On Tue, Sep 15, 2015 at 01:27:03PM +0100, Matthew Newton wrote: > I got ~2,000 spam mails to our abuse address in the last three > months - so about 8,000 a year. I get about one legitimate mail per year. > > I'm sure that doesn't easily scale when you get to the size of the > big mail providers, especially as you're more likely to get spam > to that address in the first place.
It scales beautifully -- in fact, it's much easier for big mail providers to deal with this than small ones. Big ones can easily and trivially solve the problem simply by using a multi-stage pipeline of automatic sorting/filing followed by manual review...and manual review is easy when you have spare change available for hiring. (Which every large provider represented on this list does, per their own annual reports.) It turns out to be rather easy to separate almost all real abuse@ traffic from garden-variety spam, and the use of multiple stages with cross-checks reduces the error rate to almost nothing. Been there. Done that. (Free clue for stage 1: use procmail and hardcode en masse a generous selection of addresses gleaned from mailop, nanog, etc. Any traffic from those is highly likely to be legit and from your peers. Act on it instantly on receipt. Pass the rest on to subsequent stages. Note that this is NOT perfect and it is not intended to be. It's triage and it works, not only because it has a high TP rate, but because prompt attention to messages from your known peers will often alleviate the need for others to contact you, thus reducing overall abuse@ traffic volume, thus simplifying the message classification problem and simultaneously reducing its scope.) > But if you're big enough to host millions of mailboxes, you should > also be responsible enough to have staff to run all aspects of the > system, which includes standard ways of reporting problems such as > abuse@. Bingo. This is professional responsibility 101, and I've gotten very tired of the feeble excuses put forth by inferior people as to why "it can't be done". Anyone who says that should stand aside and make room for those who not only can make it happen, but understand that they *must* make it happen. ---rsk _______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
