Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

Yahoo sent 5.5x as much spam as any other legit provider in April

 

 

First page Previous page 1 2 Next page Last page  View All SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


darxus at chaosreigns

May 11, 2011, 1:01 PM

Post #1 of 43 (1871 views)
Permalink
Yahoo sent 5.5x as much spam as any other legit provider in April

http://www.chaosreigns.com/dnswl/dnswlabusehistory.svg

Percentage of total spam from legitimate email providers in April as
reported as abuse to dnswl.org:

35.5% yahoo.com
6.4% google.com
2.9% tp.pl
2.3% tin.it
1.8% messagelabs.com
1.4% hotmail.com
1.1% postini.com
1.0% orange.fr
1.0% aol.com
0.8% aruba.it
0.8% freenet.de
0.6% rediris.es
0.3% onet.pl
0.3% facebook.com
0.3% earthlink.net
0.0% kpnxchange.com
0.0% eircom.net
0.0% sfr.fr
0.0% web.de

--
"Let's just say that if complete and utter chaos was lightning, then
he'd be the sort to stand on a hilltop in a thunderstorm wearing wet
copper armour and shouting 'All gods are bastards'." - The Color of Magic
http://www.ChaosReigns.com


tedm at ipinc

May 11, 2011, 1:10 PM

Post #2 of 43 (1823 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

this is no surprise

Yahoo's SMTP mailers are unable to handle a standard
SMTP error 4xx, if they get one they abort the
transmission and return the message to the sender

Thus any commercial ISP that wants to retain customers
must exempt all of Yahoo's IP address ranges from
any greylisting filters they have.

This makes the free accounts on the Yahoo mailservers
extremely attractive to spammers to use to relay spam.

It would be a public service for Google to buy Yahoo
and clean it's operations up. Unfortunately Google
is too smart for that.

Ted


On 5/11/2011 1:01 PM, darxus [at] chaosreigns wrote:
> http://www.chaosreigns.com/dnswl/dnswlabusehistory.svg
>
> Percentage of total spam from legitimate email providers in April as
> reported as abuse to dnswl.org:
>
> 35.5% yahoo.com
> 6.4% google.com
> 2.9% tp.pl
> 2.3% tin.it
> 1.8% messagelabs.com
> 1.4% hotmail.com
> 1.1% postini.com
> 1.0% orange.fr
> 1.0% aol.com
> 0.8% aruba.it
> 0.8% freenet.de
> 0.6% rediris.es
> 0.3% onet.pl
> 0.3% facebook.com
> 0.3% earthlink.net
> 0.0% kpnxchange.com
> 0.0% eircom.net
> 0.0% sfr.fr
> 0.0% web.de
>


rickm at ummm-beer

May 11, 2011, 1:13 PM

Post #3 of 43 (1814 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On 11/05/2011 4:01 PM, darxus [at] chaosreigns wrote:
> http://www.chaosreigns.com/dnswl/dnswlabusehistory.svg
>
> Percentage of total spam from legitimate email providers in April as
> reported as abuse to dnswl.org:
>
> 35.5% yahoo.com
> 6.4% google.com
> 2.9% tp.pl
> 2.3% tin.it
> 1.8% messagelabs.com
> 1.4% hotmail.com

Interesting. Here, it's hotmail servers sending over 57% of the spam.
I wonder if they are so low on that list because the list the actual
senders IP as the origination point.

Regards,

Rick


dfs at roaringpenguin

May 11, 2011, 1:14 PM

Post #4 of 43 (1821 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On Wed, 11 May 2011 13:10:31 -0700
Ted Mittelstaedt <tedm [at] ipinc> wrote:

> Yahoo's SMTP mailers are unable to handle a standard
> SMTP error 4xx, if they get one they abort the
> transmission and return the message to the sender

Do you have evidence to back up that claim? I don't believe
it's true. We use greylisting and Yahoo's servers don't seem
to have problems with it.

It seems to me that Yahoo just isn't as good as Google or Hotmail
at preventing spammers from signing up and at blocking outbound spam.

Regards,

David.


michael.scheidell at secnap

May 11, 2011, 1:16 PM

Post #5 of 43 (1820 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On 5/11/11 4:01 PM, darxus [at] chaosreigns wrote:
> http://www.chaosreigns.com/dnswl/dnswlabusehistory.svg
>
> Percentage of total spam from legitimate email providers in April as
> reported as abuse to dnswl.org:
what is funny, is you said 'yahoo' and 'legit provider' all on one
subject line :-)

I try to tell clients who wonder why they can't get that email from
their home yahoo account, cc'd to 175 employees that if we rate limit
it, yahoo will not even try to resend it.

--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation

* Best Intrusion Prevention Product, Networks Product Guide
* Certified SNORT Integrator
* Hot Company Award, World Executive Alliance
* Best in Email Security, 2010 Network Products Guide
* King of Spam Filters, SC Magazine

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________


darxus at chaosreigns

May 11, 2011, 1:19 PM

Post #6 of 43 (1815 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

I bet it's largely related to the fact that yahoo is apparently the only
freemail provider that doesn't require you to have a previously existing
email address.

I also suspect that, for this reason, google.com would send less spam
if they didn't allow yahoo addresses as the pre-existing address.

--
"I would believe only in a God that knows how to Dance." - Nietzsche
http://www.ChaosReigns.com


michael.scheidell at secnap

May 11, 2011, 1:35 PM

Post #7 of 43 (1819 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On 5/11/11 4:14 PM, David F. Skoll wrote:
> Do you have evidence to back up that claim? I don't believe
> it's true. We use greylisting and Yahoo's servers don't seem
> to have problems with it.
what I have observed; (no, we don't greylist)

but, we do keep a cluster of 4 mx servers per client. each one with
different bl, timing, available smtp connections, etc.

if someone sends an email to 175 people, once they hit 'x' number in the
first email attempt, we send '4xx too many emails'
ie:
ehlo *.yahoo.com
mail from: <someone [at] yahoo>
rcpt to: <one>
250 ok
rcpt to: <two>
250 ok
[skip to 100].
rcpt to: <onehundered>
4xx too many

RFC'S seem to indicate that they should send a data command next and
send the email to be delivered to the first 99, then try the next 51 on
the next highest mx.

doesn't happen on yahoo.com
they drop the connection, and try again at next highest mx, then on mx4,
bounce the email back to sender with the last mx's ip in the error
message and the 4xx too many

aol does something similar also, but will send the first 'x' number of
emails, and MAYBE later send the rest.

--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation

* Best Intrusion Prevention Product, Networks Product Guide
* Certified SNORT Integrator
* Hot Company Award, World Executive Alliance
* Best in Email Security, 2010 Network Products Guide
* King of Spam Filters, SC Magazine

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________


dfs at roaringpenguin

May 11, 2011, 1:49 PM

Post #8 of 43 (1812 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On Wed, 11 May 2011 16:35:50 -0400
Michael Scheidell <michael.scheidell [at] secnap> wrote:

> if someone sends an email to 175 people, once they hit 'x' number in
> the first email attempt, we send '4xx too many emails'

Ah, ok. We avoid issuing 4xx in response to a "RCPT" command because
quite a lot of badly-written SMTP software doesn't handle that well.

We 4xx after DATA when greylisting which doesn't seem to give as much
trouble.

Regards,

David.


michael.scheidell at secnap

May 11, 2011, 1:51 PM

Post #9 of 43 (1807 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On 5/11/11 4:49 PM, David F. Skoll wrote:
> Ah, ok. We avoid issuing 4xx in response to a "RCPT" command because
> quite a lot of badly-written SMTP software doesn't handle that well.
>
ie: qmail, postfix, exchange, sendmail, all (can) send a 4xx after rcpt to.

because thats what the RFC's say.



--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation

* Best Intrusion Prevention Product, Networks Product Guide
* Certified SNORT Integrator
* Hot Company Award, World Executive Alliance
* Best in Email Security, 2010 Network Products Guide
* King of Spam Filters, SC Magazine

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________


tedm at ipinc

May 11, 2011, 2:21 PM

Post #10 of 43 (1807 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On 5/11/2011 1:14 PM, David F. Skoll wrote:
> On Wed, 11 May 2011 13:10:31 -0700
> Ted Mittelstaedt<tedm [at] ipinc> wrote:
>
>> Yahoo's SMTP mailers are unable to handle a standard
>> SMTP error 4xx, if they get one they abort the
>> transmission and return the message to the sender
>
> Do you have evidence to back up that claim?

