Re: [mailop] [SUBJECT CHANGE] Feedback loops

2022-01-18 Thread Laura Atkins via mailop 


> On 18 Jan 2022, at 02:32, Scott Mutter via mailop  wrote:
> 
> On Mon, Jan 17, 2022 at 6:06 PM Grant Taylor via mailop  > wrote:
> Why can't automated and manual reports go to the same address?  Isn't
> that what recipient side filtering is for?  E.g. separating RFC standard
> DSNs / MDNs from human generated messages, each handled by different teams.
> 
> My problem with FBLs is that I have to know to sign up for FBLs.
> Conversely, mailbox operators can probably more easily send push
> notifications to published addresses, whatever the industry accepted
> method is.
> 
> 
> I keep going back to the AOL Feedback Loop of yesteryear.  I didn't actually 
> READ every message in that mailbox.  But I could run a script through a 
> procmail recipe to increment counts by IP that AOL was sending back to that 
> FBL.  So that when an IP got 10 or so messages within a certain period it 
> would alert me at another email address that I watched.

The AOL FBL worked the way it did for a number of reasons. The big one is 
because AOL controlled the MUA. They managed the actions behind the “this is 
spam” button, and thus they could send mail when it was pushed.

When the provider doesn’t control the MUA they can’t provide the same FBL that 
AOL did because they do not have the ability to identify when the user clicks 
the TiS button. 

> Gmail and Yahoo all base their feedback loops on DomainKeys or something, 
> it's not IP based.  I know Comcast and some of the other ReturnPath customers 
> have feedback loops, but traffic on those are low too.

Right, because in most cases the provider doesn’t control the MUA. 

laura 

-- 
Having an Email Crisis?  800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: http://wordtothewise.com/blog  





___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [SUBJECT CHANGE] Feedback loops

2022-01-18 Thread Jaroslaw Rafa via mailop 
Dnia 17.01.2022 o godz. 16:41:26 Michael Peddemors via mailop pisze:
> 
> So, while there are many companies with terrible or no abuse
> handlers, the problem maybe is now that the other way, where noone
> reports it.

Speaking for myself, I don't get a lot of spam, but when I do, I don't
bother reporting it. Spam is so omnipresent today that I have the impression
that noone actually cares about spam reports. I just update my spam filter
to avoid receiving similar messages in the future. Spamassassin plus a few
RBLs plus a bunch of my custom filtering rules are doing a pretty good job.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [SUBJECT CHANGE] Feedback loops

2022-01-17 Thread Scott Mutter via mailop 
On Mon, Jan 17, 2022 at 6:06 PM Grant Taylor via mailop 
wrote:

> Why can't automated and manual reports go to the same address?  Isn't
> that what recipient side filtering is for?  E.g. separating RFC standard
> DSNs / MDNs from human generated messages, each handled by different teams.
>
> My problem with FBLs is that I have to know to sign up for FBLs.
> Conversely, mailbox operators can probably more easily send push
> notifications to published addresses, whatever the industry accepted
> method is.
>
>
I keep going back to the AOL Feedback Loop of yesteryear.  I didn't
actually READ every message in that mailbox.  But I could run a script
through a procmail recipe to increment counts by IP that AOL was sending
back to that FBL.  So that when an IP got 10 or so messages within a
certain period it would alert me at another email address that I watched.

The abuse email address and feedback loop email address don't have to be
different.  But, for me (which may not be the same thing for everyone
else), the FBL address was just means to tally information.  Sure, I could
go back into that address and manually review the feedback reports I got
and often that was the next step after being alerted to high number of
reports for a certain IP, but it's main purpose was just to automate a
tally.

I actually like feedback loops.  To my knowledge Microsoft is the only one
that has anything any where close to what the AOL Feedback Loop was like.
But it's a hassle to sign up for it, and it either goes through periods
where it's broken or it only sends reports if X number of mailings come
into Microsoft from an IP address.  Or maybe I just have some really nice
users that always send legitimate mail to Microsoft/Hotmail/Outlook
addresses and none of our servers ever get flagged as spam (begs the
question as to why Microsoft blocks our servers from time to time though).

Gmail and Yahoo all base their feedback loops on DomainKeys or something,
it's not IP based.  I know Comcast and some of the other ReturnPath
customers have feedback loops, but traffic on those are low too.

As a responsible server administrator - I don't mind signing up for
feedback loops to help safeguard my servers.  I would think any other
responsible server administrator would feel the same way.  I just want
those feedback loops to work.  If Microsoft is going to block my server IP
claiming that we sent them spam, but I never get anything in their feedback
loop - then that's an ineffective feedback loop.  Same for Yahoo and Gmail
and really any email service provider that's going to block my server IP.

Now if others in this discussion are arguing that Microsoft/Yahoo/Gmail/etc
are sending feedback loop reports to abuse contacts listed in RDAP, RP,
rWhois, any where else - then my bone to pick is with my IP delegation
provider because they're not forwarding these on to me.  Perhaps it's just
a lack of communication and they don't know that I want to receive these -
that's a fair point.  Or perhaps there's so many different ways to define
an abuse contact address (RDAP, RP, rWhois, etc) that different service
providers look for different contact structures and the feedback reports
all end up in a gobbled mess.  If that's the case then there needs to be a
SINGLE defined way to publish a contact address that receives feedback
reports.  BUT... I just really don't think Microsoft/Yahoo/Gmail/etc are
sending feedback reports for EVERY single spam message they get back to
these RDAP, RP, rWhois abuse contacts.  But I'm a big enough man to admit
that I've been wrong before.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop