Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
America Online The Internet IT

AOL Placed on Spam Blacklist 364

Hacker-X writes "According to this item over at Spam Kings, AOL has had a large swath of its IP addresses added to the Mail Abuse Prevention Systems (MAPS) Real-time Blackhole List (RBL). The RBL is used by many corporations and large ISPs to filter spam. MAPS evidently started blocking the AOL mail servers less than 24 hours after filing a complaint with AOL's abuse desk. The block was initiated in response to spam emanating from AOL mail servers."
This discussion has been archived. No new comments can be posted.

AOL Placed on Spam Blacklist

Comments Filter:
  • Overzealous (Score:5, Insightful)

    by Oculus Habent ( 562837 ) * <oculus.habent@gm ... m minus caffeine> on Tuesday April 26, 2005 @01:19PM (#12350273) Journal
    Overzealous RBL admins screw everyone. If they think everyone is going to sit back and not mind that major ISPs like AOL have been blacklisted, they are (hopefully) if for a rude awakening.

    How does someone seriously justify this? Isn't this like cutting off one's nose to spite one's face?

    Maybe it's time to come up with a hybrid system? How about a combinations of black and "gray" lists, where the gray lists are subjected to greater scrutiny or harsher limits by spam filtering software?
    • Re:Overzealous (Score:5, Insightful)

      by Dionysus ( 12737 ) on Tuesday April 26, 2005 @01:22PM (#12350302) Homepage
      How about people stop using RBLs if it bothers them that certain ISPs get blocked?
      • Re:Overzealous (Score:4, Interesting)

        by __aainau5532 ( 573672 ) on Tuesday April 26, 2005 @01:33PM (#12350413)
        Who said it bothers some people? They most likely don't get the traffic bill every month. And also since some providers think they can block everyone and whitelist only the one that have signed there agreement I don't really care any more about mailserver who are listed. I only care about national mailserver and the rest is allowed to unlist themselfs. I even think there comes a moment this year or next year that some RFC-issues are being required to mail my mailservers.
    • Re:Overzealous (Score:5, Insightful)

      by PDXNerd ( 654900 ) on Tuesday April 26, 2005 @01:23PM (#12350309)
      So it's OK to blacklist a little guy that has a misconfigured/hacked email server that is spitting out spam, but if a big fish does this, we should justify and make excuses for them??

      This should be the rude awakening to AOL - clean up your act. Stop allowing spam to be sent, or your users might start getting peeved that their emails aren't getting through. Most rookies have been through this - how embarrassing for AOL to have to go through it to! ;-)
      • Re:Overzealous (Score:5, Interesting)

        by Oculus Habent ( 562837 ) * <oculus.habent@gm ... m minus caffeine> on Tuesday April 26, 2005 @01:33PM (#12350412) Journal
        AOL is not "special" in that circumstance. The short response timeframe is a little harsh, but I don't keep up on my blacklist policies, so I can't compare it to others.

        I don't disagree with you. AOL shouldn't get preferential treatment because they are big, but blacklisting major ISPs comes with the very real possibility of hurting many other businesses by association. Yes, the same is true of the little guys, but the potential loss rate is likely much lower.

        That's why I suggest the gray/black list combo. If you could graylist someone immediately, and use that as a means for stricter spam control - combine it with Known Good Senders, whitelists, better heuristics or tougher Bayesian filtering - while mitigating the potential for lost business by not outright blocking all messages, I think that is an amicable solution. Blacklisting then becomes the consequence for not resolving your spam problem, not for simply having one.
        • Re:Overzealous (Score:2, Informative)

          by morcego ( 260031 )
          I'm sorry to say this, but AOL is already "gray" to me all the time. If coming from the AOL address space, e-mails will get +1 the my local SpamAssassin parses them. Same goes for Hotmail and a couple other places.
          • That's the intent. Sites that have spam issues should be scrutinized. And there should be graylists that keep you from having to specify them manually.
        • Re:Overzealous (Score:5, Insightful)

          by berzerke ( 319205 ) on Tuesday April 26, 2005 @01:44PM (#12350523) Homepage

          AOL is not "special" in that circumstance. The short response timeframe is a little harsh...

          Well, if you've had your entire domain blocked by AOL without warning, you might disagree. You might disagree strongly if after contacting AOL, they admitted you were wrongly blocked but they were having trouble figuring out how to unblock you (took a week).

          How many double opt-in e-mail lists have been blocked simply because some AOL luser couldn't figure out how to unsubscribe (or didn't even try to) and just hit the report as spam button? (Hint: I know of 3 just off the top of my head.) AOL blocking is automatic. Guilty until proven innocent. Is 24 hours really that harsh given what AOL does to others?

          Of course, if we could all convince the idiots that buy from spam to stop buying, this whole problem would disappear on it's own.

          • Re:Overzealous (Score:4, Informative)

            by Vainglorious Coward ( 267452 ) on Tuesday April 26, 2005 @01:52PM (#12350601) Journal

            How many double opt-in e-mail lists have been blocked...