Yes, your Honor. (eyeroll)

> I don't believe
> it's true. We use greylisting and Yahoo's servers don't seem
> to have problems with it.
>

We have been using greylist-milter for years and all Yahoo's
IP ranges are listed in the exception list, even the ones that they
don't publish and you can only find by issuing a whois against the RIR
database.

Those listings weren't there when we set it up. They got there
after user complaints and me wasting time tracking them down.

> It seems to me that Yahoo just isn't as good as Google or Hotmail
> at preventing spammers from signing up and at blocking outbound spam.
>

Yahoo is an example of a company that had such a bright promise coming
out of the 90's but internally screwed everything up, from bringing
in a CEO who was completely out of his league (Terry Semel) and
allowing the same guy who did that to run the company (jerry lang)
who screwed the Microsoft deal then got into bed with Microsoft a
year later anyway.

They may have managed to replace the top brass there but the corporate
culture is still NIH.

Ted

> Regards,
>
> David.


antispam at khopis

May 11, 2011, 3:31 PM

Post #11 of 43 (1810 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On 05/11/2011 01:19 PM, darxus [at] chaosreigns wrote:
> I bet it's largely related to the fact that yahoo is apparently the
> only freemail provider that doesn't require you to have a previously
> existing email address.

I just created a test @live.com (hotmail) account without an
existing address. Just tell it to use a security question instead. I
am under the impression that gmail is the only one that has that sort of
protection, and even it is trivially defeated (look up mailinator for
one method).
Attachments: signature.asc (0.26 KB)


dfs at roaringpenguin

May 11, 2011, 3:33 PM

Post #12 of 43 (1805 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On Wed, 11 May 2011 16:51:58 -0400
Michael Scheidell <michael.scheidell [at] secnap> wrote:

> ie: qmail, postfix, exchange, sendmail, all (can) send a 4xx after
> rcpt to.

Indeed.

> because thats what the RFC's say.

Note: I said "badly-written SMTP software", not "software that adheres
to the RFCs".

In the real world, 4xx after RCPT breaks a non-zero number of SMTP clients.

Regards,

David.


dfs at roaringpenguin

May 11, 2011, 3:34 PM

Post #13 of 43 (1803 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On Wed, 11 May 2011 14:21:23 -0700
Ted Mittelstaedt <tedm [at] ipinc> wrote:

> We have been using greylist-milter for years and all Yahoo's
> IP ranges are listed in the exception list, even the ones that they
> don't publish and you can only find by issuing a whois against the
> RIR database.

We've been using our greylisting implementation for years and
have had no problems. We don't even implement an "exception list"
because none has been needed.

As I wrote before, I think it's because we tempfail after DATA rather
than RCPT.

Regards,

David.


joseph.sniderman at thoroquel

May 11, 2011, 4:18 PM

Post #14 of 43 (1807 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On 05/11/2011 04:19 PM, darxus [at] chaosreigns wrote:
> I bet it's largely related to the fact that yahoo is apparently the only
> freemail provider that doesn't require you to have a previously existing
> email address.

Yahoo does not require an existing address.
Hotmail/MSN/Live does not require an existing address.
AOL/AIM does not require an existing address.
Gmail does not require an existing address. [1][2]
Mail.com does not require an existing address.
...
It seems GMX.com *does* require an existing address. This appears to be
the exception rather than the rule.

> I also suspect that, for this reason, google.com would send less spam
> if they didn't allow yahoo addresses as the pre-existing address.

*If* Gmail were to require an existing address, prohibiting Yahoo
addresses *might* make sense.

[1] This seems to depend on the IP address used to sign up for the
google account. When signing up through a TOR exit node (at least at the
time that I tried it, which was > 1yr ago) Gmail asked for either a
cellphone number for text confirmation, or an existing email address.
Yahoo did not differentiate between TOR exit nodes and non-TOR IPs.

[2] Google apps accounts however do seem to require a preexisting email
address, however gmail addresses are accepted for that purpose.

