Re: Yahoo Mail Update

[Ross <ross () dillio net>]

On Sun, Apr 13, 2008 at 5:27 AM, Rob Szarka <szlists () szarka org> wrote:
>  At 01:58 AM 4/13/2008, you wrote:
>
> > Why should large companies participate here about mail issues? Last I
> > checked this wasn't the mailing list for these issues:
>
>  True, though some aspects of mail service are inextricably tied to broader
> networking issues, and thus participation here might still benefit them. But
> sadly Yahoo doesn't even seem to participate in more relevant forums, such
> as the spam-l list.

Maybe their management or legal has told them not to. I know when I
worked for a certain company we were forbidden from replying to
operational lists or forums for fear of employees responses being used
against the company in court or in the news.

> > But lets just say for a second this is the place to discuss company
> > xys's mail issue. What benefit do they have participating here? Likely
> > they'll be hounded by people who have some disdain for their company
> > and no matter what they do they will still be evil or wrong in some
> > way.
>
>  I've never seen someone treated badly for trying to help resolve problems.
> I think we all know that it can be hard to get things done within a large
> company and that often the folks who participate on a list like this are
> taking on work that isn't strictly speaking "their job" when they try to
> help resolve mail issues. And when a large company that was a mess does a
> turnaround, they also get praised: just look at the many positive comments
> about AOL on this and other lists over the past few years.

I have seen plenty of people working for isps being abused even when
trying to help solve problems, maybe not on this list but definitely
on others. In many larger companies people have defined roles and
structured goals they need to accomplish or face termination so they
may not have time to participate in other venues. Companies that give
their management/employees latitude and encourage working in the
community should be praised but not all companies are setup this way.
If you don't like how yahoo is responding to issues I would suggest
sending certified letters to every person in upper management you can
find as these people can typically implement changes.

> > It is easy for someone who has 10,000 users to tell someone who has 50
> > million users what to do when they don't have to work with such a
> > large scale enterprise.
>
>  I wouldn't presume to tell them how to accomplish something within their
> particular configuration. But I will, without apology, tell them that they
> need to accomplish it. For example, I'm quite comfortable saying that
> Earthlink should follow the minimum timeouts in RFC 1123, though I wouldn't
> presume to guess whether they should accomplish that by having separate fast
> and slow queues on different servers, on the same server, or not at all.
> Likewise, a working abuse role account is a minimum requirement for
> participation in the Internet email system, and I'm comfortable saying that
> the email it receives should be read by a competent human.

You can tell Earthlink whatever you want but it doesn't mean they need
to follow it. Please read my previous reply about business decisions.
I would agree that it is good for business to try and follow industry
standards but sometimes business decisions need to be made where
standards cannot be implemented. I'm not saying that is the case here
and it could just be utter incompetence but not everything is black
and white.

A working abuse account is not the minimum requirement, I can run a
mail system without that abuse account but may get blocked from
sending mail to certain systems. Read above for my thoughts on
standards.

With that being said I do believe all companies should have a working
abuse email that is appropriately staffed that can respond to
complaints within 72 hours.

> > I find it funny when smaller companies always tell larger companies
> > what they need to be doing.
>
>  When what the larger companies do enables criminal behavior that impacts
> the very viability of the smaller companies through de factor DoS attacks,
> it's not funny at all. Yahoo, for example, has chosen a business model (free
> email with little to no verification) that inevitably leads to spam being
> originated from their systems. Why should they be able to shift the cost of
> their business model to me, just because I run a much smaller business?

I would say that you may being a bit over dramatic but that may just
be me. The cost of their business model isn't shifted to you, you have
the choice to block yahoo email from your systems or you have the
choice to deal with the issues that comes along with accepting their
mail.  Comparing this to DoS attacks is just a little bit over the
edge to me.

-- 
Ross
ross [at] dillio.net
314-558-6455