AOL Placed on Spam Blacklist

Hacker-X writes "According to this item over at Spam Kings, AOL has had a large swath of its IP addresses added to the Mail Abuse Prevention Systems (MAPS) Real-time Blackhole List (RBL). The RBL is used by many corporations and large ISPs to filter spam. MAPS evidently started blocking the AOL mail servers less than 24 hours after filing a complaint with AOL's abuse desk. The block was initiated in response to spam emanating from AOL mail servers."

Accountability

[winkydink]

I'm a big fan of MAPS, but one would think that over the years they've developed some very high-level contacts over at AOL and that they would call these guys up and talk it out before undertaking a major blacklisting.

Some BL lists have no published way to get off once on. There should be some consistency to at least getting removed. I speak from experience of having "inherited" an IP addr from my hosting provider that was formerly an open-relay. It took a lot of effort over 2 weeks to clean that mess up.

Re:Overzealous

[jsight]

Isn't that what everyone does with the black lists anyway? I think most of the smarter software packages just use the information as part of their normal weighting systems for determining whether or not to reject a message as spam. Ie, if the message looks spammy, and it is from a site on an RBL, then it probably is spam. If it's just from an RBL, then pass it on as normal.

Re:Won't miss them

[ScentCone]

I don't want to hear from anyone who uses AOL anyways.

Yeah, who wants to do business, say, with tens of millions of people.

I've got e-commerce clients that, unable to communicate gracefully with AOL users, would run into trouble with a third or more of their customers. This is not trivial, it's blacklist BS, and a sign of how that solution to the problem is part of the problem.

AOL deserved it

[JWSmythe]

AOL is definately a group that deserves a bit of their own treatment. I've found so many networks get blocked for insignificant things. I have a mailing list of just my members, and no one else. Because one person accidently hit "Abuse" (of the 40 AOL people on the list), we were blacklisted. Not just an IP, but a /24 , which was already in their "feedback loop". {sigh}

It's not the first encounter I've had with AOL. Anyone who sends mail eventually finds themselves blacklisted with AOL. They're just a pain in the ass. Unfortunately, you can't just convince anyone using AOL's email to switch to someone else. If only it were so easy.

At one time, AOL blacklisted my home IP. It was a static IP, which I was the only user of. I don't know which genius did it, but someone who I was personally mailing (like, not even Bcc lists or newsletters) must have hit the abuse button.

I'm sure it helps them out. If they can knock out 25% of their mail load at any given time, it's 25% less mail they have to process. Who cares which 25%, eh?

this is out of hand

[nganju]

FTA:
"the RBL blacklist is used by some of the biggest ISPs in the world, including RoadRunner, USA.net, BT, Telstra -- and AOL itself"

I could send an email from my own account, to my own account, and it would be deleted as spam.

why is anyone still using MAPS?

[frankie]

MAPS stopped being a reputable service ever since they joined MFN/Abovenet [spamhaus.org]. I say this as someone who previously supported MAPS and even donated to their legal defense fund.

It was quite sad to see them fall to the dark side. It's even sadder to see that MAPS is still in active use by anyone outside of MFN.

Re:Overzealous

[Oculus Habent]

AOL is not "special" in that circumstance. The short response timeframe is a little harsh, but I don't keep up on my blacklist policies, so I can't compare it to others.

I don't disagree with you. AOL shouldn't get preferential treatment because they are big, but blacklisting major ISPs comes with the very real possibility of hurting many other businesses by association. Yes, the same is true of the little guys, but the potential loss rate is likely much lower.

That's why I suggest the gray/black list combo. If you could graylist someone immediately, and use that as a means for stricter spam control - combine it with Known Good Senders, whitelists, better heuristics or tougher Bayesian filtering - while mitigating the potential for lost business by not outright blocking all messages, I think that is an amicable solution. Blacklisting then becomes the consequence for not resolving your spam problem, not for simply having one.