--
Joe Sniderman <joseph.sniderman [at] thoroquel>


antispam at khopis

May 11, 2011, 4:19 PM

Post #15 of 43 (1804 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On 05/11/2011 01:01 PM, darxus [at] chaosreigns wrote:
> http://www.chaosreigns.com/dnswl/dnswlabusehistory.svg

Too bad FF doesn't let me zoom on an svg; had to hit F11 to see it.

> Percentage of total spam from legitimate email providers in April as
> reported as abuse to dnswl.org:
>
> 35.5% yahoo.com
> 6.4% google.com
> 2.9% tp.pl
> 2.3% tin.it
> 1.8% messagelabs.com
> 1.4% hotmail.com
> 1.1% postini.com
> 1.0% orange.fr
> 1.0% aol.com
...

Long tail there; the sum of all of your items was 56.5%. Even if you
truncated those numbers, it doesn't add up (56.5 + 19 * 0.1% = 58.4%).

I'm not sure how much of my company's data I can disperse, but here's a
peek. We break things down a little differently, but here is what
overlaps (as isolated by From header in trap + report data, classified
spam only):

100.0% (sum of all items below)
32.6% yahoo
29.4% hotmail + live
17.3% gmail
10.8% aol
9.8% facebook
0.1% orange.fr

So with this data, yahoo sent 1.1x as much as hotmail.
Attachments: signature.asc (0.26 KB)


joseph.sniderman at thoroquel

May 11, 2011, 4:30 PM

Post #16 of 43 (1815 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On 05/11/2011 04:35 PM, Michael Scheidell wrote:

> if someone sends an email to 175 people, once they hit 'x' number in the
> first email attempt, we send '4xx too many emails'

> ie:
> ehlo *.yahoo.com
> mail from: <someone [at] yahoo>
> rcpt to: <one>
> 250 ok
> rcpt to: <two>
> 250 ok
> [skip to 100].
> rcpt to: <onehundered>
> 4xx too many

We do something similar, except that the maximum number of recipients
per envelope we set at 1. The second and all subsequent get a 4yz error
during RCPT. We perform this after greylisting, ie:

...
RCPT TO:<fistrecip>
451 4.7.1 Greylisting in action
RCPT TO:<secondrecip>
451 4.7.1 Greylisting in action

..some time later...
RCPT TO:<firstrecip>
250 ok
RCPT TO:<secondrecip>
451 4.7.1 One at a time please
DATA

..after another retry..
RCPT TO:<secondrecip>
250 ok
DATA

Rationale being that content filtering during DATA can be customized on
a per recipient basis, without having to generate bounces after the fact
nor resorting to dropping emails silently.

> RFC'S seem to indicate that they should send a data command next and
> send the email to be delivered to the first 99, then try the next 51 on
> the next highest mx.

Or in our case, the first one, and retry for the next 149, get one more
out, retry for the next 148, and so on. We do greylist, and Yahoo gets
a rather long default greylisting and very short AWL.

> doesn't happen on yahoo.com
> they drop the connection, and try again at next highest mx, then on mx4,
> bounce the email back to sender with the last mx's ip in the error
> message and the 4xx too many

Interesting. My experience has been that Yahoo does retry at the same MX
but will not go to the next MX in response to 4yx errors. (OTOH if the
connection times out they do go on the next MX)

--
Joe Sniderman <joseph.sniderman [at] thoroquel>


darxus at chaosreigns

May 11, 2011, 4:33 PM

Post #17 of 43 (1795 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On 05/11, Adam Katz wrote:
> Long tail there; the sum of all of your items was 56.5%. Even if you
> truncated those numbers, it doesn't add up (56.5 + 19 * 0.1% = 58.4%).

Yup, sorry I wasn't clear, those were just the top, not the entire list.

> I'm not sure how much of my company's data I can disperse, but here's a
> peek. We break things down a little differently, but here is what
> overlaps (as isolated by From header in trap + report data, classified
> spam only):
>
> 100.0% (sum of all items below)
> 32.6% yahoo
> 29.4% hotmail + live
> 17.3% gmail
> 10.8% aol
> 9.8% facebook
> 0.1% orange.fr
>
> So with this data, yahoo sent 1.1x as much as hotmail.

I'm sure you have better data than I do. That's probably enough for me
to stop bitching about yahoo. Thanks.


