Slashdot Mirror
AOL Bans Mail From DSL-Hosted Servers
kmself writes "As first reported at linux-elitists by Aaron Sherman, and with a demonstration of the denial at zIWETHEY, AOL has begun blocking mailservers identified with residential DSL lines as an anti-spam measure, apparently heedless of the huge collateral damage this move imposes (and guess who can't send mail to Mom...). This action was unannounced, and has received virtually no coverage, spare an oblique mention at News.com. It also violates SMTP RFCs, as Aaron points out, not to mention the 'good neighbor' conventions of Internet communications. Mail to AOL's postmaster is also bounced -- this is RFC-ignorant.
I strongly recommend that as a compensatory measure, non-AOL MTAs be configured to deny all incoming mail from AOL's domain."
I recently setup SMTP on my linux box (just for the fun of it). One of my friends has a hotmail account. I very quickly discovered that hotmail is refusing connections from my linux box (on a cable network). I very quickly told Postfix to send any hotmail bound email to my ISP's SMTP server. My friend got the email so... that may be an easy workaround for AOL as well.
If you have DSL you should still use your upstream SMTP server for outgoing mail. About 90% of incoming SPAM on my box originates from Windows boxes on DSL lines with open relays. I've set up exim to ignore all incoming SMTP calls from dsl hosts (*.dsl.*) and also to block hosts without proper reverse-DNS. These 2 simple steps take care in blocking a huuuge quantity of incoming SPAM at the doorstep...It's not fullproof, but it helps a great deal.
-adnans
"In short: just say NO TO DRUGS, and maybe you won't end up like the Hurd people." --Linus Torvalds
The first I noticed it was March 27th (and I don't email my dad @ AOL that often, so it probably happened even before that ...)
... while talking to mailin-03.mx.aol.com.: ... while talking to mailin-04.mx.aol.com.:
The original message was received at Thu, 27 Mar 2003 13:35:36 -0600
from dougmc@localhost
----- Transcript of session follows -----
550-The IP address you're using to connect to AOL is either open to the
550-free relaying of e-mail, is serving as an open proxy, or is a dynamic
550-(residential) IP address. AOL cannot accept further e-mail
550-transactions from your server until either your server is closed to free
550-relaying/proxy, or your ISP removes your IP address from their list of
550-dynamic IP addresses. For additional information, please visit
550 http://postmaster.info.aol.com.
Read about The September that never ended !
No, all you need to do is use your ISP provided mail server, or use an alternative mail server not hosted on your DSL line.
After seeing the umpteenth email stroll into my mailbox that was either a spam or a virus, I applaud the move. Virtually every consumer DSL or cable provider have a "no server" clause in their ToS anyway, so this shouldn't be all that big of a deal. The original poster sounds like sour grapes because he can't use what he shouldn't be using to transmit mail anyway.
However, as the original post referenced in the submission noted, I too wonder how AOL determines which IP addresses are dynamically allocated, and which are statically allocated, because business class DSL and cable should be exempt from this policy - those lines usually allow servers.
As a network engineer of a DSL and T1 only ISP (we have dialup but only for traveling DSL/T1 customers) I can let you know that this will probably stop oodles of spam.
The latest spammer tactic is not to seek out open relays, but open windows proxies, and from there they can initial outbound SMTP connections to legit SMTP servers and send spam.
Already a large number of dialup providers will only allow you to send through their mail server, and a larger number of ISPs user the DUN RBL to block email directly from dialup pools.
This is just more of the same. Your ISP should provide you with SMTP service, use them as a smart host even if you're running your own SMTP server, so it'll offload the requeing/etc from your box to theirs.
DSL and Cable are the new dialup, and should be treated as such, a place where the majority of the customers are clueless idiots who ruin the party for the smart people.
Several ISPs are starting to scan mail servers sending them mail for open proxy/open relay before accepting the mails, expect to see this practive and AOL's solution spread to most ISPs in the near future.