            Do you mean "confirmed opt-in"? If so, you should say so. "Double opt-in" is a meaningless phrase, beloved by spammers. I have every confidence that you're not a spammer, but if you speak in the spammers' language, people will get the wrong idea about your lists.

          • Re:Overzealous (Score:3, Interesting)

            by dfiguero ( 324827 )
            How many double opt-in e-mail lists have been blocked simply because some AOL luser couldn't figure out how to unsubscribe (or didn't even try to) and just hit the report as spam button?

            I was going to make exactly this point!

            I manage a popular web site in Mexico that distributes an opt-in mailing list. We've been marked as spammers multiple times because a particular user decides he doesn't want to receive the newsletter anymore and does not take the time to click on the unsubscribe link sent in the emai
          • Re:Overzealous (Score:2, Insightful)

            by Anonymous Coward
            How many double opt-in e-mail lists have been blocked simply because some AOL luser couldn't figure out how to unsubscribe (or didn't even try to) and just hit the report as spam button?

            To spammers, hitting the unsubscribe button is no different than saying "I'm here! Look at me, I have an E-mail address that I use! Send more!"

            It's just easier to deny a subscription that you don't want, than to risk making 100 more.
            • To spammers, hitting the unsubscribe button is no different than saying "I'm here! Look at me, I have an E-mail address that I use! Send more!"

              Yes, but what the post you replied to was talking about was not spam, but lists that people have willingly subscribed to. The problem being that there are some people who, when they decide they no longer want to be on such a list, click AOL's "report this as spam" button rather than unsubscribing from the list, which they themselves subscribed to.

      • Re:Overzealous (Score:5, Informative)

        by Matts ( 1628 ) on Tuesday April 26, 2005 @01:33PM (#12350415) Homepage
        You need to look at the facts a bit closer. AOL *has* cleaned up its act, more than anyone else on the entire internet. It's stunningly clean for an ISP of its size.

        This was caused by one spam. Let me just repeat that: out of 60 million users MAPS saw one spam coming from AOL's outbound mail servers [aol.com].

        Now AOL does have a set of IPs out of which some spam does emanate - the rlyIPXX block [aol.com] (64.12.138.(7-9)). This is the IPs that they redirect direct-to-port25 mail through, and they actively encourage people to block this range. It's been publicly stated that they intend to shut this activity down real soon now, but in the meantime most people just block that range and don't see a problem.

        Check the anti-spam newsgroups and mailing lists some time. AOL is hugely respected in anti-spam terms these days. And deservedly so.
        • Re:Overzealous (Score:5, Informative)

          by jenkin sear ( 28765 ) * on Tuesday April 26, 2005 @01:40PM (#12350493) Homepage Journal
          I have to agree. We run some very large (1MM subscribers) mailing lists for our customers - not spam, just company announcements and such. AOL had a great process for getting whitelisted with them- they checked that you were legit, that your mail servers handled bounces correctly, and that your systems were rfc whatever compliant.

          Compared to Yahoo and MSN/Hotmail, AOL is completely buttoned down and has their act together.
      • Re:Overzealous (Score:5, Interesting)

        by gregmac ( 629064 ) on Tuesday April 26, 2005 @01:49PM (#12350568) Homepage
        So it's OK to blacklist a little guy that has a misconfigured/hacked email server that is spitting out spam, but if a big fish does this, we should justify and make excuses for them??

        NO -- it's not ok to blacklist the little guy either.

        If they're misconfigured/hacked, and spitting out spam, sure .. blacklist them (whether they're AOL or a little isp). Of course, you should probably send a message to abuse@ their domain trying to inform them..

        Too many lists don't check though. They get a complaint, and bam, blacklist. I run a small web/mail server (300 domains, 16 IPs), and this is highly annoying. We've been blacklisted before because someone complained about a legitimate mailing list they were on. No double-checking, no investigation into the complain, we just got blacklisted immediately.

        Most recently, we were blacklisted by SORBS because another system that shares colocation with our server was hacked. Immediately, they blacklisted the entire subnet. This affected us, and numerous other customers that have no affiliation other than sharing colocation space.

        I noticed we were on the list when someone in the office complained about not being able to send mail to an address she could send to a couple hours earlier. Upon looking into it, we eventually found out that teh entire subnet was blocked (and we couldn't even request to remove the block), so we contacted our ISP. They told us they had just discovered that hacked system and disconnected it, and tried to get the block removed from SORBS.

        In all, our ISP had found and disconnected the system within 3 hours of it being hacked, yet we were on the list at least 24 hours. During this time, none of our customers can send mail to anyone with a provider using SORBS. Our server was fine, their servers are fine, but because of a completely unrelated incident with unrelated people, it affects hundreds more.

