Slashdot Mirror
AOL Bans Mail From DSL-Hosted Servers
kmself writes "As first reported at linux-elitists by Aaron Sherman, and with a demonstration of the denial at zIWETHEY, AOL has begun blocking mailservers identified with residential DSL lines as an anti-spam measure, apparently heedless of the huge collateral damage this move imposes (and guess who can't send mail to Mom...). This action was unannounced, and has received virtually no coverage, spare an oblique mention at News.com. It also violates SMTP RFCs, as Aaron points out, not to mention the 'good neighbor' conventions of Internet communications. Mail to AOL's postmaster is also bounced -- this is RFC-ignorant.
I strongly recommend that as a compensatory measure, non-AOL MTAs be configured to deny all incoming mail from AOL's domain."
Youve Got(no) Mail!
You (don't) have mail!
We better ban all servers. The spam problem wil be finally solved...
Does that mean I don't need to handle all the Stupid (tm) AOL users anymore? :D
to lttile too late. However, this move doesn't even classify as "too little". There has to be some other underlying reason to move to block e-mail for this one group of internet users, because it clearly isn't going to put a dent in the spam that AOL users receive daily. There are MANY service providers that do a much better job at spam blocking than AOL, why is it about them that keeps them from getting it right? Or are they secretly selling e-mail addresses?
I thought that was a requirement of having a domain and you can lose the domain if mail is not accepted or read there? I'd have to check the rfc's but wouldn;t that be a thing, someone taking aol's domain from them because they don;t accept mail for postmaster?
dave
I long ago includedevery mail from aol.com, yahoo.com and hotmail.com in my static spam filters. If anybody with such an account wants to mail me, they need to get in touch with some other account (or other means) first so I can add an excemption to them. To date I have three such excemptions total, all on yahoo.com.
I can't very well block them further than I already do, in other words.
Trust the Computer. The Computer is your friend.
Don't worry, I am on AOL. I will send your mom a note.
30% of the spam that comes in to our mailserver is from residential dsl ip's.
If you are dial up or home dsl you should not be talking diectly to smtp servers anyway you should be sending mail through your provider.
see: http://njabl.org/ they do exactly this.
The United States Postal Service has announced it will stop delivering
any mail from Florida, due to the large number of mail-order scams
originating from that state.
My friend pays for a "static" Ip address on his cable modem to run some private corporate web forums. A few weeks ago, all email notifications from the forums going to anyone hosted at earthlink.net were bouncing - The message is "No email accepted from dynamic IP addresses".
Both AOL and Earthlink have TONS of subscribers.
If they both decide to carry on doing this, there is nothing you can do about it.
Truth is, SMTP sucks. They are only doing this because of all the spam. Yes they are violating RFC's. Too bad...
--jeff++
ipv6 is my vpn
If you want to send mail to AOL you just need to use something different than DSL. No big deal. May I suggest AOL/Time Warner Road Runner Cable Modem Service?
Hermm....
I blocked all emails ending in aol.com AGES ago. I don't blame them for doing the same to me.
0110100100100000011000010110110100100000011000100
this is the beginnings of death rattle of a sub standard ISP, regardless how big they are. Not like they have ever had any respect for RFCs.
Ironically, blocking incoming mail from AOL will likely do more for blocking spam than their action ever will.
--- If stupidity got us into this mess, why can it get us out?
I found out about this issue few months after i got my DSL connected almost a year ago. Used to be I'd use sendmail to send email out, and worked great since I could put my email address (which was defined through a domain name email forward) in the reply-to field. then, one day i get a message from AOL claiming I'm running an open mail relay, or using a "banned" IP. Got me worried a little bit, but I found out the real reason after i got a friend to nmap my box
$cat
I recently setup SMTP on my linux box (just for the fun of it). One of my friends has a hotmail account. I very quickly discovered that hotmail is refusing connections from my linux box (on a cable network). I very quickly told Postfix to send any hotmail bound email to my ISP's SMTP server. My friend got the email so... that may be an easy workaround for AOL as well.
If AOL doesn't want to accept your mail, that's their choice. It's their network, and their mail servers. Of course, when AOL customers find that they can't receive any email, AOL might lose business.
Like all other spam blocking attempts, there will be collateral damage. They try to keep their customers happy, and the market decides if they succeeded.
Tarsnap: Online backups for the truly paranoid
It should be pointed out that AOL isn't blocking "All DSL" MTAs but those that have dynamically assigned IP addresses. On one hand, this is a stinky, no-good, rotten thing for them to do. On the other hand, the elitest in me says "go get a real DSL connection if you're going to run your own MTA." :-)
But really, I know it's not an option for some, and this move by AOL is pathetic.
Laugh at stupidity: mod idiots +1 Funny.
I used to sell stuff on ebay and as such, always needed to reach customers pronto. And AOL email addresses as the unfortunate side effect of being the most unreachable.... either a high percentage never got the mail or it gets bounced.
My advice is to get a yahoo email address, not only does it not block mail, but you won't be inundated with junkmail because they filter most of it in another folder for you. So far, they never put in anything valuable or legitimate in there so it seems to work fine. The other reason is it is ISP agnostic.... that way if you cancel AOL, you don't have to give every a new email address.
My 2 cents^.^
I may just be jaded, but this seems like yet another example of "We're x large company, we can do this because we want to if if's not right." Will blocking all their mail in turn be the proper route to getting this fixed? Will legal action? Is their previous supporting cases of tech companies getting in real hot water for ignoring RFC's? A very quick search on google doesn't find much.
--- "Remember, there's a difference between bowing down and bending over." -Frank Zappa
July 3, 2076 -- "Today UPS has announced a measure that will block all packages not mailed from a UPS Manned Mailing Center. This will enhance security, as everyone will be going through a limited number of places. It will give UPS better control on packages it accepts. Instead of denying packages on a case by case basis, UPS will trash them before even looking at them."
-------
Slashdot SigAdvert:
Geek Jokes! Check them out now and win up to $10,000! Win and Laugh at the same time!
This will prevent legitimate businesses from conducting business.
How does AOL know? What if an IP range is moved from DSL to a leased line?
Is there something in the ARIN records that shows this?
Impeding commerce.
One way around this is that I use Yahoo Mail plus. They'll masquerade as an email address you can prove you use. Only $30/year.
AOL just did not think about this very clearly.
Even though it is RFC ignorant, etc etc, is it that important to use your DSL/cable modem as the sending MTA over just using the mail gateway that all sevice providers ? I had to do this a while back when a client of mine had MAPS installed and DUL blocking enabled - why don't you go after MAPS and say how lame they are if this story is legitimate as well..? ~z3d
Ok guys, April fools was like two weeks ago...you really got me that time. Woo..hehe... This is a joke, right?
If you have DSL you should still use your upstream SMTP server for outgoing mail. About 90% of incoming SPAM on my box originates from Windows boxes on DSL lines with open relays. I've set up exim to ignore all incoming SMTP calls from dsl hosts (*.dsl.*) and also to block hosts without proper reverse-DNS. These 2 simple steps take care in blocking a huuuge quantity of incoming SPAM at the doorstep...It's not fullproof, but it helps a great deal.
-adnans
"In short: just say NO TO DRUGS, and maybe you won't end up like the Hurd people." --Linus Torvalds
RBLs have had dialup lists for blocking for YEARS. I've used them for years. I don't really miss a whole lot of legitimate mail (I check).
...
Yes, it'd be nice if this was a perfect world, and we could all run sendmail at home... but since have these spamming hosebags that spew billions of spams from dialup, isdn, dsl, cable, carrier pidgeon, etc
I block dial up SMTP, so do a lot of other people, and now AOL does.
Services like Verizon, that use DHCP and/or PPPoE and already have a "no servers" policy? What's the criteria, here??? It will be interesting to see how AOL differentiates "residential" DSL from other types of DSL.
I use SpeakEasy DSL via Covad. This service is technically residential, because my servers are sitting in my house. But I have a legitimate domain, and static IPs on my servers. However, reverse DNS lookups return "dslwww-xxx-yyy-zzz.phl.yadayadayada," NOT my registered domain name.
I just successfully sent myself a test message from my domain mail to my AOL account, so I'm not being blocked yet. I guess I'll start sending a test message once or twice a day to make sure it still works, until AOL clarifies their policy. And if I do get blocked, there's gonna be some hell raised about it. My servers are locked down tight and laways have been. Shutting out all DSL-hosted mailservers to keep out spam is like burning your house down to keep it from being burglarized.
~Philly
I run a SMTP server at home too, but this is a good idea. If you want to run a home mail server let it forward mail to your ISP for delivery.
Go look at where the spam you get actually originates. A *LOT* of it is from dsl/cable modems. Why bother hijacking an open server when any idiot on broadband can send mail directly? This is a good way to block out a large number of spam sending people.... 99.99% of people do NOT run a SMTP server at home....
The first I noticed it was March 27th (and I don't email my dad @ AOL that often, so it probably happened even before that ...)
... while talking to mailin-03.mx.aol.com.: ... while talking to mailin-04.mx.aol.com.:
The original message was received at Thu, 27 Mar 2003 13:35:36 -0600
from dougmc@localhost
----- Transcript of session follows -----
550-The IP address you're using to connect to AOL is either open to the
550-free relaying of e-mail, is serving as an open proxy, or is a dynamic
550-(residential) IP address. AOL cannot accept further e-mail
550-transactions from your server until either your server is closed to free
550-relaying/proxy, or your ISP removes your IP address from their list of
550-dynamic IP addresses. For additional information, please visit
550 http://postmaster.info.aol.com.
How about if AOL bans all of the e-mail traffic - in and out of their domain? Wouldn't that be great? They could even actually ban telnet, http, and ftp, too. And later all possible ports. In the end, they can even earn some money by selling their edge routers ;-)
iThink iHate iMod
They are targeting broadband in general.
I work for an electronics repair company...
we use road runner buisness class.
At work, I just recently wrote an application that interfaces with our database, and sends our customers email containing the status of their equiptment.
I just checked to see how many emails we send to that domain, and its a fair amount, I would say 15% of our customers.
this would create a problem for us communicating with potential or current customers.
im all for fighting spam, but are we collateral damage in this war?
filtering on earthlink in headers removes lots of spam, yet I can't send from my dsl server to an earthlink user
Vote Quimby!
a) most likely you shouldn't have an smtp server on your residential broadband connection anyways.
b) it is a known fact that a lot of spam comes from the said connections that they banned.
c) just use your isp provided smtp server you idjits. if that doesnt allow you to bcc more people than you want, then either you are spamming, or get smart enough to not have to use your smtp server.
d) this is NOT hard to work around. If I needed a smtp server, I could at this moment probably get hooked up by 6 different people off the top of my head.
e)all in all, this is not a big deal. and yes, this is coming from someone who has in the past and probably will in the future host a webserver etc off of my residential line.
"Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms,
foolproof.
Is this ileagle anti-competitive behavior?
In the name of spam you can't email your mother, your friends or whoever, but this problem goes away if you leave your ISP and get an AOL account.
Hmmmm....
Maybe being anti-competitive is not their intention, however they do have to be very careful to look as though they are doing the right thing, in addition to actually doing it. Moreover especially since it is so easy to change ISP away from AOL. It would probably take the majority of AOL'ers no more than an hour to accomplish this. (Mercifully an ISP is not an operating system.)
AOL customers would frequently have an alternate, web-based free email account with yahoo or whomever. They're going to find it annoying when friends start forwarding the bounced emails to the alternate address with a comment such as, "Your ISP is not offering you quality service."
One would imagine some of the other large players in the market who offer DSL, might return the favour, with detailed text in the returned mail as to why. Or even, to take the high road. Inform the AOL customer who sent it, that their mail has been delivered but not to hold their breath for a reply as their ISP is cutting their own costs at the expense of accpetable levels of service.
U guys screwed the guy sending spam out, why don't ya screw the guy trying to block spam now?
I guess this is sort of like the New York branch post offices not delivering mail from Florida, because that's where a lot of junk mail originates from.
t -commercial-speech protest email.
I have a fairly nasty conspiracy theory on why AOL and Comcast are cooperating on this. By shutting out the innovative do-it-yourselfers on the Internet from their network, they squelch potential competition from their "value-added" services.
The next step might be to block web servers that don't originate from big corporate server farms. After all, who knows what could be on those independent things but kiddy porn and terrorist training instructions?
The irony is that the great mass of obtrusive commercialism on the Internet originates on the corporate, big-player side. AOL was the innovator in turning the WWW into a virtual shopping mall.
You would like to think, however that this will backfire on them, as customers look to alternatives to their increasingly sanitized pseudo-Internet network.
And how does one fool their IP filters anyway? It makes one want to "spam" everyone of AOL's customers with a protected-from-legal-prohibition-because-it-is-no
evanchik.net
using IP based filters to block mail is irresponsible and lazy. These list have been shown to block legit emails on a daily basis. Word/phrase based filtering with DSNbls for 'hints' is the way to go, if you really want to stop spam from entering your network.
If AOL feels that i.e. 70% of their spam comes from that kind of sites, well, they have to take some measure. I could have taken the same measures for my own email or even for the domains I administer if most of my email comes from such sites (or that don't have reverse resolution, or things like that).
Also, I think that exist a RBL for dialup IPs, so this is a logical extension of that concept.
As an antispam measure I've blocked AOL, hotmail and Yahoo for a while(except for people who I already know).
I run a few distribution lists from my server hosted on my dynamic ip address and have several domains that resolve to it. About 2 weeks ago a few users started receiving rejections emails that expanded to AOL and the AOL family of ISPs..
... while talking to mailin-01.mx.aol.com.:
... while talking to mailin-04.mx.aol.com.:
For Example:
>>>>>> QUIT
*** 550-The IP address you're using to connect to AOL is either open to the
*** 550-free relaying of e-mail, is serving as an open proxy, or is a dynamic
*** 550-(residential) IP address. AOL cannot accept further e-mail
*** 550-transactions from your server until either your server is closed to free
*** 550-relaying/proxy, or your ISP removes your IP address from their list of
*** 550-dynamic IP addresses. For additional information, please visit
*** 550 http://postmaster.info.aol.com.
Ended up setting a virutal route for these domains to point to my ISPs SMTP server. The other 99% of domains are still delivered directly.
Open relay my ass.. AOL sure pissed me off.
As a network engineer of a DSL and T1 only ISP (we have dialup but only for traveling DSL/T1 customers) I can let you know that this will probably stop oodles of spam.
The latest spammer tactic is not to seek out open relays, but open windows proxies, and from there they can initial outbound SMTP connections to legit SMTP servers and send spam.
Already a large number of dialup providers will only allow you to send through their mail server, and a larger number of ISPs user the DUN RBL to block email directly from dialup pools.
This is just more of the same. Your ISP should provide you with SMTP service, use them as a smart host even if you're running your own SMTP server, so it'll offload the requeing/etc from your box to theirs.
DSL and Cable are the new dialup, and should be treated as such, a place where the majority of the customers are clueless idiots who ruin the party for the smart people.
