Yeah, maybe we should close down this thread, simply because it is a
high volume thread among only a few list members, and been going on a
while...
For the record, for our shared mail platform that we operate for smaller
ISP's and Telco's, we don't get a lot of traffic to our posted abuse
address(s) at all, in general people have give up. (We don't even get
much spam there, spammers know it is a quick trip to getting IPs
blacklisted)
So, while there are many companies with terrible or no abuse handlers,
the problem maybe is now that the other way, where noone reports it.
Automation might solve that. But we only get reports from about three
big email providers. The Comcast ones are kind of useless, normally not
spam and very aged.. The Hotmail ones are handy, but in our case it is
usually only when a person turns off their spam protection AND forwards
it to their hotmail account. And I think we had like one Rackspace
report in 4 or 5 years..
Now, it 'could' be are policies and/or customer base is not conducive to
spam activity, and a lot less compromised email accounts, than our
peers, but I doubt that is the whole picture.
We DO get compromised accounts, but our systems and people catch it
fast, and rate limiters stop the HUGE outbreaks that quickly used to get
servers blacklisted, but they do happen. Surprised that we don't get
ANY reports of those anymore. (To abuse contacts at least)
And look at all of the people reporting abuse on Twitter now.. or using
back channels. It is the lack of faith in timely reaction (or any) from
abuse departments I think that has led us to this.
I think the only way feedback loops and abuse handles will become useful
again, is for the community to say they MUST be useful, and simply stop
accepting email from those companies that do not have one.
Unfortunately, IMHO that means we have to stop accepting email from some
of the largest providers in the world.. and since I don't see that
happening any time soon, I think we might be wasting our breathes and
time on this issue.
Instead, the status quo will continue.. detect spam, block the sender,
and put the onus on the remote email operator.. Or buy a commercial
product which makes and handles that decision making decision for you.
Trouble is, that puts us on a path where only the very large survive.
Enough doom and gloom..
My suggestion? Instead of focusing on making the little guys do things
they probably aren't going to do, and having them loose their customers
to the 'too big to block', let's start at the top.
Let's see if we can make a system that will stop the spam from leaking
out of the biggest operators, those that SHOULD be able to afford to do
it right..
Until we can get Gmail to terminate/change the password on THEIR the
spammers immediately when reported, we don't have a viable system that
will work.
-0-
(or even better, stop them before they do, how hard is it for them to
rate limit? ;) force the use of separate mailing lists servers for bulk
email, if I get ONE more 'Google Top Ranking' in my spam folder I will
scream )
On 2022-01-17 3:47 p.m., Scott Mutter via mailop wrote:
We've really taken the original topic off course. But I feel that we
may be taking the secondary topic off course as well.
All the talk about abuse contacts in RDAP or RP DNS - I'm not saying
that these have merits... BUT... Is Microsoft/Yahoo/Gmail/*insert
whatever big name email service* sending EVERY spam/abuse complaint for
messages from the IP address to these contact addresses?
That's part of the issue - and we're kind of seeing that within this
discussion. There's a lot of different ways to publish an abuse
address, so many in fact... do the entities reporting the abuse (i.e.
Microsoft/Yahoo/Gmail) follow all of these? An abuse contact address is
only as good as the abuse information that's being funneled into it.
Another words, if Microsoft is never sending anything to the Abuse
contact in RDAP... what good does it do to have an abuse contact in RDAP?
Additionally, are all of these big name email service providers going to
automatically send feedback to these abuse contacts for every single
message that their users flag as spam or that their systems flags as spam?
That's where a distinction needs to be made.
I feel like the abuse contact that's being suggested in RDAP, RP,
rWhois, etc - are all intended to be manually sent by a human, i.e.
someone from one of these big name email service providers
(Microsoft/Yahoo/Gmail). And I don't really see them having humans
tasked with manually sending out these abuse notices for every spam
message that an IP address sends.
That's where I feel feedback loops are more automated and generally
better equipped to notify the difference makers that can really take
action on the spam/abuse.
An example situation would be, if Microsoft/Hotmail/Outlook is getting
spam from one of my servers - I'd very much like to know about it. I'd
very much like to see the headers of those messages, so that I can track
down the offending account and stop it. But I can only do that if
Microsoft/Hotmail/Outlook tells me that they are receiving spam from one
of my servers. I can only track it down if I have some message headers
to go on. If Microsoft/Hotmail/Outlook is not going to send me that
notice and information... then how can I be expected to stop it? Is
Microsoft/Hotmail/Outlook sending ALL of that information/notices to the
abuse address in RDAP, RP, rWhois, etc? Or are they just deciding at
some point that they've received too much spam from my server, that
they're just going to block the IP address and never tell anyone that
could potentially make a difference?
On Mon, Jan 17, 2022 at 5:08 PM John Levine via mailop
<mailop@mailop.org <mailto:mailop@mailop.org>> wrote:
It appears that Grant Taylor via mailop <gtay...@tnetconsulting.net
<mailto:gtay...@tnetconsulting.net>> said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>On 1/17/22 11:49 AM, Scott Mutter via mailop wrote:
>> Do reverse DNS entries support the TXT structure?
>
>I can't remember the last time I used it to say with any
certainty. But
>would completely expect that it would. Remember, reverse DNS is
simply
>a permutation to a forward DNS query to an ARPA subdomain.
There's no technical difference between a reverse DNS zone and any
other DNS zone. I have an MX in mine so you can send mail to me
at jo...@18.183.57.64.in-addr.arpa, just because I can.
BUT ...
See my previous message about RDAP. If people want to publish
contact info for their IP ranges, they can do it now in the
RIR WHOIS. The problem is that they don't want to.
Also, in most organizations there is a great distance between the
people who run mail servers and the people who run rDNS. As often
as not, the rDNS is run by an upstream network, not the operator
themselves. So even if it were a good idea to put RP records into
the rDNS, which it isn't (see above) the practical obstacles would
be huge.
R's,
John
PS:
>> Or an IP address has to reverse back to a hostname - put the TXT
record
>> in that DNS zone.
>
>I don't think it's good to /rely/ or /depend/ on PTR records
resolving
>IPs to host names.
Dunno about you, but where I am, if an IP does not have matching forward
and reverse DNS, that is a very strong signal that it's not supposed to
be hosting a server and you don't want to accept mail from it.
_______________________________________________
mailop mailing list
mailop@mailop.org <mailto:mailop@mailop.org>
https://list.mailop.org/listinfo/mailop
<https://list.mailop.org/listinfo/mailop>
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
