Yakov's response is completely correct. Essentially all spam at Yahoo (using
Spam Guard) is blocked and placed into a bulk mail folder. Therefore, there
is no distinction between saying that a mail message was "placed in the bulk
mail folder" or "blocked by spam filters" when referring to the Yahoo spam
service.
The FTC confirmations were, without question, placed into a bulk mail folder
in the morning the FTC site was brought online. Anyone wishing a screen shot
can email me directly and I will provide it to them. Missed FTC mail
confirmation messages were not caused by Yahoo mail servers being overloaded
at the time we ran our test (thereby hypothetically causing a delay in mail
delivery.) Instead, we observed that the FTC confirmation messages reached
the Yahoo bulk spam mail folder within 3 minutes after sign-up on the FTC
do-not-call website.
For those subscribing to the Yahoo Spam Guard service, the majority of
typical end-users would never inspect their bulk mail (spam) folder looking
for a message in my opinion. They may not even know that a bulk mail folder
exists. Yes it is a fall back for legitimate email flagged as spam. However,
in my opinion, only highly experienced Internet would know to inspect this
bulk spam folder on Yahoo or any other similar online mail service for
legitimate email flagged as spam.
As for the rule set used by Yahoo Spam Guard to place the message into the
bulk mail folder and thus effectively block it from the common users view,
it wasn't simply a source IP address based on our tests. While it is
possible that an unexpected surge in traffic from the original FTC IP
address range that caused an initial filter to be put in place (one theory
put forward by Yahoo's responses in the press), at the particular moment in
time we ran our tests, it appeared to be a content filter. This is because
we attempted to forward the same content between Yahoo email addresses
(using a simple forward from their bulk mail address) and discovered that
the forwarded message was also blocked. This indicated that, whatever the
initial basis for a filter, at this point Yahoo's systems had responded by
blocking mail with that particular content signature and not, for example,
based on source IP address.
The press coverage of this event precipitated action on the part of spam
system operators including Yahoo to assure that they were not blocking these
confirmations. Our simple calculations indicate that the effect of users
re-registering as a result of them not receiving these confirmations (and
thus assuming they needed to repeat the process since the FTC site implied
they'd receive a confirmation message shortly) could produce a substantial
unnecessary performance burden on the FTC servers and related network. In my
opinion it also heightened user and government awareness as to the
importance of privacy technology. People on this list understand that this
technology demands further investment, advancement, and adoption, but the
general public, while understanding the problem, may not understand how
difficult it is, and arbitrary it becomes. In my opinion, the deeper their
understanding, the more focus they are willing to provide-- such is the case
with all of security, it begins as education.
Regards,
Eric Greenberg
Chief Technical Officer
NetFrameworks, Inc.
http://www.NetFrameworks.com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg