[Mailman-Users] Mailman postings deferred by Yahoo

[Stephen J. Turnbull]

Attila Kinali writes:

 > > This is just selective greylisting, which lots of sites use as a
 > > blanket policy.
 > 
 > It's definitly not greylisting. Our server sends out a few dozen mails
 > a day on the low traffic lists to a few hundred on the high traffic ones.
 > Any greylisting that is half way sanely implemented should know after
 > the second mail that the server is a legitimate sender.

Well, maybe.  That is harder than it sounds to scale, though.  The
problem is that Yahoo has a lot of MXes, each handling hundreds of
thousands or millions of messages per day, and they're going to need
to propagate the greylist database to all of them somehow.  It's a
solvable problem, but nontrivial.

If you're using exim -qff, you also may be running into a problem of
hammering on their MXes too frequently; many greylisting algorithms
don't like that.

BTW, do you think they're lying about the user complaints?

 > I'd rather say [Yahoo] have no clue at all. 

The problem that Yahoo faces is that not only is their hardware
distributed, so is their wetware.  It's a lot easier for one person to
handle a few clues about the easy problems that one person can handle
than for an organization to deal with many clues about the much harder
problems of scaling to Yahoo size.

 > I don't know whether i should do domain keys. Sofar it was never
 > a problem that we got tagged as spamers, it might be worth it
 > if more ISPs start to filter based on these. PGP is definitly
 > not an option. We send out way over 100k mails per day over mailinglists
 > (at some days it reaches even 200k mails/d). Signing all of them on the
 > server would produce too much load.

Domain keys are per-message cryptographic signatures, too.  And as for
200K mails per day, is that 200K *posts* per day, or more like 2000
posts per day going to 100 recipients each, or even better yet, 200
posts/day going to 1000 recipients each?  And which would you rather
do: save a few CPU cycles, or reliably get your mail through?  Maybe
the usual variants on PGP are too expensive, but something weaker will
do until the spammers catch on, by which time you can hope that
everybody has enough CPU, and so on.

I know that the conventional wisdom that signing mail is very
expensive is well-justified, but on the other hand you have to
remember that there's a difference between "very" and "too" expensive.

BTW, of course it turns out that Yahoo doesn't implement the standard
that it sponsored (DKIM), but rather its own legacy variant.  Why am I
not surprised?  :-(I don't know how compatible they are, either. :-( :-(