Several ISPs are starting to scan mail servers sending them mail for open proxy/open relay before accepting the mails, expect to see this practive and AOL's solution spread to most ISPs in the near future.
If you want to run a real mail server, perhaps you should get a real internet conenction, like Colocation or T1.
Please send all UCE to scally@devolution.com so I can f
In Canada, we don't fancy things like socks
I strongly recommend that as a compensatory measure, non-AOL MTAs be configured to deny all incoming mail from AOL's domain." I think this is an excellent example of fighting fire with fire and why it's a Bad Idea (TM). Retaliating a breach of RFC with another breach of RFV with just as much collateral damage will only aggravate the problem. I strongly oppose this action by AOL. But I don't think such 'compensatory measures' will help the situation.
I got spam from aol before. I get even more from yahoo. This is what many have expected for a while, that spam will kill email as we know it.
If you're an admin with users (ie., not just running your own system), it would be pretty hard to ban incoming mail from AOL.
A year or two ago, I had AOL trouble with my free colocated server. The people who gave me the server were using IP addresses from a T1 line that they bought from a cable modem company. It wasn't on a net connected via a cable modem, but it was part of the cable modem company's block.
So AOL just silently deleted my messages. It's very frustrating, they don't tell you anything, you can't find documentation, no one will answer an email, etc.
It would be nice, at least for the first few days after they start the policy, to bounce messages with some sort of explanation, rather than just tossing them out.
I don't really have a problem with them trying to block spam -- I had access to a bigger, upstream SMTP server, so I could relay -- but it sucks that they don't tell anyone what's going on.
At the very least an AOL mail admin could post something on a mail admin's email list, so that a google search would turn up the answer. What would that take, five minutes?
This is the same website that the vast majority of readers complain because .doc incompatibility, Microsoft breaking Kerberos, XML and shit! HTML.
How can you condone breaking ONE standard, and on the other hand vilify breaking another?
Pot... this is kettle... you are black. Repeat, you are black.
Black and grey are both shades of white.
A lot of posts seem to be suggesting outgoing mail be routed through their isp's servers. However what about the "No frils" providers who just provide a broadband connection to the net, no mail servers or newsgroups etc??
how will they email AOL.
Anyway spams are only effective if they are sent in the hundreds of thousands or millions. If you notice more than 100 messages a day from a known DSL connection then block em.
Slashdot - The one stop shop for procrastination
Slashdot's RFC-ignorant too.. Bounces abuse@ emails.
Many ISPs, companies and mail services refuse to accept mail sent from dynamically assigned IP blocks. AOL are simply joining a large and growing body of organisations that choose to blindly block as a weak defense against spam.
The irony is that the whole problem stems from the policy of assigning dynamic IPs to dial-up and DSL users. Had ISPs made a serious (or any!) effort to support IPv6, or stopped using static IPs as a service differentiator that allowed them to charge much higher business rates, this would all be moot.
What pisses me off the most is that T-Online (Deutsche Telekom's 'net service) is dynamic IP only if you want to avoid per-MB charging, yet they charge extra for the use of their SMTP relay. In my mind, this is just despicable. The lack of any real competition for affordable high speed services means that this sort of thing isn't going to go away any time soon.
So here's a big hello to all my peers on the residential second class Internet!
My company, after throwing up our hands in the face of terrible hosting service, has been self-hosted on our DSL line for several years. It's been bliss. No downtime, no unexpected outages. We run our own mail/web server and it's been great. We use email to communicate with many of our clients, and many of them use AOL. Now when they try to email us it's going to bounce? This is going to make us look bad. It's going to interfere with business.
The thing that makes me mad is that this is not how the interenet started out. 10 years ago all nodes were created equal. There was courtesy and cooperation. That's why the growth was exponential. That's why everybody got on. There was no class system. There was no AOL or Microsoft forcing behavior changes. I don't want to pay for hosting. I want to self host, but these are going to force me to pay for yet another thing I don't want or need. They are going to force me to give up freedoms I enjoy (reliability, custom configuration, security controls) or I will become "incompatible" and appear to my clients as if I am the one who has unreliable systems. Oooo this burns me! We are being punished for our competence. I am confident that I have better email security in place than any large commercial ISP. And yet I am convicted without a trial on the assumption that maybe I don't.
This is akin to a mudslinging campaign. Large ISP's will make it look like the little guy's systems don't work, making themselves appear to be a better, more reliable alternative.
-=-=-=-=- osjedi uses Debian GNU/Linux. -=-=-=-=-
I think he was joking.
Get a Hotmail account, and blame the spammers. AOL is just making the next move to help in the war against spam. Don't bitch at AOL, bitch at your governmental representative.
I reported this two or three weeks ago in a submission here to slashdot, but I guess it wasn't important then... I'm on RoadRunner via TimeWarner cable. Hmmm... AOL/TimeWarner doesn't want to receive mail from AOL/TimeWarner customers. Sounds like they are REALLY interested in customer feedback!
...check the domain mail comes from against the smtp history and the mx record for the from: domain!?
I know why, because they are too damn lazy to do it right and are trying to keep the small mailservers down.
You can't judge a book by the way it wears its hair.
At my ISP, around 50%-60% (if not more) of the spam we receive comes from DSL/cable IP addresses (attbi.com, Comcast, Verizon...). I don't know if they are Windows open proxies, or if spammers just order several DSL lines and use them, but it's a disaster.
I fully support what AOL has done, and I'd actually do the same if I had the time to find a RBL that has DSL/cable IPs listed. Want to send mail through your broadband connection? Just use your provider's upstream SMTP server. Don't have one? Bitch to your provider. Just don't tell me that I should eat the spam so that you can play with your copy of Postfix in your basement Linux box.
OTOH, one could always steer the people they know away from AOL too.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Ad a) Like why exactly cannot I run SMTP server? And FYI, most of the mail programs like to send e-mail by SMTP, so if you happen to use a server at AOL and DSL connection, you're out of luck - gotta find another one. Another question: did they ban also traffic from their own DSL customers?
Ad b) A lot of spam also comes from WLAN (there was a discussion), from hacked servers, and tons of other places. Denying the whole IP domain is not equal to fighting spam. This is just another subject for ridiculous and intrusive pseudo-security ideas discussion.
Ad c) Your ISP's SMTP might be just in the same situation as you are - all depends in which IP subnet your ISP has their SMTP server.
Ad d) This is hard to work around if you happen to have crappy ISP and no accessible SMTP server otherwise. If an SMTP server accepts open connections, it will be blacklisted sooner or later because it will be used for spamming.
Ad e) It will be a big deal for some people - just those, who happen to have DSL and no good SMTP (read AOL-enabled), and they have friends in AOL. AOL just proves that they are about the same as big telephone companies in how they treat their own customers and other people.
And another thing: I understand that AOL didn't run open SMTP, because they would be blacklisted. If they did, they'd deserve to be banned everywhere anyway. But, generally it's gonna be a pain for everybody who sends emails through DSL providers to AOL customers.
iThink iHate iMod
So far, the option we've been using for our customers is configuring a local SMTP server which then delivers directly to destination. We use Linux for this, and configure it so that it only allows incoming SMTP from the local network.
Recently, however, customers started reporting lots of bounced messages. Further diagnostics indicate several large mail providers are now blocking SMTP connections from dynamically assigned DSL IP addresses. I personally checked this happening with yahoo, AOL and Earthlink.
It sucks that the Internet is becoming such a hostile place; I think of those quiet towns where everybody can leave their doors unlocked at night. Now it's become like any large city where doing such a thing is equivalent to giving away all your belongings. It also sucks that Prodigy (and, doubtless, other ISPs worldwide) won't let customers use their SMTP servers; this is, after all, a service I'm paying for. Fairly, we should get a discount for NOT using their servers, given that they're completely useless for our configuration.
For now, the solution we've devised is using SMTP AUTH to let the customers' email be sent using our own SMTP server, which normally won't allow SMTP relaying from addresses outside our own IP network. However this feels like a hack and puts additional configuration burden on us.
Is spam the ultimate cause for all this hostility on the net? maybe so. And if that's the case, here's another reason why perhaps the next war we see should be the one against spammers.
It is unsurprising that AOL has taken this step... most postmasters I know utilise a DUN list of some sort, and one of the most prominently represented dial nets in any DUN worth it's footprint in ram is AOL's. I'd much rather see large mail transports like AOL's refuse smtp from dial nets than have raw smtp blocked at the ISP's network, which is what happens on many large dial networks now... preventing things like privacy services from working correctly without the further complication of tunneling the traffic out of the ISP's dial network. sympatico.ca in Canada blocks raw SMTP, and has done for ages. A fact that made me insane on a semi-regular basis.
It is a real shame that the antisocial behaviour manifested on the network in the form of spam has caused us to break our own rules out of a real practical necessity. I'm still not convinced it isn't possible to deal with this kind of detritus by technical means. I think a dynamic BGP blackhole triggered by pseudo bayesian criteria could really cause the businesses and organisations involved with open relays and problem customers to deal directly with the problem in a timely way. It would certainly limit the collateral damage of breaking RFCs on a global scale, just to deal with a few pathologically antisocial money fixated anal retentive ass bandits who insist on flushing their shite into the public networks of the world.
Are the IP blocks or naming conventions of smaller ISPs really so well known to AOL that they might not be blocking CORPORATE DSL mailservers along with the residential?
I imagine I'll have a lot of bitching clients in the near future that I won't be able to help.
-Baron Yam
Could someone kindly find the place the RFC that says you can't limit traffic to your own mail server?
This is not the greatest sig in the world, this is just a tribute.
I run a mail server that among other things, hosts mailing lists for my cycling team. If anything were bouncing, I'd know about it. I haven't gotten any errors from AOL...although I have gotten a few "This message cannot be delivered because 'foo@aol.com' is not accepting mail from that address" I'm assuming that's some personal user filter. I can also send mail to AOL users without a problem.
I'd expect users of RBLs (see http://www.spews.org) and certainly the denizens of NANAE to argue that they have the right to refuse to receive email from anyone, for any reason, since that mailserver is private property.
It can be used in ways you like (refusing emails from Verizon's corporate HQ because they refuse to kick their spammers) or in ways you don't like (making it more difficult to send outgoing mail), but I don't see how you can reasonably kick and scream against one and not the other.
Actually, several providers have been refusing email from dial-up pools for a year or more, which is what caused me to decide that I would need to send outbound email through my ISP. IIRC, attbi refused email from my server on my ISDN line over a year ago.
The solution isn't difficult - go dig around on your ISP's website (or call them) and figure out the mailserver that you'd be using if you WEREN'T running your own MTA. Set your mail server to relay outbound emails through them. (See your man pages - it isn't difficult.) There's NO way your ISP's mailserver is going to refuse to accept your email, since if they did, no one not running an MTA could get email out. Sure, you'll have an extra line of headers in your outbound email, but it doesn't seem like such a big deal. Was the location of your mail server a secret anyway?
Of course, if your ISP is a notorious hoster of spammers, you're going to need to find a new ISP. You didn't really want to support those spammers anyway, did you?
AOL was goin down the crapper anyways, now it just sound like they're painting red targets on their feet. Call the suicide hotline, maybe AOL is giving up, this could constitute "isolation or withdrawal" which is one of the warning signs of suicide...
-P
I saw this problem a while ago with Verizon corporate. I finally had to set up my sendmail to relay through my DSL providers mail server.
To do this with sendmail use DSoutgoing.isp.net
If you need to authenticate you need to set up a default-auth-info file.
This has made mail delivery far more reliable.
In its latest attempt to crack down on spam, America Online has started blocking what it deems to be suspicious e-mail sent by customers of Comcast's High-Speed Internet and AOL Time Warner's Road Runner broadband services.
AOL, the interactive arm of AOL Time Warner, began in the last week to reject some e-mail sent by users of those services, according to AOL. AOL and Comcast, in particular, have worked together to identify a range of Internet protocol addresses of Comcast customers who have set up their own mail server to send messages, as opposed to using Comcast's mail servers like most subscribers do.
So this only affects you if you're 1) using Comcast, and 2) are running your own SMTP server. I have a different ISP and I use their SMTP server, even tho I have a server running for other protocols. It works fine, and there's no functionality I feel I'm missing. Mostly my server is there for firewall and NAT.
Can't send mail to mom, timmy? Use Comcast's goddamn mail server.
This move by AOL is a good thing. It eliminates one more source of potential spam, and closes many open relays, many of which were open only through ignorance. This is the way of the future, and I assume what everyone using the internet wants: close those damn open relays. I certainly am sick of spam, and I can't see how this is truly a cause of any inconvenience for anyone.
If Comcast was closing off incomming port 80 for all customers, and then charging an ass reaming to reconnect the service, that would be different. But having your own SMTP server doesn't provide any functionality that you can't get from Comcast at base price anyway.
In summary, good, and I hope many ISP's will follow Comcast's lead on this one.
A few weeks ago, I started getting a bounce message from AOL domains in response to a mailing list hosted on a dynamic DNS address within ATTBI.
I run my own mail server on a "business DSL" connection with a static IP address, but it runs to my home and I doubt there is any genuine distinction between "residential" and "business" DSL lines. I run my own server, of course, so that I can have a fairly powerful set of spam filters at the server side, in addition to a complex set of client-side spam filters -- all because I receive hundreds of spam emails per day, including dozens that I can identify as coming from AOL-owned servers.
I assume that AOL has only disabled receipt of email from DSL lines, and continues to send its customers' spam to folks like me. It's hard to know, since my filters already reject more than 98% of incoming email delivery attempts.
Let's at least try to be fair to AOL: they are just like the rest of us, forced to seek out triage solutions to the increasingly aggressive strategies used by spammers. Until a new structure is widely adopted for exchange of email (something that allows for true source verification and financial compensation for abuse), triage is the only solution that will work. Hence I block nearly all email from earthlink servers and customers, as well as juno.com and HUNDREDs of other domain names and IP addresses.
-- http://www.MarkWelch.com/ Pleasanton California
aol is pitiful
But representative of the masses. Most people don't care about anything but Web access and email -- and the more this happens, the more the Internet heads in that direction, regardless of how much we dislike it.
It may be pitiful -- but it's probably indicative of the future. Already, extensive random firewalling has made HTTP one of the few mechanisms that can be relied on to work in all environments.
Sigh.
May we never see th
Anyone who pays for a DLS connection and continues to pay for AOL is an IDIOT! What the hell do you need AOL for when you have a DSL connection?
http://www.englishfirst.org
I work in the NOC of a large cable modem ISP. We received an internal communication that they would be blocking mail from any MTAs in our domain except the ones we specified.
sbc/snet started doing this recently. ironically, i cant send mail to sbc/snet addresses anymore because my home mailserver is hosted on sbc/snet dsl.
