Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Spam America Online

AOL Blocking Spammers' Web Sites 238

Nuclear Elephant writes "According to this article, AOL has decided to take a fresh approach to fighting spam and is now blocking the spammer's web address. The philosophy is, if the customers can't visit spammers sites, spammers will not be able to make any money. On a side note, I suggested this concept about six months ago but nobody thought ISPs would adopt it. Now perhaps we can get a group like NANOG interested in sponsoring a blacklist for spammer addresses?"
This discussion has been archived. No new comments can be posted.

AOL Blocking Spammers' Web Sites

Comments Filter:
  • by beh ( 4759 ) * on Saturday March 20, 2004 @07:48AM (#8620182)
    I don't know, whether this is such a brilliant idea - if this gets widely adopted it can't be long before some idiot will get the idea of paying for a spam to "advertise" one of his competitors just to get HIS site blocked...

    I see loads of abuse potential here... While AOL might be smart enough not to block sites like microsoft.com or ebay.com if they showed up in a spam, it could be a knock-out blow to relatively
    small and medium (and hence little known) companies on the web.
    • by aheath ( 628369 ) * <adam@heath.comcast@net> on Saturday March 20, 2004 @07:54AM (#8620206)
      I too am concerned about the potential for abuse of a web site black list. I'm also concerned that AOL did not inform members of this change. Any ISP that implements a web site black list should redirect browsers to an HTML page that explains that the web site address is associated with known spammer. The user should then be given the choice to procede to the site or abandon the attempt. The black list should also be transparently available to the Internet community. Last, but not least, there has to be a clear policy for appealing a listing to allow for reporting of incorrect listings or other abuses of the blacklist.
      • by Anonymous Coward
        it should be possible to opt out of the black list and also get a copy of the database.
      • I too am concerned about the potential for abuse of a web site black list. I'm also concerned that AOL did not inform members of this change. Any ISP that implements a web site black list should redirect browsers to an HTML page that explains that the web site address is associated with known spammer.

        AOL has a long history of not informing and many times outright lying.

        When AOL first gave out usenet access to it's members, it promised to have every newsgroup available. Instead, AOL blocked newsgroup
    • by Tarwn ( 458323 ) on Saturday March 20, 2004 @07:55AM (#8620207) Homepage
      And then we have to remember that there isn't some kind of magical Spam identification going on, thy are still going to be using the same (or similar) spam filtering tactics to categorize spam...which is a lot of fun because I know my mother doesn't get emaill from on occasion simply because of that...not thast I would be overly woried should my domain get blocked for AOL users :P

      So some of those small and medium companies will end up getting blocked imply because they were mis-filtered.
    • by DocSnyder ( 10755 ) on Saturday March 20, 2004 @07:58AM (#8620216)
      I don't know, whether this is such a brilliant idea - if this gets widely adopted it can't be long before some idiot will get the idea of paying for a spam to "advertise" one of his competitors just to get HIS site blocked...

      I'm sure AOL won't block any joe-jobbed targets but only bulletproof servers hosted at Chinanet, Telecom Malaysia, Procergs.com.br etc. which have been spamvertised by known spam gangs.

      This is *really* a good idea - Alan Ralsky uses several "throw-away" domains per spam run, but only a handful of different servers to host his crap. Null route these and Ralsky can enlarge his own penis.

      • by beh ( 4759 ) * on Saturday March 20, 2004 @08:36AM (#8620322)
        But in this case we're back to square one - we're already fighting KNOWN spammers like Ralsky...

        There's nothing new in that. But do you seriously think, AOL will pay dozens of employees to find out just WHETHER a spam is "legit" (in the sense that it's really advertising the target site) or "fake" (in the sense that the real goal is to get the target site blocked)? This will become some seriously tough piece of work!

        And it's kind of doubtful, whether it will help or not.

        Also - surfing TO a website just to find out whether it's a spam site or not is nowadays also giving away WHO is doing the surfing. By now I get more and more spams that have my email address encoded in the host names of the target site, e.g. the first part of the host name http://sx1piznvxr0svy.froidnet.com/
        sx1piznvxr0sv y is beh@icemark.ch (a replaced with z, b with y, ..., y with b, z with a, 0 with @, and 1 with '.' -- and the whole thing in reverse).

        So by now we are in a situation, where not just 'unsubscribe' lists are a way for a spammer to check the validity of our email addresses - no, even the host name we use to 'look at their "great" sites' give our identities away.

        It'd be really great if some people would finally clue in that the more successful spammers are actually pretty smart as well! (unfortunately for us though)

        Right now I think the best policy is still the passive filtering of incoming spams.

        - Filtering destination sites will open doors to abuse in terms of using fake spam to block unwanted sites...

        - automatic downloading of spamvertised sites will confirm which addresses are "good".

        The latter idea MIGHT still be workable, since the spammer will also get to know WHO has spam-scanners installed (provided the automatic download of the page actually has the name of the spam-filter in the User-Agent header field of the get request). That way the spammer would also be able to drop email addresses blocking his sites.
        On the other hand, this has one very big issue with it - if the spammer filters out these addresses for his sales, he could at the same time COLLECT these addresses for DDoS uses...

        No - PASSIVE measures are the only GOOD solution we have. Spam-Filters in addition to tar-pits slowing the the spam delivery...

        Everything else will - as sad as it sounds - open way to many doors to abuse!
        • But in this case we're back to square one - we're already fighting KNOWN spammers like Ralsky...