Re:Overzealous

[__aainau5532]

Who said it bothers some people? They most likely don't get the traffic bill every month. And also since some providers think they can block everyone and whitelist only the one that have signed there agreement I don't really care any more about mailserver who are listed. I only care about national mailserver and the rest is allowed to unlist themselfs. I even think there comes a moment this year or next year that some RFC-issues are being required to mail my mailservers.

Who still uses the MAPS RBL?

[stilwebm]

I quit using MAPS years ago because it was no longer effective, especially for business use. Their solution to one spam from a customer of a large ISP is to block the whole ISP or, if you were lucky, just the whole contiguous IP space that one spam came from. Still, this meant something like a quarter of the Fourtune 500 had mail servers being blocked, which is unacceptable for a business-to-business email server. Worse, it rarely blocked much spam.

In fact, I just searched [mail-abuse.com] the MAPS RBL for the last ten spams rejected by my mail server and only two of the hosts were listed in the MAPS RBL.

UPDATED

[TheHawke]

Apparently AOL got their heads out of their collective asses. MAPS pulled the entries as of noon Eastern time (-5 GMT).

Re:Accountability

[Anonymous Coward]

As a netadmin at a major university I've tried to contact AOL about issues. They aren't interested. Once they hear that you are not a customer they pretty much hang up on you.

the shoe is on the other foot...

[machinegunhand]

One of my most frequest complaints from my customers has to do with their inability to send email to AOL customers. AOL has shown little restraint when it comes to blacklisting others. This is a nice wake up call for AOL. Live by the blacklist, die by the blacklist.

Re:Overzealous

[gregmac]

So it's OK to blacklist a little guy that has a misconfigured/hacked email server that is spitting out spam, but if a big fish does this, we should justify and make excuses for them??

NO -- it's not ok to blacklist the little guy either.

If they're misconfigured/hacked, and spitting out spam, sure .. blacklist them (whether they're AOL or a little isp). Of course, you should probably send a message to abuse@ their domain trying to inform them..

Too many lists don't check though. They get a complaint, and bam, blacklist. I run a small web/mail server (300 domains, 16 IPs), and this is highly annoying. We've been blacklisted before because someone complained about a legitimate mailing list they were on. No double-checking, no investigation into the complain, we just got blacklisted immediately.

Most recently, we were blacklisted by SORBS because another system that shares colocation with our server was hacked. Immediately, they blacklisted the entire subnet. This affected us, and numerous other customers that have no affiliation other than sharing colocation space.

I noticed we were on the list when someone in the office complained about not being able to send mail to an address she could send to a couple hours earlier. Upon looking into it, we eventually found out that teh entire subnet was blocked (and we couldn't even request to remove the block), so we contacted our ISP. They told us they had just discovered that hacked system and disconnected it, and tried to get the block removed from SORBS.

In all, our ISP had found and disconnected the system within 3 hours of it being hacked, yet we were on the list at least 24 hours. During this time, none of our customers can send mail to anyone with a provider using SORBS. Our server was fine, their servers are fine, but because of a completely unrelated incident with unrelated people, it affects hundreds more.

The big problem is, it's basically impossible to run a mail server without using RBL's (we tried).. you just get hammered. RBLs are definately useful, but there are too many run by over-zealous admins with basically an itchy trigger finger. Hopefully stunts like this will make people realize the problems with RBLs and maybe we can drop the ones that are run this way.

less spam today...

[joeldg]

well, with less spam today I cannot say I am complaining at all...
And really.. my rbl and filtered spambox only has a couple hundred spams in it, whereas it normally has ~600 by this time...

I might blackhole aol mails after this just to cut down on my daily intake of the processed pig.

Re:AOL deserved it

[afidel]

Actually AOL has one of the best abuse departments I have had the pleasure of working with. They publish their general rules, and if you can't figure out why you are being blocked just give them a call. They have always been very helpfull with me and given me the exact reason for the block and how I can go about resolving the issue. If you are blocked and resolve the problem they will probably automatically detect the fix, but if they don't a phonecall to their abuse desk with an explanation that the problem is solved will get the block cleared. Personally I like the fact that AOL (and Earthlink) have championed the antispam crusade, they have made more impact than a thousand admins screaming into the night could ever have.