Gyrate Dot Org - "Where high-tech meets low-life"
They're also blocking email from residential cable modem users who have their own MTAs. As near as I can tell, they started doing this around March 31. At least, that's when the first message bounced back to me with the following message:
550-The IP address you are using to connect to AOL is an IP address owned
550-by ATTBI/Comcast and is either open to the free relaying of e-mail,
550-is serving as an open proxy, or is a dynamic (residential) IP address.
550-AOL cannot accept further e-mail transactions from your server until
550-either your server is closed to free relaying/proxy, or your provider
550-removes your IP address from their list of dynamic IP addresses. For
550-additional information, please visit http://postmaster.info.aol.com
550-or contact your network support organization at
550-security_ldc@cable.comcast.com.
550 Goodbye
How ironic that a slashbot doesn't understand anything about SMTP but still brags about his filters.
I personally think this is a good thing. I know a lot of ISP's who've voluntarilly added all of their dialup and DSL IP addresses to various RBL's. They insist that you use their upstream SMTP server.
This way, you can still send mail, and ISP's don't have to police all of their users to ensure that they aren't running open relays.
If you're going to run an SMTP server in the first place, you don't get AOL. Duh. And AOL violates RFCs? OH THE HORROR! Let's see if I can stir everyone else up because I have an agenda to push!
--sdem
Never underestimate the bandwidth of a truck load of tapes
I'm sick of all the spam, and all the spam comes from DSL SPAM faggots. So what's the problem?
If you have to send mail from a DSL account, use your ISP SMTP server. That's what it's there for. Having said that, I am a DSL user who uses his own SMTP server (mainly for spam filtering which I think I can do better than my ISP)- but if I am forced to use my ISP's smtp server to help lessen the burden of SPAM, I don't have a problem with that.
For another way to fight spam, which I read on the Mimedefang mailing list, how about setting up a way for domain admins to specify valid smtp servers for a domain. Then when mail comes in from, for example, yahoo.com, your mail server can query yahoo.com for the list, and if the originating server isn't on it, then the mail isn't accepted.
The United States Postal Service has announced it will stop delivering
any mail from Florida, due to the large number of mail-order scams originating from that state
Don't laugh too hard on that one, there are schemes in place of trying to privatize and eliminate the whole of the US mail system including first class postage. While it might be neat to have all your mail sent by one company like UPS and while the post office does need to get its act together ASAP, my concern is that rural areas would by stuck with only one greedy private company as their only means of communication (thus making it expensive to send or recieve mail at all). Remember, the postal system in the US is a time-honored tradition that has been the envy and model for the rest of the planet. It is also in good working order, thus if AOL chooses not to accept e-mail anymore, why not just bombard them with snail mail? We could also return their bloody disks right back to them while we're at it. Maybe after they get several hundred thousand they'll get the hint.
And if you think the AOL-Time-Warner lawyers will allow their most lucrative domain to be taken from them then I have to disagree. I figure they've already got a loophole in the fine print somewhere that is as easily exploited as the pictures of children for those old Sally Struthers commercials (the ones where the kids keep starving but she kept growing). There hsa to be some reason behind this that is not yet shared, hopefully their decision has a more rational basis than some of the arguments for privatizing the US postal system.
As long as there is a Second Amendment, there will always be a First Amendment.
How to post a negative AOL reply on Slashdot.org just like a veteran /.er.
1. Start off by naming the previous number of times AOL has done something you dislike, noting that this particular incident is "the worst yet."
2. State your greivances about the topic. Explain, in near-irrevelant detail, how this will negatively effect you and others.
3. Throw random arguments in about how non-AOL services are far superior to AOL services.
4. Also imply that anyone who still uses AOL must be of inferior intellect that yourself.
5. Notate the sudden revelation that you don't use the services of AOL (in fact, can't recall any time at which you did use AOL) and, if you did, you and anyone else using AOL probably deserves the a forehand mentioned greviance and whatever similar issues they get.
6. Close with witty remark about poor service and/or "AOHell" reference and offer cliche signature of either "Step 1. AOL reference, Step 2. (blank), 3. Profit!" or "All your base..." adaption.
IN RUSSIA, AVERAGE AOL REPLY WRITES YOU!
Aol has a right to do what the please with their equipment. It is up to the consumer to decide whether or not they want to do business with them. This is how capitalism works. Capitalism is not about ensuring that what you do with your business is "fair" to other businesses. Capitalism is about running each and every other competitor into the ground without using physical force, fraud blackmail, extortion etc. AOL has no obligation to engage in network interactions with other networks if they feel that by avoiding those interactions they can provide a better service to their customers. Don't like it, go back to Soviet Russia.
However, they DO have an obligation to inform their customers of their new policy. To not do so is misleading and unethical.
I also agree that ISP's that may be hurt by AOL's behavior have a right to do as you suggested, and inform users if there is difficulty delivering messages and that it is due to AOL's policies. I hope that they do adopt such measures.
Have you ever heard of spoofing?
As an antispam measure I've blocked AOL, hotmail and Yahoo for a while
.com to prevent spam. Unfortunately that doesn't catch all spam anymore.
Some years ago I just blocked
Do you care about the security of your wireless mouse?
It's all very well saying "residential users should use their isp's mailserver", but what about when that mailserver doesn't appear to know what an RFC is:
.net 022: Your current IP address is not allowed to relay to slashdot.org Solution: Connect using BellSouth Internet Service.
Connected to mail.bellsouth.net.
Escape character is '^]'.
220 mail.bellsouth.net ESMTP server (InterMail vM.5.01.04.25 201-253-122-122-125-20020815) ready Sun, 13 Apr 2003 19:17:26 -0400
MAIL FROM:<>
250 Sender <> Ok
RCPT TO:<slashdot@slashdot.org>
550
QUIT
221 imf35bis.bellsouth.net ESMTP server closing connection
<> is an important from address - it's used by the mailserver when it bounces a message, so that the bounce can't be bounced back and forth in a loop
For that particular server I used to test that, I had to arrange to send email via someone else's mailserver using smtp auth >:|
Yeah...because when a big corporation does something wrong, we should exact revenge upon all of its customers.
That's very mature. Particularly in the case of AOL, which services the vast majority of under-educated internet users. You'll fuck up all of their personal email communications, and they won't have the first clue why.
Brilliant solution.
crib
Please don't read my journal
Use your ISP's SMTP relay like a good user.
After putting together my own spam blacklist, I've seen firsthand the abhorrent amount of spam that comes directly from DSL/cable connections; it's depressing.
Only on slashdot can a posting be rated "Score -1, Insightful".
Blocking Mail Servers that don't have Reverse DNS
This issue is somewhat related, and is just another part of the big issue of preventing users from setting up their own services upon their Internet connections. If you can't send an receive any data that you want, it's not true Internet access. Now, I am not talking about setting up a mail server at work behind the corporate firewall, or on the college LAN. I am talking about the DSL line that I pay $55 to $150 a month for.
Recently I put up a personal mail server off of my DSL line. It uses Courier for the MTA. I am able to send and receive mail to most hosts on the internet, but a few will not accept messages from my mail server. I was curious as to why, so I did an investigation.
It turns out that these mail servers check reverse DNS for the IP address that I am using for a mail server. Doing a forward DNS check would be just fine, but a reverse DNS check? It does not stop spam, and worse, it blocks legitimate mail servers.
My ISP is pretty stupid on the technical wise. They use EIGRP as their IGP and they leave their customers on a live EIGRP enabled interface. I could inject routes into their IGP if I wanted to. Most of their Cisco routers also have HTTP and finger enabled. They definitely don't do anything about reverse DNS. There is no way that I can register my mail server (mail.opendreams.net) with the IP that I use (66.192.31.140).
The mail servers that I have so far discovered block mail from me include;
The University of Central Florida, @pegasus.cc.ucf.edu, pegasus.cc.ucf.edu
Datanomix Inc, @datanomix.com, mail.datanomix.com
How did I find out? Here is an example of a telnet to port 25 that I did...
user@sorrows-->telnet pegasus.cc.ucf.edu 25
Trying 132.170.240.30...
Connected to Pegasus.cc.ucf.edu.
Escape character is '^]'.
EHLO mail.opendreams.net
450 Client host rejected: cannot find your hostname, [66.192.31.140]
QUIT
221 Bye
Connection closed by foreign host.
The mail server won't even talk to me.
Issues like this will make mail on the Internet no longer a sure thing. There will be mail routing and blocking issues all over, and you can't be sure that one mail server will talk to another. This is not acceptable.
I personally think that there needs to be U.S. Federal laws made to protect the rights of Internet users. The reason that I think that law is necessary is that there is no competition in many areas for internet access. If there was, I could just switch carriers, but I have no options.
Those are forged addresses, moron!
Check here.
"Trusting every aspect of our lives to a giant computer was the smartest thing we ever did.." Homer Simpson
Last week I discovered that Road Runner had blocked all incoming mail traffic from my workplace's domain. When we called RR to seek an explanation, since we have our relays secured and don't spam, they told us that it wasn't just our IPs that were blocked, it was ALL of the IPs that our ISP, Allegiance, owned. Apparently one person had sent enough spam to annoy RR, but instead of blocking just one IP or a small range, they decided to boycott ALL mail from the owner of the IP. Very annoying, and unprofessional, if You ask me.
AOL is loosing money hand over fist and then some, Time Warrner is gonna kill the service or more likly turing it into more of a web porthole and less the friendly AOL bbs ppl are familliar with sooner or later anyway. I suspect they will move as many customs to their broadband services, and turn the rest out. I see AOLs future as more of a paid subscription web site then and ISP anyway as they cannot afford to be an ISP much longer at this rate. When that happens it won't matter what they do with e-mail becase "Moms" e-mail address with be at @HerRealIsp.net. If AOL can loose a few customers over this because they don't like not being able to get mail from their frends without using hotmail or something then it will only speed the process along.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
In the past I've gone as far as blocking AOL users from accessing web sites.
Or you could just use your ISP's SMTP server like you're supposed to.
Running domains on dynamic IP addresses is 3 types of lame.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Thanks a lot, bastard.
Read the post that I just made about blocking IPs that don't have reverse DNS;
http://slashdot.org/comments.pl?sid=60679&cid=5
I would have no problem with this, if I just had viable options. I would even pay DOUBLE what I pay now, if there was just a provider who could provide me with the services that I want, but there isn't, so I can't, so I don't.
For a long while I've seen several stories in the ongoing war against the spammers, and the more draconian the measures get (blocking all of East Asia as many in these discussions proudly claim to have done) the Internet e-mail system appears to be in it's death throes already.
When you start blocking such a significant percentage of the world in a blanket measure, wouldn't it be simpler and more effective to screw tortuous blacklists and just implement a whitelisting procedure? I mean, if over half of all the e-mails businesses get aren't legitimate, why in the world are these businesses throwing money down the drain by continuing to pay for something that doesn't work over half the time?
IP+address whitelisting is really the only way to go if you want a useful messaging system based on SMTP anymore. That, or completely revert to instant messaging/private web boards. I'm sure some kind of system could be worked out to allow for simple temporary whitelisting which would let a user allow mail to himself from a certain address for 2 hours, or whatever the local admin defined as the maximum allowable time. Then, at the end of the day, if a user checked the box asking for this addresss/mail server IP combination to be put on the permanent whitelist, it gets sent with all the other such requests to an administrator who vets the list, then adds whatever addresses pass muster onto the permanent whitelist. You could add functionality that has tripwires if you start getting spam from that person...so many peices allowed before a warning, so many before removal from the whitelist for a week, then forever, etc... Yes, it places a demand on the mail administrator, but certainly no more of a demand than the running battle currently takes up.
Personally I have very little use for regular Internet e-mail. I use it occasionally, because you still need an official e-mail address for various registrations, and for reciepts for buying stuff online. For actually talking to people, I use AIM of whatever instant messaging system they may use. I've considered creating a new AIM identity just for clients to get in touch with me through, but there isn't much nuance in logging and most don't deliver messages recieved when you're not logged on.
I wish there was a way I could relegate Internet e-mail to the same status my mailbox has. Namely, flip through to see if there are any bills and dump everything else directly into the trash without bothering any further with it.
Osama Bin Laden wears hats 90% of the time. Therefore we shall declare war on all people wearing hats, in order to stop terrorism.
Dig this, luser. It would be TRIVIAL for the big ISPs to find and blackball the real spammers, just like it would be TRIVIAL to find and terminate all the code reds and nimdas flooding comcast. I could write the code in less than 48 hours, including debugging and testing time, using the existing infrastructure.
They don't do it because they have literally ZERO desire to provide good service - they just want that cash flow to flow!
You are as bad as they are; you don't care about the good of the 'net as a whole either when you are willing to throw out the baby with the bathwater. MAPS DUL is equally evil....
THINK.
This has been a problem for me for months.
/etc/mail/mailertable and finding someone willing to relay all my aol & compuserve mail for me.
My server on cable (IP is relatively static, changes every 6 months or so) has been unable to send to aol.com or compuserver.com for over 3 months.
I found a workaround by using
I'm not 100% certain what they're doing, but I take it that they're blocking users from connecting to port 25 anywhere but their own mail severs.
If so - it's not a big deal. Other internet providers already do it. Earthlink's been doing it for about 2 years. Yahoo did it when they were dabbling with being an ISP through Bluelight a few years ago. The only restriction that it places on you is that your outgoing mail has to go through their SMTP servers (eg: mail.earthlink.net) - this way they can make sure they can easily trace (and hopefully remove) users who decide to spam.
It doesn't prevent you from using any 3rd party mail accounts - the process of accessing mailboxes is unchanged, but you direct outgoing email to be relayed through their mail server. So long as you're in their customer IP block it will allow you to send email from different addresses through their servers - the key being that it enforces correct email headers and makes sure your message can be traced in the event of spam.
Everything works just fine and it's perfectly logical that AOL - OR ANY ISP - would follow. It forces accountability for outgoing email and should make spam much easier to trace and to stop.
As one of the nameless multitudes who receives thousands of "Get Rich Quick," "Gallons of Cheap Viagra" and "Teen Sluts With Shaved *****" spams, I have been wondering something for a while:
What's the feasibility of coming up with and implementing a brand new mail protocol -- one which somehow prevents (or at least extremely complicates) the transmission of bulk, unsolicited mail? On the server level, you could build in source address verification (so spammers couldn't disguise the source of the mail) and bandwidth limitations -- so for example, someone sending out 1000 emails could do so, but with a geometric lag for each mail they send. (Isn't this called a "tar pit"?)
In other words, since e-mail was invented in a time when spam didn't exist, it seems like we could improve upon the protocol considerably and make it harder for spammers to do their dirty work. Not being an SMTP expert, I don't know what this would require -- perhaps someone could fill me in?
I've also had email denied from email.com and worldnet.att.net at times when I send from my Cable Modem-Hosted Server.
My bet is that junk mail stays at the same level no matter if they block these hosts or not. Most AOL spam comes from inside the AOL system anyways. The junk that doesn't comes from systems that AOL could never block.
Visit www.seriouslythough.com
Blocking reverse is fine; make your ignorant ISP fix your service.
--- I do not moderate.
