AOL Blocks 2 Billion Spam/Day 108
T_moz writes "According to this article
AOL has blocked over two billion (2000000000) SPAM emails in one day!"
This figure is 70-80% of all mail incoming to AOL users. Utterly insane. Unfortunately, all this blocking means spammers will just send more mail to make
up for it until a real solution is found.
That sounds about right.... (Score:1)
And why aren't there any comments on this story?
Re:That sounds about right.... (Score:1, Funny)
And why aren't there any comments on this story?
80% of them have been blocked...
Re:That sounds about right.... (Score:2, Funny)
-dk
2,000,000 Spam E-mails blocked (Score:1)
SPAM (Score:1, Funny)
no wonder (Score:4, Funny)
1.9B are from comcast (Score:1)
Fuckers.
Re:1.9B are from comcast (Score:1)
Re:1.9B are from comcast (Score:2, Interesting)
Re:1.9B are from comcast (Score:1)
Re:1.9B are from comcast (Score:1)
route your email through one of your ISP's mail-gateways. That is what they are there for.
Re:1.9B are from comcast (Score:1)
Re:1.9B are from comcast (Score:2, Interesting)
550-The IP address you are using to connect to AOL is either open to
550-the free relaying of e-mail, is serving as an open proxy, or is a
550-dynamic (residential) IP address. AOL cannot accept further e-mail
550-transactions from your server until either your server is closed to
550-free relaying/proxy, or your ISP removes your IP address from their
550-list of dynamic IP addresses. For additional information,
550-please visit http://postmaster.info.aol.com.
550 Goodbye
And yes I just added
Re:1.9B are from comcast (Score:1)
:D (Score:3, Funny)
Want a solution? (Score:5, Funny)
See if people will keep sending unsolicited email then. Matt Groening had it right with Futurama.
Computer: "You've got mail!"
Leela: (Groans)
Computer: "It's not spam!"
Leela: Ohhh
Re:Want a solution? (Score:1)
What do you consider a spammer? Is it someone who mails regardless of whether they opted in or does this term apply to all people who send e-mail advertisements or newsletters. Many companies run legitimate e-mail marketing campaigns.
Re:Want a solution? (Score:3, Insightful)
If it's confirmed opt-in, it's not spam. If a company claims to be running confirmed opt-in, then give them the benefit of the doubt unless a multitude of complaints come in from multiple sources. Otherwise, off with their heads (or, preferrably, flay them alive, soak them in brine and leave them crucified in a field in Kansas).
Re:Want a solution? (Score:2)
If a company does confirmed opt-ins, tells each customer where they opted in from, and can prove that each customer wilfully opted in, then I'll give them the benefit of the doubt.
If they just send out an email that says at the end: "You've been included in this email because you opted in on one of our associated sites", then I'm going to give them the benefit of a
Re:Want a solution? (Score:2)
Re:Want a solution? (Score:1)
Deleting would be better...
Instead of blocking spam... (Score:1)
Another good side effect is that the average size of the hand will also be enlarged, thus requiring bigger gloves, thus again which will fuel the economy thus stopping the recession.
Re:Instead of blocking spam... (Score:1)
Scary (Score:2)
Good for them!!! (Score:4, Funny)
Stop Blocking Spam? (Score:1, Insightful)
Re:Stop Blocking Spam? (Score:2, Funny)
People will assist you making that experience. Then let us know what solution you came up with.
Re:Stop Blocking Spam? (Score:1)
The only kind of change that dissatisfaction associated with recipt of spam 'en masse' would be AOL users canceling their accounts. IMHO, the only way for AOL to stay profitable is to continue market themselves as 'User-Friedly' and 'Child-Safe'. That's about one of the only (potential) advantages that AOL has left these days.
That image is promptly destroyed when little Jimmy starts reading about free pr0n and starts clicking on links to goatse.cx
180 hardcore spammers? (Score:1)
just looking at AOL's numbers, the claim that there are only 180 'problem spammers' starts to lose credibility
2 Billion emails divided by 180 spammers equals approx 11 millions emails per spammer per day *just to AOL alone*.
Unless the 'problem spammers' that were alluded to a few days ago are the ones that make it through the blockers, the 2 billion spams are from several thousand 'non problem spammers' (Is there such a thing?)