        The big problem is, it's basically impossible to run a mail server without using RBL's (we tried).. you just get hammered. RBLs are definately useful, but there are too many run by over-zealous admins with basically an itchy trigger finger. Hopefully stunts like this will make people realize the problems with RBLs and maybe we can drop the ones that are run this way.
        • Comment removed (Score:4, Informative)

          by account_deleted ( 4530225 ) on Tuesday April 26, 2005 @02:14PM (#12350827)
          Comment removed based on user account deletion
          • Re:Overzealous (Score:3, Informative)

            by dodobh ( 65811 )
            Try harder. We have 41 million users, with over a million SMTP sessions a minute handled (90% rejection at the edge, and 80% of what gets through is still spam). We *need* DNSBLs.
    • Re:Overzealous (Score:5, Insightful)

      by FortKnox ( 169099 ) * on Tuesday April 26, 2005 @01:23PM (#12350312) Homepage Journal
      Being in a blacklisted IP-Range before, I can share your frustration. But I do believe the motives behind this isn't to keep AOL blacklisted, but to motivate AOL to fix their outgoing spam problems. Nothing says "Fix people spamming from your service" like thousands of angry customers...
      • Re:Overzealous (Score:3, Informative)

        by dougmc ( 70836 )

        Nothing says "Fix people spamming from your service" like thousands of angry customers...

        I do agree, however the flip side of that coin is that nothing says `drop that black list' like not being able to get email from grandma or Aunt Tillie [catb.org].

        By adding AOL to the blacklist, you might persuade AOL to clean up their act, maybe, but you also will find a lot of people dropping your blacklist because _their_ customers got angry ...

        Fair or not, you really can't add AOL's main mail servers to any sort of


      • I expect this will manifest itself as a widespread drop of the particular RBL, not AOL changing their policies. People want to email companies, and companies want to be able to get legitimate email. AOL and the RBL service are in the middle, and the vocal ones are going to point at the RBL.

        This is really just a guess, though. I'd certainly prefer if someone at AOL got their head out of their ass.
      • My issue isn't with the intent or the motivating factor, it's that we use such Draconian measures when better solutions could be used.

        While blacklists certainly have a place, that motivation could - and I stress could - result in serious financial consequences. Can you imagine if Yahoo! was blacklisted, and the thousands upon thousands of Yahoo! Stores could no longer send e-mail to large segments of their customers?

        Binary though our technology may be, the world in which we use it is not. The answers need
    • Re:Overzealous (Score:4, Interesting)

      by jsight ( 8987 ) on Tuesday April 26, 2005 @01:23PM (#12350319) Homepage
      Isn't that what everyone does with the black lists anyway? I think most of the smarter software packages just use the information as part of their normal weighting systems for determining whether or not to reject a message as spam. Ie, if the message looks spammy, and it is from a site on an RBL, then it probably is spam. If it's just from an RBL, then pass it on as normal.
      • Re:Overzealous (Score:3, Insightful)

        by Allen Zadr ( 767458 ) *
        O.K. - so you use SpamAssassin... so do I. Meanwhile, in the rest of the world...

        That is to say - not everybody has the flexability to put in a user-tunable system. Some of the "black-box" systems are more tunable than others, but most of the time, if a black-list is configured - it's "black".

      • No, for most people these filters are implemented at their ISP, and they have no control over it.
    • Recent related Ask Slashdot here. [slashdot.org]

      Giving them less than 24 hours to respond seems a little extreme to me, but I don't really make many complaints to abuse desks so don't know what the average response time is.
    • It's their decision, and if it drives away business, that was there error. This is still the free market, and as capitalists, they should know that.
    • by ShaniaTwain ( 197446 ) on Tuesday April 26, 2005 @01:25PM (#12350336) Homepage
      How about a combinations of black and "gray" lists, where the gray lists are subjected to greater scrutiny or harsher limits by spam filtering software?

      What about silver lists that block AOL cd's?
    • Re:Overzealous (Score:3, Insightful)

      by LurkerXXX ( 667952 )
      Sorry, the only ones that I have to cater to are the users of my email servers. If they don't like it, then I have an issue. If they don't mind AOHell spammers being blocked, then it's not an issue. No need to justify it to you.
    • Wasn't it uu.net that got the "usenet death penalty" in 1997 or so? This is hardly the first time.

      Though the one I'd *really* like to see on the list is ebay until they both actually accept complaints at abuse@ebay.com, and actually do something about them . . .

      hawk
    • Re:Overzealous (Score:5, Informative)

      by Saxton ( 34078 ) on Tuesday April 26, 2005 @01:31PM (#12350400) Homepage
      Well, it looks like things got turned around anyway:

      [UPDATE: Looks like MAPS changed its mind. As of Tuesday afternoon ET (GMT -4:00), AOL's listing at the MAPS site is gone, and a lookup shows AOL's mail servers no longer seem to be on the MAPS RBL list. No word yet on whether AOL resolved the spam problems, or if MAPS just decided to give AOL more time.]
    • How does someone seriously justify this?

      Because customers are paying them to do it. If Kelkea (the new MAPS owners) lose enough business because they put a large chunk of AOL on their blacklist, then they'll think twice before making large decisions like this.

      However, my guess is that they won't lose any business at all.