That's service.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
USPS stops delivering YOU
After a long, arduous (and failed) attempt to get ADSL, I just signed up with Comcast. I was setting up Exim, and tried sending an e-mail to my web account (gmx.net). It bounced because I didn't have a domain name assigned to the address. I assigned a domain name to my dynamically assigned address and now GMX's server is happy.
Apparently, AOL makes no distinction here, because I just tried to send a message to my friend's AOL account and got the same message everyone else is.
Oh well. I only know 3 people on AOL anyway. Perhaps in the future I will once again be able to justify SDSL and stop being treated like a criminal (yeah, I know this is wrong, but you gotta choose your battles).
If you look at the headers, how many of them actually originate from servers on those domains (almost none)
"The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare
I posted this 'weeks' ago.
What is the criteria for getting your post on the front page?
I basically posted the same info the original poster did, what makes his different from mine?
This isn't a flame, it's just a question.
Why was my post rejected, and this guys not?
cause it prevents me from doing things like sender address delivery verification.
In my fight against spam, I test the incomming email sender address, if it ain't deliverable, it gets refused. This cuts out ALOT of spam.
How am I supposed to do that if AOL won't let me connect to their MTA just cause i'm on the end of a cable modem, or a DSL line.
Dynamic ip or not, the network is supposed to work all the time!
Sometimes, as is in my case, the ISP wants money for an RDNS service. I can't afford to pay it.
I got this (at the bottom of a) reply today after sending an e-mail around wednesday.
connect to mailin-03.mx.aol.com[64.12.137.152]: server refused mail service
Nice to at least know why...
The English language already has an option for that. No need to invent more of 'em.
:v)
Vik
I'm a Comcast cable modem subscriber. After I noticed that my outgoing mail to an AOL friend was getting the 500 bounce from the AOL servers, I just reconfigured sendmail to use the Comcast SMTP relay as a SMART_HOST. The complete configuration line is:
define(`SMART_HOST', `smtp.comcast.net')dnl
right down at the end of sendmail.mc. It works just fine. I guess the bottom line here is that all you have to do is make sure your outgoing mail is relayed through an "approved" server and the AOL dragons will be appeased.
Ok, normally I'm all for the liberal "screw the big corporation" /. agenda, but there are several problems in this case...
1. The RBL (specifially the DUNS list) has been advocating this very thing for years now. Many administrators (yours truly included) find it to be the most useful of the spam-blocking lists. So tell me again why is it suddenly bad when AOL does the same thing as DUNS by their own accord?
2. No self-respecting ISP is *ever* going to block mail from AOL. Because they respect them? No.... because of the potention legal liability in blocking such mail without permission of each and every one of their users. E-mail has long been held to be the most protected of the Internet services in courts... screw with that at your peril.
3. It's an easy work-around. Someone has already posted the sendmail fix, here's the one for qmail.
In /var/qmail/control/smtproutes add the following line (yes, with the preceding colon): :mail.yourisp.net
4. My guess is the AOL user agreement specifically prohibits running servers of any kind on residential dialup/DSL service. Don't like it? Then either a) hide those servers better (non-standard ports) or b) find someone else to take your money.
That's all, have a nice day.
Jeff
My
Anybody can get a Hotmail or Yahoo account for free. If AOL only took mail from other AOL subscribers, that'd be a different problem. Free accounts are really useful for fixing stupidity like this, or at least sending flames to clueless postmasters who won't bother doing the right thing....
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Fucking hypocrits
Whats the problem with changing your setup to send the outgoing mail through you ISP's SMTP servers?
This is just a lame attempt to bitch about how AOL sucks when all they are doing is making an attempt to control spam. If this was a story about spam you lamers would be talking about how much AOL sucks and doesnt care about spam.
If I did that, I'd be accused of spamming by my ISP, since I run a VERY high volume mailing list. We have approximately 12 lists; the bigest list has 1,500 subscribers and gets about 100 emails a DAY. We have another major list that's about 500 people and similar volume.
About 90% of incoming SPAM on my box originates from Windows boxes on DSL lines with open relays.
99% of MY spam comes from chinese and eastern european ISPs that don't give a crap what people do with their internet connections. The solution is not blacklisting DSL and cable connections(because, among other things, it's not easy to switch, unlike dialup.) The solution is cutting off bad ISPs from backbones...but that's not likely to happen any time soon, because the backbone providers don't give a crap- every packet is money in their pocket, regardless of what kind of packet it is.
And guess what? If you are getting lots of spam from DSL/Cable users, it's really easy to solve. Report it. If there's a report of spam, the ISP disconnects the customer until they fix it. Imagine how fast people will learn to keep their machine clean if their internet connection goes down. ISPs will whine about the work, but, gee, that's like the gas station attendant whining about having to give directions to people all the time. Comes with the territory, bub.
It's ignorant people like you(who think "since -I- don't need to send mail directly, neither does anyone else!") that cause people like me grief.
We get next to NO money from subscribers to pay for costs- $5 donations here and there. DSL and Cable offer a nice, cheap way to host a mailing list, or a webboard; we don't use very much bandwidth at all, and occasional hiccups aren't a problem, especially given the design of SMTP; if at first you don't succeed, try, try, again. Commercial DSL is just less down bandwidth, slightly more up bandwidth, a 'real' static IP instead of a DHCP-assigned address that basically never changes...and a HELL of a lot more expensive. Oh, and instead of telling you to go screw yourself when you scream at them for your line being down, they -politely- tell you there's nothing they can do(and, by the way, -please- go screw yourself.)
Luckily, we're sucking bandwidth off a hosting company that has graciously allowed the box to sit off their network- but if they tank, we'll be screwed- commercial hosting runs about $90+ or more, and our box isn't rackmountable, so there's another $25-50/mo.
Slowly but surely, the media companies are doing their best to squeeze out other sources of competition- the little guys. Check your Terms of Service/Acceptable Use Policy. My home connection(ATTBI, now Comcast) has banned "messageboards and mailing lists" for years, along with FTP, web, mail, IRC...and specifically states it's an "entertainment service", and I am a "consumer" of that service- ie, sit down, shut up, and be a good little consumer of mass web media. How dare you produce your OWN media...
Please help metamoderate.
Having zero background information on this topic, I am prepared to make an indignant response to AOL's clear violation of YOUR RIGHTS ONLINE! AOL has blatantly violated YOUR RIGHTS ONLINE by deciding not to accept mail from dial-up and residential DSL IP addresses! Dammit, I am sick and tired of providers who think they have the right to do what they want with servers and pipes that they pay for! They are obviously violating my right to free speech by censoring me with their heavyhanded spam-fighting measures! They are probably going to use the DMCA to defend this decision! My guess is the RIAA is behind all this! If we don't all get up in arms about this blatant violation of YOUR RIGHTS ONLINE, next thing you know there will be an AOL camera in your TOASTER OVEN! You will have to ask AOL permission to GO TO THE BATHROOM!
I discovered that because my reverse DNS lookup (in-addr.arpa listings) contained "dsl" as part of them, even though I had a business DSL account, I was having mail from my mail server blocked because of this idiocy: I supposedly had "dynamic" addresses, even though I was a static-assigned business.
/26 Class C's addresses to "real" lookups on my own domain, like f.domain.com, g.domain.com, etc.
Fortunately -- at least for the moment -- the solution was to have my very excellent ISP, Speakeasy, remap my
This fixed that problem.
Freelance tech journalist for the Economist, MIT Technology Review, Macworld, and others
Today I started getting about a dozen bounced emails per hour that I didn't send. Some spammer promoting a penal enlargement scheme was using my return address. This has happened before, so, ho hum for now. Funny thing, all the bounces were coming from AOL. I figured that somehow the spammer was just targetting aol patrons with his mass mail. Maybe not. IDK.
Why is AOL violating your rights by declining to accept email from you? Any moreso than you are violating the rights of a spammer by declining to accept mail from him?
Should all entities on the Internet be forced to accept email from everyone, including spammers?
Too bad that I feel compelled to post this anonymously, but this is Slashdot after all.
Assigining the same IP address each and every time doesn't sound very "dynamic" to me. Using DHCP to assign the address doesn't make the IP dynamic. :-)
Mainly so I can get file attachments of ANY size because I host the server. On the other hand, recently I replied to a message from a student at a university that e-mailed me and I got bounced for being on a "residential IP". But there was a link to click that would e-mail the user asking them for permission to add them to the "allowed list". It sounds better than AOL's plan. Perhaps the bounce message could have a picture with some colors and some text and have it ask you a question about the picture as proof that you were a human. Such as "There are X kittens in this picture and Y dogs" and then you reply with x=3 y=4. Or even as simple as the Yahoo auto-reg test where it gives you letters in several different fonts on a background and you have to re-type them in.
I doubt this'll do much to stop spam, and certanly won't prevent many abuses.
But at least all those arogant wankers who ban china and korea's IP space and the like can maybe get a taste of their own medicine.
autopr0n is like, down and stuff.
Being called a dork on Slashdot must be like being called the retard in special ed.
Oops... yes. Sometimes data makes you forget what you know, or should have known. Spoofed or not, though, filtering out AOL works pretty well for me!
There is no way to Spam from AOL/Yahoo or Hotmail. It's physically impossible for a common user to do it.
What is possible to do to forge a 'from' address in an email header. Look again at the emails you have in your spam bucket and look at the recived-from: header. I'll bet you $100 they didn't come from anywhere with a '.yahoo.com' at the end.
autopr0n is like, down and stuff.
If you don't send or receive mail from your domain, the RFC doesn't apply. However, it is still a good idea to maintain a postmaster account -- spam spoofing (or viral spoofing a' la Klez, etc.) is sufficiently prevalent that your site may end up on blacklists...and if you ever do decide to run mail services, you may find few sites willing to peer with you.
The RFC-Ignorant site lists the relavent criteria for listing domains in violation of postmaster, abuse, whois, and other RFC requirements.
What part of "gestalt" don't you understand?
Set your MX record to a IPv6 address. Alternatively, set your email address to:
y ou
!BillGates!MSPostmaster!FreePr0n!GWBush!TBlair!
I remember once having 7 mail filters in Evoloution. This is how I created it:
- block 'teen', 'sex', 'porn', 'sluts', 'gay', 'lesbian', 'penis', 'pussy'
- Anaylse spam that isn't marked crap. Add corresponding rules to filter
- Forward all mails from Africa asking you to be the next of kin for a stranger or money laundering to Kofi Annan and your local inteligence agency
The test I ran was from an NTL cable-modem serviced node.
If AOL wants to retaliate against specific ISPs for not managing spam, fine. Blocking indiscriminately based on dynamic and/or residential IP is a different matter altogether.
What part of "gestalt" don't you understand?
I block all AOL mail anyway. You should too.
Please tell why its such a great way to stop spam.
...other factors come into play. Cf: Microsoft and a little dispute (which came to no account) they had with the US DoJ.
AOL is in the role of a common carrier. If AOL starts discriminating against classes of users for no clear reason, they can be called to account for it.
If AOL, which has been losing customers to broadband, takes an action which directly reduces the benefits of broadband connections, they are opening themselves up for investigation.
Mind that I've got decidedly mixed feelings on AOL. I find their product insulting. However it provides access to the Internet for millions of users. They've funded the Mozilla project, and my own preferred browser (Galeon) indirectly as well. And as a balance in the consumer / ISP space against Microsoft, they've been a valuable strategic partner. But when they act in a directly anticompetitive manner, they must be called on it.
What part of "gestalt" don't you understand?
You wrote;
> Blocking reverse is fine; make your ignorant ISP fix your service.
Please read my original post. My ISP *is* ignorant *and* stupid. They are also the *only* ISP from which I can obtain service. My other choice is Adelphia cable, and they block port tcp 25 inbound. They also explicitly prohibit servers.
I can't get my ISP to do the reverse DNS. I can't get them to delegate it, or even set it on their own servers. I have called and requested this service. They will not support my needs.
Blocking reverse DNS is not fine, unless blocking legitimate non-spam mail is okay for you.
My only option to conform to your ideal is to move to a new location that has an ISP that will provide the needs which I have. That is absurd.
> Sometimes, as is in my case, the ISP wants money for an RDNS service. I can't afford to pay it.
Paying for DNS would be okay, if it was an option at all. Paying an absurd about for delegation of reverse DNS should be criminal. A reverse DNS delegation is as much as right as having a public IP address.
It is more ignorance of ISPs, and persons like yourself, poster, who have caused this problem.
Where is your mail server? You don't have one? Please withhold your opinion until you have experienced the establishment of a mail server, only to have your mail blocked by over zealous administrators. Or is it at work? I wish you fired from your job and then feel the pain that I do. I wish you to get a clue and understand that I don't like spam, but blocking those with a legitimate message to send is extreme.
I hadn't considered that, but they've got a $1 billion interest in just that area.
What part of "gestalt" don't you understand?
Spam Wars, Part III
The AOL Empire is nearing completion on the Death CD. In alliance with the
other local Empires, they have conceived of a plan to end the mechanical menace
of millions of spambots spread thruout the galaxy, by cutting off transmission
between the bots, they hope to cut their communications and cripple them.
In other news, the Rebel Alliance commanders are furious."We use the same
channels! We must strike back!" Does this spell doom for the galaxy, or finally
freedom from the menace of the spambots? Tune in later for our special report.
It's old. The more humans I meet, the more I like my cats. At least they are honest.
You mean like AOL just did?
Turnabout's fair play. You can't respond anyway, in many cases.
What part of "gestalt" don't you understand?
i keep receiving these messages, which i never sent, but they are bouncing back to me because some spammer is making it seem like its coming from my hotmail account. what can i do? Hi. This is the qmail-send program at bos-dom-fe2.bos.lycos.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. epts@tripod.net: Sorry, no mailbox here by that name. (#5.1.1) --- Below this line is a copy of the message. From : "Inga" abstrakts@hotmail.com To : "Elton" epts@tripod.net Subject : 147 NEW MIRACLE METHOD DRAMATICALLY INCREASES THE SIZE OF YOUR WANG YOU DON'T HAVE TO BE ASHAMED OF YOUR SIZE ANYMORE
Over the course of the next few weeks you will see us roll out our new plan, which we call Operation Internet 1.5. Then you will see us advance on your coalition of the unwilling, day by day.
Today, we are one step closer to the fall of your heterogeneous networks. Does this mean chaos? Gosh no! I'm tired of reading the headlines saying "the sky is falling! the sky is falling!" We are only doing this so the internet can be run by the actual users, we will not stay one day longer than necessary...
Btw can you spare $20 a month?, we have some other great plans for the future...
The only reasons you should be using some other server to transmit your mail instead of doing it yourself are
- Your connection isn't reliable enough - That's a problem for dial, not DSL.
- Your machine or mail delivery software isn't connected reliably enough to handle reattempts on messages that didn't get delivered successfully the first time - Laptops have this problem, and it _is_ easier to write mail client software that hands everything to a proxy server than software that tries direct delivery first and then falls back to using the proxy.