Re:180 hardcore spammers? (Score:3, Interesting)
Simple rule of thumb:
1 spam = 1 bps.
11 million spams = 11Mbps or less than a 1/3 of a T3.
Even if they weren't using relays to multiply the bandwidth, it's doable.
-- this is not a
Re:180 hardcore spammers? (Score:1)
Re:180 hardcore spammers? (Score:1)
Given the number of AOL subscribers, if they did take the $2/subscriber and put that towards putting contracts on spammers' heads, the spam problem would diminish sharply within a few months.
Re:180 hardcore spammers? (Score:3, Interesting)
The word I hear from a reliable source is that to do spamming as a viable business, you must be sending at least 10 million spams per day.
So if the low end of the bell curve is circa 10m, it's easy to believe that AOL's share of that can peak at an average of 11m per major spammer. It would make sense for spammers to focus on AOL users, both because there's a lot of 'em in one place and becau
missing out (Score:2)
a *lot* still gets through (Score:1, Interesting)
Re:a *lot* still gets through (Score:1)
They say 2 billion SPAMs... (Score:2, Interesting)
I'll wager that a fairly significant portion of that blocked mail is wanted by the recipients. I know that we get many calls when our AOL recipients don't recieve their expected daily/weekly newsletters.
Re:They say 2 billion SPAMs... (Score:2)
Re:They say 2 billion SPAMs... (Score:1)
Re:They say 2 billion SPAMs... (Score:1)
I know that we get many calls when our AOL recipients don't recieve their expected daily/weekly newsletters.
Hmmm... I bet there are (or will be) guides on how to create legitimate, opt-in newsletters that do not look like spam to the various filtering technologies out there. For example, even though I registered with mame.dk, their newsletter gets filtered by Hotmail. (Although, it is sent to the Junk Mail folder, not simply deleted or blocked, as I take it that AOL is doing.)
The downside is that spam
That's emails, not spams. (Score:5, Interesting)
If AOL has a false positive rate of 0.01%,
That means over 200,000 incorrectly blocked emails per day.
If they have a false negative rate of 1%,
That means over 20,000,000 spams got through.
2 billion sounds like a big number, but it's still only 10-30 spams for the typical AOL user.
-- this is not a
Re:That's emails, not spams. (Score:2)
You think AOL has circa 100 million users? Got some stats to back that up? My recollection is it's more like a third of that, meaning an average of 60 per user.And growing exponentially, with no end in sight.
But even at 10-30, that's still quite a bit when you only get a couple of real messages a day and check your email a couple of times a week, as is typical for the AOL types that I know.
Re:That's emails, not spams. (Score:3, Informative)
I should have checked my sources more carefully.
AOL claims over 140 million users of AIM
Their user base is much less - 35.2 million end of 2002 according to Jupiter Research.
Like you said, about a 1/3 of what I said.
Probably slightly higher now, but yeah, it's
30-90 spams a day per user, not 10-30
Re:That's emails, not spams. (Score:1)
Re:That's emails, not spams. (Score:1)
Re:That's emails, not spams. (Score:2)
It's not just the users time being effected here, it's the money spent on bigger machines, larger support contracts, more man-power and harder to keep SLA's.
That's easy. (Score:1)
Re:That's easy. A tale of bouncing AOL spam. (Score:4, Informative)
Most email that appears to come from AOL in fact comes from somewhere else. Same for all the big ISPs like yahoo, msn, hotmail, and so on. Not only do spammers forge the From: headers, they are also forging the SMTP envelope MAIL FROM as well.
Actually we were inadvertently relaying undeliverable spam back to AOL customers and found ourselves blacklisted by AOL until we cleared it up. No, this is not an "open relay" problem; this was an "undeliverable bouncing" problem. But the effect was similar. You really need to be careful because spammers are getting very smart.
What was happening was that mail which got through our SMTP gateway (running sendmail) and into our back end internal email server (running Exchange) was being bounced as being undeliverable because of the made up recipient addresses that spammers use. The problem was Exchange was creating these "bounces" as NEW email messages rather than as an SMTP DSN rejection, mearly prepending "Undeliverable:" to the subject and sending the message to the supposed sender. But those forged senders turned out to be real AOL user accounts, and being AOL users they flagged our bounces as being spam, and poof, after about 15,000 in one day we got blacklisted....actually I can't blame AOL at all.