          We only blacklist his spamvertised hosts on SPEWS, Spamhaus and other DNSBLs to prevent the bulletproof hoster from sending email. Use the same DNSBLs in a HTTP proxy or a router and the spammer's servers are "invisible". If a spam filter can check spamvertised targets against DNSBLs, it can recognise a lot of spam emails which otherwise might get through.

          But do you seriously think, AOL will pay dozens of emp

          • by beh ( 4759 ) * on Saturday March 20, 2004 @09:09AM (#8620443)
            > They rely on content filters and their users determining if an email is legit or not.

            And - how would a content filter find out whether the content of the spam would actually try and sell the product listed in the spam, or whether it's advertising a product listed on the target server in the hopes that the target server gets blocked?

            You *can't* read the true motives of a spam out of its content...
        • But in this case we're back to square one - we're already fighting KNOWN spammers like Ralsky... There's nothing new in that. But do you seriously think, AOL will pay dozens of employees to find out just WHETHER a spam is "legit" (in the sense that it's really advertising the target site) or "fake" (in the sense that the real goal is to get the target site blocked)? This will become some seriously tough piece of work!

          I get joejobed, first thing I do is call my ISP. If someone complains about spam, first

        • Methinks that blacklisting the spammers is a good idea if (only if?) whoever is maintaining the blacklist is smarter and sneakier than the spammers. I suspect that anything automated will do more harm than good because there will always be ways to use it in ways that were not originally intended. Automated tar pits might be workable. The first few go through normally but the more that try, the slower the system gets. Reporting spam could work, but you need a cadre of more or less anonymous volunteers who in
    • It can be managed (Score:4, Insightful)

      by Nuclear Elephant ( 700938 ) on Saturday March 20, 2004 @08:06AM (#8620241) Homepage
      These are the same concerns people are having with FFB (Filters that Fight Back) which are capable of creating massive DoS's against a spammer, but don't really affect anyone else. I think blocking is certainly a step in the right direction, as it conserves bandwidth rather than consume it. AOL will definitely have to keep on their toes to make sure a legitimate website isn't blocked. Some of this can be automated, though - every time it thinks about blocking a website, crawl the site and perform the same type of language classification on it that you would a spam. The website should be even spammier than the email in most cases, or at least provide enough information to classify it as a spammy website. If it doesn't, throw up a red flag and let someone manually review it (or just drop it completely). The great thing about this function is that it not only blocks the spammer's method of contact, but it also makes it much more difficult for a spammer to move around. It's easy to use a different IP to send the spams, but to change your website every day or two is a bit more time consuming, and hopefully will exhaust spammers.
    • by SacredNaCl ( 545593 ) on Saturday March 20, 2004 @08:14AM (#8620260) Journal
      The more interesting story about AOL today is this one:

      AOL_Crooks [washingtonpost.com]

      I think going after the sites that spam loads it's images from is a great way to go after spammers. Most of them use the img src tag with a uniqe ID (usually the email address of the person) to retrieve the images so they know when a person received it. No hit, might have hit a blackhole and they have no way of knowing.

      This doesn't appear to be what they are doing though. They appear to be going after the link the person clicks on to buy. Still waste the spammers time, but I can see this getting abused if the system is automated -- or even if it isn't.

    • by nahdude812 ( 88157 ) on Saturday March 20, 2004 @08:50AM (#8620371) Homepage
      Well, and to boot, we're talking about a group of people who have made it their business to circumvent communication blocking attempts, including blacklists. They'll find new ways of communicating with their clients, all that will happen is the 'net will become a little less free and open.

      Having an advertising / services based website is hardly against anyone's (reasonable) terms of service, and ISP's have made it a point to be common carriers, ignorant of the content they are providing. IMO, it's not up to the ISP to decide whether services being advertised on a site are in their customers' best interests.

      You can't block these guys by IP, we already know that successful spammers have networks of infected zombie slaves, they'll use this network to host their website. Blocking by domain name has its obvious shortcomings also. How difficult would it be for a spammer to set up an IRC channel that advertises this week's (or today's) IP address and port number for accessing their spam contact page.

      Or maybe they just send a spam out every 12 hours with a new IP address advertised. They could just put their current IP address on the bottom of every spam they send, or in the headers.

      No, the solution proposed here is simply another speed bump for any determined spammer, and as lucrative as spamming turns out to be, it won't be long until all that's happened is that netizens have unwittingly (and happily) given up another net liberty in the form of website censorship.
    • I don't really consider eBay and Microsoft.com spam, because you have to actually sign up for it. But with some sites, the moment you even visit it, they catch onto your e-mail and start sending mail.

      AOL can block all of the websites they want; I believe there is an invention out called the Proxy...
    • Seems to me that AOl could be hit with a "restraint of trade" lawsuit.

      Especially by those companies that have been incorrectly marked as spammers by AOL.

    • I agree, this is just wrong, I don't want my isp deciding what sites I am allowed to visit. That is my business. What are they going to censor next?

      If anything, this should be opt-in, or at least, opt-out.