Re:Overzealous

[dfiguero]

How many double opt-in e-mail lists have been blocked simply because some AOL luser couldn't figure out how to unsubscribe (or didn't even try to) and just hit the report as spam button?

I was going to make exactly this point!

I manage a popular web site in Mexico that distributes an opt-in mailing list. We've been marked as spammers multiple times because a particular user decides he doesn't want to receive the newsletter anymore and does not take the time to click on the unsubscribe link sent in the email!

AOL of course sends our emails to /dev/null so I say pay AOL with the same coin!

Pay the Danegeld and the Dane is ever at your door

[Anonymous Coward]

Heh, I don't want your clients.

You'd be suprised how few businesses would suffer from blocking AOL completely. I blocked 'em off ten years ago and I'm doing just fine, thank you.

Until AOL implements SMTP (what they do now isn't SMTP, it's their own bastard email protocol - SMTP requires a live human to monitor the postmaster address) nobody should talk to them.

You're just encouraging them (and others) to blow off the RFCs when you allow them to talk to your mailserver.

Re:Won't miss them

[OhPlz]

Yeah, who wants to do business, say, with tens of millions of people.

They're a risky isp to deal with, or maybe it just seems that way because of their size. I used to admin a site that sold long distance calling minutes. We had a disproportionate amount of fraud coming from their domain. I believe it has to do with their "free cd" blitzing and their size giving the ability to eat small losses.

You get fraudsters with stolen credit cards, an isp that enables you to use them and does not respond to merchant requests and bad things result. I reported many cases of aol accounts being drawn on stolen card numbers and never once would they respond. We lost tens of thousands of dollars to these fraudsters, no response. Now yes, they didn't have to help us. If they cared about identity theft and credit card fraud they would have. In the end we blocked any users that came from aol and displayed a "your isp is a haven for crime" type of message.

I imagine spam fell along these lines before spam filtering became as advanced as it is now. I just find it curious that they do so much to protect their customers but don't they protect the integrity of their customer base. At some point it may bite them, as with this story.

Re:Overzealous

[darkonc]

Maybe you should just reject such email *before* accepting it?

And just how are you going to do that??? An RBL? Basically, you're eithere going to generate your own RBL, or you're going to use someone else's. If you're going to use someone else's then the best you can do is look for (an) RBL(s) that have a listing policy compatible with your views.

Some RBLs (like MAPS) have put a lot of energy and time into coming up with ways to keep out as much spam as possible without extensive false-positives. Doing better than that is likely to be full-time job 9or more0.

Re:AOL deserved it

[Anonymous Coward]

AOL blocked us twice. We have employees that pay to have their *paycheck* e-mailed to them (versus normal mail.)

A few of them hit the SPAM button even though we have their signature on file signing up for this service, and we did a double opt-in verification after that.

So AOL blocked us, and hundreds of other e-mailed paychecks to @aol.com and other AOL hosted accounts for several weeks. We had to jump through hoops to get ourself "whitelisted" as they say.

The best way to respond is to have these customers complain to AOL. Some switched ISP's over this.

The best way to respond to MAPS is to complain, or quit paying for their service. It is a paid for service.

SpamHuas blocked KRAFT last week. If this doesn't get resolved soon, I am walking from SpamHaus. So will others. Power is in the numbers. If numbers walk, they loose power.

My thoughts.

Re:Overzealous

[dfiguero]

I am not permitted to reveal the site name (I've asked my employer for permission but got a refussal). Also note I didn't post this as an AC.

However, I can assure this is an optin list. It doesn't sell anything it just announces new features on our site like new radio channels, _SPAM BLOCKERS_, downtime for upgrades/repairs, etc. I myself despise spam and would not work for such a company.

We've been added to the RBL once because another user complaint. When we talked to the RBL people we were removed as we could prove we were not a spam source.

I'm sure I will probably not be able to convince you but hey that's life.

Comment removed

[account_deleted]

Comment removed based on user account deletion