Re: [Asrg] Adding a spam button to MUAs
2010-01-29 22:26:42
Martijn Grooten wrote:
Chris Lewis wrote:
Frankly, I think the vast majority of people who thing TiS are bad are
either people who have an incentive to consider them bad, or are
largely
unaware of how they're actually used, or are expecting some sort of
one-to-one reaction/theoretical purity to every TiS hit.
Score 'em statistically. Whitelist when they goof. Humans make
mistakes. And sometimes they're right when the filters aren't. Design
for it, including methods to intervene when necessary. No big deal.
Out of curiosity, have your users been instructed on how to use the TiS buttons
(and to use them in the first place, instead of just clicking delete) or do you
just trust them to do the right thing (most of the time)? And do you think it
would scale to larger, more anonymous organizations such as ISPs?
The "TiS" button is, in effect, an email forward to a specific robot
process. Except for Outlook which mangles things up too much, but
Outlook is unfortunately the corporate standard for most people. In
that case, we supply a plugin that knows how to forward full emails
without mangulation.
We pretty much only mine it for IP addresses.
Instructed our users? Well, it started out ad-hoc, and it largely still
is. There are various employee communications that have gone out over
the years that tell people to forward spam to it. Never formally enough
to remotely be considered "training" Never particularly detailed in
terms of "don't report grandma", etc. The only "fine tuning" we've ever
done is "if you're getting very large quantities of the same thing, let
us know <here> instead", and "if it's spammish behaviour from Nortel
itself, report <there> instead".
The first of those is the role account, and we'll look into an
individual users problem to see if we can do something about it. The
second hasn't been used in ages.
Oh, and yes, we've told them to discard and ignore blowback unless the
volume is extreme, and we'll put in a recipient-specific blocking of
inbound bounces.
But it's still mostly skunk works, and as it wasn't part of the common
O/S release, it didn't get as widely used as it should have. We did get
quite high compliance rates at one point (perhaps nudged the 1 in 10
spams got reported level), but that's more of a corporate vs. ISP thing.
Unrelated to that, if most MUAs got a TiS-button, wouldn't this allow
spammers/botherders to effectively DDOS the systems that process the feedback,
thus making them (temporarily) useless? I could see why spammers would see an
advantage in doing that.
Various DOSes are available - eg: flooding and reputation poisoning with
FPs. As it exists now, much depends on the per-site implementation
strategy. The big guys probably already have it handled, perhaps as a
native part of their TiS handling, perhaps as active remediation. We've
not done much, but it would be really hard to do something that would
cause me more than a few seconds work to deal with permanently, and all
damage can be undone. In terms of outright volume, you're attacking our
MTAs, and that's fairly hard to break considering the head room we
operate with. Full scale whole bot army attack like a Storm Worm
retaliation? Well, you have that issue anyway. And we've already
demonstrated we can ride out a Storm DDOS without significant impairment.
[If Storm was still around we were all set in terms of approvals nnd
technology to "get in its face" and do it serious damage. But Storm
chickened out ;-)[*]
With a "common" TiS mechanism, of course some time would have to be
spent on hardening it.
[*] Provoke it to attack us deliberately. Use the resulting intel to
<I'm not going to say>. Storm died instead.
No, of course that wasn't really why it died. But it makes a good story ;-)
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] Adding a spam button to MUAs, (continued)
- Re: [Asrg] Adding a spam button to MUAs, Alessandro Vesely
- Re: [Asrg] Adding a spam button to MUAs, Ian Eiloart
- Re: [Asrg] Adding a spam button to MUAs, Rich Kulawiec
- Re: [Asrg] Adding a spam button to MUAs, Michael Thomas
- Re: [Asrg] Adding a spam button to MUAs, Bart Schaefer
- Re: [Asrg] Adding a spam button to MUAs, Michael Thomas
- Re: [Asrg] Adding a spam button to MUAs, Douglas Otis
- Re: [Asrg] Adding a spam button to MUAs, Chris Lewis
- Re: [Asrg] Adding a spam button to MUAs, Douglas Otis
- Re: [Asrg] Adding a spam button to MUAs, Chris Lewis
|
|
|