On Sun, Apr 13, 2008 at 3:57 PM, Rob Szarka <***@szarka.org> wrote
> True, though some aspects of mail service are inextricably tied to broade
> networking issues, and thus participation here might still benefit them. Bu
> sadly Yahoo doesn't even seem to participate in more relevant forums, suc
> as the spam-l list

There are other lists, far more relevant than spam-l or nanae

There's a way to present spam issues and mail filterin
operationally.. and I see it all the time at MAAWG meetings, just fo
example

The issue here is that 90% of the comments on a thread related to thi
are from people who might be wizards at packet pushing, but can
filter spam. Or on mailserver lists you might find people who ca
write sendmail.cf from scratch instead of building it from a .mc fil
and still dont know about the right way to do spam filtering

> When what the larger companies do enables criminal behavior that impact
> the very viability of the smaller companies through de factor DoS attacks
> it's not funny at all. Yahoo, for example, has chosen a business model (fre
> email with little to no verification) that inevitably leads to spam bein
> originated from their systems. Why should they be able to shift the cost o
> their business model to me, just because I run a much smaller business

So has hotmail, so have several of the domains that we host

sr
--
Suresh Ramasubramanian (***@gmail.com

On Sun, Apr 13, 2008 at 5:27 AM, Rob Szarka <***@szarka.org> wrote

> At 01:58 AM 4/13/2008, you wrote

> > Why should large companies participate here about mail issues? Last
> > checked this wasn't the mailing list for these issues
>

> True, though some aspects of mail service are inextricably tied to broade
> networking issues, and thus participation here might still benefit them. Bu
> sadly Yahoo doesn't even seem to participate in more relevant forums, suc
> as the spam-l list

Maybe their management or legal has told them not to. I know when
worked for a certain company we were forbidden from replying t
operational lists or forums for fear of employees responses being use
against the company in court or in the news




> > But lets just say for a second this is the place to discuss compan
> > xys's mail issue. What benefit do they have participating here? Likel
> > they'll be hounded by people who have some disdain for their compan
> > and no matter what they do they will still be evil or wrong in som
> > way
>

> I've never seen someone treated badly for trying to help resolve problems
> I think we all know that it can be hard to get things done within a larg
> company and that often the folks who participate on a list like this ar
> taking on work that isn't strictly speaking "their job" when they try t
> help resolve mail issues. And when a large company that was a mess does
> turnaround, they also get praised: just look at the many positive comment
> about AOL on this and other lists over the past few years


I have seen plenty of people working for isps being abused even whe
trying to help solve problems, maybe not on this list but definitel
on others. In many larger companies people have defined roles an
structured goals they need to accomplish or face termination so the
may not have time to participate in other venues. Companies that giv
their management/employees latitude and encourage working in th
community should be praised but not all companies are setup this way
If you don't like how yahoo is responding to issues I would sugges
sending certified letters to every person in upper management you ca
find as these people can typically implement changes



> > It is easy for someone who has 10,000 users to tell someone who has 5
> > million users what to do when they don't have to work with such
> > large scale enterprise
>

> I wouldn't presume to tell them how to accomplish something within thei
> particular configuration. But I will, without apology, tell them that the
> need to accomplish it. For example, I'm quite comfortable saying tha
> Earthlink should follow the minimum timeouts in RFC 1123, though I wouldn'
> presume to guess whether they should accomplish that by having separate fas
> and slow queues on different servers, on the same server, or not at all
> Likewise, a working abuse role account is a minimum requirement fo
> participation in the Internet email system, and I'm comfortable saying tha
> the email it receives should be read by a competent human


You can tell Earthlink whatever you want but it doesn't mean they nee
to follow it. Please read my previous reply about business decisions
I would agree that it is good for business to try and follow industr
standards but sometimes business decisions need to be made wher
standards cannot be implemented. I'm not saying that is the case her
and it could just be utter incompetence but not everything is blac
and white

A working abuse account is not the minimum requirement, I can run
mail system without that abuse account but may get blocked fro
sending mail to certain systems. Read above for my thoughts o
standards

With that being said I do believe all companies should have a workin
abuse email that is appropriately staffed that can respond t
complaints within 72 hours



> > I find it funny when smaller companies always tell larger companie
> > what they need to be doing
>

> When what the larger companies do enables criminal behavior that impact
> the very viability of the smaller companies through de factor DoS attacks,
> it's not funny at all. Yahoo, for example, has chosen a business model (free
> email with little to no verification) that inevitably leads to spam being
> originated from their systems. Why should they be able to shift the cost of
> their business model to me, just because I run a much smaller business?
>

I would say that you may being a bit over dramatic but that may just
be me. The cost of their business model isn't shifted to you, you have
the choice to block yahoo email from your systems or you have the
choice to deal with the issues that comes along with accepting their
mail. Comparing this to DoS attacks is just a little bit over the
edge to me.

--
Ross
ross [at] dillio.net
314-558-6455