ietf-clear
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [clear] Yahoo Groups

2006-01-18 12:38:34
from [David MacQuigg] [Permanent Link] 
At 10:26 AM 1/13/2006 -0500, John Leslie wrote:


   I have installed CSV ingress filtering at JLC.net. I'm actually
rejecting outright very little except forged "HELO mailhost.jlc.net"...

   But I use CSV "authorized and authenticated" to bypass other filtering,
including the SORBS spamtrap list.

   I guess I shouldn't be surprised that groups.yahoo.com regularly sends
to SORBS spamtraps. :^(  They are, after all, barely distinguishable from
spammers in the protections they take against sending unsolicited email.

   Nonetheless, I have customers who like receiving Yahoo Groups email.
I'm wondering if anyone knows folks who could convince Yahoo Groups to
publish CSV SRV records?
Yahoo won't even publish SPF records, and there are many more receivers checking SPF than CSV. 

I'm using the following blocks as Yahoo's authorized senders:

ip4=63.250.192.0/19,66.163.160.0/19,66.218.64.0/19,68.142.192.0/18,206.190.32.0/19,216.109.112.0/20,216.136.172.0/22,217.12.0.0/21
These were compiled by making a WHOIS query on the connecting IP address each time I get a non-spam claiming to be from yahoo.com. The resulting blocks include far more than their actual sending addresses, but far less than the address space used by spammers claiming to be yahoo.com.
Yahoo and other large senders are not going to cooperate until they see a demand from recipients of their legitimate mail. The plan is to generate this demand by offering a bypass around the blacklists and filter. If the sender's address authenticates, and their reputation is good, then their messages go straight to the recipient. Otherwise they run the usual gauntlet of IP blacklists and spam filters.
The fact that we are including huge IP blocks as Yahoo's authorized senders means that any zombie operating within those blocks can send spam under Yahoo's name, and lower Yahoo's reputation. This will give Yahoo incentive to publish their authorized addresses, thereby excluding the zombies and improving their reputation.
I've now got my CSV-checking milter up and running as an email-forwarding service - box67.com. Is there anyone on this list who would like to help? I'm ready to try it on a typical large mail flow. 

--
Dave
************************************************************     *
* David MacQuigg, PhD    email: david_macquigg at yahoo.com      *  *
* President, Open-Mail dot org      phone: USA 520-721-4583   *  *  *
* Admin, Box67 dot com                                        *  *  *
*                                 9320 East Mikelyn Lane       * * *
* http://purl.net/macquigg        Tucson, Arizona 85710          *
************************************************************     *

_______________________________________________
ietf-clear mailing list
ietf-clear(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-clear
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [clear] Yahoo Groups, David Woodhouse
Previous by Thread:  Re: [clear] Yahoo Groups, David Woodhouse
Indexes:  [Date] [Thread] [Top] [All Lists]