    • It's really not hard to tell which sites are which in a spam run. It's easy to tell which sites are under the direct control of the spammers and which sites simply being used for image harvesting. It's really quite easy. As a person that actually investigates spam I know that what wins in the end is information. Archives of news.admin.net-abuse.* are invaluable to the fight. There's nothing like comparing your own spam to thousands of others' around the world. If you come across a spam that is simply
    • What about Joe-jobs? What about innocent advertisers? What about them? They're collateral damage. So sorry, flowers to the family, but the war takes priority.
  • by JWSmythe ( 446288 ) * <jwsmythe@@@jwsmythe...com> on Saturday March 20, 2004 @07:51AM (#8620193) Homepage Journal
    -------------
    From: baduser@aol.com
    To: gooduser@aol.com
    Subject: Look At My Porn

    Come look at my naked (sister|mother|wife|daughter) on her web cam doing all kinds of nasty things.

    http://www.sco.com
    --------------

    AOL , making DoS even easier.

    • Errors: (Score:5, Funny)

      by after ( 669640 ) on Saturday March 20, 2004 @07:56AM (#8620211) Journal
      One, two, three, even four errors in that email! No exclemation points, no use of the _word_ "u" (like "c u therr". I mean, come on you even capitalized the first letter, what kind of AOL user would do that?? Really, you should really look into improving your writing techneques.
      • Re:Errors: (Score:3, Funny)

        by Imperator ( 17614 )
        I mean, come on you even capitalized the first letter, what kind of AOL user would do that??

        The kind that would also capitalize the letter after that, and the letter after, and...

    • I appreciate the joke and all, but if a FFB was implemented properly it wouldn't work in reality. This issue has alredy been identified [paulgraham.com] and it's been recognized that before crawling a website any links would have to be matched against a blacklist (or blacklists, to prevent spammers from easily gaming any one particular filter technique). While SCO are indeed assholes, they aren't spammer assholes (yet, but with those guys you never know...) and so most likely won't be blacklisted.

      That said, I went to www.sc

  • Yes, but (Score:5, Interesting)

    by fdiskne1 ( 219834 ) on Saturday March 20, 2004 @07:53AM (#8620203)
    I've been doing this for the past year. Every so often I get a call from a user that needs to get to a sight that is associated with a spammer. For example, a local television station's site is hosted on the same machine as a spammer's site. I got calls from users wanting to visit that station's site so I had to unblock it. This is a never-ending job since spammers many time host their "web sites" on virus-infected broadband home PCs. Since I only have to work with 1000 or so users, it's not a big deal. If I had billions like AOL. Gads. I'd rather not think about it. And that's not taking into account those people that truly want to visit the spammer's sites. Who is AOL to deny them the ability to go to the websites they want.

    There are just too many pitfalls in this. I don't think all large ISPs will go this route.
    • Re:Yes, but (Score:5, Insightful)

      by CdBee ( 742846 ) on Saturday March 20, 2004 @08:15AM (#8620263)
      " For example, a local television station's site is hosted on the same machine as a spammer's site. I got calls from users wanting to visit that station's site so I had to unblock it.

      If AOL blocks a local TV site for sharing an IP with a spammer, then the service provider will rush to close down the Spammer

      This plan doesn't just stop AOL users seeing spam sites, it provides a powerful incentive for hosting firms to prevent spammers using them

      It's brilliant.
    • Re:Yes, but (Score:2, Insightful)

      by c_ollier ( 35683 )
      AOL, being an ISP, can block these sites at the DNS level for its customers. Eg., herbalviagra.com resolves to 127.0.0.1.
    • If I had billions like AOL.

      I think they have around 22 million customers. Probably 12 million who know they still have an account they pay for.

      I used to work for the competition.
    • most ISPs use transparent HTTP proxies these days, which should make it easy to block on the basis of a URL, not an IP address.
    • by Anders Andersson ( 863 ) on Saturday March 20, 2004 @10:50AM (#8620893) Homepage
      I got calls from users wanting to visit that station's site so I had to unblock it.

      Agreed, this is a clear conflict of interest. Even though I could legally and technically block HTTP traffic between spammer websites and our university network, I wouldn't feel comfortable doing so, precisely because those most likely to complain about it would not be the spammers (or those unfortunate enough to share their web server with a spammer), but rather my own colleagues. And, they would complain to me, rather than to the spammer's ISP.

      I'm all for public blacklists, and I keep using those to protect my own mailboxes from inbound junk. If somebody wants to send me mail, I'm justified in asking that person not to pay money to (or otherwise support) the ISP of a spammer. Likewise if they want to access my web pages, though I haven't implemented a blacklist check for those yet.

      However, when I prevent my friends and colleagues from viewing somebody else's website just because that website shares hardware with a spammer, things are getting real tricky, because I'm interfering with traffic that doesn't necessarily benefit the spammer or his ISP anyway, and the only ones hurt by it are my friends and colleagues. This is clearly not desirable.

      I admit that it makes a little more sense for AOL to do this, given their millions of users who supposedly don't know what's in their own best interest, but I wouldn't want to be a customer of such a company, nor would I want to work for it.

    • Re:Yes, but (Score:4, Interesting)

      by Thagg ( 9904 ) <thadbeier@gmail.com> on Saturday March 20, 2004 @11:51AM (#8621248) Journal
      Thank you for sharing your interesting experience in doing exactly what AOL is talking about. I hadn't thought that spammers would be using zombie PC's to host their web sites -- although AOL's new policy will certainly expand the use of that technique.

      You, and others, mention the problem of people who "truly want to visit the spammer's sites." I think the key part of AOL's policy is that they provide absolutely no facility for that. It's the people who really want to visit the spammer's sites that are the problem. Letting them do this continues the vicious cycle of spam. It's a decision that only a paternalistic overbearing ISP like AOL will make, but it makes sense in that environment.

