Jump to content

Yahoo! Mailservers Blocklisted


Jeff S

Recommended Posts

  • Replies 285
  • Created
  • Last Reply

Well isn't this just lovely? Here's the message I sent to the support staff at the company that hosts our website and email:

It seems mail sent from Yahoo! groups (to which we subscribe) are being blocked due to their listing on SpamCop's blocklist, which I suppose you put in place on our email services.

Is there a way now (or can you provide me with a way) for me to access a whitelist on our email server to allow us to receive Yahoo! postings again, or some other means of controlling the use of SpamCop's blocklist with our email services?

Thanks.

And the surprising reply...

The new webhosting coallition agreement require us to use spamcop and spamhaus filters. This way save us tons of resources since they can block tons of spam emails.

Samcop is quite fair, they will release the IP within 1-2 days. I will also fwd this issue to them so they can un-block the big boys like yahoo.com

Aside from noticing the support ticketing system lacks spellcheck, here's what struck me:

  • webhosting coalition?
  • REQUIRES?
  • "so they can un-block the big boys"? yah..good luck with that.

Now I know the short answers from SpamCop disciples are "they're right..SpamCop is fair..and it does save a ton of resources" and "if you don't like it, move your site and email to another hosting provider"

I'm wondering if anyone around here has the long answers. Does anyone here know of what "new webhosting coalition" he refers to? If so, can someone verify that such a coalition requires its members to use the software?

I understand that this is an issue that's best addressed with my webhost, but given that there are hosts out there that take this approach (and mine can't be the only one...a whole "coalition", apparently) maybe it's time we all examine the larger picture and see if there's a better solution out there. It's kind of ridiculous that it's so much work for people to get email they chose to receive (in my case, it would have to be changing web hosting companies and eating the costs of the rest of my contract with them) because so many are so willing to throw the baby out with the bathwater.

Incidently, I am a mail server administrator myself and I can certainly appreciate the value of services such as the one SpamCop provides. But I'm also a frustrated end user, and (as someone who isn't in a position to host all of his domains in-house) a service provider who can't give any good answers to his clients when they ask why they can't receive mail from opt-in lists.

- Chris

Link to comment
Share on other sites

I'm wondering if anyone around here has the long answers.

My 'long' answer is to complain loudly (and get all the other people who are inconvenienced to complain also) to yahoo. They are the ones who are causing the problems by not using very simple procedures (they could reserve some servers for the legitimate groups who don't allow spammers to operate or change their policies for groups so that spammers could not operate).

The other 'long' answer that you are not going to like is that if you want good service (such as whitelisting and people who know how to use a spell checker and how spamcop works), then you will have to eat your contract and go and find one. I doubt that you will get any sympathy from people who have unusable domains because of all the spam. I don't know very much about that end of it since I don't have a domain, but it appears that some domains (paid for) are now so deluged with spam that even filters can't keep up.

An analogy to not being able to order pizza in some offline neighborhoods is often used to explain why some legitimate email is blocked. Very often offline, merchants lose business or have to relocate because of what happens in their neighborhood. Merchants who are proactive, watch zoning board meetings, etc. And the same is true with online business.

Another 'long' answer is to provide a service like yahoo that does not get blocked.

Miss Betsy

Link to comment
Share on other sites

Now I know the short answers from SpamCop disciples are "they're right..SpamCop is fair..and it does save a ton of resources" and "if you don't like it, move your site and email to another hosting provider"

Not really. Follow the FAQ for the BL and you'll find that the advice from the guy that wrote the SpamCop tools suggests using it in a form that Tags e-mail to allow handling, pointing out the aggressive nature of the BL. There are many references here also about other ISPs that allow their users to punch holes and allow some of this stuff through.

I'm wondering if anyone around here has the long answers.  Does anyone here know of what "new webhosting coalition" he refers to?  If so, can someone verify that such a coalition requires its members to use the software?

Not a known entity, but research would be a bit easier had you identified a starting point at least. The "coalition" may be a group of resellers, it may be a band of local ISPs .... maybe they'd answer your next set of questions?

I understand that this is an issue that's best addressed with my webhost, but given that there are hosts out there that take this approach (and mine can't be the only one...a whole "coalition", apparently) maybe it's time we all examine the larger picture and see if there's a better solution out there.  It's kind of ridiculous that it's so much work for people to get email they chose to receive (in my case, it would have to be changing web hosting companies and eating the costs of the rest of my contract with them) because so many are so willing to throw the baby out with the bathwater.

There is a while world out there ... but also pointing out that there have been many attempts made at coming up with a way to stem the tide, even more being looked at to exist in the "next Internet" .... open e-mail relays were once the route, then open proxies, now installing proxies on compromised computers .. not forgetting the ever present hacking of other servers, especially those that shouldn't really have them on-line ... Come up with something hat works and you'll be famous ...

