AOL Cans 1 billion Spams In One Day

linuxwrangler writes "AOL announced today that its spam filters hit the 1 billion reject mark for a 24 hour period. This is an average of 28 rejects per day per member. In addition, AOL spam engineers say they receive 5.5 million spam submissions each day from AOL users. Other reports here(1) and here(2)."

Wow!

[Tyler+Eaves]

28 per subcriber per day caught.

Only leaves 103 apeice...

Re:Wow!

[StarOwl]

Man, what I'd give to only have 28 pieces of spam thrown my way each day. Here's how many pieces of putrid canned ham have been spewed my way in the past few days:


23 February: 1095 spams, 7,821,318 bytes
24 February: 1320 spams, 6,581,776 bytes
25 February: 1700 spams, 6,875,706 bytes
26 February: 1598 spams, 7,910,568 bytes
27 February: 2659 spams, 13,183,247 bytes
28 February: 1436 spams, 6,280,790 bytes
1 March: 1492 spams, 6,917,835 bytes
2 March: 1274 spams, 5,805,475 bytes
3 March: 1488 spams, 6,196,761 bytes
4 March: 1626 spams, 9,023,298 bytes

Thank Ghu for tools like procmail, tmda, and spamoracle.

But...

[Black+Jack+Hyde]

...only 15 originated outside of AOHell in the first place.

AOL spam engineers?

[nizcolas]

Are they responsible for creating the spam, or stopping it?

Re:AOL spam engineers?

[Zeebs]

The answer is of course, yes.

Re:AOL spam engineers?

[ngyahloon]

They should use this threat in the next Austin Powers movie. Dr Evil spamming everyone's email with 1 billion ads/spams unless he is paid "1 Million Dollars"

What I want to know is...

[AEton]

...how much of that was outgoing? i.e, how much did AOL users themselves generate? Probably more than they want to let on...

Failure rate?

[waytoomuchcoffee]

And how many got through?

Re:Failure rate?

[mosch]

More importantly, how many valid emails were wrongly discarded as spam?

Re:Failure rate?

[waytoomuchcoffee]

Members are clicking on the "Report Spam" button to send up to 5.5 million pieces of junk email per day to AOL's anti-spam engineers

Your guess is that every single piece of spam that gets through is reported?

Re:Failure rate?

[GospelHead821]

Unfortunately, complaints about unwanted email are considered spam by the filters and never actually reach support@aol.com.

Re:Failure rate?

[Anthony+Boyd]

how many valid emails were wrongly discarded as spam?

I can partly answer that, and say it's probably a huge number. Bigger than they want you to know. I help out with a local church's Web site. This is a church -- they're far too nice and technically inept to spam anyone. But their site is hosted on a machine that about 100 domains use. Other customers of the ISP HAVE sent spam. AOL blocks at IP address, so all 100 domains are blocked.

So. To answer your question, a LOT of legitimate email is not getting through. I had to work with the church's ISP and AOL spam cops to get them to make an exception for the church's domain. They LEFT the other 98 domains that hadn't spammed on the block list, just because those domains hadn't complained yet. And of course, every now and then, they "forget" that they've made an exception for us, and I have to go over it all again.

Really, AOL gets such big numbers because their system is not very efficient.

Re:Failure rate?

[trmj]

I'll bite. Hell, you already consider me a foe, so what more harm can I do?

To start off with, the information is grossly understated. If we were to find out what is going on with the filtering issue, we would need many more numbers than what they gave us (e.g. total number of mails processed, then broken down by sender, whether the recipient was in the to part of the header or the bcc part, etc).

There are so many factors that go into this that it's not even funny. I run a medium sized hosting company and take care of spam complaints from the inside and outside, as well as deal with filtering. It's not the most interesting job in the world... and yes, I do have clients (business owners) who use AOL for their home dialup service. They tend to be the ones that complain most.

So, to answer your question, yes, from the information we were given, it appears that their filtering is 99.4% successful. Is this at all accurate? Nope.

It's not my fault the moderators don't agree with you. Most of the time, they don't agree with me either. Unfortunately, unless you can think of a better moderation system and get Taco to build it, it's gonna be this way.