      Finally, AOL gets so much spam that they would identify the zombie-host-of-the-day within a few minutes of its deployment. A small staff of spam-site identifiers could lock those down pretty fast.

      Overall, this seems like a good attempt, and even more interesting, it appears to be working. In our experience, the amount of spam has not been flat as the article suggests, but still increasing fairly exponentially. A system that lowered the amount of spam sent to AOL is worth strong consideration.

      AOL should realize that sharing this list of spamvertizing IP's would help lower the amount of spam they receive even more. Spammers would think twice about send spam to AOL customers if that might block the websites from the whole world. Think about it, AOL -- Share the list!

      thad
  • by ripnet ( 541583 ) on Saturday March 20, 2004 @07:53AM (#8620204)
    It would be better if instead of completely blocking the page, it re-directed to a page saying that this site is implicated in spamming, but with a link to the real page. Would mimimize impact to falsly accused sites.
    • But the idea is to force the spammers out of business by taking away the small fraction of customers that they get from sending out their spam. If you just have an intermediate page saying this website is involved in spam, all you're doing is putting one more mouse click between the customer and the website. Remember, these are people that *want* to visit the spammers site that are being blocked.

      IMHO, even though it is all for a good cause, once you start blocking websites "for the good of the internet" it
    • re-directed to a page saying that this site is implicated in spamming, but with a link to the real page

      A notice like "we know who you are, pervert, and we're going to tell your mom" will surely help to reduce even more the number of clicks. :)

      Anyway, excellent idea ripnet [slashdot.org], even without my modest contibution.

    • by Gunfighter ( 1944 ) on Saturday March 20, 2004 @09:22AM (#8620504)
      That would be great if people were to actually read and understand the intermediate page. However, most of the people browsing the World Wide Web won't take the time to read the explanation. They're just going to click the 'click here' link.

      Perhaps slap one of those 'text in image' verifications and have the text read 'I love spam'?

    • It would be better if instead of completely blocking the page, it re-directed to a page saying that this site is implicated in spamming, but with a link to the real page.

      With all the annoying warnings that users have learned to bypass without reading, will another warning really matter?

      • "ERASE *.* (Yes/No)?"
      • "Allow this cookie (Yes/No)?"
      • "Please read the terms of this end-user license agreement (Accept/Don't Accept)"
      • "You are about to enter a secure website. Continue (Yes/No)?"
      • "You are about to leave a
  • I think... (Score:3, Insightful)

    by robslimo ( 587196 ) on Saturday March 20, 2004 @07:55AM (#8620208) Homepage Journal
    that with the negative backlash, some legal, that has occured against blacklist maintainters of all sorts (causing the SPEWS mainttainers to go anon), the fine people at NANOG will be smart enough to leave it alone. Not to say that some motivated members might not do it, but NANOG ain'ta gonna touch it.

    • that with the negative backlash, some legal, that has occured against blacklist maintainters of all sorts (causing the SPEWS mainttainers to go anon), the fine people at NANOG will be smart enough to leave it alone. Not to say that some motivated members might not do it, but NANOG ain'ta gonna touch it.

      SPEWS has always been anonymous, they didn't "go anonymous".
      If NANOG would block CHINANET, KRNET, and a few rogue providers here (4.0.0.0/8) I think we would see spammers getting discon'ed very quickly, r

  • Sounds open to abuse (Score:4, Interesting)

    by The G ( 7787 ) on Saturday March 20, 2004 @07:56AM (#8620209)
    Wow, this means I can take down other people's web sites by putting them into a message and spamming AOL users with it. Cool!

    I'll start with Microsoft, move on to SCO...
    --G
  • by chrysalis ( 50680 ) on Saturday March 20, 2004 @07:59AM (#8620220) Homepage
    The company I'm working for provides free web service ( http://www.skymail.fr ).

    This kind of service frequently gets abused by spammers. Two they abuse it :

    1) they open an account, just to have a valid address in order to bypass basic spam filters. Then, they send their spam through other servers using this address as the sender.

    2) they use scripts to send spam through the service, as any regular user would. This is extremely annoying.

    For 1) we publish SPF for all domains we send mail from. Now, it's up to people to enable SPF on their mail servers.

    For 2) we filter _all_ packets coming from China, Korea, Nigeria and addresses listed in Spews and Spamhaus databases. That's about 13000+ filtered networks. Thanks to OpenBSD packet filter, it's trivial to set up and it doesn't introduce any slowdown.

  • not good (Score:2, Interesting)

    Surely I should be able to visit any website I want?
    • You're dead on. This scheme may be an effective and smart idea, but that doesn't mean it's a good idea.

      When I pay for internet access, I expect to be able to access any public site on the internet if I so with.
  • Oh yea, lets all block websites so the idiots can't get spam sent to them. God forbid we taught them not to be idiots. Hell lets put them all on Linux, then they won't even be able to find the "Interweb explored" icon and we'll never have to deal with them again... or package forks with a microsoft logo and tell them to insert into a plug socket... either way we win..
  • Mixed Feelings (Score:5, Interesting)

    by thirty2bit ( 685528 ) on Saturday March 20, 2004 @08:08AM (#8620244)
    I've got mixed feelings about that.