Incidently, I am a mail server administrator myself and I can certainly appreciate the value of services such as the one SpamCop provides.  But I'm also a frustrated end user, and (as someone who isn't in a position to host all of his domains in-house) a service provider who can't give any good answers to his clients when they ask why they can't receive mail from opt-in lists.

That seems confusing .. facts have been supplied, Deputies have looked at spamtrap hits and have verified that they aren't accidental hits, reports are flowing in ... Point those questioning clients to 'here'

Link to comment
Share on other sites

That seems confusing .. facts have been supplied, Deputies have looked at spamtrap hits and have verified that they aren't accidental hits, reports are flowing in ... Point those questioning clients to 'here'

22449[/snapback]

Questioning clients don't care about the reasons things don't work. I understand why things don't work..that's my job, but they don't want me to point them anywhere. Questioning clients just want email they requested to show up. To a client, the answer isn't that complex. If you ask for a service and it doesn't work the way it was expected, there's something wrong with the service. People just want their email to "work", and to them it doesn't seem to.

I'm sorry this seems confusing to you.

Yes yes, I know...it isn't a SpamCop problem. I just figure it's worth giving feedback on the system, so hopefully someone in this "while world out there" will consider these points and be inspired to fix its problems. In the meantime I'll do whatever I can.

- Chris

Link to comment
Share on other sites

Chris, take a close look at the contract you signed with your service provider. Did they explicitly state they would be blocking mail unilaterally without allowing you to whitelist? If not, they may be in breach. Then again, IANAL.

Link to comment
Share on other sites

People just want their email to "work", and to them it doesn't seem to.

I know that people don't want to be 'pointed' anywhere when their email doesn't work; however, IMHO, you could, at least, point them to the real culprits (like yahoo) giving them the info they need to make a good complaint. Perhaps I am an optimist, but I can't believe that people can't understand that *senders* can choose competent and responsible ways of sending email and that spam *can* be controlled if the *senders* use ISPs who make an effort to not allow spammers to use their systems.

so hopefully someone in this "while world out there" will consider these points and be inspired to fix its problems.

The problem is spam. IMHO, the only way to fix the spam problem is for users to insist that the sender be competent and responsible enough not to allow spammers to use their systems. The best way to do this is to use blocklists to reject at the server level so the sender at the user level gets a reply and knows that he is using an incompetent or irresponsible service provider - or that the glitch is temporary like a slowdown on the freeway because of an accident and can use some other means to contact his recipient until the problem is fixed.

Miss Betsy

Link to comment
Share on other sites

What answers are contained here, I don't know, but this is the latest info I've seen on this. Brought over from the newsgroups;

We saw the complaints, found a custom workaround for the yahoo servers.

Found a second problem and put in another workaround. Delisted all the yahoo

servers that were listed and shouldn't have been. If you are still seeing

servers listed email the IP to me at deputies <at> spamcop.net

Ellen

Link to comment
Share on other sites

We saw the complaints, found a custom workaround for the yahoo servers.

Found a second problem and put in another workaround. Delisted all the yahoo

servers that were listed and shouldn't have been.

Good. That's what I was lobbying for all along. If people don't want anything from the Yahoo Groups, then let them *blacklist* "returns.groups.yahoo.com" instead of screwing up the delivery of valid list messages for all the rest of us. Common sense prevailed, IMO.

DT

Link to comment
Share on other sites

As spam is generally defined by *consent*, not *content*, all messages sent to me from yahoogroups are spam, even if *other* people want them.  I reserve the right to report such messages as spam.

22405[/snapback]

When you join a Yahoogroup, you "consent" to receiving email from the group. If this is a public and unmoderated group, then, yes you may get spam. Report the originator of the spam not the group. If you have trouble with this concept, then reserve your right to UNSUBSCRIBE from the group.

Jeff S.

Link to comment
Share on other sites

You say "entire Yahoo Domain" is blocked.  The entire discussion has pointed out the use of IP addresses involved.  There's the FAQ pointer once again, this time perhaps hit the "Glossary" link .. there is a (very simplified) walk through of what an IP address is ...

22387[/snapback]

I said the entire yahoogroups.com domain, 66.218.71.198 and 66.218.66.240. Problem is, Yahoomail.com, which is where the majority of the spam originates from resolves to 66.218.71.198. As of 2 days ago , these addresses are no longer showing up as being blacklisted. But, I have created a number of filters to allow the groups I belong to, to pass through the 'blacklisted' label.