    • People who use RBLs with overzealous admins, and force everyone on their network to use them as well suck. For your own personal server, just stop using MAPS RBL. What sucks is when you have BOFH types using RBL lists at ISPs, where individual users have no control over how their mail is filtered. On the other hand, AOL is overzealous with their own spam blockers, so meh. (Third hand: how much you want to bet AOL gets taken off the list the second they fix the problem, unlike small ISPs)
      • On the other hand, AOL is overzealous with their own spam blockers, so meh

        Yes they are. But in their defense, they are quick to unblock you provided you comply with their request (fixing the problem, setting up reverse, etc).

        My only complain is that any email you send to them gives you an autoreply telling you to phone their postmaster helpdesk.

        But at least you don't get caught in limbo like so many unlisting procedures out there.
    • Have you ever had to deal with AOLs abuse system .
      Well a year or two ago i was making a complaint about a couple of AOL members abusing a web server(could of been only one with 2 accounts). in total i think i sent them 50 complaints with logs and only ever got 2 emails back saying it will be looked into .
      Time passed but still nothing , in the end i had to blacklist most of the USAs AOL members and all AOL email address(random IP adress on a nasty scale , and free emails).
      Im not alone in this action i know
  • by Danimoth ( 852665 ) on Tuesday April 26, 2005 @01:21PM (#12350284)
    I don't want to hear from anyone who uses AOL anyways.
    • Re:Won't miss them (Score:5, Interesting)

      by ScentCone ( 795499 ) on Tuesday April 26, 2005 @01:24PM (#12350326)
      I don't want to hear from anyone who uses AOL anyways.

      Yeah, who wants to do business, say, with tens of millions of people.

      I've got e-commerce clients that, unable to communicate gracefully with AOL users, would run into trouble with a third or more of their customers. This is not trivial, it's blacklist BS, and a sign of how that solution to the problem is part of the problem.
      • and a sign of how that solution to the problem is part of the problem.

        Yeah, newbies being given crappy software.
      • by Vainglorious Coward ( 267452 ) on Tuesday April 26, 2005 @01:45PM (#12350541) Journal

        I've got e-commerce clients that, unable to communicate gracefully with AOL users, would run into trouble with a third or more of their customers. This is not trivial, it's blacklist BS

        Is MAPS forcing you to use their lists? No. So what's your problem?

        • Is MAPS forcing you to use their lists? No. So what's your problem?

          Just because I host or maintain e-commerce tools for a merchant doesn't mean they're in the mood to break their e-mail away from some other ISP to which they're somewhat attached, or which they use for mail because that's who provides the pipe into their offices. Of course I'd prefer to host their mail, though spam management has me more and more allergic to that side of the business. Issues like this can kill a man-week of productivity,
        • by zakezuke ( 229119 ) on Tuesday April 26, 2005 @02:39PM (#12351078)
          Is MAPS forcing you to use their lists? No. So what's your problem?

          So in the end no one is accountable. The ISP doesn't make the list MAPS does, so it's not their fault. MAPS says no one has to use their lists so it's not their fault they just make the list. Any collateral damage is just a figment of your imagination. Nobody's fault, nobody's problem.

          This is the major issue I have with many spam lists. You are fed this circular logic and the only way to break the circle is to change ISPs and hope you don't have a problem again.
      • Re:Won't miss them (Score:2, Interesting)

        by OhPlz ( 168413 )
        Yeah, who wants to do business, say, with tens of millions of people.

        They're a risky isp to deal with, or maybe it just seems that way because of their size. I used to admin a site that sold long distance calling minutes. We had a disproportionate amount of fraud coming from their domain. I believe it has to do with their "free cd" blitzing and their size giving the ability to eat small losses.

        You get fraudsters with stolen credit cards, an isp that enables you to use them and does not respond to mer

    • Re:Won't miss them (Score:3, Insightful)

      by AdamWeeden ( 678591 )
      I would think your in a minority. I would be willing to bet a large segment of the internet population gets regular email from AOL users. Whether they be clients or family members, who you can't simply tell "AOL is a piece of crap, get a different ISP." Why? Because either they'll ignore me or I'll have to spend every other weekend having to show them how to do what they used to do on AOL.
      • I would think your in a minority. I would be willing to bet a large segment of the internet population gets regular email from AOL users.

        The internet is more than just the US, thank you.
    • Re:Won't miss them (Score:4, Insightful)

      by lilmouse ( 310335 ) on Tuesday April 26, 2005 @01:29PM (#12350377)
      My cousing uses AOL. I haven't been able to send e-mail to him for a long while already (they blacklisted us); now I guess he can't write me, either!

      I'm really glad that e-mail is such a great way to keep in touch with everyone! Even the ones I won't miss ;-) Seriously, though, it's like we're going backwards in time, when you couldn't just send e-mail to one address to reach somoene. If I want to contact him, I have to log into Yahoo, use that account...

      Does that make him yahoo.com!my.cousin@aol.com?

