If you received say... a million ab...@gmail.com emails a day, how would you handle that?
In a previous life, I worked on an email support tool, and 300 tickets a day was a really high number for a single agent, and that was mostly reading and responding with templated responses. Actually doing any level of investigation would probably be an order of magnitude less, I'm sure folks on this list have actual knowledge of how many such tickets they could do. Now add that we have people who go through their spam label at gmail and report every single message that we already knew was spam to ab...@gmail.com plus ~5 other abuse@ addresses plus to the fbi and other TLAs... So... 300 abuse agents just to say hi, 3000 to actually investigate? Now, automating abuse@ requests is more likely at that scale... trying to find common issues and problems, even across days, or maybe learning certain reporters as more useful than others... and the reported issues from that are still a drop in the bucket compared to the known spammy accounts issues you get from other sources. Which isn't to say it's not useful, it is, it does find this weird low level of abuse that tends to be continuous but otherwise below the major campaigns you're already catching and working on... on the other hand, ignoring it for too long and you can get a large amount of ground level abuse noise that is made up of individually small actors. Or maybe you're completely missing some new type of spam which is evading your other feedback mechanisms. I remember a prominent member of this list complaining about some spam they were getting, investigating to find that it was a single account which emailed ~1000 people a day... and they were one of those at least every couple days. A spammer with only 1000 msg/day is in the noise, but not to the receiver, they aren't seeing the hordes of spammers we're catching and stopping in the millions/day. There's also the other scale issue, which is preventing 95% of spam is fine when you're small enough, but as you get larger, the volume of the percent you miss also becomes larger. If spammers try to send 1B messages through you a day and you catch 99% of them, that's still 10M you miss. None of this is an excuse, it's to spread understanding. Michael sees what he sees from us that look simple compared to how he fights spam, we fight spam in a different way, and he doesn't see what we stop... but that doesn't mean we shouldn't stop it... but also, if it's easy for him to catch, then maybe that's ok as well. And I would definitely agree with Luke that fighting inbound spam is way easier, as we have the direct feedback signal of the receivers. There is obvious spam that we all understand is spam, but there's plenty of mail that is much harder to reason about... especially if it's in languages we don't speak, or maybe it's some vendor that's just over played it's marketing. And yes Florian, preventing bad signups and detecting hijacked accounts does become more important and can be done better with scale. Someone automating creating 5 accounts/day to spam is harder to catch than someone doing it with 1000... The five accounts a day guy is probably doing 419 or high-level phishing scams with much higher value per account, and maybe buying real sim cards for them. We can always do better. When people start to complain, it probably means we're missing something new or have let the low level things grow too much. Thanks. Brandon On Thu, Feb 4, 2021 at 1:44 PM Hans-Martin Mosner via mailop < mailop@mailop.org> wrote: > Am 04.02.21 um 17:43 schrieb Luke via mailop: > > Preventing outbound spam on a large system is a far greater challenge than > stopping inbound spam. The technical challenges are similar, but the > logistical challenges of preventing outbound spam without pissing off > customers is *far* greater than the challenge of preventing inbound spam > without pissing off customers. > > Proactively preventing spam can be difficult, that's true. > > But what you can do is to be receptive to abuse reports and act on them > swiftly, and that is where the Goog fails. Not accepting e-mailed abuse > reports is one way of saying "we don't care". > > Cheers, > Hans-Martin > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
