[Mailman-Users] Mailman postings deferred by Yahoo

Stephen J. Turnbull turnbull at sk.tsukuba.ac.jp
Thu Feb 21 04:50:52 CET 2008 

Brian Carpenter writes:

 > This wouldn't be a problem if they just applied a filter to that person's
 > e-mail address but to block an server's IP from sending any e-mail to all
 > their users? <shudders>

Hold that shudder ...

 > and none of the major e-mail providers are willing to come up with
 > a system that doesn't target the middle man.

That's because an *effective* system *must* target the middleman.
(Well, it could target *their* customers.  Not likely, right?)  It's
not possible to target the ultimate source (without widespread use of
strong authentification by the good guys -- but both you and Mark have
objected to plausible implementations of that in this thread); that's
like trying to target the Milky Way galaxy with a spitball.

Just read the FAQ for this list.  You will find Brad Knowles (a
recognized expert on the subject) advising over and over again that to
keep spam out of your users' mailboxes, you need to stop it before it
reaches your server.  And the only way to do that (that you can
implement in your own servers) is to refuse suspicious mail.

Full circle.

Granted, Brad himself often criticizes the implementation at AOL,
Yahoo, et al.  But the underlying strategy is the same.  "Stop spam as
far upstream as you can."

 > Wait till you get Yahoo's response asking you to add every single domain
 > name you want a report on, to a text file along with its domainkeys. For a
 > hosting company that hosts thousands of domains, such a request is
 > ridiculous.

... do you still have that shudder?  Here comes the punchline! ...

 > AOL does it by the IP address not by domain.

You can't have it both ways.  If AOL's database is organized by IP,
when you get filtered, you will get filtered by IP.  If you want Yahoo
to distinguish your "diligent" (and/or "lucky") domains from the less
so, you're going to have to give them domain keys so the good ones
can't be spoofed by the bad ones (or worse, by the bad guys
themselves).

You don't have to like it; I don't like it at all.  But it's not very
useful to propose that the 600-lb gorillas "stop targeting the
middlemen," nor to complain about gorillas that ask for authentication
of every domain that wants to clear its reputation with the simians'
systems.  Not until we can provide an alternative that looks like it
might work.

I for one don't have one.

More information about the Mailman-Users mailing list