      --LWM
      • Oh my, I never thought reading through the Jargon file would ever prove to be useful...

        But yes, it's somehow similar. I'm also constantly irritated by the delay function of my uni mailserver, that makes all mail arrive 30min to 6 hours later than they should. Really irritating when I need to register for something, and I can't activate the account. It's like the email world is connected together with modems. Thankfully I don't get any spam anymore though.

    • I don't want to hear from anyone who uses AOL anyways.

      I have had friends who got AOL accounts just for this reason - it is a good place to "hide".

  • What ???? (Score:2, Funny)

    by baomike ( 143457 )
    You mean AOL isn't the only one forwarding spam?
  • Accountability (Score:5, Interesting)

    by winkydink ( 650484 ) * <sv.dude@gmail.com> on Tuesday April 26, 2005 @01:21PM (#12350295) Homepage Journal
    I'm a big fan of MAPS, but one would think that over the years they've developed some very high-level contacts over at AOL and that they would call these guys up and talk it out before undertaking a major blacklisting.

    Some BL lists have no published way to get off once on. There should be some consistency to at least getting removed. I speak from experience of having "inherited" an IP addr from my hosting provider that was formerly an open-relay. It took a lot of effort over 2 weeks to clean that mess up.
    • Re:Accountability (Score:5, Insightful)

      by fm6 ( 162816 ) on Tuesday April 26, 2005 @02:06PM (#12350738) Homepage Journal
      Get real. MAPS is a holy crusade, and all ISPs are presumed guilty until proven innocent. And proof ain't easy to come by.

      The assumption of anti-spam activists seems to be that spam wouldn't be possible without the knowing collusion of evil ISPs. Obviously, evil, greedy people will only respond to threats to their income. So never mind negotiations -- blacklist 'em until they repent.

      Which ignores the difficultly of enforcing a spam policy. You can't just terminate somebody's account the first time somebody accuses them of spamming -- it's not fair, and will probably get you sued. Having worked at an ISP, I can tell you they get lot of bogus spam complaints, mostly from people who don't know how to figure out who owns an IP block, or who misread mail logs. And in some cases, the owner of the IP block just rents rack space to the SMTP provider. Which may well do a poor job of policing spammers -- but you have to make some attempt to get them to improve before you ditch a customer who's paying you tens of thousands of dollars a month.

      MAPS and their ilk also seem totally ignorant of Hanlon's Razor [jargon.net]. Very often ISPs assign their abuse issues to unsocial geeks whose communication skills and capacity for objective thought is quite limited. So of course they return MAPS's arrogant ignorant anger with more of the same. The resulting interaction is not conducive to solving the problem.

      So yeah, ISPs are not blameless. But they're not the greedy bastards the stupid bastards at MAPS like to get mad at.

  • by JPelorat ( 5320 ) *
    HA HA!
  • I have been filtering AOL along with many other free email hosts, straight to the trash. If I know someone with an email there, I whitelist them.
  • by DamienMcKenna ( 181101 ) <damien@[ ]kenna.com ['mc-' in gap]> on Tuesday April 26, 2005 @01:23PM (#12350314)
    I just about spewed my lunch across my lovely dual monitors... don't do that!

    Damien
  • AOL deserved it (Score:3, Interesting)

    by JWSmythe ( 446288 ) * <jwsmythe@noSPam.jwsmythe.com> on Tuesday April 26, 2005 @01:24PM (#12350332) Homepage Journal

    AOL is definately a group that deserves a bit of their own treatment. I've found so many networks get blocked for insignificant things. I have a mailing list of just my members, and no one else. Because one person accidently hit "Abuse" (of the 40 AOL people on the list), we were blacklisted. Not just an IP, but a /24 , which was already in their "feedback loop". {sigh}

    It's not the first encounter I've had with AOL. Anyone who sends mail eventually finds themselves blacklisted with AOL. They're just a pain in the ass. Unfortunately, you can't just convince anyone using AOL's email to switch to someone else. If only it were so easy.

    At one time, AOL blacklisted my home IP. It was a static IP, which I was the only user of. I don't know which genius did it, but someone who I was personally mailing (like, not even Bcc lists or newsletters) must have hit the abuse button.

    I'm sure it helps them out. If they can knock out 25% of their mail load at any given time, it's 25% less mail they have to process. Who cares which 25%, eh?

    • AOL is so 90s. The only reason why their instant messeenger was a success, is because it's free. I am surprised they haven't made the chat service free.

    • Re:AOL deserved it (Score:3, Interesting)

      by afidel ( 530433 )
      Actually AOL has one of the best abuse departments I have had the pleasure of working with. They publish their general rules, and if you can't figure out why you are being blocked just give them a call. They have always been very helpfull with me and given me the exact reason for the block and how I can go about resolving the issue. If you are blocked and resolve the problem they will probably automatically detect the fix, but if they don't a phonecall to their abuse desk with an explanation that the proble
      • Re:AOL deserved it (Score:4, Informative)

        by JWSmythe ( 446288 ) * <jwsmythe@noSPam.jwsmythe.com> on Tuesday April 26, 2005 @02:59PM (#12351248) Homepage Journal
        AOL and Earthlink's method of blocking anyone who may have potentially offended, is very bad. With their methodology, I should need to call every ISP to ask not to be blocked, because one of my customers may want to send one of their customers a message.

