: /24 blocking by ISPs - Re: Problems sending mail to yahoo?

  • From: mark seiden-via mac
  • Date: Mon Apr 14 11:25:33 2008

(all opinions below my own... comments are intended to address a number of points made previously in this extended thread, by rick and others)

are you saying you don't consider the sending ip address or the envelope sender or the envelope recipient to be
a. useful for spam detection
b. personally identifiable information

having done quite a lot of spam filtering (and having worked on big mail before, e.g. on the original AOL internet gateways)
i think they are in both categories. (the HELO strings can be pretty useful also)...

the scale of mail at yahoo, gmail, hotmail, aol (maybe brightmail and postini, too) is well beyond the numbers anyone else here
is citing. i can assure you there are lots of smart and caring people working on problems of mail abuse (both
incoming from the internet and outgoing, too). both of these cost us a lot of money, and we know it.

yahoo receives > 500M visitors per month, and collects about 25 TB of logs every day. analyze that!

my understanding is the chinese govt has specific requirements regarding logging and log retention
that are compulsory for any company with servers in china. europe and other countries are trying to promulgate
laws about log retention.

logs cut both ways, by the way. they can be exculpatory as well, particularly in the case of a phished or cracked account used
for something illegal. with the ip addresses of the abuse, the defense can assert that the account owner was not whodunit.
with no logs, it's much harder to substantially defend against the govt in such cases, presumption of innocence notwithstanding.

on the original issue (as i work for yahoo, but in the security group, not in mail), we *do* try to follow the lists, at least as
lurkers. as a big and public company, somewhat in the spotlight from time to time, we are restricted from making statements
that could be misinterpreted as "speaking for the company" without going through various approval channels.

i summarized the substantive bits of this thread for yahoo mail management for their comments, and particularly seconding
the suggestion that yahoo provide more transparency to isps to make it possible for them to clean/keep clean their own houses.
there is dialog going on about improving the process so it's more predictable and less frustrating for ISPs. the forms really do
work, they tell me. (not fast enough for you, we hear clearly.)

(i just hope more transparency doesn't make things easier for, say, the Russian Business Network or the Storm gang.)

on the question of greylisting, you're right that there are delays imposed on senders of email who are perceived as spam senders
but "first connect fails" greylisting is not used. the documentation could be improved. (all documentation, except guy steele's
or mary claire van leunen's, could be improved.)

unfortunately, we're all pretty much in the same boat on this one, so let's not fight about it (at least, don't fight with me...)

On Apr 12, 2008, at 7:08 PM, Rich Kulawiec wrote:

On Sat, Apr 12, 2008 at 09:36:43AM -0700, Matthew Petach wrote:
*heh* And yet just last year, Yahoo was loudly dennounced for
keeping logs that allowed the Chinese government to imprison
political dissidents. Talk about damned if you do, damned if don't...

But those are very different kinds of logs -- with personally identifiable information. I see a sharp difference between those and logs which record (let's say) SMTP abuse incidents/attempts by originating IP address.