AOL members aren't sending 5.5 million spams a day

[jrstewart]

Well, maybe they are, but that's not what's reported in the article.

AOL users are reporting 5.5 million spam messages a day to customer service.

New notification

[Defender2000]

I can see it now:
*bing*You got mail!

"You have 10 new messages"
"You have 293 rejected messages"

Re:New notification

[Servo]

More like...

*bing*You got mail!

"You have 10 new messages"
"You have 293 rejected messages"

MSG 1> Increase your breast size!
MSG 2> Increase your penis size!
MSG 3> Loose weight fast!
MSG 4> Re: my naked webcam!
MSG 5> Make money advertising on the Internet!
MSG 6> Your unclaimed money!
MSG 7> Horny babes with horses!
MSG 8> Incest rape! W@W!
MSG 9> Make millions in Real Estate!
MSG 10> Do you hate spam? You need this! Only $29.95!

Re:New notification

[Servo]

Now wait, are we talking about AOL or Slashdot here?

wouldn't it be easier, quicker and smaller...?

[irving47]

To measure the LEGIT email going through AOL?

Re:wouldn't it be easier, quicker and smaller...?

[sixdotoh]

lol, that sounds like the making of a bbspot story.

AOL user shocked! "I received a personal message that was not trying to sell me anything! I didn't know this kind of thing existed!"
AOL engineers responded that this anomaly occasionally happens about every 0.264% of regular mail sent. . . .

not to burst your anti-spam bubble, but . . .

[kraksmoka]

unfortunately, i would guess that half of their spam is legitimate communications that get blocked. i have alot of email addys. but apparently, only my mac.com address gets through.

every other letter i write to my mom gets rejected. if i am not allowed to spam my mom, who else should be????

Re:not to burst your anti-spam bubble, but . . .

[agentZ]

I have to know why you're asking your Mom if she'd like to add three or four inches to her penis length.

This is the most important story of the year

[ObviousGuy]

And it is under the most correct section: Your Rights Online.

Today 1 billion voices were silenced. This is not some make believe movie where Alderan gets blown up. It is about the actual usurpation of the Freedom of Speech.

AOL has taken it upon themselves to decide for their users what is appropriate speech and what is not. That is sad. If you think Microsoft is taking away your freedoms because they own 90%+ in the OS market it is time to recheck your bad guys. AOL has just proven itself to be an enemy to Free Speech. That is a much more grave violation of your rights online than anything Microsoft has ever done.

The laughable part of all this is that AOL is the biggest real-world spammer with their tons and tons of CDs that have to be dumped into landfills every year.

Fuck you AOL for making yourself judge, jury, and executioner of the First Amendment.

Re:This is the most important story of the year

[mstockman]

Would someone mod the parent up +1 Funny, please? Because the poster can't be serious. Let's look at a few of the more obvious problems with the post:

• You capitalized "Freedom of Speech" being usurped, so I assume you mean the freedom guaranteed by the First Amendment, which you mention at the end. Sadly for your post, that Freedom and that amendment apply only to the Government. Private institutions can suppress (that is, fail to use their own money to allow) any speech they damn well please.

• Nobody is taking away anyone's freedoms, because each and every AOL user whose spam was blocked paid AOL to do it. Those who don't want spam blocked are Free to change to another ISP. (Oh, quit it... AOL is too an ISP. Stay on topic, all right?)

• Finally, tons and tons of CDs, unless they appear as ISO images in your mailbox, are Junk Mail, not spam.

Hope this clears up exactly which "rights" have been infringed here -- the rights of spammers to dump 1 billion pieces of mail into AOL users' mailboxes. And I just can't get too hot under the collar about their loss.

Re:This is the most important story of the year

[arvindn]

Although parent post sounds trollish, it has a valid point. Filtering incoming mail by the ISP is a bad idea, atleast much worse than filtering outgoing ones.

• It doesn't help the wasted bandwidth problem.
• Since the users don't know what mail they were going to get, there is much less accountability. OTOH, if my ISP blocked the (legitimate) mail I sent, then I can complain to them.
• The ISP can be forced to implement arbitrary filters like "pro-terrorist", "anti-US", etc by the government and no one would be the wiser.