- Your mail software isn't smart enough to handle complex deliveries - That was a real problem back when we had UUCP and Bitnet and other non-SMTP mailers in common use and the Internet was only for universities and defense contractors, but we've fixed that problem, though some mail client software isn't smart enough.
- They're providing a service you don't want to do yourself - Maybe some kind of timestamping or notary service or encryption gateway or anonymizer or tunnel into your corporate Intranet.
But that's about it.Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
They're blocking dynamic IPs, not DSL. The news.com article even goes on for _several paragraphs_ about how this policy is affecting Comcast cable modem customers.
I agree. And most people pay for the 'right' to have a public IP address. If you need a functional PTR, pay for it.
Most of the spam I get comes through machines with no PTR. Most of the legitimate email I get comes from machines with valid PTRs. How do I know this? I run my own MTA, and have done so for around 4 years.
Google can help you find a cheap DNS provider. I've seen them for less than $20/year.
OR when you recieve a bounce like this you could just use your ISP's email server. I've run in to 0 DLS connections that don't come with at least one email account.
When AOL (or anyone else) bounces your mail because of it being DLS, or not having proper reverse lookup, you simpy re-send your message through your ISP's non DSL and properly DNSed server. Problems solved. The AOL persoan can still send you large attachments to your personal server.
Article X: The powers not delegated... by the Constitution...are reserved...to the people
Comment removed based on user account deletion
You should be using your upstream SMTP server. This is a great move as it will protect users from the evil SMTP abusing worm that infest Microsoft users.
I strongly recommend that as a compensatory measure, non-AOL MTAs be configured to deny all incoming mail from AOL's domain.
Speaking of ignorance, this seems equally ignorant. Are we reverting back to the "an eye for an eye" Hammurabi code? "If you block our email, we'll block yours?" What good will that do? If AOL is violating the SMTP RFC, then they should be sued. But simply configuring our mail servers to block AOL mail is ignorant, rediculous, and pointless.
n/t
"If you want to run a real mail server, perhaps you should get a real internet conenction, like Colocation or T1."
So only people with a couple hundred bucks a month to drop on bandwidth have a "right" to operate them? I've had a personal domain name since 1994 that for the last 4 years has been hosted on a 486/66 using home DSL / cable lines. I don't run any commercial services from it, but I do host a number of e-mail lists that have become important to the personal communities I'm involved in (church, college alums, etc...). I do under 1000 messages / day, which is a miserably small amount of bandwidth, even for DSL. My 486 is bored. A T1 or a colo server is absolute, utter, complete overkill, and unnecessary for me. Wealth doesn't automatically accompany knowledge... just because I have the capability and desire to run a mail server doesn't mean I have the need or the means to pay for high-end commercial services. And yes, I was bitten by this new, unpublished policy last week.
"Relay through your ISP" isn't always a good answer either. I've tried it. My current ISP's outgoing mail servers routinely delay mail by an hour or more. This is a major, first-tier provider. When my machine is delivering directly, I can look in my own logs to troubleshoot delivery problems (which users often end up asking me about, and invariably are on their end).
I fully understand the arguments that blocking DSL and cable lines will stop a lot of spam. I even think that *some* kind of blocking of this nature is a good idea. But it's really, really fascist to implement it the way they have done- it is disrupting mail service for hundreds of thousands of legitimate mail users. AOL is just contributing to the gradual erosion of technical community / cooperation that the net depends on to function.
Here are some ideas to do this in a more "Internet-friendly" way:
1. Throttle inbound mail delivery from DSL / cable IP blocks. Don't stop it completely, but limit it to 1 simultaneous connection / host, and 5 messages / minute.
2. Limit the total number of unique AOL subscribers that a given DSL / cable host can send mail to in a 24 hour period. This could be a relatively large number (1000) and still effectively stop spammers.
3. Maintain a "whitelist" of IPs of server admins who know what they are doing. Have an automated system drop mail to postmaster@[IP]. Provide a phone number and a randomized code where a person (it must be a human) can call in and get their IP re-activated for sending mail.
The basic idea is to raise the threshold of "pain" above what a spammer can profitably deal with. I am willing to go to some trouble to have my single IP unblocked (assuming the number of ISPs doing such blocking remains relatively low), but spammers must deal with massive quantities and can't afford to waste time on machines that can only mail 1000 AOL addresses / day or require manual confirmation.
I would, of course, try to say this to someone at AOL, but because I don't work for an ISP the "postmaster" helpdesk won't even talk to me and you can guess how much their customer service folks like talking to non-customers.
GRRRR!
-R
Dammit it's getting harder and harder for the average guy to run his own fucking SMTP server. I mean, the ones that I use are unreliable so I run my own, is that so crazy you anti-spam fascist motherfuckers?!
"I feel it is my duty to look at the porn that kids download before I delete it, to be sure what it is."--School Admin
Try sending 2 oz letter 3500 miles for $0.36
.37 + .23 each additional oz.
US Mail is
But that's separate from the question of sending SMTP mail yourself - clients can do that just fine, and so can proxies that run on your home machines but don't provide services to other people. Most of the popular Windows email clients use SMTP to deliver outgoing email, but send it to proxy servers rather than delivering it directly because it's more reliable in cases where the first delivery attempt fails. But that doesn't make them servers.
The real issue with "residential" email senders is that anybody with $20 can set up an internet connection at home and start sending spam, and if they get booted by their ISP, they can spend another $20 on another dialup service or $50 on another DSL service. By contrast, spammers from business locations often need to spend $1000 for a T1 line, so there aren't as many of them, or else buy web hosting service that costs somewhere in between and is monitored more tightly than a home email dialup connection. Yes, it's rude that legitimate Linux users at home get their email rejected because spammers use the same kinds of connectivity, and ISPs that do that should get slapped around by the market.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
My ISP has not shown that its servers are reliable. I like to be able to use mailq to see what's backed up. I'd also like to be able to use my own mailer's parameters for bounces. There's lots of reasons to prefer to use your own mailer instead of your ISP's, even if you technically could use your ISP's. But now, you'll want to relay through your ISP for all the mail that AOL won't accept, while sticking to your own SMTP services for everything else. That's what this document is for.
I encourage people to write corresponding documents for other MTAs. Also, some people can only send mail through their ISP with their ISP-assigned username. It's possible to configure sendmail to adapt AOL-bound mail to have the ISP-assigned sender. That is not discussed in this document; email me if you need it, and I'll write a followup post.
HOWTO: Configuring Sendmail to use your ISP's relay for AOL
This uses the sendmail mailertable feature. The mailertable feature allows you to specify the mailer and relay parameters for individual domains. That's exactly what we need here.
Remember that some ISPs may require you to use your ISP-assigned email address to relay through them. This won't help with that, but there's easy solutions for it. (This sort of thing is where Sendmail rocks.) Email me if you need it, and I'll post a followup.
>I personally think that there needs to be U.S. Federal laws made to protect the rights of Internet users.
I can see how these laws might help you with datanomix and UCF, but how are they going to help you to get mail to, I don't know, the other 95% of the planet?
Unless you want a "World Government" federal laws aren't going to help you all that much unless you live in India or China.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
Again AOL shows its arrogance and ignorance. Watch AOL roll out a SOHO mail service now that they have ban e-mail from DSL-hosted servers. This is the usual act of desperate despots; committing an act of persecution in the name of "public good". After implementing what was probably one of coprorate America's biggest shell games, AOL-TW is now discovering that they have to provide a real service now that the "goodwill" that propped their share prices went poof. Unfortunately, not being good businessmen, they first have to act like Microsoft and create a state of deprivation to support their "new" service offering. Sheesh! Perhaps they should be threatened with a complete proscription of the AOL domain, i.e., all mail from the AOL domain is refused and all mail sent to the AOL domain is not forwarded to them.
Lots of people use something like the DUL; if you don't like it, go kill a spammer; when they're all dead, this won't be a problem.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
Why again would one have a mail server on a dynamic IP? If you want to host your own mail, do it the right way and get a static IP address and an ISP that will host reverse DNS for you.
This is what I'm doing, and haven't had any problems being blocked by the big boys. I would assume their filters are pretty basic... probably finding a dhcp-* or the likes during a reverse lookup is how they're doing their filtering.
In CA at least, there's just no reason to give your broadband money to one of the 800lb gorillas with so many third party providers willing to give you a static IP and things like reverse DNS hosting for a tiny premium over the *Bell services. If your chosen broadband provider won't allow you to relay mail to addresses other than their own, then why again are you paying them so much money every month?
Unless you live in a communist society, I don't see why you should get any internet services for free.
That being said:
>My only option to conform to your ideal is to move to a new location that has an ISP that will provide the needs which I have. That is absurd.
No, you could get a co-lo with a better ISP in, say, Cali., or you could bribe your sysadmin (I bet a $250 'present' would do, just don't let him know what you've said here).
>Paying an absurd about for delegation of reverse DNS should be criminal.
In a capitalist society, no amount is absurd if people are willing to pay it. And if people aren't willing to pay it, the company soon learns to change it, or not offer it. In your case they chose the latter. Too bad. You should be happy you have high speed internet. Some of us are still on dial up, or worse.
I think I'll be collecting AOL Cds for use on my spam machine. 6000 Cds, 6000 aol.com addresses to block. 6000 bots.
There is no law stating that you have to buy DNS or mail services from your home ISP -- numerous other ISPs and CoLo services will be very happy to provide those services to you.
The writer of the slashdot post seems to think that it's bad that AOL doesn't follow RFC guidelines. Well I agree, but it's not like this hasn't been true for a while. I remember when QMail was having lots of issues with AOL's servers because AOL's MX records were larger than the RFC stated. So this is just another exaple of AOL's belief they're better then RFC's.
-Nicholas Blasgen
Anyway, here's how to fix if you have qmail. You need to create a file
The without the dot gets user@aol.com and the with is for user@domain.aol.com . Restart qmail your favorite way. You can check with qmail-showctl to see if it worked.
- RR
I should put something clever here. Maybe someday.
I've known this for a while...at least 6 months. Mail from my domain "jkoebel.net" is undeliverable to "aol.com" .... their mail server simply refuses to respond to my mail server's requests.
It sucks...
Mod this up please. If ISPs created generic reverse DNS lookups for the blocks they sell (rent) us, we'd all be better off.
No-one should use AOL. For anything.
...weeks ago when I discovered it. /. sucks a$$.
AOL should accept all email from DSL lines because you have a lousy provider who dosn't provide ene-to-end IP service?
Verizon sucks. I have a cable modem just do I don't have to deal with their intentional idiocy. I was willing to pay extra for a Covad DSL line to my house just to avoid them, but there were no copper pairs left from the CO to my house
The sooner you lose them, the better.
Anomalous: deviating from what is usual, normal, or expected
Canard: a false or unfounded repor
Let me just point out a few things:
1) Although I've never used my ISP's mailservers for outgoing mail, my friends have -- and mail is constantly lost, or delivered hours late.
2) Likewise, my ISP's incoming mail servers are frequently down, losing mail, and full of spam (the address was either harvested or sold, I don't know which. I have evidence of it, but that's another thread). A couple of my own local accounts suffer from spam as well, but I managed to install Spamassassin, which must be too difficult for my ISP.
3) Privacy is a concern with me, and I'd prefer to handle mail transactions myself.
4) I like the reassurance of looking through my Sendmail logs, knowing that an important message was delivered, and if it wasn't, the reason why.
5) Although this is unrelated, my friends often complain of outages when my service is fine. The reason? My ISP's DNS servers are constantly screwed up, yet I run my own.
6) I run majodomo to host a small mailing list of 20 of so members (that moves perhaps 500 messages a month); that's not enough traffic to justify having it hosted somewhere else, and Yahoogroups butchers messages with advertisements. Luckily none of its members use AOL.
7) I check my mail logs often (to make sure nothing unordinary is going on), and do not allow relaying.
Many of us run mail servers simply because our ISPs are unreliable. Many ISPs can't even host a measly 5mb of web space adequately, so I feel weary letting them handle important E-Mails. I wish Speakeasy was available in my area, it would be a no-brainer switch.
You've probably heard the saying, "tolerating excesses in order to preserve freedoms." Well, Spam is an excess -- a very horrible excess. At the same time, enough people use home mail servers for justifiable reasons that outlawing them, or blocking mail from them isn't a logical decision.
And besides, there's other ways to prevent spam without making anyone unhappy. Spamassassin, once configured correctly, nails just about all spam. My university filters spam on my POP account, and I receive maybe one (if that) a month; couple that with Mail App's built in filtering and I haven't actually seen a Spam message in months. The best way to get rid of spammers is to implement solutions that make their efforts ineffective on ANY level, not just by killing off one of their hundreds of other options (AOL's method).
It is more ignorance of ISPs, and persons like yourself, poster, who have caused this problem.
It isn't ignorance, checking reverse allows you to filter out fly by net setups. You seem like a really angry individual when the solution to your anger is just to send your email through your ISP or to help your ISP fix your reverse problems. In addition having a public IP address is *not* a right, instead it is something you pay for. In my case I pay quite a bit more per month for a business class SDSL so I can be within the TOS of my particular ISP.
Also since you asked I run my own mail server at home on a proper DNS setup which includes reverse. I've also been setting up servers on the net since '92 so maybe I got that whole "establishment of a mail server" thing covered?
--- I do not moderate.
I block inbound port 25 from anything that I determine to be dynamically assigned IP address space, and I think that everybody else, AOL included, should do so as well. Anybody making outbound port 25 connections should either be doing so from a static IP address or be making that connection to one of their own ISP's machines.
The real issue here is how one determines what's a dynamically assigned IP address and what isn't. There's no 100% reliable way to do that. I'm using a combination of local whitelists and blacklists and DNSBL-type dynamic IP lists. AOL's probably doing the same.
Criticize AOL for incorrectly putting static IP space into their blocked dynamic IP lists if you discover them doing so, but don't criticize them for trying to block inbound SMTP from dynamic IP addresses.
I had a NT box set up where it was effectivly on the net. Someone found it and rooted it and installed a remote proxy on it. For the next few days, another box they hacked was sending the cracked NT box packets to realy off to smtp servers all over the world. Thanks to some fun filtering, about 1.5 million spam messages ended up being diverted to my logging machines. This is a major spamer operation and they aren't doing it the old way. They are playing mean and breaking the law. Of course not one of the law enforcment agencies has any interest in this. The result of this criminal stealing $2000 worth of bandwidth is that I've got enough info that a prime canidate can be tracked down but it will require either a cort order or a BOFH inside AOL.
All one needs to do is block every IP address allocated in Korea, China, Brazil and Russia. That should put a halt to about 90% of the spam floating around the Internet these days.
Problem is, sometimes those IPs which look like residential ADSL lines are actually static IP addresses. Take my main domain, 2mbit.com, its on a SBC static IP _BUSINESS_ ADSL line, but looks like any other random ADSL dyanmic IP user on their network.
This is the danger of using DUL type lists.
