Open letter to Yahoo and Hotmail concerning junkmail

[Mynabbler <my...@live.com>]

Dear Microsoft administrators, dear Yahoo administrators,

The amount of junkmail coming from your systems is unbelievable. How hard is
it to implement a cap on the amount of messages people can send out daily
with your systems. And that includes the number of Cc's and Bcc's one
message generates. If you would cap that on, say, a 1000 users, you would be
doing us an incredible favor. And how hard is it, if that cap is reached, to
check the messages that are being generated and when spam (which it will be
in 99999 of 100000 cases) to block the originating IP or cap the originating
IP to a maximum of 100 addresses that can be spammed daily. Oh, and while
you are at it, to block that account  abusing your service as well.

There is no filtering in the world more effective then you taking this
action and it would take an intern about two hours to implement.

By the way, if you are a Yahoo administrator, the cap from
%account%---%number%@att.net need to be set to 10 messages daily.

Sigh.
-- 
View this message in context: http://old.nabble.com/Open-letter-to-Yahoo-and-Hotmail-concerning-junkmail-tp31079893p31079893.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Open letter to Yahoo and Hotmail concerning junkmail

[Per Jessen <pe...@computer.org>]

Ned Slider wrote:

> On 06/03/11 11:46, Warren Togami Jr. wrote:
>> I have no comment on your proposed solution. I can however point out
>> the statistics that I see on my own spam traps.
>>
>> It seems that 90%+ of the spam coming from DNSWL listed hosts is
>> Yahoo and Hotmail which are listed as DNSWL_NONE. Meanwhile very few
>> spam comes from gmail.com. Apparently DNSWL agrees because they give
>> gmail.com's outgoing MTA's a "LOW" ranking which is pretty good for a
>> freemail provider. Google is doing something right in outgoing spam
>> prevention.
>>
>> Warren
>>
> 
> Exactly.
> 
> If Google can manage to do a pretty good job then it just tells me
> Microsoft and Yahoo don't care. 

Google does happen to own Postini. 


/Per Jessen, Zürich

Re: Open letter to Yahoo and Hotmail concerning junkmail

["David F. Skoll" <df...@roaringpenguin.com>]

On Mon, 07 Mar 2011 19:51:47 +0000
Ned Slider <ne...@unixmail.co.uk> wrote:

> Like you, I've yet to find a reliable set of meta rules to
> effectively deal with this junk and invariably it turns into a game
> of chasing one's tail.

We use an in-house DNSBL based on our reputation-reporting code
(http://www.mimedefang.org/reputation) that classifies servers using
five different classifications.  We find that a lot of Yahoo servers
are in the "mixed" list (they put out ham and spam) and quite a few
are in the "spam-source" list (mostly spam).  We add 2 points for
mixed and 4 points for spam-source and that seems to work pretty well.
We don't get too many Yahoo or Hotmail spams slipping through and the
FP rate is not too bad.

We concur that Google has cleaned up its act tremendously since a year or
two ago and is far cleaner than Hotmail or Yahoo.

Regards,

David.

Re: Open letter to Yahoo and Hotmail concerning junkmail

[Ned Slider <ne...@unixmail.co.uk>]

On 07/03/11 12:10, Mynabbler wrote:
>
>
> Warren Togami Jr. wrote:
>>
>> I'd agree, but users wont rebel against Yahoo unless they begin to see
>> actual bounces to their sent mail.
>>
> I don't know about your end users, but ours typically get flummoxed if mail
> from this "well known and trusted" free mail providers would not arrive to
> them... There's just too many users actually using their services, mixed
> with too many spammers abusing it.
>
>
> Warren Togami Jr. wrote:
>>
>> I do agree that we should have FROM_HOTMAIL and FROM_YAHOO so we can
>> independently decide how to treat their mail separate from typical
>> FREEMAIL.
>>
> Been there, tried that. It is like stopping a river. I've tried metas with
> the originating source (FROM_AFRICA rules), metas with keywords, metas with
> short_urls... the list of junk coming out of Yahoo and Hotmail is just
> endless.

Like you, I've yet to find a reliable set of meta rules to effectively 
deal with this junk and invariably it turns into a game of chasing one's 
tail.

As I said previously, I've had good success starting from a default 
position of SPAM for these abused providers (e.g, 5 points), and then a 
well trained bayes database and/or whitelisting known good senders 
brings the score back down under the threshold for the legitimate mail. 
I guess the old AWL system could be quite effective here too at reducing 
the score for known senders. Maybe a set of meta rules to reduce the 
score in the absence of spam indicators might work too - say -1 if no 
URI is present, -1 if there is only one recipient etc.