So this is a first step, but not the Right Thing. I hope ISPs start coming under more pressure to filter their outgoing mail.

Re:This is the most important story of the year

[robi2106]

Exactly. Tell me where it says in the USA Constitution that a corporation is required to pay to support your missguided interpretation of freedom of speech? The government isn't even required to do this.

The only thing the government can't do is supress or prevent you from doing so.

I should be allowed to stand on the steps of the White house and demand that I be given press conference time immediately following the President, just because I am a citizen. But I should be reqected my requests and even asked to shut up and read the Constitution that I tried erroneously to wave in my defense.

And how many spams originate from citizens of USA any way, more from outside I would venture.

robi

Re:This is the most important story of the year

[bkocik]

AOL has taken it upon themselves to decide for their users what is appropriate speech and what is not

No, we have not. Spam is the #1 complaint we get from our users. They don't want the stuff, so we're fighting it. We block what they ask us to block.

But, of course, we're AOL and this is Slashdot, so naturally everything we do is wrong.

Serious stuff, this...

[TopShelf]

This may not be the crowd that wants to hear this, but some radical changes need to be made in the email protocol to minimize the amount of spam that users deal with these days. Bottom line is that the goal should be for email communications to be as trustworthy as phone calls - sure, there are some telemarketers and crank callers out there, but if the noise level from your phone was as high as in your email, there would be marches on Washington to demand a solution.

I would think the most likely candidate would be to build-in verification of the sender, and bring about the end of anonymous email. That's sure to raise the hackles of many here, but so far, nothing's working.

"Allow all mail" doesn't work?

[lwbecker2]

In the AOL "Mail Center" there is an option to "Allow ALL mail". I take it this doesn't work, or that AOL should change it to "Allow all mail that we decide to let through..." ?

Save those bits!

[smartin]

If this is true, can you imagine how much bandwidth and disk space is wasted by spam. I'd be willing to bet that the money lost to spam exceeds the money lost to pirate software and mp3's combined.

Yeah, including legit emails

[barzok]

I'm on a mailing list and our AOL-based members frequently post "did the list die? I haven't gotten any email in the last couple days". AOL doesn't even reject the messages, they just get blackholed. Someone in the bowels of AOL's mailservers is a cache of tens of thousands of messages about pickup trucks.

Our listmaster has been around and around in circles with AOL on it several times. It's almost not worth fighting anymore. Use AOL, accept the fact that email you want will not always get to you.

S.O.L?

[coday]

Does this mean I'm gonna get screwed on my mortgage and have to settle for an average sized penis?

Good

[aiyo]

Now my penis enlagrement products won't be drowned out by useless spam.

Don't exagurate.

[stefanlasiewski]

Don't exaggerate.

When you compare spam-blocking with Nazi atrocities, you're belittling the horror that Nazi victims experienced.

Many of those Communists, Jews, trade unionists, Catholics were often killed in all manner of horrific ways.

By contrast, AOL isn't killing anybody. If AOL blocks spam, somebody looses some money, and an AOL user gains some time, money & sanity.

There can be no fair comparison of these two activities.

Ambivalence

[iiioxx]

I'm kind of torn on this issue. On the one hand, I hate spam and those who allow it to proliferate. On the other hand, I abhor censorship in any form. I wouldn't have an issue with this at all if AOL simply provided its users with the *tools* to eliminate their own spam if they choose to do so. My problem with this is that AOL itself is deciding to filter its members' email, and making the determination itself as to what is and is not "spam". That's a reckless step down a slippery slope, in my opinion.

NEWSFLASH: Corporations determine your rights!

[ObviousGuy]

I happen to believe in the sanctity of the Freedom of Speech. I do not subscribe to your concept of corporate control of rights.

I don't know where this idea comes from that just because you are a business it means that you can do whatever you want, including infringing upon rights guaranteed by the government.

This is a sad double standard being applied to "unwanted" emails. The KKK and the NOI can publicly advertise their unwanted speech because the First Amendment protects them. They cannot be barred from advertising in newspapers, they cannot be barred from advertising on billboards, and they cannot be barred from posting in open forums. But spammers don't have these rights?