    First of all, are all spammers bad? I mean, there ARE some people that buy crap advertised in spam. And is it all bad, or a ripoff? There was an link on Fark a week ago to an article about some guy that actually looks forwards to receiving spam, and had bought a lot of things from spam mails. Weird things, like a carpet cleaner, but things.

    On the other hand, do people want AOL to shelter them from the web, from the real world? I can't mail some friends on another ISP because their ISP has blacklisted Roadrunner Email. We already have a government 'sheltering' us from things, such as the real truth behind assassinations, aliens, and the disappearance of Elvis.

    Finally, the more things AOL blocks, the more reason for people to take the red pill, wake up to the monopoly, and get on a real ISP. Then those stupid CDs will stop showing up in my mailbox.

    I want to see the web, the whole web, the whole glorious ugly sex-ridden spam-filled seething mass of crap, and naught else.
    • Re:Mixed Feelings (Score:4, Insightful)

      by Anonymous Coward on Saturday March 20, 2004 @08:25AM (#8620294)
      First of all, are all spammers bad?

      Yes.

      I mean, there ARE some people that buy crap advertised in spam.

      Doesn't mean the other two billion people need to see those ads too. Go to an advertizing site. Just make 'em leave my mailbox allone.

      And is it all bad, or a ripoff?

      Yes.

      There was an link on Fark a week ago to an article about some guy that actually looks forwards to receiving spam, and had bought a lot of things from spam mails.

      Indeed, about some compulsive man getting a kick out of buying something over the internet.

      Doesn't mean *MY* mailbox need to get stuffed with junk, too. That man can go to some ad site or Ebay or something. If he's got the guts. I suspect he's the dependent kinda guy who needs to be told and handed over everything.

      On the other hand, do people want AOL to shelter them from the web, from the real world?

      No. *Especially* AOL filtering URL's seems like a very bad idea to me.

      We already have a government 'sheltering' us from things, such as the real truth behind assassinations, aliens, and the disappearance of Elvis.

      I thnk you're acting like a conspiracy theory troll.

      Finally, the more things AOL blocks, the more reason for people to take the red pill, wake up to the monopoly, and get on a real ISP. Then those stupid CDs will stop showing up in my mailbox.

      They make for splendid frisbees

    • listen, i understand where you're coming from. on the face of it, spam is just another aspect of the lawless net. and the sometimes draconian things people are doing to try to stop spam seem like they are working in exactly the wrong direction -- towards some big corporate power like aol telling you who you can email and what you can say.

      but i also remember what the net was like without spam. i routinely got email from strangers (mostly people who'd seen my posts on various newsgroups) and had interest

    • Re:Mixed Feelings (Score:4, Insightful)

      by Carmody ( 128723 ) <slashdot@ d o u gshaw.com> on Saturday March 20, 2004 @10:08AM (#8620692) Homepage Journal
      On the other hand, do people want AOL to shelter them from the web, from the real world?

      Yes. Absolutely. That is why many use it. Look at the ads - it is all about parental controls and filtering. AOL was dragged into allowing users basic things like telnet, usenet and the like kicking and screaming.

      I'm not just spouting here - the parental controls and all are the REASON several people I know use it, and they leave the controls on when they, themselves use the internet. "Keep me safe."
    • Re:Mixed Feelings (Score:2, Interesting)

      by openmtl ( 586918 )
      No - don't stop those CDs !. They usually come in the UK in the black plastic DVD style cases.

      I love these !. bin the CD, reverse the front cover insert (its usually white on the back) - and then I have a new case for my Knoppix or Mandrake download edition release or Toms Rescue CD or similar.

    • There was an link on Fark a week ago to an article about some guy that actually looks forwards to receiving spam, and had bought a lot of things from spam mails.

      The same story was on Slashdot; go search for it and you'll find it. Several people pointed out something that the journalist missed: the guy interviewed is himself a spammer. And remember, the first rule of spam is:

      1. Spammers lie.

      He was just another lying scumbag criminal trying to get some free positive publicity. The reporter fell for

  • by CdBee ( 742846 ) on Saturday March 20, 2004 @08:10AM (#8620250)
    I have commented several toimes about a need for providers of internet services to take more care of their customers

    AOL is a family ISP - most techies wouldn't use it as it doesn't provide what we want, but all those kids surfing on it deserve to be protected from the people who target them with spam

    It's been demonstrated over and over that there are enough people out there willing to buy from spammers to make it a highly profitable industry, but that most of those profits come from taking payment by fraud and never supplying the goods

    I would not use an ISP that did this, but the marvel of free will means I don't have to. For AOL's target market (largely clueless and wanting an all-in-one service to supply services and protect them) this is the right action.

    One final recommendation to AOL

    Please supply the latest Windows service pack and the latest Internet Explorer update patches on your CDs and make them a prerequisite to going online. Microsoft would love you to do this, techies would love it too and it would close down a lot of spam relays by closing the holes.
    • Please supply the latest Windows service pack and the latest Internet Explorer update patches on your CDs and make them a prerequisite to going online. Microsoft would love you to do this

      Wasn't there something about MS *not* allowing Service Pack updates on magazine cover disks?

      If this is true (and I'll confess that my memory is hazy here), that alone is good enough reason for the relevant authority in [insert your country name here] to slap Microsoft down. If Microsoft were not a near-monopoly, and co
    • Please supply the latest Windows service pack and the latest Internet Explorer update patches on your CDs and make them a prerequisite to going online. Microsoft would love you to do this, techies would love it too and it would close down a lot of spam relays by closing the holes.

