It depends on your environment. I've seen where it is helpful and where it is overwhelming. If you are a smaller company and want to know why you keep getting blocked then those should help. If you are a larger company and get a several hundred a day, but you send 100k emails to AOL then it is not as big of a deal. If you are a shared hosting provider and you get a lot of them you should look into what is being sent to AOL, such as forwarded spam from customers 'auto forwards' (isolate the auto forwards to a separate IP address and simply don't sign up for the FBL for it).... If you have a good setup where only customer-originated email is being sent through the IP's you have a FBL on, then it is useful and you shouldn't get as many complaints.
-r -----Original Message----- From: Richey [mailto:myli...@battleop.com] Sent: Wednesday, February 25, 2009 11:06 AM To: nanog@nanog.org Subject: RE: Yahoo and their mail filters.. > Feedback loops often aren't that useful either. We're on the AOL Scomp > feedback loop, and we've often got fairly personal email sent to our > abuse desk because the users simply press spam rather than delete. AOL's Scomp is spam it's self. If I read though 100 messages maybe one message is really spam. The other 99 are jokes, regular emails, maybe a news letter from their church, etc. Most people are lazy and would rather click on the Spam button instead of unsubscribing for a list they subscribed to in the first place. Richey -----Original Message----- From: Ray Corbin [mailto:rcor...@traffiq.com] Sent: Wednesday, February 25, 2009 9:27 AM To: Suresh Ramasubramanian; Niall Donegan Cc: nanog@nanog.org Subject: RE: Yahoo and their mail filters.. Funny we were just having similar conversation on mailop.org :) . Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their s...@yahoo.com account, those simply got notified that it was removed. -r -----Original Message----- From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Wednesday, February 25, 2009 6:42 AM To: Niall Donegan Cc: nanog@nanog.org Subject: Re: Yahoo and their mail filters.. On Wed, Feb 25, 2009 at 5:02 PM, Niall Donegan <ni...@blacknight.com> wrote: > > Another interesting side effect of that is email forwarder accounts. > Take a user who gets a domain on our shared hosting setup and forwards > the email for certain users to a Yahoo account. If those mails are > marked as spam, it seems to be our server that gets blacklisted rather > than the originating server. > No surprise. Guess whose IP is the one handing off to yahoo? If you have forwarding users - * Spam filter them to reject spam rather than simply tag and forward it. * Isolate your forwarding traffic through a single IP, Let ISPs know. > Feedback loops often aren't that useful either. We're on the AOL Scomp > feedback loop, and we've often got fairly personal email sent to our > abuse desk because the users simply press spam rather than delete. You have a far smaller userbase, and a userbase you know. For us, with random nigerians and other spammers signing up / trying to sign up all the time, FBLs are invaluable as a realtime notification of spam issues. And as I said random misdirected spam reports wont trigger a block as much as your leaking forwarded spam. Or your getting a hacked cgi/php or a spammer installed direct to mx spamware. [so if you are cpanel - smtp tweak/csf firewall and mod_security for apache should be default on your install if you havent already done so] -srs