Link to comment
Share on other sites

Not really worth arguing about other than to clear up a few facts. It is possible that your YahooGroups e-mail was primarily coming from your identifed one or two IP addresses, please take a look at http://www.senderbase.org/?sb=1&searchBy=d...tring=yahoo.com which shows a number of the many other IP addesses used. Other complaints about the YahooGroups included a number of these other IP addresses. Just again trying to point out that there is a large difference between "Domain" and IP address in some cases .. and this is one of those. During the blockage period, only some of those IP addresss shown ended up being blocked, so the "problem" was actually based on just which server the blocked e-mail was coming from ...

Link to comment
Share on other sites

When you join a Yahoogroup, you "consent" to receiving email from the group. If this is a public and unmoderated group, then, yes you may get spam. Report the originator of the spam not the group. If you have trouble with this concept, then reserve your right to UNSUBSCRIBE from the group.

Am I understanding this whole problem correctly? Obviously spamcop admin either does not share the concept of blocking/tagging 'big guys' that some of us do or that some spamcop reporters were reporting yahoo for the spam that they received through a group that they were subscribed to.

The way I first understood the problem, it was that spammers used the loose security at yahoo to 'sign' up people for spam - people who had no interest in yahoogroups at all. In that case, yahoo is just as responsible as someone with an open relay or open proxy or compromised computer. And not only that, but if I were a member of a spam free yahoo group and so had whitelisted it, I would not want to get spam from unmoderated groups.

OTOH, if it were only yahoo members reporting spam received in groups, then having a work around would make sense.

Miss Betsy

Link to comment
Share on other sites

As spam is generally defined by *consent*, not *content*, all messages sent to me from yahoogroups are spam, even if *other* people want them.  I reserve the right to report such messages as spam.

22405[/snapback]

When you join a Yahoogroup, you "consent" to receiving email from the group.  If this is a public and unmoderated group, then, yes you may get spam.  Report the originator of the spam not the group.  If you have trouble with this concept, then reserve your right to UNSUBSCRIBE from the group.

Jeff S.

22743[/snapback]

Jeff: Should not really open this up again, but sommerfield wrote ALL messages from yahoogroups, so I doubt if he has joined any yahoogroups. As I have said, being joined to a group without my consent has happened to me in the past as well. I did unsubscribe (because it was yahoo) once I found out what had happened, but as far as I am concerned yahoogroups spammed me (by allowing me to be subscribed without consent) and I complained LOUDLY to them about it at the time. About a year or two ago there were reports they tightened things up, but according to one of the deputies (Don?) in this thread, this seemed to be happening again.

Another deputy (Ellen) then said a workaround was in place, but I'm not sure exactly what that meant. Either the original deputy was mistaken and the spam should have been reported to the moderator instead of spamcop or they have set it up so yahoogroups can not be blocklisted, which if there is still the possibility of remotely signing up an address, is the wrong answer, IMHO.

Link to comment
Share on other sites

  • 3 months later...
Problem #1 - your ISP is apparently using the spamcop blocklist to reject mail from IP addresses that have been reported as sending spam.  Have you asked your ISP if there is a whitelisting function so that mail from your group is not listed.

22319[/snapback]

I currently have my own domain hosted at Hostforweb.com I have spoken to their abuse desk and they cheerily informed me that there are no whitelisting options on their network. Is there any other way I could work around this problem and still recieve emails from legitimate groups at Yahoo! such as the FlyLady?

Thanks so much,

Claire Gilbert

cgilbert[at]ajfire.com

Link to comment
Share on other sites

I currently have my own domain hosted at Hostforweb.com  I have spoken to their abuse desk and they cheerily informed me that there are no whitelisting options on their network.  Is there any other way I could work around this problem and still recieve emails from legitimate groups at Yahoo! such as the FlyLady?

27096[/snapback]

-You can receive your messages through another email address that is not protected using blocklists. Most blocklists only check the connecting servers IP address and if that is listed, reject the connection. Having the message come in a different route would make that connection be the redirection server.

-You can move your domain to a more flexible provider and make sure that someone higher than tech support knows why you are leaving hostforweb.

Link to comment
Share on other sites

Since I have NO idea what to do with any of this, it is clear as MUD to me too, lol.

Dee

22211[/snapback]

Here's another waste of a perfectly good explanation ;)

Spammers use Yahoo groups to send spam to their many victims and yahoo are slow in responding to this (so far)

SpamCop is like a radar and when spam starts being reported through SpamCop; SpamCop blocks the IP it is sourced from

This means the spam is blocked (or flagged) in seconds as the spammmer tries to send spam not after it is sent (A spam run lasts for hours and hours)

When spam stops being reported SpamCop then frees that listed IP (and is the quickest for doing so)

Link to comment
Share on other sites

Has anyone tested the security of yahoo groups lately? A few months ago, someone attempted to add me to their list without my consent. I received a confirmation email as one would expect from a confirmed opt-in system.

