On Thu, Sep 10, 2015 at 08:47:25AM -0700, Michael Peddemors wrote: > While you are absolutely right that network operators and email > server operators should be the place that the majority of the work > is done (at the source), (egress filtering, blocking DUL traffic to > Port 25 et al), and simple monitoring and rate limiting.
That's part of it, sure. But having working RFC 2152 role addresses, paying attention to what shows up there, and *answering every single one of those messages* is also part of the job. Yes, I really do expect postmas...@gmail.com to work and I expect a personal, individual reply to every message sent there. This is NOT a difficult task and if Gmail can't handle it, they should shut down immediately. Same for ab...@aol.com, postmas...@yahoo.com, and so on. (I'm looking at you too, AWS. For all your boasting about how wonderful your cloud service is, you've done a horribly poor job of controlling abuse from it. Aren't you even a little embarrassed by your obvious and massive incompetence?) This is baseline operational practice 101. It's what you should learn in the first hour of the first day. It's also really smart: if the entire rest of the Internet is trying to tell you where you screwed up -- by allowing abuse/attacks to escape your operation -- then you should be (a) listening (b) investigating (c) apologizing (d) fixing. (And I don't want to hear any whining about scale. If you built something bigger than you're capable of running properly and plugged it into the Internet, that's your problem. Stop being so damn cheap, spend some money, hire a few hundred people, make it happen.) As I have said before, spam (like other forms of abuse) does not magically fall out of the sky. It comes from somewhere, and the keepers of those "somewheres" are personally/professionally responsible for it. Reducing it to zero should be their top priority. But -- in practice -- it's clearly not. And that is where the biggest, most fundamental problem lies. And all of these various standards -- good, bad, indifferent -- will have zero effect on that. They're just wallpaper covering up the problem. None of them actually address the core issue, which isn't technical: it's human. > But in the end, the final decision of what is spam and what isn't > lies with the recipient. No. It most certainly does not. If traffic is UBE, then it is spam. If it's not UBE, then it's not spam. Recipients' opinions are irrevelant and not only may be discarded, they *must* be discarded. The determination of whether or not traffic is spam must be based solely on the facts because doing otherwise is unworkable and unfair to all concerned. ---rsk _______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