The AOL postmasters were surprisingly helpful and courteous in helping us resolve this. What I now do is to take the connecting IP address and do a reverse DNS lookup. If it is not from within the aol.com or aol.net domains, it is rejected as being forged (regardless of what the headers or even the envelope say). Likewise I also check the responce on the HELO/EHLO greeting to make sure it is also from aol.com. And just as an extra check, I finally configured our sendmail milter interface to use LDAP to the exchange backend server to reject mail for invalid mailboxes before it is ever passed through to our backend server.
Now if there were reliable was to detect forged mail from the other big ISP players. I can only perform those forgery catching tricks with them because AOL has a policy that ALL outbound mail from AOL will ALWAYS be sent from an SMTP server registered within the aol.com DNS domain. I don't know if that is necessarily true for the other big ISPs.
Re:That's easy. A tale of bouncing AOL spam. (Score:1, Informative)
I have spent hours and hours of time trying to block bounced messages from AOL. They do the same and they usually have 30 mailservers trying to crash my poor mailserver. I use iptables to cut those suckers off,
BS! (Score:1)
Holy crap! (Score:2, Interesting)
Postfix log summaries for Apr 27
Grand Totals
------------
messages
2454 received
185 delivered
183 forwarded
1 deferred (17 deferrals)
0 bounced
2359 rejected (92%)
0 reject warnings
0 held
0 discarded
3102k bytes received
3162k bytes delivered
152 senders
98 sending hosts/domains
39 recipients
2 recipient hosts
Re:Holy crap! (Score:1)
3102kB of transfer was generated by 2454 messages. 3102/2454=1.264kB per message
3102kB of transfer was generated in a system that delivered 185 messages. 3102/185=16.768kB per message delivered.
16.768/1.264=13.266 times the bandwidth in a spam-full world.
So it would appear that my ISP is feeling the pain from delivering this spam
If you're blocking it you don't know WHAT it is (Score:2)
Re:If you're blocking it you don't know WHAT it is (Score:3, Informative)
What's your point? For a while now it has been pretty standard fare that the only way to have reliable outbound SMTP traffic is to smarthost it to your ISP's official mail server. There are just too many cable and DSL connections out there that can be hijacked. A
Re:If you're blocking it you don't know WHAT it is (Score:3, Informative)
I can't even receive from AOL now as they've landed on a RBL I reference. Not because they're blocking cablemodems (which is their choice), but because their implimentation violates the SMTP RFC. The RBL blocks non-compliant servers, confirmed open relays and smtp agents confi
1/2 the solution (Score:3, Funny)
do
iptables -A FORWARD -j DENY -s ${i} -p tcp --destination-port 25
done
Re:1/2 the solution (Score:2)
That's just the tip of the iceberg (Score:5, Interesting)
There is the graph they have on the wall in one of their Dulles offices that shows how the filters are working. It's scary, when a new type of spam filter is put out, AOL mail traffic decreases about 60%. The graph line plummets. Then, you watch it creep and spike until barely a month, maybe even a couple of weeks later, it's back up again. The spammers have found another way around it. People joke and laugh about AOL and spam, but AOL is really serious about getting rid of it. It costs them uncountless piles of money just to keep spam from breaking down their walls.
I have also attended some pretty heavy security conferences about spamming for ISP folks. It's not just a mail flood technique anymore. Spammers are not just some freak in China with an ISP who looks the other way, some spammers are actually crackers. Crackers who break through an ISP's security, just to get around mail filters, or relay it from within. Some of the spam you get is not just because the ISP didn't filter it, it's sometimes because some cracker found a new way to bypass the filter, a back door to the ISP's internal services, so they send it in, even relaying spam from personal accounts. These are not script kiddies doing this, there are bonafide hacking geniuses working as spammers.
Spam can shut down an ISP, and AOL knows that all too well.
Re:That's just the tip of the iceberg (Score:2)
Two felonies.
If the public were informed that anyone sending them UCE is engaging in felonious conduct, the public would be less likely to do business with spammers, and businesses would get the idea that spammin is not only unprofitable, but risks their business, massive legal expenses, and jail time.
Someone should send out an email.
A solution to spam (Score:4, Interesting)
I have seen this solution posted as a comment to some story in the past - so the credit is not mine, but of some comment writer I do not recall.