You better think about that position a little.

wow that's expensive or is it cheap.

[goombah99]

there is a claim that spam costs money. Money to the ISP for bandwidth and money to the end user for reading/deleting. is this really true? well certainly I delete lots of spam and it costs me time. but what about the ISP?

I would guess that deleting spam is about as expensive as transmitting it for an ISP. that is the processor intensive task of scoring and removing a spam probably is a wash with the processor light task of tranmitting and storing it. Now for the sake of argument lets just guess a wild number for the cost of filtering or passing along a spam. lets say 0.001 dollars.

if that were true then a billion spam deleted would cost AOL 1million dollars per day (plus the ones that got through). that would be a third of a billion dollars a year. THat seems way to high. So it must be less. SO maybe its 0.000001 cents?? that would come to a third of a million dollars a year.

My guess is that the latter is probably a good guess. why? well how many engineers has AOL assigned to the de spamination? perhaps a third of a million dollars worth every year? it would of course not make sense to spend more on de spamination than the harm it costs.

so anyhow assuming this wild guessing is within an order of magnitude then the proper charge to fine a spammer would be some multiple of 0.000001 dollars per spam sent. which is not an awful lot.

so is spam really that costly to ISPs??? Maybe not

Re:wow that's expensive or is it cheap.

wow, this is some voodoo math if I've ever seen some...
your assumptions are pretty poor, for example:

how can you possibly assume that the cost of a spam is only in 1) the bandwidth required to receive the spam and 2) the amount of processor time spent to score and delete the messages?

The most costly aspect of spam for AOL is the damage to its image, and the consequent loss of its user base. That in turn, has a consequent loss in stock price.

also, i like how you relate the "despamination" costs of the salaries of the engineers with the costs of spam to the ISP.

here's your logic:
"it would of course not make sense to spend more on de spamination than the harm it costs"

well, this is true, but what can you logically conclude from this? only that the harm it costs is AT LEAST as much as the cost of "de spamination"

this DOES NOT mean that:
(harm done by spam) == (cost of de spamination)
as you imply in your post.
in fact, quite the opposite, if I were company, would I embark on an endeavor if I only expected to breakeven? HELL NO. a company would only try to do something like despamification or new features in a piece of software if it expected to come out ahead. This means that:
(harm done by spam) >> (cost of engineers to de spaminate)

also, I think you severely lowballed the cost of the engineers doing the despamification. a third of a million gets you ~5-6 engineers? If they are sucessfully filtering 1 billion spam a day, they need more than that just for the IT personnel keeping the processing power running.

Also, you are confusing the costs to the ISP. don't forget that AOL will still incur the costs of deleting the spam, the costs of the bandwidth to receive the spam, and ON TOP OF THAT the costs of the engineers.

so instead of:
(harm done by spam) == (cost of engineers to despam)
it is much more accurately depicted by the following:
(harm done by spam) >> (cost of engineers to despam) + (cost of bandwidth to receive spam) + (cost of processing power to score and delete spam)

Dammit Dad!

[psxndc]

Mom told you to stop giving the pr0n companies your real email address.

*shaking head*

psxndc

Some are configured to reject ALL outside email

[Kakurenbo+Shogun]

Apparently AOL users can set up their accounts to reject ALL email originating outside AOL (as if the rest of the internet were worse SPAMmers than AOL folks). Amazingly, this setting is turned on on some accounts (many, I suspect) without them even knowing it. I run a webserver for a few businesses, and we get LOTS of mail bounced back from AOL account for this reason. It's a real pain when, for example, an AOL customer is trying to sign up on our site, and their account activation key gets bounced back to us because of this stupid setting. I bet they're counting all these messages in their total.

If you could press a button...

[FyRE666]

I remember some survey from years ago that asked "if you could press a button and someone on the other side of the World would die, but you'd recieve 1,000,000 dollars, would you do it?". I'm now wondering, if you could press a button, and a spammer, somewhere would die - would YOU do it? Scary as it seems to me, I'd probably say "yes"...

Re:How?

