[CentOS] OT Mailing List Spam

Glenn centos at 1bigadmin.biz
Fri Oct 3 16:38:45 UTC 2008

At 11:56 AM 10/3/2008, you wrote:
>On Fri, Oct 03, 2008, Mark A. Lewis wrote:
> >>This is why the RFC clearly states that you must answer certain email
> >>addresses; abuse@ being one! If you don't follow the RFC's than how
> >>can anyone expect your protocols or operations to be compliant with
> >>any standards?
> >>
> >>Now, someone decided, in their infinite wisdom, that if you send an
> >>auto-reply directing you to a web form, that this is compliant..
> >>where as I read it as a cheat! That does not allow me to use the
> >>abuse@ address for the function it was intended and as stated earlier:
> >>
> >>
> >>Therefore, I have been given authority to block them, meeting my
> >>management's criteria.
> >>
> >>Make sure your rules meet the RFCs and your management's criteria and
> >>you will make your life a whole lot simpler.. Oh, and argue the RFC's
> >>with management, in case they do not understand!
> >So, let's look at your stance.
> >abuse at yahoo.com would probably get millions of mails a day. Acting more as
> >a spam trap more than anything else, and I don't think anyone would call
> >them unreasonable for not reading each and every mail sent to it. If you
> >think they should, perhaps you should volunteer.
>Male Bovine Defecation!  If yahoo is going to provide mail services,
>they damn well should do it in a responsible manner.  Just becaue
>they are big does not exempt them from this responsibility.  On
>the contrary, the large free mail providers, yahoo, hotmail,
>gmail, etc. are frequently used by spammers, phishers, and other
>criminals for drop boxes to further their crimes.
>As large as it is, AOL does a very good job of dealing with
>complaints and handling spam.  They are also quite active in the
>anti-spam/anti-phishing community.

Agreed! AOL does do a fine job at policing their users.

And for that matter when I report these zombied users (mostly) or 
rampant criminals (rare) to a large ISP, usually 10x+ the size of my 
organization, I am already working for them; policing users they 
should have caught! If they are on their network spewing port 25 
packets in large volumes, with no authentication to their mail 
gateway, then they are not effectively policing their users! I can 
and will catch anyone doing so, because I am a very small 
organization with no political clout and have a reputation to maintain!

Why don't you go work for them? Sounds like you already do and are in 
CYA-mode. I already report their abusive, zombied customers.

These organizations can filter all the incoming for their users. 
They've left it to you and I to clean up after their users 
shortcomings on outgoing. Lazy? Profits? Both?

More information about the CentOS mailing list