On 05/11, Joe Sniderman wrote:
> [1] This seems to depend on the IP address used to sign up for the
> google account. When signing up through a TOR exit node (at least at the
> time that I tried it, which was > 1yr ago) Gmail asked for either a
> cellphone number for text confirmation, or an existing email address.

Excellent point. My friend that said everybody but yahoo required a
previous email address was probably using TOR. Thanks.

--
"The word 'politics' is derived from the word 'poly', meaning 'many',
and the word 'ticks', meaning 'blood sucking parasites'." - Larry Hardiman
http://www.ChaosReigns.com


niamh at fullbore

May 11, 2011, 10:58 PM

Post #18 of 43 (1784 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

Hello Ted,

Wednesday, May 11, 2011, 10:21:23 PM, you wrote:

TM> Yes, your Honor. (eyeroll)

Any intention to produce it in support of your claim?

--
Best regards,
Niamh mailto:niamh [at] fullbore


tedm at ipinc

May 11, 2011, 11:36 PM

Post #19 of 43 (1784 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On 5/11/2011 10:58 PM, Niamh Holding wrote:
>
> Hello Ted,
>
> Wednesday, May 11, 2011, 10:21:23 PM, you wrote:
>
> TM> Yes, your Honor. (eyeroll)
>
> Any intention to produce it in support of your claim?
>

Your welcome to my exclusion list if you want it, I'm not
going to post it here but anyone who wants a copy can just ask.
Do you want a copy?

Ted


uhlar at fantomas

May 12, 2011, 12:06 AM

Post #20 of 43 (1781 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

> On 05/11/2011 04:35 PM, Michael Scheidell wrote:
> > if someone sends an email to 175 people, once they hit 'x' number in the
> > first email attempt, we send '4xx too many emails'
>
> > ie:
> > ehlo *.yahoo.com
> > mail from: <someone [at] yahoo>
> > rcpt to: <one>
> > 250 ok
> > rcpt to: <two>
> > 250 ok
> > [skip to 100].
> > rcpt to: <onehundered>
> > 4xx too many

On 11.05.11 19:30, Joe Sniderman wrote:
> We do something similar, except that the maximum number of recipients
> per envelope we set at 1. The second and all subsequent get a 4yz error
> during RCPT. We perform this after greylisting, ie:

Are you aware that this violates RFC standard?
You can not expect that when you violate it, others will behave at your
needs. For example, I would imediately try other MX server when sending
mail and not continue with DATA.

--
Matus UHLAR - fantomas, uhlar [at] fantomas ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.


niamh at fullbore

May 12, 2011, 12:08 AM

Post #21 of 43 (1795 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

Hello Ted,

Thursday, May 12, 2011, 7:36:01 AM, you wrote:

TM> Your welcome to my exclusion list if you want it, I'm not
TM> going to post it here but anyone who wants a copy can just ask.
TM> Do you want a copy?

Of your exclusion list no, but I am asking you to post the evidence
backing up your unsubstantiated claim to the list.

--
Best regards,
Niamh mailto:niamh [at] fullbore


tedm at ipinc

May 12, 2011, 1:54 AM

Post #22 of 43 (1796 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

On 5/12/2011 12:08 AM, Niamh Holding wrote:
>
> Hello Ted,
>
> Thursday, May 12, 2011, 7:36:01 AM, you wrote:
>
> TM> Your welcome to my exclusion list if you want it, I'm not
> TM> going to post it here but anyone who wants a copy can just ask.
> TM> Do you want a copy?
>
> Of your exclusion list no, but I am asking you to post the evidence
> backing up your unsubstantiated claim to the list.
>

Others have reported Yahoo doesn't handle 4xx errors properly,
you apparently missed their posts?

If you are a Yahoo programmer and wish to work with me to
correct your servers then please e-mail me offline from your
actual Yahoo corporate account, provide an office extension
at Yahoo, a phone number, and I will call you to arrange to
setup a test mailserver with greylist-milter and you can
send test messages to it and we can log the results, and
get your problem solved.