[StarOwl]

My spam counts tend to get run up because of how my eight-year-old domain is set up (all incoming mail, regardless of the to address gets directed to the same inbox) and because I've made use of tagged addresses.

Having all email routed to my inbox means that my figures above include dictionary attacks.

Using tagged addresses also runs up the total a lot. Every time I give out my email address, either on a registration form or in a public posting, I use a different tag.

I started tagging addresses in the early days of spam. Remember when we foolishly thought we could attach a disclaimer to usenet posts along the lines of "send me spam, and I'll bill you $50 under the anti-fax laws"? Well, I was dumb. I figured that in order to "prove" that unsolicited email was unsolicited, I had to have some proof of how the spammer got my email address, and that I had a clear disclaimer.

The good news: I have a pretty good idea of which of my online activities generate spam (e.g., posts to control.cancel and *.test, my NIC registrations, and usenet group-creation votes all seem to be popular for the spam-database trollers)

The bad news: I can easily get hit 30, 40, or 50 times for any one mass-spewing a spammer decides to do.

The totals above contain NO false positives -- they're all tied to tagged addresses which only produce spam. Not included are the 50 or so false negatives I get a day, which get tackled through other means.

It's mutual.

[bcrowell]

* ^From:[ ]*[a-z0-9_]+@aol\.com$
#
* ! ^X-Loop:.*mydomain
* ^TO_me@mydomain\.com
#
{
# Make a temporary file of the message to be returned
:0c:formail.lock
# Discard whitespaces, insert a leading blank
| expand | sed -e 's/[ ]*$//g' | sed -e 's/^/ /' > return.tmp
# Prepare and send the rejection
:0:formail.lock
| (formail -r -I"Subject: Rejected mail: Recipient refusal" \
-A"X-Loop: rejected-mail@mydomain.com" ; \
echo "Sorry, but your e-mail was rejected because the From: header" ; \
echo "didn't seem to include your real name. This is an automated" ; \
echo "message; replying to it won't work." ; \
echo "--- begin rejected mail ---" ; \
cat return.tmp ; \
echo "--- end rejected mail ---" ; \
rm -f return.tmp) \
| /usr/sbin/sendmail -t
}

An efficient anti-spam weapon

[SysKoll]

So your old email accounts are spammed to death, huh?

If you want to get rid of spam, do this:

1. Create a "secret" email account from a reputable provider. Make it unguessable. Add some digits or weird long strings. Don't give it to anyone.

2.Go to spamgourmet.com and create an account. It's free and open source. In the "forward emails to" field, enter your secret email.

3. Give spamgourmet addresses to your friends. If your account name is Joe6Pack, give your pal Jack Daniels an address Jack.Daniels.Joe6Pack at spamgourmet dot com. To greatdeal.com, give greatdeal.com.Joe6Pack at spamgourmet dot com. This way you know who has what address. Those spamgourmet addresses are disposable.

All the emails sent to your various spamgourmet addresses are forwarded to your secret account.

4. If Jack, who is a friggin' idiot running XP and Outlook, gets yet another Kletz-like virus, the content of his Outlook address book will be compromized and all these addresses harvested by spammers. Just go to spamgourmet.com and disable the compromized address. Tell Jack he's a fool. Give him another disposable address if needed... Until next time.

If greatdeal.com turns out to be a spammer, just disable their address.

5. After a couple of months, disable your old email accounts, the ones that are spammed to death right now.

6. No more spam. Or if you get spam, just disable the spammed address and report the spammer to spamhaus.org. You'll never be spammed more than once.

Works for me.

-- SysKoll

small company stats...

[Ender+Ryan]

The company I work for currently has a grand total of 7 employees working here in the office. It used to be more before the economy fell apart, but I digress.

Spam became a huge problem here roughly a year ago, and it started taking up too much employee time. So roughly six months ago, we started using Spam Assassin. In that six months, Spam assassin has caught roughly 90% of the spam we get, totalling well over 500,000 spam mails.

Am I crazy, or is 1/2 million spams for only 7 people in less than six months absolutely insane or what? How can anyone argue that these spammers are running legitamite businesses?

I think it's high-time for some legis-fuckin-lation to curb this insanity :)