On Fri, Feb 13, 2015 at 11:53:15AM -0800, Brandon Long wrote: > Probably because fewer people by several orders of magnitude use discussion > lists than are affected by the phishing problems that DMARC and the > AOL/Yahoo MSPs are trying to solve.
1. The phishing problems that they're allegedly trying to solve via this method can NOT be solved via this method. It's such an obviously naive and utterly worthless approach that I have difficulty believing that anyone is actually ignorant enough to think it will work -- and thus I tend to think that they have another agenda entirely. 2. If AOL and Yahoo are serious about attacking phishing and other abuse problems, they should (a) be running highly effective abuse desks staffed with senior-level personnal numerous enough to respond to ALL abuse reports individually, fully, and promptly. (Don't tell me it can't be done. Of course it can. It's only a question of money and anyone who's been paying attention to their businesses knows that they have it: they just prefer to spend it on other things, and to shift the costs of dealing with their abuse to the entire rest of the Internet.) And (b) they should do something very serious about the phishing and other forms of abuse that they're emitting: AOL isn't as bad as it once was (although they fail miserably at answering mail sent to role addresses and their own published contact points), but Yahoo is an open sewer due to the sustained incompetence and negligence of its personnel over the past decade. Responsible, professional, quality operations do not emit or support abuse on a chronic and systemic basis. Anyone who can't make that happen should unplug their operation from the Internet until they can, because they're part of the problem, not the solution. And anyone who can't make that happen most certainly should not be taken seriously until they do. Bottom line: I'll consider believing that they're sincere -- albeit foolishly misguided about phishing -- when they demonstrate that they're ready, willing and able to clean up their own operations and to run them to (at least) minimally acceptable professional standards. Until then anything they say about abuse prevention can't and shouldn't be taken seriously by anyone: it's just happytalk PR BS. ---rsk _______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
