Just got two more Abusix reports, things have improved, and gotten worse: 1. I only was notified about one user, and it was an actual legitimate user! That is new.
2. I got a notification for that same user twice, in two different emails... huh? 3. The emails were sent as text/html, with no non-HTML version... call me mr grumpy sysadminpants, but come on... I still don't know what to do with this, so I'm just turning here to complain. Bill Cole via mailop <mailop@mailop.org> writes: > On 22 Mar 2020, at 10:28, Steve Freegard via mailop wrote: > >> Abuse reports shouldn't have to be opt-in. > > True, but these are not abuse reports to an empowered party, but rather > to possible victims. > > It's akin to the FUSSPs that use mail-based challenge/response models or > to SMTP callback verification. > >> >> I didn't design this to annoy people, > > As designed, it will intrinsically annoy people who in no way deserve > the annoyance or can benefit from it. > >> I did it because it's useful for the internet in general > > It is not. It is a response to an Internet-wide problem, but it is not > broadly useful. > >> because compromised accounts are a huge issue, > > Yes, they are. This particular response does not generally improve mail > system operators' capacity to mitigate that issue. The core reason that > compromised accounts have increased as a problem is that users have > gotten used to using the same email address and password everywhere for > authentication. This response does not address that in any way or help > anyone receiving reports address it. > >> and one that causes issues for blacklist providers like us (e.g. if >> the compromised accounts are on unblockable IPs, then we have less >> ability to stop them), so this was more about providing data that >> previously wasn't available *for free* to help the community in >> general. > > My mail logs and sometimes mailboxes are filled with essentially the > same data for free in the form of backscatter. I can get a pretty good > list of what email addresses in my domains are being shopped around at > HIBP. I've mostly eliminated even logging of credential-stuffers by > dropping their crap at the border, a thing that many small mail system > operators can do. Even the data on such activity I can look at is mostly > useless to me because it is overwhelmingly for single-purpose addresses, > role accounts, or other sorts of non-authenticating aliases. > > I really don't need or want more unrequested "free information > customized for your needs" by people who clearly do not understand my > needs and whom I am reluctant to generally shun. This should be like a > FBL: a great idea for people who can actually use it, but not something > you want to impose on everyone who might be able to use it. > > -- > Bill Cole > b...@scconsult.com or billc...@apache.org > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) > Not For Hire (currently) > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- micah _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