But if you are not then all I'm going to say is that anyone
who understands e-mail can do the appropriate whois queries that
will establish what I am in charge of in less than 30 seconds,
and draw their own conclusions. I have had problems with users
not getting e-mail when Yahoo's IP addresses were not excluded
from greylisting, I investigated and did not see retries from
Yahoo's mailservers in the mail log file, I excluded Yahoo's IP ranges
from greylisting, the users reported the problems went away. I have not
had to exclude other mailservers on the Internet for greylisting
for this reason. I HAVE excluded some other services that
use server pools because not excluding them delays mail (as
their pool will try different servers until all servers have
been tried then start over and the transmission succeeds) but
no other services have simply failed to attempt to retry as
Yahoo does.

Therefore I have had it proved to my satisfaction that Yahoo's
mailservers do not retry when greylisted - which breaks
greylisting. Maybe they retry if the 4xx is issued to them
under other circumstances, but I don't care about that.

Obviously, anyone else running the same greylisting
as I am would have had the same experience as there is no reason
Yahoo would single me out from the thousands of other ISPs out
there that use greylist-milter. So they would have to also
exempt Yahoo from their own greylisting. I'm sure this is a
big factor in their spam source ranking.

Once I learned what I learned I moved on to other things and
I did not save all of the evidence just to be able to trot it out
on mailing lists years in the future.

Perhaps since I had that problem Yahoo has changed. But
I'm not going to risk having user trouble again by removing
them from the exemption list. Fool me once, shame on you,
fool me twice, shame on me.

Ted


uhlar at fantomas

May 12, 2011, 4:11 AM

Post #23 of 43 (1778 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

>> Thursday, May 12, 2011, 7:36:01 AM, you wrote:
>> TM> Your welcome to my exclusion list if you want it, I'm not
>> TM> going to post it here but anyone who wants a copy can just ask.
>> TM> Do you want a copy?

> On 5/12/2011 12:08 AM, Niamh Holding wrote:
>> Of your exclusion list no, but I am asking you to post the evidence
>> backing up your unsubstantiated claim to the list.

On 12.05.11 01:54, Ted Mittelstaedt wrote:
> Others have reported Yahoo doesn't handle 4xx errors properly,
> you apparently missed their posts?

Actyally, Michael Scheidell reported that yahoo miebehaves when receiving
4xx response after RCPT TO:, while David F. Skoll reported that yahoo
behaves correctly when receiving 4xx after DATA.

I assume your greylist sends 4xx after RCPT TO stage.

I may add that courier smtpd may send 4xx after RCPT either when
maxrecipients is crossed, or e.g. when user's mailbox is full.
However I haven't encountered this before, apparently noone sends us that
much mail from yahoo...

--
Matus UHLAR - fantomas, uhlar [at] fantomas ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.


niamh at fullbore

May 12, 2011, 4:47 AM

Post #24 of 43 (1781 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

Hello Ted,

Thursday, May 12, 2011, 9:54:56 AM, you wrote:

TM> I investigated and did not see retries from
TM> Yahoo's mailservers in the mail log file

Funnily enough I do see retries-

2009-10-03 02:01:32.887 tcpserver: ok 24589 mail.redbus.holtain.net:217.146.107.39:25 n10.bullet.mail.mud.yahoo.com:209.191.125.208::48678
2009-10-03 02:01:32.892 jgreylist[24589]: 209.191.125.208: GREY first time
2009-10-03 02:03:25.201 tcpserver: ok 24631 mail.redbus.holtain.net:217.146.107.39:25 n10.bullet.mail.mud.yahoo.com:209.191.125.208::20564
2009-10-03 02:03:25.206 jgreylist[24631]: 209.191.125.208: GREY too soon



--
Best regards,
Niamh mailto:niamh [at] fullbore


niamh at fullbore

May 12, 2011, 4:49 AM

Post #25 of 43 (1779 views)
Permalink
Re: Yahoo sent 5.5x as much spam as any other legit provider in April [In reply to]

Hello Matus,

Thursday, May 12, 2011, 12:11:10 PM, you wrote:

MUf> Actyally, Michael Scheidell reported that yahoo miebehaves when receiving
MUf> 4xx response after RCPT TO:

Very different from the original blanket claim that "Yahoo's SMTP mailers are
unable to handle a standard SMTP error 4xx, if they get one they abort
the transmission and return the message to the sender"

--
Best regards,
Niamh mailto:niamh [at] fullbore

First page Previous page 1 2 Next page Last page  View All SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.