      The tin foil hat brigade had a cow when AOL turned off the Windows Messenger service to stop messenger spams. What's going to happen the first time an AOL-installed patch kills someone's Windows box?
      By definition, if you're usin
  • yeah, great. NOT. (Score:2, Insightful)

    by Machine9 ( 627913 )
    Now, if only my webhost would have a way to prevent people from forging email to appears as if it originated from my domain... ...great fun for someone who makes his money selling art and shirts through his website, nobody on AOL will be able to visit my site because some spammer forger email.
    • Now, if only my webhost would have a way to prevent people from forging email to appears as if it originated from my domain... ...great fun for someone who makes his money selling art and shirts through his website, nobody on AOL will be able to visit my site because some spammer forger email.

      RTFA: They're not blocking the From: address on the spam, they're blocking the website address that the spam is telling you to go to. AOL, for once, has taken the smart approach and has recognized how easy it is to
  • At least to some extent, they've been rejecting mail that contains urls believed to be connected with spam. This can be mail from domains that aren't otherwise blocked by their filters. I forget the exact text I saw in their bounce message. A user at ISP where I work NOC had complained of not being able to send mail to an aol address. I could see she was trying to forward a spamish mail she had received to her aol-using friend (gee, what are friends for, if not to share spam); my recollection months later i
  • by reallocate ( 142797 ) on Saturday March 20, 2004 @08:27AM (#8620301)
    Why not build this capability into browsers? Follow the cookies handling model.

    Make it optional, stick it in "preferences", stock it with an initial list of spam sites, and give the user the ability to add additional sites, delete sites, and select/deselect the block.

    • Why not build this capability into browsers? Follow the cookies handling model.

      That adds a level of complexity that isn't needed. Simply use proxy servers on out bound connections. If they want filtering, use one set. No filtering, use another.

  • How about... (Score:5, Interesting)

    by alpharoid ( 623463 ) on Saturday March 20, 2004 @08:29AM (#8620310)
    Instead of simply blocking the connection, AOL could redirect the visitor to a special error page, explaining that the page was blocked for spam reasons and offering an override if the user really wants to see it.

    After reading through a page explaining that it is a spam site and that the user might be tracked and harrassed further by those companies for giving them a visit, I'm sure most of them would not click through.

    Those masochists looking forward to buying spam and actively supporting these scum could just click "Yes, I really want to see this page" and everyone would be happy. Right?
  • by m0i ( 192134 ) on Saturday March 20, 2004 @08:34AM (#8620317) Homepage
    I didn't know they were filtering spamvertized sites but I know they block some mails based on content, specifically URLs they may contain; some emails to AOL got rejected because of this, and their smtp returns
    reason: 554-: (HVU:B1) The URL contained in your email to AOL members has generated a high volume of complaints.

    The URL in question was http://someplace.(can't remember).solmedia.com which doesn't sound like a spamgang operation to me..
  • Dynamic IP addresses (Score:2, Interesting)

    by Dunarie ( 672617 )
    So, does this include sites that have 'dynamic' IP addresses as well? Currently they consider a lot of web hosts as having dynamic IP addresses, and force them to have to get on a whitelist (which I might add, is nearlly impossible). Does this mean now, not only will AOL users not be able to sign up for anything that requires an e-mail on my site, but that they'll now not be able to view it at all?

    I sure hope it's just spammers they've blacklisted, rather than a comibnation of a blacklist, and whitelist.
    • The solution is to block at the DNS level, not the IP level. If a DNS request comes in for any host in, say, "er4dde.com" or "decpharms4.com", you don't don't ask the spammer's DNS server where they are, you return the previously-suggested redirection to a spam warning page...

      This also kills the spammers that use the proxy drones created by SoBig et al, 'cuz they'll never reach the drone farm...

      • The solution is to block at the DNS level

        And the spammer that owns 3-4K domains? Many do. There isn't an easy way to search for them all, but a very easy way to block an IP range.

        • And the spammer that owns 3-4K domains? Many do. There isn't an easy way to search for them all

          Sure there is. If they're being spammed, they'll show up and can be blocked. If they're not, it doesn't matter.
  • by gantrep ( 627089 )
    The problem with spam-filtering schemes is what about people like this [slashdot.org] to whom there is no unwanted email?

    It's really not fair to those customers. This is why filtering has to be controlled by the user and nobody else should make the decisions.
  • Bad solution (Score:2, Redundant)

    by Dan East ( 318230 )
    http://slashdot.org/comments.pl?sid=97313&cid=8317 030 [slashdot.org]

    All a spammer has to do is send spam on the behalf of companies that are not their customers and there would be no way to know which merchants should be prosecuted. Spammers muddy the water as much as possible - that is their entire means of survival.