Brielle
I emailed webmaster@aol.com about this last week and whoever responded didn't have a clue. She said there was a problem with mailing more than 10 people at a time and that the issue should be fixed soon. What does that have to do with having a dynamic IP? I even pasted the exact 550 bounce message and she responded as if she'd never seen it before. I can't believe they didn't announce this, but I'm even more surprised they didn't even tell their own tech support!
and as soon as my work IPL's this weekend, 02:00, my very large employer will return the favor to AOL. We've got a seperate presence on AOL for business so this will not impact us in any way, but will impact AOL customers who benefit from the good neighbor policy.
errr....umm...*whooosh* *whoosh* Is this thing on ?
AOL is blocking DSL users from directly sending email. This is largely because of all the "U 2 kin make $$$ wit UR computer!!!!!" scams that are nothing more than spamming@home clients.
"WAAAAH!! I WANNA SEND MAIL FROM MY DSL" people cry (NOTE: I am on a DSL connection myself).
"FOO! Just use your ISP's mail server" other people say (that's what I do....)
"WAAAAH! MY ISP'S MAIL SERVER SUXORS!" the first group reply (I cannot understand how the ISP's connectivity works, but the mail server doesn't, but I digress).
OK, so what about this: why doesn't somebody set up a mail server, which requires its users to be authenticated beforehand, has a real TOS with fangs, claws, breath weapons, rocket launchers and other implements of mass destruction to be quickly turned upon violators, and which uses either SMTP-S or SSH style connections.
Thus, all the folks who use DSL, who's ISPs mail service is unacceptable, and who want an alternative can have a place they can connect to that is NOT a spam haven, NOT on a dynamic IP, NOT on blocklists, and thus everybody is happy.
After all, you can already buy your wire from one provider, your connectivity itself from another (in some places), your web space from a third. Why not mail services from a dedictated mail provider?
(NOTE: I am not talking Rot^H^H^H Hotmail or the like - I am talking a service that actually allows mail sending from something other than a Web page or proprietary client.)
www.eFax.com are spammers
My MTAs have been set up to blackhole AOL mail (on a whitelist basis) since about 1997 or 98 :-). I had almost forgotten... At that time, I was getting a heap of spam from their domains, and as I'm in Australia and AOL doesn't have a significant coverage here it's pretty safe from false positives.
Whats the problem with changing your setup to send the outgoing mail through you ISP's SMTP servers?
Reliability, speed, and privacy, all of which are lower on their servers than on mine.
While I don't think they made the best decision, it is nice to see SOMEONE doing something drastic to reduce spam. Maybe this will get enough coverage to make everyone agree that it's time to do something about the problem.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
The best way to block spam is to block spam not innocent people. If everyone does stupid stuff like this, we won't have any open communications service left. The same logic you use can be applied to all kinds of network connections till what we are left with is a host,deny entry of all:paranoid. Even that won't kill spam, it will simply give more leverage to those who "serve" you.
The limit of what you propose will not reduce spam one bit. AOL and other big ass ISPs have blocked email sent from dial-up for some time. That was bad enough for people stuck with something like safepages. Now they are blocking DSL, including those with fixed IPs. Next they will target smaller ISPs themselves. In the end the only "special" folks you would allow to run mail servers would be Microsoft, Government agencies and a few other bit Telcos. The quality of email would, of course, be critically degraded and those few special "broadcasters" of email would make a mint spamming everyone on the plannet.
Don't know where spam comes from? Look to those who have the most to gain from destroying the current free email system. We already know that M$ pays people to spam mail lists with diruptive comments. We can be sure that sending penis elargement mail is not beneath them or other big ISPs and telcos who hate the internet and all it stands for.
There is nothing difficult about running a mail server. I use Exim on Debian. I comes reasonably configured. Configuration files can be made so that users, such as myself, can read them and understand what their options are. This is what free software is all about.
What you propose is what Ma Bell was all about.
Friends don't help friends install M$ junk.
who think that everybody on the net should be a Couch Potato Infotainment Consumer
instead of a first-class citizen.
Well said. Broadband vendors should sell the pipe and nothing more -- not necessarily the only option, but it should be an option. They want to sell to couch potatoes. They should be enabling first-class citizenship.
i wonder if they will be blocking mails from their own company, Road Runner..
The major source of spam I get, that has valid domain names, is from aol.com. Maybe AOL should ban that domain as well. But then AOL is only the worse of the 10 percent of the spam that has a valid domain name. If every mail server and relay would reject all email that does not have, at the minimum, a valid TLD, close to 90 percent of my e:mail would dissapear. That's why I have my own SMPT running - I can configure it to reject these spams. Otherwise my regular ISP account would be always full. My ISP name is in no directory and I do not give it out to any site that requires an e:mail address. So I only get a moderate amount of spam on it.
I know for a fact that they are NOT telling their customers.
;) ]
I tried explaining it to an AOL user. She called me on the fone as she was real-time chatting with a "support" person. She explained it all to the moron. [ Sorry, let me expand - the 'support' moron not the one who is an actual AOL luser
So what happens? I got a "test email" from the support drone. All it said was "test email from AOL". My friend could NOT explain to the support moron the difference between INCOMING and OUTGOING mail. So not even the support people knew. I even pasted the entire error message from their SMTP servers and sent it to her, she forwarded it to the support person, and that STILL didn't help any.
Oh well. See my other post for the AOL/EarthLink (qmail) fix.
- RR
I should put something clever here. Maybe someday.
Actually you don't care what the reverse DNS says, just that there IS one. Many of the spam canneries live in wasteland IP blocks where attempts to lookup their IP return an error.
Democrat delenda est
How to post a negative AOL reply on Slashdot.org.
1. Start off by naming the previous number of times AOL has done something you dislike, noting that this particular incident is "the worst yet."
2. State your greivances about the topic. Explain, in near-irrevelant detail, how this will negatively effect you and others.
3. Throw random arguments in about how non-AOL services are far superior to AOL services.
4. Also imply that anyone who still uses AOL must be of inferior intellect that yourself.
5. Notate the sudden revelation that you don't use the services of AOL (in fact, can't recall any time at which you did use AOL) and, if you did, you and anyone else using AOL probably deserves the a forehand mentioned greviance and whatever similar issues they get.
6. Close with witty remark about poor service and/or "AOHell" reference and offer cliche signature of either "Step 1. AOL reference, Step 2. (blank), 3. Profit!" or "All your base..." adaption.
I block their domain for the same purpose
This went over the Boston Linux User's Group discussion list. Netscape.net and Citigroup addresses are bouncing mail as well. Here's the solution suggested on the list:
/etc/mail/mailertable and add the following lines:
With Red Hat Linux 8 running sendmail, setup a mailertable. Create
aol.com smtp:mail.attbi.com
netscape.net smtp:mail.attbi.com
ssmb.com smtp:mail.attbi.com
citigroup.com smtp:mail.attbi.com
Register the mailertable db, stop and restart sendmail.
"I'm The Bounty Bear. I will find him anywhere. I'm searching."
ban their own marketing morons from sending those damn AOL CDs.
Those things serve the same purpose as Spam: "If you spam them, they will come"
That's they way the internet should work. If you are mad, don't accept mail from AOL. Just don't get all laywer like. If they don't want e-mail directly from your machine, so be it.
And what's AOL's terms of service for servers hosted from their residential customers? Most broadband ISPs have limits. If they're just enforcing parts of the TOS that were already present when you signed on, you've got nothing to complain about.
Talk about "power to the people", imagine if even 1/3 of the mail servers out there bounced AOL accounts with "Sorry, because we disagree with the way AOL does business, we no longer accept email from AOL email addresses".
Exactly how long could AOL last before they'd be SOL. Granted ecommerce sites, etc couldn't do this, but it's actually feasible.
I, for one, would can my AOL (hypothetically speaking, there's no way in h*ll I'd use AOL) account if 1/3 of my personal email couldn't go through and I was forced to get informed about their strong-arm practices.
Just a thought.
Brian
Why do you have to run your own SMTP server? That's a pretty elitest thing to do.
and the parent post says:
Ummm, no, acting like it's a hard thing to do is elitist. Exim on Debian comes with reasonable default values and easy to understand configuration files. Next thing you will tell me that no one uses AOL or Hotmail to send spam. Fuck you, asshole.
Friends don't help friends install M$ junk.
Now, the question is, are they banning CONNECTIONS to SMTP servers from IPs that reverse resolve to DSL provider subdomains?
A couple of posts above mentioned banning of dynamic IPs. If this were the case, how would AOL know what is and isn't a dynamic IP? Is there a range of IPs that has been globally defined as dynamic? I don't believe so...
See, what I'm getting at is that, if I recall correctly, and SMTP connections functions like this:
The originating server connects to the destination server (or another relay). There is a brief exchange of commands. I don't have any notes handy so I can't remember the commands exactly, but the commands indicate who the message is to, who it's from and some other details.
It just seems to me that you might be able to masquerade as coming from a static IP or a static domain by feeding in forged values to the MAIL From command. If I'm correct, then by taking on spamming techniques (lying about where you're coming from and who you are) you might be able to get around this restriction (if AOL is truly breaking SMTP). As long as the actual email message being transmitted as the DATA has the correct information in it's from header and/or replyto header your message might actually make it though and be useful to the recipient.
Oh well. I guess if nothing else, technically speaking, this probably isn't really breaking SMTP if it's just refusing connections based on a reverse DNS lookups. I don't think this would really work if it relies on the MAIL From SMTP command due to the fact that any serious spammer could get around that in about four seconds flat.
Screw you. It's easy to run Exim on Debian. It comes with reasonable defaults and easy to understand configuration files. There is no reason anyone can't install and use it exctpt for stupid jerks like you not letting them. Why can't "smart" people like you at AOL and Hotmail keep your users from sending so much spam in the first place? Perhaps you should get your own house in order before you start screwing other people and work to make the internet into a puch media with four or five special companies with the privalidge of running a mail server.
Friends don't help friends install M$ junk.
Perhaps you should check a dictionary.
Please don't use quotations without attribution. It's rude.
.sig is the property of Margaret Meade.
Your
I found the meaning of life the other day, but I had write-only access.
May I have your attention! Who cares! Carry on.
Here's a reality check for those of you unfamilar with the real business world. AOL can do anything they want with their property (i.e. network equipment) to protect their business & customers. If you think they care even remotely about RFC's or academic papers which don't have a chance of having some form of ROI, think again.
:P
Secondly, the likehood of any of the users who actually care about receiving DSL based mail would actually use AOL in the first place is so remote that I don't think anyone at AOL will lose sleep.
Finally, I think I can probably sum up AOL's attitude on RFC's in the words of Triumph the Dog, "RFC's are good.....FOR ME TO POOP ON!"
Enthrash...
This is old news. I run a server off of my DSL line, and AOL (along with Roadrunner, University of Toronto, etc..) has been blocking all e-mails sent normally. I've worked around this by using my ISP's smtp server to send mail. They don't notice the difference. Although it is a good idea because there are way too many spammers using dsl, it closes off e-mail for the rest of us.
Check it yourself. 81.108.149.163, here: http://postmaster.info.aol.com/duls.html
So AOL's being inconsistent in stating why they're blocking, and in showing you why they've blocked it.
What part of "gestalt" don't you understand?
MS did forget to renew hotmail one year. they actually sent the guy the 35 bucks who did it for them
quote: 'I wanted my email!' -- that guy
I'm on a cable modem and it doesn't accept mail from my mail server either... If I try to send to my friend's Compuserve (owned by AOL now) address... I'm on a cable modem. The way the message is phrased, they make it sound like I'm the cause of the spam woes... I mean, that is just ridiculous. My server is secured, I am very selective about who is allowed to relay.
Here's the message it sends back as it appears in my mail server log:
00:08:31 5 SMTP-409(cs.com) Disconnect Received
00:08:31 5 SMTP-409(cs.com) Disconnect Confirmed
00:08:31 4 SMTP-409(cs.com) Input Line: 550-The IP address you're using to connect to AOL is either open to the\r
00:08:31 4 SMTP-409(cs.com) Input Line: 550-free relaying of e-mail, is serving as an open proxy, or is a dynamic\r
00:08:31 4 SMTP-409(cs.com) Input Line: 550-(residential) IP address. AOL cannot accept further e-mail\r
00:08:31 4 SMTP-409(cs.com) Input Line: 550-transactions from your server until either your server is closed to free\r
00:08:31 4 SMTP-409(cs.com) Input Line: 550-relaying/proxy, or your ISP removes your IP address from their list of\r
00:08:31 4 SMTP-409(cs.com) Input Line: 550-dynamic IP addresses. For additional information, please visit\r
00:08:31 4 SMTP-409(cs.com) Input Line: 550 http://postmaster.info.aol.com.\r
Who did what now?
Your hard drive is a 4th level cache?
.sigs these days than in their actual posts?
I have two levels of on-chip cache and one level of backside cache on my processor daugtercard. I also have RAM, and my hard drive has an 8 meg cache all its own. That makes my hard drive a 6th-level cache.
You may not have three levels of CPU cache, but I suspect you have a drive cache, in which case the drive itself is a 5th-level cache.
Why is it that I find more to comment on in people's
I found the meaning of life the other day, but I had write-only access.
a private network, unconnected to the internet, so AOL is simply going back to the good O'l days...
I run a few domains off my verizon dsl account and there's a few ISPs out there I can't send mail to. Most notably my folks who are on a bellsouth dsl account. Kinda funny given that bellsouth and verizon are the same company. Most businesses I don't have a problem sending to, just a few major ISPs that prohibit me from sending mail. There again, the amount of spam I get relayed from dsl / cable accounts, I really can't blame them. I learned the hard way about having my smtp configured improperly after I ended up being a spam relay for about 1700 email messages. And I consider myself to be pretty technically proficient, but I screwed up. Every day someone from portugal or x-istan scans my smtp to look for a relay, so the spammers know dsl hosts are easy targets. As much as it pains me to say, I think aol was right on this one.
slashdot, news for crazed liberal socialist zealots
I've seen someone show for qmail and more than one for sendmail. Hope this isn't redundant.
/etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
/etc/postfix/transport:
aol.com smtp:mail.attbi.com
netscape.net smtp:mail.attbi.com
ssmb.com smtp:mail.attbi.com
citigroup.com smtp:mail.attbi.com
/etc/postfix/transport'
For postfix add to
(for attbi/comcast) add to
run 'postmap
restart postfix.
I've seen someone show for qmail and more than one for sendmail. Hope this isn't redundant.
/etc/postfix/main.cf:
/etc/postfix/transport:
/etc/postfix/transport'
For postfix add to
transport_maps = hash:/etc/postfix/transport
(for attbi/comcast) add to
aol.com smtp:mail.attbi.com
netscape.net smtp:mail.attbi.com
ssmb.com smtp:mail.attbi.com
citigroup.com smtp:mail.attbi.com
run 'postmap
restart postfix.