Link to comment
Share on other sites

Has anyone tested the security of yahoo groups lately?  A few months ago, someone attempted to add me to their list without my consent.  I received a confirmation email as one would expect from a confirmed opt-in system.

27127[/snapback]

For yahoo groups you are foolish if you do not use a disposable hotmail account

use a hard to guess logon like 1_2_buckle_-my_shoe

(I prefer hotmail because Microsoft actively arrest sue and jail spammers)

They also do a better than fair job of stopping spam (and virus) hitting your inbox (yes hotmail have a whitelist)

When you do report a spammer as a hotmail victim it is flagged for a legal attack

A big problem in accepting the compulsory email account with your provider is that they are mainly absolutely useless (I do not accept them) The worse fact is they then never seem to learn

Right now a legacy email account from UU.net (ozemail) they are offering spam and virus filtering without whitelist. The only mail I still get is spam with legit mail disappearing

There is still no doubt the only and best email account to have is a SpamCop one

Link to comment
Share on other sites

Incidently, I am a mail server administrator myself and I can certainly appreciate the value of services such as the one SpamCop provides.  But I'm also a frustrated end user, and (as someone who isn't in a position to host all of his domains in-house) a service provider who can't give any good answers to his clients when they ask why they can't receive mail from opt-in lists.

22443[/snapback]

That's why I don't use any e-mail address that bounces spam without allowing me to check it. I like my spam in a spam folder where I can check it for false-positives (which happen quite often no matter how careful SpamCop and other spam-filtering methods try to be), and I also want to be able to whitelist e-mail that should never be blocked regardless of whether or not it is on a blacklist.

Blacklists and filters are not 100% accurate and produce a fair amount of false positives, in my experience. I do not use them anymore. Bayesian filters work better than blacklists and content-based filters, but still produce false-positives.

Good luck finding a decent host.

Link to comment
Share on other sites

Bayesian filters work better than blacklists and content-based filters, but still produce false-positives.

27183[/snapback]

in your experience.

In my experience, a DNS blacklist (I use all of spamcop's options) with whitelisting capability is allowing (currently) no more than 2 spams per day through to my inbox while I have not had a false positive in about 6 months.

Without spamassassin set to 5, I would have gotten 5.8% more spam through to my inbox (48 message). If only using spamcops version of spamassassin set to 5, I would have gotten 10.9% more spam in my inbox (91 messages). So the DNS blacklists and spamassassin are finding the same messages most of the time.

On the flip side, of the valid messages in my inbox (4082) 5.7% of the messages (232) had a spam assassin level of at least 3. That would be additional whitelist entries needed to keep those messages out of my spambox.

Link to comment
Share on other sites

Yep, mileage may vary. What works for some people won't work as well for others. But no matter what method you use, a whitelist and a spam folder (or other way to check for false-positives) is a requirement to insure you get all your legitimate mail, while blocking as much spam as possible.

Link to comment
Share on other sites

Yep, mileage may vary.  What works for some people won't work as well for others.  But no matter what method you use, a whitelist and a spam folder (or other way to check for false-positives) is a requirement to insure you get all your legitimate mail, while blocking as much spam as possible.

27212[/snapback]

I agree with the whitelist, but as a residential end user, if I were not reporting spam, I would still rather reject the message and have the sender fix their system (or complain to their ISP) to not even alerting them to the problem.

This would be especially beneficial if the ISP's would lower their rates because their costs were reduced. I know that by eliminating spam from hitting our transmission line, we saved enough to almost pay for Postini to scan and hold questionable messages for our whole domain. Additionally, our firewall and mail server encountered that much less traffic, improving things for everyone in the company.

Link to comment
Share on other sites

True, but for business e-mail, you cannot afford to lose customers because they can't e-mail you. I think personal e-mail accounts can be more restrictive in filtering spam, while business e-mail accounts need to be more flexible. I've had e-mail requesting my services wind up in the spam folder. If my ISP would have bounced it, that would be one less customer, and perhaps they would tell their friends not to use me since I don't answer e-mails. Not a good situation for any business trying to please customers.

Link to comment
Share on other sites

If my ISP would have bounced it, that would be one less customer, and perhaps they would tell their friends not to use me since I don't answer e-mails.  Not a good situation for any business trying to please customers.

27277[/snapback]

That is why the SpamCop function of sorting spam to a held folder for confirming as spam then reporting to an ISP is the best option, than mindlesly bouncing (which far to many ISP's still do)

From my experience (not sure what the colour of the sky is on your world) most spam spew comes from ISP's who do not have a legit contact address so even reporting does not get to a responsive person

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...