To be clear they have an amazing abuse team, easily the first people I
would hit up if I were hiring in that area. Just top notch admins.
Blocking SMTP by default makes sense, but settling on the best way to
handle opening it (automated? manual review?) is a discussion that is
very easy to get stuck in. I don't know where they're at on that
discussion by now, but when I left it was something I would have
referred to as "on the table." That to say most of the stakeholders
would entertain the discussion.
There's likely an attached fear that appearing even remotely hostile to
customers could quickly drive them to a competitor in a pretty
competitive market. You have to think that as much as people like you
and I would appreciate them doing it, their customers would likely only
be speaking up about it to say the opposite. You might decrease abuse
complaints but you might also decrease NPS scores, and the people
sending abuse complaints are usually not your customers (so pleasing
them doesn't = $). You might think that reducing IP blacklisting could
reduce customer complaints and bad NPS scores. I don't think reality
actually plays out that way because Gmail doesn't use external
blacklists (that I'm aware of), and Microsoft will unblock individual
IPs upon request (sometimes after some back and forth), and that
accounts for almost all of what people want anyway. And even that would
only matter to customers that run mail servers anyway.
On 2023-04-07 22:02, Neil Anuskiewicz via mailop wrote:
On Apr 4, 2023, at 12:42 PM, Jarland Donnell via mailop
<mailop@mailop.org> wrote:
I feel like I've told this story before on the list, but I can't
recall. It always feels worth telling.
When I worked at DigitalOcean I took what felt like a year (may have
been less) and I focused more energy than any one person probably ever
has at any cloud provider on tackling spammers based on abuse
complaints and recognition of patterns recognized from investigating
abuse complaints. I had Python scripts running through the customer
database at one point looking for key indicators and would mass shut
down accounts either before they started to spam, or not very long
after. No false positives. I would shut down a ton of accounts every
day to zero complaints, because they were all exactly what I knew they
were and they knew what they were doing. I had video meetings with
several frequent complainers who would come at us from social media
angles to inform them of how their complaints were informing my work,
and what I was doing to try to reduce their complaints.
Despite all of that, I don't think I ever succeeded in even reducing
the complaints. The only way to tackle this successfully at a cloud
provider, in my opinion, is to block SMTP traffic and only unblock it
under certain conditions. There will never be enough humans as
dedicated and capable as I was, without raising prices to the point
that it drives customers and spammers to the clouds that aren't
spending that kind of money on abuse handling, to make a difference.
Just my 2c.
Jarland, I see your point. And with that much abuse it doesn’t seem
unreasonable to block SMTP traffic by default. Perhaps there’d be a
process of getting it turned on but with some vetting. Anyway, now I
kind of understand why so much is coming out of DO. They are trying to
bail out a class 5 rapids with a bucket. I wonder why they don’t look
at SMTP? This massive, expensive yet inadequate system doesn’t seem
likely to be in DO’s interest. Where’s the benefit to DO to do things
this way? Just curious.
Neil
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