I don't block mail from aol.com. I only block it if and only if the SMTP relay doesn't have a reverse-DNS record ending in aol.com. I do this for a few domains (hotmail.com, yahoo.com, aol.com and ibm.com) and it works well. This technique should not be used generally, but for selected domains, it's amazingly effective.
it's your right as a citizen to get mail!
autopr0n is like, down and stuff.
This reminds me, a couple years ago, AOL started rejecting emails from my college's mail server because it was an open relay. If they wanted AOL to accept our mail they had to tighten it up. They did, and everything was fine. Granted, I can't send email through my college's mail server from home anymore (unless I use the webmail thing), but I can use my ISP's mail server, so it doesn't really matter. But what if my ISP didn't allow sending email from other ISPs through its mailserver? Oh well, it works so I won't complain.
Your problem isn't that your ISP's reverse DNS doesn't asnwer with your domain. The problem is it returns an error. That is totally broken and a sure sign of an IP address in one of the less civilized netblocks. That is why your mail is being rejected.
I know it sucks not having a real ISP to switch to, but don't blame the world for your ISP's incompetence.
Democrat delenda est
All I have to say on the matter is why stop at e-mail.
Um, yes. We know. That was the joke being made by the poster. [shakes head]
I run my own SMTP server and do not forward it through my ISP's SMTP server. Originally, I did this because @home, and then Comcast's mail services were so ludicrously unreliable. That's one reason.
Even now that this isn't so much of a problem, I still don't want to forward through the local ISP because I prefer different SMTP settings than those used by my service provider. For instance, I want to be notified if an email can't delivered to the destination MX within a few minutes (not hours), as is often the case with hotmail's servers. If I forward through a smarthost, I can't have this sort of customization.
I understand that many spammers have taken to using broadband + direct to mx configurations, but there are probably plenty of legitimate reasons to use such a configuration, and banning based on it is not a good answer.
good for aol its about time
90% of my SPAM comes from dumb ass mother fucking adsl/cable companies that don't block outgoing SMTP ports
Let me preface this with a disclaimer. I worked in AOL's mail and anti-spam groups for 5 years, ending back about a 2 years ago. I still keep in touch with the people back there, and I have a good idea what's up, as I still work in the anti-spam 'industry'.
Not that anyone will see this, as it's on the second page of comments...
A massive percentage of spam (well over 50%) comes from compromised windows boxes running either trojan software to open ports for spammers to proxy through, software like AnalogX that does the same, or just users who somehow manage to set up a proxy that's open to the world. There's also a big problem with a LOT of the DSL hardware on the market, that allows people to proxy through it transparently, via use of a security hole. Check Bugtraq if you want to find details.
These broadband connections are where the spammers are headed for anonymity. Yeah, sure, there's still a bunch of big-time professional spammers out there who spam away from their often-moving netblocks. That bunch isn't so hard to keep up with.
There's also the problem of Klez and other SMTP aware worms that busily want to send you lots of infected mail. Sure, *nix users don't really care about that, but companies like AOL, with a crapload of less-than-savvy users have to.
It's been this way for 56k dialups for about 3 years or so... but the noise about that only lasted a few weeks, much like this will. If your DSL company can't support your needs, vote with your feet! Switch your service to one that can. If Verizon can offer you service, you can pretty much bet that Covad can too.
(shameless plug: Check out lmi.net for that stuff.. small companies make for better service, and if you need the medium-sized company feel, go with Speakeasy.)
So what if you have a contract... if they can't get your mail to AOL with the right domain, it sounds like grounds to break it to me. =)
that a mailserver serves mail for its domain could help prevent a lot of problems. The infamous "fakemail" bug of the SMTP protocol, whereby anyone can send any email from any address, comes to mind.
Is anything being done to secure the smtp protocol? I'd like to see encryption between mailservers, domain authentication, and possibly even user authentication in the next generation of the protocol
You can't judge a book by the way it wears its hair.
Blocking someone in such a way that they can't fix it is completely unacceptable. If you're going to block someone, at least do it on the basis of something that they can reasonably do something about. You could block them, for instance, for not being an MX for the domain they claim to be sending from. That's something they can fix, because they can get their own domain and make their system an MX if they wish.
Insisting that they have an IP address that reverses properly is unacceptable because they almost certainly don't have any control over the reverse zone they fall under.
If you think they can "make" their ignorant ISP fix the service, then you should (if you're an AOL customer) be able to make your ISP "fix" your service by forcing them to give you a static IP address. What's that? They don't offer that service, and you can't get service from anyone else? Bingo. Welcome to the real world.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
BS. You can always gets a proper IP address from a service that offers you reverse. It may cost you a hell of a lot more than a commodity DSL does but so what? If you want a premium service pay for it, I do as do many others.
(I am aware you may have to get an ISDN, SDSL, or even frac-T to make these feasible.)
--- I do not moderate.
I run my own SMTP server from my cable connection, and alas; I can't send mail to my fiancee', aunt, father, etc... I'm pretty pissed.
So they're only blocking spam from hosts on DSL lines? Good thing I run my spam-mill on a cable line...
"In a 32-bit world, you're a 2-bit user. You've got your own newsgroup, alt.total.loser." -Weird Al
The biggest problem that I see with this move by AOL is for businesses with their own E-Mail Servers. Many of my clients use Exchange, Lotus, etc as their email server for the groupware features. Since many of these clients are small to medium businees they operate on Business DSL and cable connections.
There are two problems that I have begun to notice. One, that the DSL and Cable providers are not doing a good job with PTR records and consequently the reverse DNS usually is something like xxx.xxx.xxx.atl.bellsouth.net instead of mail.companyname.com. Secondly, Bellsouth and others are now blocking ALL relaying through their servers that do not end in @bellsouth.net.
This means that for some of my clients they are being blocked from sending email to AOL. Why? Because for Bellsouth (and many others) having a Static IP means that they simply set a reservation on their DHCP server. This means that they are "dynamic" IP's even though the companies are paying $10 to $20 more per month to have "static" IP's. Also, these "Business Accounts" are drawing IPs from the same blocks as residential IPs. In one case the IP address for my client at home (down the street from his office) is usually only a few numbers off from his mail servers "static" IP.
While I can understand why AOL is doing this, I do not see how this solution is going to fix things. AOL is assuming that the problem is ignorant users and malicious spamers and that ALL ISP's are doing things like they should. We all know this is not true. Many T1 providers do not even setup proper Zones and PTR's for the IP's. On smaller ISP providers there is often no differentiation from Dynamic IP blocks and Static blocks, as they also use "reservation" based systems.
The flaw in AOL's thinking is that they can fix a broken protocal by filtering messages based on RFC's being followed by ISP's. I dont see this working well for long.
IMHO
Huh?
hey we a allready blocking for @aol.com, and have don so, for years ,-)....(and hotmail.com)
it like is this, those to sends more spam then real mail...
Dezral
If I'm a SPAMMER and use my DSL hosted mail server, AOL will shut me down. But if I relay my SPAM through my DSL ISP, since I have a legitimate right to do so, then my SPAM gets through?
german provider t-online is doing this since i am using their service , i guess they do it since all of the time, i dont find it very annoying to put in their smtp relay server as a SMARTHOST in my MTA config tho, guess it just makes things easier for them
So let me get this straight,
because your ISP is stupid, you want the rest of the world to suffer along with you.
Sorry.
I had this problem months ago on my Verizon DSL, they wouldnt accept any mail from my linux box, then when I changed services to MM Internet DSL, and got a static IP with reverse DNS delegated to my machine, I was able to get mail through again, but still seriously consider blocking them anyways for their stupid actions
I guess this is sort of like the New York branch post offices not delivering mail from Florida, because that's where a lot of junk mail originates from.
Bullshit.
It's more like your city not accepting mail placed in your personal mailbox and forcing you to use the city-provided community mailboxes.
Which most cities are doing these days. Your mail will be delivered to your house, but the mailman won't accept letters from places other than the community's outgoing mail box.
So now the simple ability to send email to the rest of the world using your own equipment is a "premium service" and warrants a $500/month charge?!? I'm sorry, but I don't want to live in a world where I have to pay extra for the ability to use my own equipment!!
Nice try, but what you propose is completely unreasonable, especially when a less demanding solution exists.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
A client of mine has a cable modem from Comcast under a *business account*, which means they can host servers (they have an Exchange server connected to the Internet.) Early last week I got a call saying all their e-mail to AOL wasn't getting there. I sent some test messages from the admin account to a couple of friends with AOL accounts, and they never arrived. No bounce messages either.
Fucking rude.
Throw RFC1912 at your ISP.
Quoth the RFC:
2.1 Inconsistent, Missing, or Bad Data
Every Internet-reachable host should have a name. The consequences of this are becoming more and more obvious. Many services available on the Internet will not talk to you if you aren't correctly registered in the DNS.
Make sure your PTR and A records match. For every IP address, there should be a matching PTR record in the in-addr.arpa domain. If a host is multi-homed, (more than one IP address) make sure that all IP addresses have a corresponding PTR record (not just the first one). Failure to have matching PTR and A records can cause loss of Internet services similar to not being registered in the DNS at all. Also, PTR records must point back to a valid A record, not a alias defined by a CNAME. It is highly recommended that you use some software which automates this checking, or generate your DNS data from a database which automatically creates consistent data.
'nuff said.
I just blocked all AOL's networks and one site due to getting sick of seeing traffic from their networks trying to send spam through my mail servers.
The person tried 4 times a day, and tried to send the spam with the from address as my girlfriend's which really fscked me off.
I let them know a couple of times and nothing appeared to be done about it.
In many rural areas if you use the 5+4 zip, the last 4 digits is usually the PO Box. Thus, you could do something like..
394 Button Road
Some City, ST 39283-0040
And the USPS will put the mail into POBOX 40.
In Sweden, The biggest DSL provider Telia also blocked their clients' mail servers this some time ago.
If you really want to run your own mail server, no problem. But Telia require you to sign a form saying "I know the risks of SPAM and the responsibilities of running a mail server, etc". So they get a direct personal contact in case of problems. They also distribute a document explaning everything and provide a service (web page) to make sure that your server is not an open relay.
Now, what AOL should have done is to TELL their clients IN ADVANCE. That way, the people running mail servers could have notified in advance and the transition would have been smooth.
A change of policy in order to fight spam without affecting informed and responsible users. Good idea.
I set up my Clie with a cable so I could use my Sprint cell phone to check and send e-mail while on the road, browse the web, etc. The Sprint cell network didn't appear to offer an SMTP server for sending, and my ISP (Charter) didn't allow SMTP access from non-Charter IPs. So I set up SMTP at home (secured) and IMAP, registered with dyndns.org and used my home machine to relay mail from my Sprint-network-using PDA. Worked like a charm...I didn't really know any other way to accomplish this.
Until ISPs offer secured SMTP from anywhere, it seems a bit arbitrary to take measures like this. The answer is available, and it isn't complicated; it's just that getting ISPs to implement good technology is harder than it needs to be.
P.
Props to AOL for validating what we (ISP) were already doing three years ago.
The policy went like this:
- Most of the mail we receive from SMTP hosts in residential DSL pools was spam. Therefore, we are banning connections originating in any such pool from which we have been spammed;
- This is based on reverse lookup; if you want to send us mail directly, get your provider to give you correct reverse lookup for your FQDN;
- If your provider cannot or will not do that, use their outbound SMTP service as your smarthost. That's what it's there for;
- Our spam filtering is aggressive by customer demand, and it is totally optional. Customers who don't want it can disable it. The fact that your intended recipients have enabled it means they want this level of filtering.
- Finally, don't feel singled out. We apply the same rules to cable pools and dialup pools from which we have been spammed, plus netblocks (some quite large and located in Korea or China), plus we have language-specific filters to reject mail written in Korean or Chinese. Oh, and a few thousand specific domains, as well.
However, I do have to dopeslap AOL for having their postmaster address reject mail. The postmaster address must accept any mail from anywhere.
Check out sonic.net. $58/mo includes four static IP addresses, and you can go cheaper. Are you really paying less?
As much as I can understand how it sucks that AOL blocks DSL-based mailservers, I can also understand it. And the DSL users are, unfortunately, the ones to blame. What the spammers do is to scan DLS-hosts until they find an open relay, and then they forward their spam through it. There are also of course some spammers that spam directly from a DSL account, but mostly the problem is the braindead people who just connect their totally open system directly to the network and fire up their box. Thirty seconds later their box is a spam relay.
Today I blocked dsl-verizon.net at this company. Yes it sucks. But thousands of junkmail made it necessary.
TA
You check.. AOL's users can't. Their mail just gets dropped on the floor.
That's the problem here.
MX checking is all good and well but many businesses outsource their email systems, which means their domain doesn't appear in the MX records. I just came across a very large organisation that does this in my country. I won't put the name here tho :)
They block DSL SMTP, including the static IP ranges of some ISPs.
That's just not right.
I host my email on a DSL ISP in canada and they blocked outgoing SMTP long ago. It's easy to work around though just relay all email from your server through the ISP's SMTP server.
This is a good thing because it makes it much easier for AOL to catch spammers.
I'll be cheering for ANYBODY except AOL
Karma: Bad. (As in Good?)
which he then donated to the sisters of the road cafe (wonderful organization) in portland, or
I encountered the problem back in late August last year when some of my clients complained that they could not get e-mail to or from AOL members. NO one seemed to have the answer... not my then ISP telocity.com and certainly not AOL.com. It is not necessarily residential DSL they are blocking.. but if a reverse-DNS lookup on your ip doesn't point to the domain name your mail server is forwarding they block it. I had to go from a $79/month 1.5/256 to a $219/month 768k/512k circuit just for the static IP's and Reverse DNS lookup. Check with your ISP. Residential is ok if they will give you a static and do the DNS.
If you connection is a dirt cheap DSL, don't expect it to be classed the same as a leased line. Many AUPs ban you from running servers on DSL lines anyway dont they? You get what you pay for at the end of the day. And as someone else pointed out, If Aol want to deny you mail, they have every right to.
Huge collateral damage? No shit. This is completely fuckked up typical AOL style bullshit.
How come though, it is perfectly ok "net-friendly" political correctness for "enlightened" ISP's everywhere to block mail servers on dynamic IP's and dial-ups, period. Everybody is all for that, except me, apparently, and the collateral damage is just as bad if not worse. Earthlink goes so far as to block port 25 outbound completely, except for their servers, which spew more than enough spam to make up any difference. Apparently they give free access to certain parties for that express purpose, too. Oink.Oink, Anthrac, quack, quack, barley legal cum-guzzling sluts and all.
Speaking of IP's my DSL provider wants $69/mo for one crummy static address. Guess what, I'm getting a whole dedicated server at a co-lo facility for $39/mo instead.
GA Tech won't even let you log into their ftp server if you fail reverse DNS.
Yeah, AOL sucks, but people, kindly remove that fucking log from your own eye. It might improve your credibility.
--rgb
Thank God the Slashdot geekboys are here to defend me. I thought my penis cream spams wouldn't be able to go out this week.
Of course, in the real world, not everyone can get away with filtering AOL and Hotmail and other problematic email sources.
I have a site with about 50,000 registered members and I would say that 80% of my members have an @aol.com or @hotmail.com address.
As much as I hate what AOL is doing, I can't disregard 80% of my userbase over it.
They want to force all email to go through your ISP's SMTP service where carnivore is installed.
IMO too much time is spent ranting about how Tha Man is keeping the $30/mo broadband user down by not allowing the minority who know how to run a secure server to use their residential line as a commercial line. We should be putting a hell of a lot more energy bitching about the masses of clueless users who randomly click on any email attachment they get, setup their P2P apps in slut-mode, and otherwise connect to the Internet in such a way that they become:
- just another hop for viruses to propagate through
- just another misconfigured AnalogX proxy or Lovgate infected SMTP/NNTP open relay
- just another DDoS drone host
Its sad, but the majority of broadband users have forced this action. If people understood the concepts of due diligence and responsibility we wouldn't have David Ritz and others spending huge amounts of time battling USENET spam, ISPs getting slammed with DoS all the time (and I mean that litterally), and spam gangs doing automated scans of broadband networks for open relays so they can spread their email polution.Its a myth that spam only comes from networks in Asia that don't give a damn. It comes from Ma and Pa's Windows 98 box that got infected with one of several variants of Lovgate and helps spam the planet, all from their speedy little DSL/cable connection.
Before the /. community jumps down AOL's throat at this carpet-bomb tactic, we need to realize that it is a business response to the realities of security on broadband networks. If users took responsibility for their connections and had good firewalls, anti-virus and intelligent email practices then this problem probably wouldn't exist.
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
So I called, and after a week of runaround trying different things, they informed me that the list must be filtered because more that 10% of the recipients are invalid. When a list has more that 10% bad email addresses for @aol, @netscape and any other AOL controlled domains, any deliveries from that list to AOL mail exchangers is dumped entirely. No bounces back to the mail server, or a notice to postmaster to explain why the messages were dropped. Just silence.
The only way to find out which of the people on the list are still valid is to send each one an email manually (ie: not delivered in bulk), and see if it bounces. This is a major pain in the neck for a list with over 2000+ AOL addresses on it.
Oh, and that phone number that I called about the problem? It now dumps to a voice mailbox which is full. Which is fine because when it wasn't full, nobody answered it anyway.
Most big providers here (and some companies, including the company I work!) are blocking mail directly from DSL lines. Already those who use some kind of RBLs are blocking mail from Brazilian DSLs - namely *.dsl.telesp.net.br, the DSL lines provided by Sao Paulo's Telefonica, and *.user.veloxzone.com.br, provided by Telemar.
This sucks, I know, but it's necessary. DSLs became an easy and cheap way to spammers do their dirty job - a DSL, a Windows box, a mass mailing software and some "goodwill" MX boxes. As we haven't any legislation against spammers (and against script kiddies, and against...), this became a big problem here, so people started to simply block it.
So what's the deal? AOL opened the eyes of those still-believers that spam is effectively killing email. Yes, it sucks to configure sendmail to use my provider as a smart relay (and sucks even more because it needs authentication), but I think it's a minor annoyance.
Cesar Cardoso can be found at cesar at zyakannazio dot eti dot br (or at least I believe so)
...but don't all residential DSL account's terms of service agreements include the "no servers" clause? So if you're violating your user agreement by running a server, what's stopping you from violating their Spam policy too? Not to mention that those servers are prime targets for spammers to use as open relays. (Happened to me, even with a firewall and IP restrictions)
Well, there is a workaround for this if blocking port 25 is all they have done. You can easily set up a 'reflector' mx host for your domain, there are even free services for it. /040.
For an example:
http://www.no-ip.com/tips.php/id/10
You are not obligated to accept mail from networks you don't want to.
Refusing mail from any given netspace is not and never has been an RFC-violation. IN fact RFCs as far back as 1976 put forward the idea of blocking problem networks (Google for "On the junk mail problem" and "Jon Postel")
RFC-i will not list a network for refusing _all_ mail from specific networks/areas of the Internet. They _will_ list for not having a working postmaster box or an autoreply which says the postmaster box isn't read.
This is POLICY and has been discussed on the RFC-i admin list several times.
Because of the latter, AOL already have an RFC-i listing and have done so for over a year. Any attempt to submit them for selectively refusing specific networks will not be accepted.
I can refuse your mail for any reason I want. You can't do jack shit about it. You're not paying me to handle your mail and until you do, your mail travels MY NETWORK at MY DISCRETION.
What part of "their servers, their rules, deal with it" don't you get?
I strongly recommend that as a compensatory measure, non-AOL MTAs be configured to deny all incoming mail from AOL's domain.
Done. Now what's this about AOL blocking DSL users?
Joking aside, AOL has been responsible for more spam to AOL users than anyone else. If they really wanted to cut down on spam to their users, they would use proxy names in their chat rooms and members listings, and only serve up real names by 4bit gifs.
While what they are doing is not unreasonable, it is rather distressing that they would make such a change without any announcement. Such a large change should start with an announcement to the larger community, so that non-spammers have a chance to setup relays for those they want to, well, get mail to. I know several small companies using residential DSL and who will be rather surprised today that their mail servers no longer work for AOL customers.
Spam is a sufficiently ugly issue to warrant a slightly heavy-handed response... Perhaps because nobody I would know personally uses AOL, or perhaps because many people have access to several outgoing SMTP servers, but blocking residential DSL doesn't sound like too bad of an idea.
-C
The ______ Agenda
No it isn't, USE THE EMAIL SERVICE PROVIDED TO YOU FROM YOUR PROVIDER FOR YOUR COMMODITY SERVICE.
Jesus man, is it really that hard to understand? Why can't you simply relay your mail through your provider?
--- I do not moderate.
Nothing says you can't simply use a smarthost (DS) entry on your sendmail config. That's what I do on my machine. That gives me full local control of outgoing mail, while having my ISP's mailserver handle the final delivery.
This gives you all the control you need, while using your ISP's server in the end. It's the way you SHOULD be doing it.
Face it, dialup and cable/DSL endpoints are already blocked by a LOT of ISPs. If anything, AOL is behind the game in this regard. I would've thought that most Slashdotters that were decent mail admins were already using dialup/DSL blacklists on their mailservers.
retrorocket.o not found, launch anyway?
Seriously -- what does your mayor or other elected official have to say about this? You guys really should speak up about it.
Together, we will drive the rats from the tundra.
http://www.aol.com/info/feedback.html
...///...
Don't forget about banning snail mail and e-mail from Nigeria with all those scams about laundering millions from military generals.
Or find the equivalent for whatever mail server you want to run.
The DS entry is your friend.
Read: I run a local mail server to handle all of my family's outgoing mail, but all mail from that machine is relayed to the outside world via my ISP. I have had no problems with getting blocked despite being in a Cablevision OptimumOnline subnet, which is on numerous dialup/DSL/cablemodem endpoint blocklists.
retrorocket.o not found, launch anyway?
I too wonder how AOL determines which IP addresses are dynamically allocated, and which are statically allocated, because business class DSL and cable should be exempt from this policy - those lines usually allow servers.
Easy... static IP addrs generally come from different netblocks that are represented by different IN-ADDR-ARPA dns zones.
Just install Squirrelmail on your box and set her up an account locally that she can access via web browser from anywhere on the internet. Oh yeah, make sure you use https, so passwords and usernames don't get sent in cleartext so your *nix box won't get 0wn3d.
Can someone explain what this guy means? He's the second person to complain that he has static IP #'s dynamically assigned.
Yes, DHCP can be used to assign static IP's to designated hosts. But assuming the static IP is yours, and your ISP hasn't embedded your static IP in a block of dynamic IP #'s, AND that your ISP correctly sets BOTH the A and PTR records (so mylittledomain.com and 202.3.4.125 point at each other) in their DNS.... then "dynamically assigned" shouldn't break a thing.
On my self-hosted DSL mailserver, my only problem was that killdevil.org's IP du jour reverse-lookup'd to 876.dsl.klmz.ameritech.net. A lot of mailhosts hated that (rr.com, ameritech.net).
I have rules in my MTA to block a bunch of mail from DSL users. They bounce with a message telling them to your their ISP servers.
I spent a whole month tagging theses messages from DSL users. ALL of them were spam.
If they are legitimate users, they always can configure their outgoing email to relay from the ISP servers. Spammers won't do that.
Wasn't it one of the Hilter's senior nazi henchmen who said that propaganda has to be simple and it has to be repeated over and over, then anyone will believe it?
...
We lost the definition of the term "hacker" because the media hijacked it and made it synonymous with "cracker".
We have a lame-ass attempt going to try to call viruses "Microsoft Viruses" to form association with the software vendor's name since that's what the virii infect.
Now we need to use propaganda more effectively in this case. We need to get the word out, and repeated often, that AOL is "Censoring All AOL Customers' Emails"
Now repeat after me:
AOL is censoring email
AOL is censoring email
AOL is censoring email
Your royally fucked!
They say this is to block spam, but it's to make everyone use there local ISP mail realy so that they have known places to put carnivore. Take earthlink for example. Won't let you run your own mail server.
Why, 'because if your forced to use their mail-realy, they can run carinvore in one location, and scan a huge number of traffic, that's garenteed to be email.
This strikes me as capping the other end as well. The only way for you to get your email out would be using your ISP's mail relay.
ps.
what happens if your ISP has DSL in it's name...?
No, those are the top 10 domains forged into the From: or Reply-To: headers of your spam.
Look at the IP address in the first Received: line of your spam.
Betcha most of it's from 24.0.0.0/8 (rr.com and other cablemodems), 4.0.0.0/8 (BBN/Genuity/LVLT/dsl-verizon.net or whatever residential broadband slumfest inhabits there this week), 12.0.0.0/8 (attbi.com and more AT&T stuff), or 200.0.0.0/6. (200,201 = South America / LACNIC, mostly DSLuzers, 202,203 = some of China)
Betcha a good chunk of the rest is also from residential broadband in smaller netblocks with cogeco, cogentco, or other rr.com / AOLTW, and/or attbi.com references in the rDNS.
Don't believe me, look it up. Any dictionary of the English language should help you out.
Maybe if the dotcoms could fucking spell they'd still be in business and not be perceived as a bunch of fucking lazy scooter-riders and nerf-shooters with no clue how to build a business plan.
In 'redneck'?
Which reminds me.
Does RH still have redneck as choice of installation language? I just installed two RH9 boxes the other day, but forgot to check.
Bot Assisted Blogging
AOL's (and others') mail blocking practices are opportunities to those that see them. The simple solution is that DSL/Cable/Dial customers should use the outbound SMTP server of their ISP. The ISP usually enforces anti-spam rules on their customers to help protect the ISP from being blacklisted. Sometimes that's not good enough for a customer.
Where there's a will, there's someone willing to pay. A consultant can help a business do the right thing. If you have your own SMTP server on the net, you can configure it to forward mail for your clueless client base and charge them money. If they send spam, you charge them enough money through contract law (and having their credit card number handy) to make it painful for them to do so.
-ez
Spam fighter
Contractions in English are fun:
"You'vn't any mail"
Cheers.
The Official Steve Ballmer Webpage
There could be any number of reasons (each of which may or may not be applicable for any given provider):
There are probably others, but those are the ones I can think of just off the top of my head.
But again, why should I have to pay extra just to use my own equipment? Why should sending email using your own equipment be a "premium service"? I suppose you're going to be telling us next that being able to surf websites the provider doesn't like (for instance, their competition's websites) should also be a "premium service"??
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
my girlfriend tried to send some mail through my server over the weekend and had it bounce. i mail aol and got no respone.
now i know why. blast it all aol, how can you be so stupid?
Then get a dedicated/static IP address and have reverse DNS properly configured on it. That's easy to do, so don't take any bullshit from your provider if they say they can't do it or don't understand what you are talking about. If they can't do that right and still advertise as an internet service, sue them for fraud. Or just work harder at switching ISP. Ever heard of colocating? Of course if you want it cheap, you get what you pay for.
now we need to go OSS in diesel cars
Speakeasy will do reverse DNS. I've come across more than one person who has had it done. Also ask them, if they submit dynamic IP lists, to be sure than your static IP is not included on that list.
now we need to go OSS in diesel cars
This is a good example of what can be done when you choose (or switch to, as the case may be), a good and competent ISP.
now we need to go OSS in diesel cars
Start with one mailserver, exim(my favorite). If the authors of Exim add a feature to encrypt mail being transfered from one mailserver to another, while keeping it an optional extension, then they retain compatibility while adding a neat feature. A mail server could be configured to change "joe hacker " to "joe hacker (real) " or "joe hacker (spoofed) " depending upon whether the originating smtp server's authorization is found and properly identified in the headers of the message, just like a pgp key but for the server rather than the user. Is there any form of server-side pgp or gpg that automatically adds key sigs to user messages and checks incoming sigs? Nearly all of my mail servers users use squirrel mail, and it would be a nice feature to offer.
You can't judge a book by the way it wears its hair.
If there was either a bunch of well documented sample config scripts for sendmail or a sendmail replacement with a much easier config method, I'd love to hear about it...
Non-Linux Penguins ?
Hmm... Nice twist. I like it.
Of course, all of those AOLers who're GPG-signing their mail will get royally pissed at you for invalidating their signatures ;-)
What part of "gestalt" don't you understand?
I check for dozens of users on my mail server, not me personally. In 5 years, I've never received a complaint related to blocking dial up user listings...
(knock on wood)
In my decade of online experience, I've come across some pretty screwed up and completely brainless ideas. ...Just STUPID stuff like spammy ads for child porn or illegal services (why not just ask the FBI to arrest you?) ...sites that have the sole purpose of being so obsessed that it becomes a joke (I hope they were joking) ...and of course the large corperations that do things specifically to LOSE business. Hell, there was that "Windows ME" joke out a few years ago and we REALLY got a good laugh about anybody stupid enough to buy into that.
...Nononono.. sorry.. .. WHAN you have problems using their service, you got a snowball's chance in hell of getting thru to anyone that can actually help you, but if there's a problem with with BILLING... Hell, THEY will call YOU!! ....unless of course it's in regards to OVERbilling.
Then again, I'm not etirely sure it was meant to be a joke, so I'm in the process of learning to use a more reliable O/S that comes from a different company.... anyhow, back to the subject at hand.
AOL is notorious for bad service. Between them and Monoposoft, I get the feeling they're jockeying for position on who's name will become synonymous with "The ultimate worst possible customer service".
They don't care about you... just your money. If you have a problem using their
I like that idea of shunning AOL. They deserve to lose most of their victims...errr, I mean umm... "customers".
I used AOL for a few months many years ago. My grandfather let me 'borrow' his account while he was on vacation, so essentially, I was getting AOL for FREE and i was still getting ripped off!!
Consider me just another commoner in the growing crowd of anti-AOL enthusiasts.
ACe- (who has a cheaper, faster, more reliable, less spammy ISP now)