But one thing I do know, the default accept policy no longer works and 
I'm having more succes with a default block policy.

Re: Open letter to Yahoo and Hotmail concerning junkmail

["Warren Togami Jr." <wt...@gmail.com>]

On 3/7/2011 2:10 AM, Mynabbler wrote:
>
>
> Warren Togami Jr. wrote:
>>
>> I'd agree, but users wont rebel against Yahoo unless they begin to see
>> actual bounces to their sent mail.
>>
> I don't know about your end users, but ours typically get flummoxed if mail
> from this "well known and trusted" free mail providers would not arrive to
> them... There's just too many users actually using their services, mixed
> with too many spammers abusing it.

My point here is getting an explicit reject is better than silently 
disappearing.  I wasn't commenting on the wisdom of being prejudiced 
against Yahoo or Hotmail though.

Warren

Re: Open letter to Yahoo and Hotmail concerning junkmail

[Mynabbler <my...@live.com>]

Warren Togami Jr. wrote:
> 
> I'd agree, but users wont rebel against Yahoo unless they begin to see 
> actual bounces to their sent mail.
> 
I don't know about your end users, but ours typically get flummoxed if mail
from this "well known and trusted" free mail providers would not arrive to
them... There's just too many users actually using their services, mixed
with too many spammers abusing it.


Warren Togami Jr. wrote:
> 
> I do agree that we should have FROM_HOTMAIL and FROM_YAHOO so we can 
> independently decide how to treat their mail separate from typical
> FREEMAIL.
> 
Been there, tried that. It is like stopping a river. I've tried metas with
the originating source (FROM_AFRICA rules), metas with keywords, metas with
short_urls... the list of junk coming out of Yahoo and Hotmail is just
endless. And again, the solution would be fairly simple, if only Microsoft
and Yahoo administrators actually cared about the mail leaving their
systems. I get frustrated every time I read the 'Tired of spam in your
inbox, come to Hotmail/Yahoo' tagline in spam send to us _from_ Yahoo and
Hotmail. Frustrated, because it is so easy to target the abuse at the
source... if only they cared.

Setting a default score of 3 or 4 to mail coming from Hotmail and/or Yahoo,
would only be efficient if we would start a campaign and proclaim a "Tired
of spam send by Hotmail and Yahoo"-day at like May 4th, and our endusers
getting wind of this special
Microsoft-and-Yahoo-dont-care-about-spam-awareness event going on that
particular day. There's just too much collateral damage.
-- 
View this message in context: http://old.nabble.com/Open-letter-to-Yahoo-and-Hotmail-concerning-junkmail-tp31079893p31087123.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Open letter to Yahoo and Hotmail concerning junkmail

["Warren Togami Jr." <wt...@gmail.com>]

On 3/6/2011 3:15 AM, Ned Slider wrote:
> On 06/03/11 11:46, Warren Togami Jr. wrote:
>> I have no comment on your proposed solution. I can however point out the
>> statistics that I see on my own spam traps.
>>
>> It seems that 90%+ of the spam coming from DNSWL listed hosts is Yahoo
>> and Hotmail which are listed as DNSWL_NONE. Meanwhile very few spam
>> comes from gmail.com. Apparently DNSWL agrees because they give
>> gmail.com's outgoing MTA's a "LOW" ranking which is pretty good for a
>> freemail provider. Google is doing something right in outgoing spam
>> prevention.
>>
>> Warren
>>
>
> Exactly.
>
> If Google can manage to do a pretty good job then it just tells me
> Microsoft and Yahoo don't care. I've long since stopped caring too and
> have scored them in SpamAssassin - the only way their mail gets through
> now is if the sender address is whitelisted or they score some negative
> points (e.g, Bayes) to get them back below my threshold. These providers
> are NOT too big to block and the sooner we all start realising that the
> sooner they might start to care about their reputations and stop
> emitting huge volumes of spam.
>
> Personally I think it's about time FROM_HOTMAIL and FROM_YAHOO became
> high scoring stock rules in SpamAssassin. A score of 3 points might be a
> reasonable starting point.

I'd agree, but users wont rebel against Yahoo unless they begin to see 
actual bounces to their sent mail.

I do agree that we should have FROM_HOTMAIL and FROM_YAHOO so we can 
independently decide how to treat their mail separate from typical FREEMAIL.