The idea is to create a complicated and expensive hashing algorithm that costs quite a few cycles - and use it as a "signature" for each mail's content, including the from and to addresses.
This would mean that sending mail could require a few seconds and be cpu-bound instead of network bound, but this is almost nothing for the average mail user. The spammer, however, would be required to calculate the hashes of the hundreds of thousands of mails he is sending - which could be a costly calculation.
Perhaps, (and this is my idea
Perhaps (another idea of mine), users could signify as part of their email addresses - the complexity of the hash function required to send them mail, or at least know what complexity of a hash function was used when sending them mail.
This could allow users to reject mails that weren't at least a bit costly for the sender to send, thereby making spam too costly to practically send.
White lists can also be used by users to save their friends from the trouble of calculating a hash of their mails - but this is probably unnecessary as it should only take a few seconds at most.
Ofcourse verifying the mail's hash should be trivial, no matter the complexity of the hash function - and mails with unmatching hashes would simply be thrown away immediately.
Re:A solution to spam (Score:1)
One thing to consider is that there are companies sending legit mail. Subscribe.Ru sends 2-3 million legit e-mail daily. 2 seconds per e-mail means they need a hundred servers doing nothing but calculating the hashes.
Re:A solution to spam (Score:2)
Re:A solution to spam (Score:1)
Re:A solution to spam (Score:2)
Secondly, the white list can be a set of public keys rather than a set of addresses - and the white list filtering would verify a cryptographic signature.
Simple yet extremely effective solution (Score:2, Informative)
For mail coming in, the user maintains a "whitelist" of accepted sender addresses. Unknown senders get a confirmation request that says, "Thanks for your mail, please reply or click here to verify you're a legitimate sender".
For mail sent out, the user's mail gets tagged automatically so the recipient can reply and the reply will be accepted automatically.
TMDA is GPL licenced, and it works with all the popular MTAs (Postfix, Exim, Sendmail, etc).
Re:Simple yet extremely effective solution (Score:1)
Think about it, would YOU put up with jumping hoops to get onto someone's whitelist to ask them a single question about their website? Or to get their company's sales brochure?
Plus, how do I "click here" with my text based mail program? (Pine)
Like most real world problems, there is no single silver bullet to solve spam.
Re:Simple yet extremely effective solution (Score:2)
Tagged Message Delivery Agent (http://www.tmda.net/).
Because I didn't get an answer to this the last time someone brought up TMDA as the "solution" to spam, I'll post it again:
Uh, and when your confirmation requesting system sends your confirmation request to my confirmation requesting system, can you confirm you'll see and respond to the confirmation request it sends? If you have a hole to prevent this loop, demonstrate that its exploitation isn't the next great frontier of spam abuse.
Re:Simple yet extremely effective solution (Score:2)
Re:Simple yet extremely effective solution (Score:2)
When you send an email to an address, your software has to whitelist the address that you sent it to, and hope that they're replying on the same address.
That only covers email relationships started by you via email. You would never see an order confirmation or a message from a company you snail-mailed your resume to, or any number of other common scenarios.
Alternatively or additionally, it could put a code in the subject, and add that to a subject line whitelist as a once-only rule.
Codes in th
How many to non-existent accounts? (Score:1)
Rate of growth (Score:3, Insightful)
Yeah, but how many of these were real emails? (Score:2)
Jimmy's solution. (Score:1)
The solution ... (Score:1)
In this way, high bandwidth customers PAY for the bandwidth they use. In this way spamming activity would have to cost efficient and all those idiots emailing you for opportunities in Cameroon condos would quickly lose their money without adaquete returns on such nonsense.
How I spot SPAM (Score:1)
Everything I send from my server is SPAM (Score:2, Interesting)
So... (Score:1)
Better Ways (Score:1)
There really isnt much a Windows user can do about spam on the client end, so i can understand the need.
personally, I run my own mailserver, and suc every 4 hours with a databse to update my body checks on incoming mail, between that and some cool rules in KMail I havent seen any spam in my inbox in about 6 months since i set the stuff up.
as for browsing, i use phonex w
Suck (Score:1)
AOL timing (Score:1)
how'd they do that... (Score:1)
i believe hotmail is doing the same thing
-yrreb
What me worry? (Score:1)
Looking at all the goofy code attached to it's source is an enlightening experience. Its a hoot to mess with it then sent it back, after making it do something else more fun.