    Dan East
  • Why is it that the companies selling these products are even allowed to continue to operate anyway? Most of them seem to be pharmaceutical suppliers and are based in the US. Further they often sell what are classed as Schedule 4 drugs in Australia (must be sold by a licensed pharmacist by doctor prescription only). Does not the US FDA have similoar powers to shut these operators down? If we could stop the shady operators from selling this stuff (and I can't see how they operate legally) there would be no
  • by F00 ( 212699 ) on Saturday March 20, 2004 @08:55AM (#8620393)
    Let's all just block AOL. Eliminating all of the stupid users that "support" the spammers. That should solve the problem (and many others), quite fast.
  • I've already had one of my competaters complain about me (unjustly) and now I'm blocked and I can't send email to aol customers. This is the first major step in isolating aol customers from non aol parts of the internet, watch how this turns out they will start "filtering" in a big way now.
  • by ausoleil ( 322752 ) on Saturday March 20, 2004 @09:00AM (#8620411) Homepage
    Many have already noted the comments where a DDOS may be launched via sending out spam in order to deliberately draw the attention of IP blocking filters, but at the same time, it is also worth noting that many web servers have multiple domains on one IP address using both virtual directories and virtual domains. In fact, almost every ISP does this, in order to give their users a place to oput Mom and Dad's pictures with the kids, etc.

    So, if implemented uninteliigently, filtering by ISPs would simply p/o their own customers. All script-kiddie John has to do is get an account on say, Earthlink, put his little target V-iagra content there and then use an SMTP mailer to draw the attention of Earthlink's own IP blocker after his mails rattle along the 'net.

    Sure, they'd clean it up pretty quick, and then unblock, but do you really think that Mr. and Mrs. Non-Techie User are going to be so understanding while their fabulous portraits of their kids are intermittently available as this little war plays itself over and over again? I think not. Grandma is even less technical than them and just can't understand why her AOL dialup can't open the web site where they were just yesterday.

    That said, the spam content IP blocking idea has merit, but it's not going to be as simple as merely blocking an IP address. It's probably going to have to be quite smart, smarter than both spammers AND script-kiddies in order to work and thus be accepted. I say the technology merits study but is not ready for prime-time.
    • Many have already noted the comments where a DDOS may be launched via sending out spam in order to deliberately draw the attention of IP blocking filters, but at the same time, it is also worth noting that many web servers have multiple domains on one IP address using both virtual directories and virtual domains. In fact, almost every ISP does this, in order to give their users a place to oput Mom and Dad's pictures with the kids, etc.

      Run it like SPEWS [spews.org]. You don't get blocked unless the problem has been go

    • it is also worth noting that many web servers have multiple domains on one IP address using both virtual directories and virtual domains

      I imagine that, since AOL also supplies DNS to the AOL client, they are blocking by name, not IP.

      However, I wonder if blocking by IP would work too in this particular case. Spammers are selling something, and if you sell something it's almost always going to be with an SSL-encrypted link. SSL doesn't work with virtual domains, so either (a) all the spammers have non-vi
  • by pfaut ( 18898 ) on Saturday March 20, 2004 @09:05AM (#8620432) Homepage

    This is real funny. I've been trying to install some new sendmail milter programs on my mail server in an attempt to cut down on the amount of spam I receive. As a result, I've been taking a closer look at my mail logs.

    I'm getting a lot of mail addressed to accounts that don't exist from systems with names like omr-m14.mx.aol.com. Are these legitimate MTAs or open relays?

    If AOL wants to cut down on SPAM, they should start with what gets sent by their servers.

    • Are these legitimate MTAs or open relays?

      AOL answers [aol.com] this question, and others [aol.com] like it. More helpful than you were expecting, no? In answer to your question, the servers are for bounced messages. Block them, and the worst false positive you'll get is a legitimate bounce.

    • I feel your pain.

      This [gnu-designs.com] is from the last 6 days of mail logs here, and filtered for only one domain we host. Multiply that by about 20 for the domains we host, and then multiply that by the number of hacked providers (comcast.net, cox.com, verizon.net, etc.) and you begin to see an enormous amount of abuse and bandwidth being consumed by these hosts.

      Report it to Carl Hutzler (cdhutzler at aol dot com) and let him know your concerns. He is the director of AOL's anti-spam measures.

  • You also need to flood the sites with bogus orders for their product and queries for information.
  • by nysus ( 162232 ) on Saturday March 20, 2004 @09:49AM (#8620620)
    It doesn't take a lot of foresight to imagine the day when the political interests can persuade AOL to block other "undesirable" sites. Technically, it's not censorship because AOL has supposedly done it voluntarily; just like Clear Channel has "voluntarily" removed Howard Stern from their radion stations.
  • by thogard ( 43403 ) on Saturday March 20, 2004 @10:09AM (#8620697) Homepage
    The idea is the web site hoster is doing the spaming. The way this works in the real world is the idot that is tring to sell something talks to some spamers who convince them that its an op-in list and pays like $5000 to send his crafted message out. Of course the "demo" shows about one hit in 30 so its got to be good right? The real world is the spamer takes the cash from some moron and then may spam a different product. by that time the person paying is out of the loop an the rest of us pay.
    The only solution to spamers is jail or a clue by 4 [clueby4.com] to the brain.
    • The idea is the web site hoster is doing the spaming. The way this works in the real world is the idot that is tring to sell something talks to some spamers who convince them that its an op-in list and pays like $5000 to send his crafted message out.

      If they are so stupid that they think they can lease an "opt-in" list, then they are too stupid to be allowed to have web traffic.

      The problem with your point here is that there isn't any way to tell a stupid web site operator from a lying spammer. Spammers li

  • "Those who would give up essential Liberty, to purchase a little temporary
    Safety, deserve neither Liberty nor Safety."