        I just pulled a report from one of our membership databases. Of 370,918 users, there were 39,692 distinct domain names. In the top 50 of that list are a few I can't call. wanadoo.fr . t-online.de, libero.it, bluewin.ch, tin.it, planet.nl. You get the idea.

        If everyone took up AOL's anti-spam scheme, I would need a staff of people who's sole job was to call all the ISP's, and make sure we weren't blocked.

        The *BETTER* method is not to block based on any one rule. It's what you see with hotmail, mail.yahoo.com, gmail, etc.. Bad mail is received, and filtered into a spam box.

        With our mail servers, we do the same thing. We use mailscanner (mailscanner.info), with spamassassin, 5 blacklists, and two virus scanners. If the score is high enough, it simply adds a bit to the subject line.

        [UBE/UCE/SPAM] original subject

        My users have the option of deleting those automatically, or filtering them off to another box.

        Right now, I have 6,634 messages in my spam box, and 1052 in my inbox. You could say 15.8% of my mail is real, but that's not completely accurate. A lot of the "real" messages in my inbox are automated messages, such as server notifications.

        The ***HUGE*** difference between what I do and what AOL does is this.. When I get a message, even though the mail server suspects it is spam, it still gets delivered into my spam box. **I** have the option of choosing what **I** want done with it. If **I** want to delete it, I can. If **I** want to have the mail server delete it before it even gets to my box, I can. If **I** want to keep them all, so I can make statistics about how many spams I get, I can. And if someone says "I sent you an Email, but never got a reply", I can check my spam box. The last time that happened was over 6 months ago. It's very rare that a legitimate message gets flagged as spam.

        Since I know for a fact that AOL blocks legitimate messages, that means that they are completely in the wrong with their methodology.

        I've spent several conference calls on with AOL. They believe that they are the Internet. They are the only mail server, and anyone who isn't using AOL is some sort of evil hacker. It was really frustrating, when every reference they made indicated there was only AOL. They said that their blacklist protects all mail servers. Even mine? Yes. So I asked how I got that protection. They don't know. It's just there. Like divine intervention, or eye boogers. I tried to explain that I'm a SysAdmin, and I may know a little bit about the magic of the Internet. He refered me to their standard page, http://postmaster.info.aol.com

        Yes, we are already in the "feedback loop". They know all our networks. They have the email and phone number of a contact who's always available. The contact watches the abuse mail for the occasional misguided soul who hits "Abuse" instead of "Reply". Every month or two, we get some part of the network blacklisted. We call up, and they promise to 'whitelist' us. We dance around this with a few dozen calls, and then everything is fine for a month or two. Lather, rinse, repeat.

        It's *REALLY* annoying to **NEED** to call another company to ask for their permission to play on their Internet with them.. Like I said at the beginning of this message, almost 40,000 domains. If everyone played this way, that would mean 40,000 calls so people could send out EMail. That *ALSO* means I would need to have phone support people ready to answer 40,000 calls. I don't really want that. My budget for staff is better used for staff who do a job which is helpful to the company.

        I guess if 40,000 providers did hire say 8 employees to handle calls (4 outbound, 4 inb
  • You can please some of the people some of the time... but this should just about please everyone :)
  • This doesn't resolve anything except make end users on both sides angry. This is very unproductive for both parties.

    I can say this well, lets say I know how things work; they have automated spam blocking mechanisms to disable accounts who spam. A majority of accounts used for spamming are compromised, and that is the issue. Repeat offenders are terminated. No questions, and they can not reactivate. Spammers are just password cracking accounts and bulkmailing out of them. It sucks because a few people w
  • this is out of hand (Score:5, Interesting)

    by nganju ( 821034 ) on Tuesday April 26, 2005 @01:27PM (#12350362)

    FTA:
    "the RBL blacklist is used by some of the biggest ISPs in the world, including RoadRunner, USA.net, BT, Telstra -- and AOL itself"

    I could send an email from my own account, to my own account, and it would be deleted as spam.
    • It is very unlikely that mail sent from your AOL mailbox back to your AOL mailbox would go through a server that uses MAPS. It is much more likely that AOL uses MAPS only on the mailservers that receive mail from the Internet.
  • irony (Score:2, Insightful)

    by tverbeek ( 457094 )
    To me this is ironic, because AOL is currently refusing e-mail from my server, due to unspecified (and assuredly inaccurate) allegations of spam coming from it.
  • by frankie ( 91710 ) on Tuesday April 26, 2005 @01:28PM (#12350370) Journal
    MAPS stopped being a reputable service ever since they joined MFN/Abovenet [spamhaus.org]. I say this as someone who previously supported MAPS and even donated to their legal defense fund.

