Problems with Yahoo FBL

There are a couple problems I’ve been alerted to with the Yahoo FBL today.
The first comes from Michael Ellis and is about broken FBL reporting at Yahoo.

[In Firefox and Chrome] If you see a email in the junk folder and open it, then click this is not spam; it tosses you out of the email and back into the junk folder list view and the email is still there. It has also reported it as another Feedback Loop complaint. Only if you hit this is not spam in the junk folder list view does it go to the Inbox.

The second is from Al Iverson. Currently the Yahoo FBL management page is down. A issue has been opened to get this fixed.

Related Posts

FBL updates

Roadrunner shifted the release date for their new FBL to December 14th.
Despite rumors, the Yahoo FBL is not actually accepting new participants.

Read More

Yahoo releases user names

According to TechCrunch, Yahoo has started notifying people if their desired username is available. For users who asked for names that aren’t available now, Yahoo has a solution. They will be keeping wishlists for users for the next 3 years. If those usernames are abandoned and expire, Yahoo will notify people by email.
Any sender using email as an account key (either for resetting passwords or granting access) should be careful about releasing accounts to Yahoo users. Yahoo has established a new header type (Require-recipient-valid-since, currently going through the IETF standards process) to minimize the chance that the wrong people get access to other accounts tied to a recycled mailbox.
For those of us who didn’t put in some addresses we, too, can create username wishlists, we’re just going to pay $1.99 for the privilege.

Read More

Open relays

Spamhaus wrote about the return of open relays yesterday. What they’re seeing today matches what I see: there is fairly consistent abuse of open relays to send spam. As spam problems go it’s not as serious as compromised machines or abuse-tolerant ESPs / ISPs/ freemail providers – either in terms of volume or user inbox experience – but it’s definitely part of the problem.
I’m not sure how much of a new problem it is, though.
Spammers scan the ‘net for mailservers and attempt to relay email through them back to email addresses they control. Any mail that’s delivered is a sign of an open relay. They typically put the IP address of the mailserver they connected to in the subject line of the email, making it easy for them to mechanically extract a list of open relays.
We run some honeypots that will accept and log any transaction, which looks just like an open relay to spammers other than not actually relaying any email. They let us see what’s going on. Here’s a fairly typical recent relay attempt:

Read More