    ~Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the
    governor, November 11, 1755

  • The problem with AOL is they make it too easy to get their customer's email addresses. If you have an AOL account, you have access to seeing everybody else's screenname which is a great security risk. When I had an AOL account, I had more spam then I've ever had with any other account.
  • by Anonymous Coward
    There's at least two serious problems with such unilateral approaches by any "authority" rather than the recipient. What's spam to you may be ham to me and vice versa. Additionally, it opens a rather insidious door: if someone rather than you is the gatekeeper of your mail, then there is always the possibility that they can be influenced (usually by monetary means) to let mail through that you'd consider spam (User: "Why am I getting these unwanted ads? This is spam" Authority: "Oh? We'd never have th
  • In Russia (Score:4, Interesting)

    by danila ( 69889 ) on Saturday March 20, 2004 @11:03AM (#8620954) Homepage
    In Russia most ISPs, including the largest hosting providers, routinly close websites belonging to spammers (repeat offenders) for a few years already. So far this has not been abused, suggesting, it might work equally well on the American and even global scale too.
  • Oh wow, you suggested it SIX MONTHS AGO! What a great idea you had, because nobody has ever [google.com] done that before [google.com].
  • by hacker ( 14635 ) <hacker@gnu-designs.com> on Saturday March 20, 2004 @11:53AM (#8621258)
    I've emailed the requisite 'abuse@aol.com' address hundreds of times, with copies of the spam emails, log entries, dates, times, and so on. Has anything changed? No.

    I even emailed Carl Hutzler, Director of Anti-spam at AOL, and he hasn't returned my emails or my calls. The same goes for the hundreds of thousands of spams we get from *.verizon.net, comcast.net, voyager.net, compaq.com, and others. Clearly people inside the business infrastructure have infected systems propagating spam on the weekends, using the corporate bandwidth to do it.

    At this point, this is what I do:

    1. Sendmail as my MTA, blocks a significant amount of spam, before receiving it, with some custom antispam rulesets [gnu-designs.com] I've cooked up.
    2. I also have triple-RBL set up in the MTA (ordb.org [ordb.org], mail-abuse.org [mail-abuse.org], and so on).
    3. blackholes.us [blackholes.us] is set to block known-spammers from Argentina, Brazil, China, HongKong, Japan, Korea, Russia and Taiwan.
    4. virtusertable in the MTA chain blocks attempts at some common internal system accounts.
    5. SpamAssassin is tuned down to 3.5, and catches a significant portion of the emails that make it past the above measures.
    6. AV is done through procmailrc, with some custom heuristics in the recipes (contact me if you want these)
    7. Anything that SA catches, is tagged and put into /var/spool/mail/SPAM
      1. I manually go through that SPAM folder, and report every entry there to the 'abuse@address' for the resolved provider (not the forged provider in the From: line, of course)
      2. For hosts that do not resolve, they are permanently blocked at the firewall.
      3. For providers that do not support the 'abuse@address' address, they are permanently blocked at the firewall.
    8. I then go through the mail logs themselves, and catch the brute-force attempts at sending mail to the dozen-or-so domains I host, and block them at the firewall.

    So far, the more I block, the faster the spam comes in, and the more I block, ad nauseum.

    Here is today's counts. At 5:30am, this was 164 hosts, and now it is 109 more than that.

    iptables-save | grep "dport 25" | wc -l

    273

    Spam is definately getting worse, as more and more machines are hijacked for the purposes of propagating it, with these trojans.

    The more I block, the more incoming spam we get.

    • The more I block, the more incoming spam we get

      What I've noticed is the more we block the harder they try to get stuff through, and apparently the stuff that makes it through is the Viagra, penis enlargement, etc. type ads that we really want to block the most.

      Spam is getting worse, the incoming attempts to the ISP servers I manage has grown to more than double what it was in August 2003 already, one ISP I deal with in particular is rather pissed, he is dialup only and slowly but surely is losing users t
  • by foniksonik ( 573572 ) on Saturday March 20, 2004 @01:52PM (#8621888) Homepage Journal
    I agree on principle that this is the wrong way to do this but also offer a compromise;

    Give people an informed choice. Tell them that the website they are attempting to access has been identified as a security risk/spam house/pron site/etc then let them decide if they want to continue.

    It is just as open to abuse but it also seems like it would fail gracefully in the event that the site is not a problem or that as an individual you don't have a problem with it's content.

    Go one step further and allow the browser or your account to keep a white list of bookmarks which pass you straight through to the site... just set a cookie or similar.

    The end result is that you give people a community knowledge-based opinion about the content of a site, then you give them the choice of whether they want to go with the crowd or go their own way and you make it convenient for them to go their own way from then on.

    Many tools already do this with filtering for Ads... just extend it to apply to entire sites and return the bookmark option page instead and if you are AOL you can hook it up to your community database of opinions... "mod this site up, it has 'original' pron... not just the same set of crappy old pics" ;-p

  • by Amon CMB ( 157028 ) on Sunday March 21, 2004 @01:50AM (#8625807)
    The thing about spammers is that no matter how many proxies, zombie machines, foreign servers and fake addresses they hide behind - at SOME point, there has to be a contact between spam victim and spammer for spam to be an effective money-maker. Spammers try to sell you things - things which require monetary transactions to complete. That's where they are vulnerable. Find out the businesses that profit from spam and go after them. They can't hide forever, especially if they want to sell you something.

"An idealist is one who, on noticing that a rose smells better than a cabbage, concludes that it will also make better soup." - H.L. Mencken

Working...