    It was quite sad to see them fall to the dark side. It's even sadder to see that MAPS is still in active use by anyone outside of MFN.
  • Back-port (Score:5, Funny)

    by Kimos ( 859729 ) <kimos.slashdot@nOSpAm.gmail.com> on Tuesday April 26, 2005 @01:29PM (#12350373) Homepage
    Now we need to find a way to black-hole all of the AOL CDs being spamed to my snail mail address!
  • Google is getting blocked to spam too:

    This is an automatically generated Delivery Status Notification

    Delivery to the following recipient failed permanently:

    [an address forwarded to gmail.com]

    Technical details of permanent failure:
    PERM_FAILURE: SMTP Error (state 10): 554 Service unavailable; Client host [64.233.184.203] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?64.233.184.203

    --

    The address: 64.233.184.203 is wproxy.gmail.com
  • The real problem comes when Genuine users of a service are blocked. I'm used to hearing woes of web masters who have been blocked by Google Adsense without any explaination. I'm sure Google has its reasons (and they have openly admitted that the reason is that they dont want to provide a road map to trick the service).

    Now coming to /.
    whenever i try posting from home I get a message announcing "bad postings from your subnet.. hence you have been blocked" Now I have tried connecting to various wireless ne

  • by stilwebm ( 129567 ) on Tuesday April 26, 2005 @01:35PM (#12350433)
    I quit using MAPS years ago because it was no longer effective, especially for business use. Their solution to one spam from a customer of a large ISP is to block the whole ISP or, if you were lucky, just the whole contiguous IP space that one spam came from. Still, this meant something like a quarter of the Fourtune 500 had mail servers being blocked, which is unacceptable for a business-to-business email server. Worse, it rarely blocked much spam.

    In fact, I just searched [mail-abuse.com] the MAPS RBL for the last ten spams rejected by my mail server and only two of the hosts were listed in the MAPS RBL.
  • Hmm (Score:3, Insightful)

    by Sv-Manowar ( 772313 ) on Tuesday April 26, 2005 @01:35PM (#12350434) Homepage Journal
    It seems like the anti's aren't doing themselves much good at the moment, when events like this hit the news, the block lists just loose credit in people's minds

    As much as anyone hates AOL and finds this funny, it is more the entire anti spam community in general, than AOL in the short term.
  • On SpamCop too (Score:4, Informative)

    by goDzi7la ( 533348 ) on Tuesday April 26, 2005 @01:36PM (#12350440)
    AOL is listed on SpamCop too. http://www.spamcop.net/w3m?action=checkblock&ip=20 5.188.157.37 [spamcop.net]
  • Update from link (Score:2, Informative)

    [UPDATE: Looks like MAPS changed its mind. As of Tuesday afternoon ET (GMT -4:00), AOL's listing at the MAPS site is gone, and a lookup shows AOL's mail servers no longer seem to be on the MAPS RBL list. No word yet on whether AOL resolved the spam problems, or if MAPS just decided to give AOL more time.]
  • I've had many years of emails I've sent to users at AOL accounts simply vanish into the ether. No bounces, no receiving of the emails on the other side. Maybe this will wake them up to some type of responsibility of running a accurate and reliable mail service, and policing their own users to weed out the bad apples.
  • UPDATED (Score:3, Interesting)

    by TheHawke ( 237817 ) <rchapin @ s t x.rr.com> on Tuesday April 26, 2005 @01:37PM (#12350457)
    Apparently AOL got their heads out of their collective asses. MAPS pulled the entries as of noon Eastern time (-5 GMT).
  • AOhell (Score:2, Insightful)

    by digitaldc ( 879047 )
    AOL has had a large swath of its IP addresses...Sorry I can't show you this listing.
    Judging by the fact that a large amount of spam we get is from AOL, I can see why they are getting blocked.
    AOL profits from these spammers and they know it. Very soon, AOL needs to take control of their spammers and start blocking them. Apparently, this is either too difficult & time consuming for AOL, or they just don't care and know that the profits will just keep rolling in.
    There are so many other better
    • You're either full of crap, or you are clueless and cannot distingush spoofed mail from legit mail.

      The RBL lists have been around for a long time, yet there has been zero impact on spam. I'm frankly shocked that anyone still uses them at all.
      • The RBL lists have been around for a long time, yet there has been zero impact on spam. I'm frankly shocked that anyone still uses them at all.

        Maybe there's zero impact on the amount of spam being sent, but there is a huge impact on the amount of spam being received. I block 90,000-120,000 spams per week by way of RBLs. These amount to huge amounts of bandwidth that I don't have sucked up by spam. Of those that make it through to the next level of filtering, there's still another 20,000-50,000 that get

    • Re:AOhell (Score:5, Insightful)

      by snorklewacker ( 836663 ) on Tuesday April 26, 2005 @01:48PM (#12350565)
      AOL profits from these spammers and they know it.