Warren

Re: Open letter to Yahoo and Hotmail concerning junkmail

[Benny Pedersen <me...@junc.org>]

On Sun, 06 Mar 2011 13:15:01 +0000, Ned Slider <ne...@unixmail.co.uk> wrote:

> Personally I think it's about time FROM_HOTMAIL and FROM_YAHOO became 
> high scoring stock rules in SpamAssassin. A score of 3 points might be a

> reasonable starting point.

or RFC_ABUSE_POST score 10

atleast then thay have a chance

http://rfc-ignorant.org/tools/lookup.php?domain=gmail.com

Re: Open letter to Yahoo and Hotmail concerning junkmail

[Ned Slider <ne...@unixmail.co.uk>]

On 06/03/11 11:46, Warren Togami Jr. wrote:
> I have no comment on your proposed solution. I can however point out the
> statistics that I see on my own spam traps.
>
> It seems that 90%+ of the spam coming from DNSWL listed hosts is Yahoo
> and Hotmail which are listed as DNSWL_NONE. Meanwhile very few spam
> comes from gmail.com. Apparently DNSWL agrees because they give
> gmail.com's outgoing MTA's a "LOW" ranking which is pretty good for a
> freemail provider. Google is doing something right in outgoing spam
> prevention.
>
> Warren
>

Exactly.

If Google can manage to do a pretty good job then it just tells me 
Microsoft and Yahoo don't care. I've long since stopped caring too and 
have scored them in SpamAssassin - the only way their mail gets through 
now is if the sender address is whitelisted or they score some negative 
points (e.g, Bayes) to get them back below my threshold. These providers 
are NOT too big to block and the sooner we all start realising that the 
sooner they might start to care about their reputations and stop 
emitting huge volumes of spam.

Personally I think it's about time FROM_HOTMAIL and FROM_YAHOO became 
high scoring stock rules in SpamAssassin. A score of 3 points might be a 
reasonable starting point.

Re: Open letter to Yahoo and Hotmail concerning junkmail

["Warren Togami Jr." <wt...@gmail.com>]

I have no comment on your proposed solution.  I can however point out 
the statistics that I see on my own spam traps.

It seems that 90%+ of the spam coming from DNSWL listed hosts is Yahoo 
and Hotmail which are listed as DNSWL_NONE.  Meanwhile very few spam 
comes from gmail.com.  Apparently DNSWL agrees because they give 
gmail.com's outgoing MTA's a "LOW" ranking which is pretty good for a 
freemail provider.  Google is doing something right in outgoing spam 
prevention.

Warren

Re: Open letter to Yahoo and Hotmail concerning junkmail

["J.D. Falk" <jd...@cybernothing.org>]

On Mar 6, 2011, at 3:37 AM, Mynabbler wrote:

> The amount of junkmail coming from your systems is unbelievable. How hard is
> it to implement a cap on the amount of messages people can send out daily
> with your systems.

They do that.

> And that includes the number of Cc's and Bcc's one
> message generates.

And that.

> If you would cap that on, say, a 1000 users, you would be
> doing us an incredible favor. And how hard is it, if that cap is reached, to
> check the messages that are being generated and when spam (which it will be
> in 99999 of 100000 cases) to block the originating IP or cap the originating
> IP to a maximum of 100 addresses that can be spammed daily.

Not that, exactly (last I heard), but they do have a variety of IP-based rate limits.

> Oh, and while
> you are at it, to block that account  abusing your service as well.

Yep, that happens already too.

> There is no filtering in the world more effective then you taking this
> action and it would take an intern about two hours to implement.

Are you offering yourself up as the intern?  Yahoo! Mail is looking for an anti-spam intern right now:

http://careers.yahoo.com/jdescription.php?frm=search_results&oid=35925

I don't see a similar listing at Microsoft, but I could ask some folks if you're interested.

> Sigh.

Yeah, I know it's frustrating.  It's even more frustrating to constantly work on implementing and improving rate limits and other features to handle outbound spam, and know that it's still not enough.

What's hard to see from the outside is exactly how much work the bad guys are putting into attacking the big webmail providers.  When I worked there, we watched the spammers reduce their output to fewer than five messages per fake or stolen account per day, each message just different enough to be hard to detect, rotating through an effectively infinite number of IP addresses -- and this was BEFORE botnets got as big and as cheap as they are now.

I'm not saying you should forgive the amount of spam that still gets through -- you should still block it, and outside pressure helps those teams get the resources they need to continue improving the systems.  But when you do complain, do it effectively.  Consider that they might have already thought of the simple stuff that's been discussed here, and on other lists, and at every academic anti-spam conference for years.  And, remember that the people who make actual decisions at big companies don't read this list.

Or if that was just a rant and not actually intended as a positive contribution towards reducing spam for the internet, I do understand.  Ranting is necessary sometimes.  The anti-spam folks at Microsoft and Yahoo! do it too.

--
J.D. Falk
the leading purveyor of industry counter-rhetoric solutions