      Bullshit. MCI profits from spammers. You're talking out of your ass. You think they care about the monthly dialup access fees from spammers? AOL until recently had Carl Hutzler, one of the most respected names in anti-spam, who has turned AOL around and made them one of the leaders in anti-spam, from outbound port 25 blocking to SPF. Ask anyone on NANAE .. hell, ask the kooks, they'll tell you AOL has a fraction of the spam problem anyone else does, and their main complaint is only bounce spam, which they've nearly eliminated this year. Carl has since moved on (got promoted I think) and left two more in his stead who hopefully will continue to be as effective as him.

      MAPS is run by some righteous little twits driving their fiefdom of an RBL into irrelevance at flank speed. Most responsible admins have moved on to some subset of SORBS, Blitzed OPM, and the Spamhaus XBL, with perhaps SPEWS turned on for advisory data only.

      You on the other hand just think you're hot shit because you don't like AOL.

      • Ditto... All I can say is that when I was unfortunate enough to be administering a couple mail servers for a small ISP, roughly 80% of all spam we intercepted came from address space allocated to RIPE.NET in europe...
        Never really had a problem with AOL, although they DID blacklist a couple of our hosted domains due to spam issues, which we found out were caused by stupid website owners running formail.cgi scripts, which were expressly verbotten in the AUP for our hosting service...

        They complained enough w
      • Re:AOhell (Score:3, Informative)

        by signe ( 64498 )
        AOL until recently had Carl Hutzler, one of the most respected names in anti-spam, who has turned AOL around and made them one of the leaders in anti-spam, from outbound port 25 blocking to SPF.

        Don't credit things to people if they didn't do them. Carl wasn't responsible for outbound port 25 tagging/filtering/blocking. I know that for an absolutely certainty. And while Carl may have done a lot of anti-spam work, the outbound port 25 work is what dropped AOL from one of the top 5 spammers to not even on
      • Re:AOhell (Score:3, Informative)

        Carl hasn't left AOL... He's no longer their postmaster god, but he's moved sideways into a role known as 'Director, Host Mail Development.'

        I'd assume he's still doing good things at AOL as far as anti-spam goes, given his new title.
    • Judging by the fact that a large amount of spam we get is from AOL, I can see why they are getting blocked.

      Though bad in many ways, AOL are not a spam-friendly operation by any means. You do not get a large amount of spam from AOL. What you get is a large amount of spam with forged headers that looks like it is from AOL. There's tons of that.

      AOL are wielders of the special-issue BFG-9000 ultra-merciless LART, I'll say that for 'em. Draconian filters on anything coming in, and a distinctly Genghisian att

  • One of my most frequest complaints from my customers has to do with their inability to send email to AOL customers. AOL has shown little restraint when it comes to blacklisting others. This is a nice wake up call for AOL. Live by the blacklist, die by the blacklist.
  • Inigo Montoya, you sent me SPAM, prepare to die.

  • ...but what will I do with my remaining 67578 free hours?
  • Now maybe MAPS has put the last nail in its own coffin. In the beginning I could see the reasoning (no better solution) but as time has passed so has their usefulness, and honestly their integrity (if they ever had any, I didn't follow it that closely).
  • less spam today... (Score:3, Interesting)

    by joeldg ( 518249 ) on Tuesday April 26, 2005 @01:49PM (#12350579) Homepage
    well, with less spam today I cannot say I am complaining at all...
    And really.. my rbl and filtered spambox only has a couple hundred spams in it, whereas it normally has ~600 by this time...

    I might blackhole aol mails after this just to cut down on my daily intake of the processed pig.

  • Surprise, surprise!
  • What I hate are those fscking CDs AOL keeps sending. Some of the cases are ok, but in general they're a pain in the ass. Hey, AOL, WE DON'T NEED YOUR STUPID 'FREE' CDs!!!
  • Instead of rejecting e-mails based on RBLs, how about temporarily rejecting them (with a 4xx code)?

    This way the accidentally blacklisted server has several days to straighten things out while the really spammy server gets overloaded with huge mail queue.

    Using my skem [virtual-estates.net] milter is one way to do that intelligently... :-)

  • by maxpublic ( 450413 ) on Tuesday April 26, 2005 @03:52PM (#12351756) Homepage
    What exactly is the problem here? People subscribe to blacklists because they think the folks maintaining the blacklist are doing a good job; if they aren't the subscribers will stop using that blacklist. End of story.

    As for all the whiners complaining about being blacklisted, you don't have a 'right' not to be blacklisted. You don't have a 'right' to send your email to people who've decided they don't want it - and they have decided this, because they're using the blacklist. If they *do* want your email they'll stop using the blacklist that blocks you.

    Time to get over yourself. You have no right to send email to anyone you please. Anyone can block you at any time, for any reason, and there's nothing you can do about it. Hell, I use a whitelist for my home network and that means that unless I know you your mail will NEVER get through. Are you going to tell me that I don't have a right to reject your mail out of hand?

    Max

Don't get suckered in by the comments -- they can be terribly misleading. Debug only code. -- Dave Storer

Working...