If you want to run a real mail server, perhaps you should get a real internet conenction, like Colocation or T1.
Please send all UCE to scally@devolution.com so I can f
It would seem they have added blocking to all dynamic IP senders. ISP's submit these blocks willingly if your ISP put you on the list of dynamic IP have a talk with them NOT AOL. Not all ISP's submit to these lists. Generaly the best thing to do is to have your sendmail use your ISP's mailserver as a smart relay it gets rid of the issues.
:) It's jsut way to easy and fast to get DSL, cable modem, or dial up and start sending email dialup especialy. These people cause serious ammounts of grief to the ISP's that end up with them.
Now as to why people with dynamic IP's are responcible for a VAST ammount of spam (per my spamfilters and thats for over a quarter million domains and no I dont have pretty graphs
No sir I dont like it.
They do this. TCP/IP only account with unlimited access is available for $10.
I'd expect users of RBLs (see http://www.spews.org) and certainly the denizens of NANAE to argue that they have the right to refuse to receive email from anyone, for any reason, since that mailserver is private property.
It can be used in ways you like (refusing emails from Verizon's corporate HQ because they refuse to kick their spammers) or in ways you don't like (making it more difficult to send outgoing mail), but I don't see how you can reasonably kick and scream against one and not the other.
Actually, several providers have been refusing email from dial-up pools for a year or more, which is what caused me to decide that I would need to send outbound email through my ISP. IIRC, attbi refused email from my server on my ISDN line over a year ago.
The solution isn't difficult - go dig around on your ISP's website (or call them) and figure out the mailserver that you'd be using if you WEREN'T running your own MTA. Set your mail server to relay outbound emails through them. (See your man pages - it isn't difficult.) There's NO way your ISP's mailserver is going to refuse to accept your email, since if they did, no one not running an MTA could get email out. Sure, you'll have an extra line of headers in your outbound email, but it doesn't seem like such a big deal. Was the location of your mail server a secret anyway?
Of course, if your ISP is a notorious hoster of spammers, you're going to need to find a new ISP. You didn't really want to support those spammers anyway, did you?
I saw this problem a while ago with Verizon corporate. I finally had to set up my sendmail to relay through my DSL providers mail server.
To do this with sendmail use DSoutgoing.isp.net
If you need to authenticate you need to set up a default-auth-info file.
This has made mail delivery far more reliable.
UNIX? They're not even circumcised! Savages!
I've had a few, but in the main, you are correct in saying not much spam comes from aol.com. However, an awful lot of spam *claims* to come from aol.com, even when it actually originates in China, Korea, or some spamhaus in the USA/EU. For this reason refusing mail from aol.com and others may give exceedingly good results with low enough colateral damage to be bearable for some home mail server operators.
UNIX? They're not even circumcised! Savages!
550-The IP address you're using to connect to AOL is either open to the 550-free relaying of e-mail, is serving as an open proxy, or is a dynamic 550-(residential) IP address. AOL cannot accept further e-mail 550-transactions from your server until either your server is closed to free 550-relaying/proxy, or your ISP removes your IP address from their list of 550-dynamic IP addresses. For additional information, please visit 550 http://postmaster.info.aol.com. Comcast IPs are now blocked also. (That's cable!)
Check here.
"Trusting every aspect of our lives to a giant computer was the smartest thing we ever did.." Homer Simpson
You do know that you can run spamassassin without running a mailserver.
Well, now you do, anyway.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
If I did that, I'd be accused of spamming by my ISP, since I run a VERY high volume mailing list. We have approximately 12 lists; the bigest list has 1,500 subscribers and gets about 100 emails a DAY. We have another major list that's about 500 people and similar volume.
About 90% of incoming SPAM on my box originates from Windows boxes on DSL lines with open relays.
99% of MY spam comes from chinese and eastern european ISPs that don't give a crap what people do with their internet connections. The solution is not blacklisting DSL and cable connections(because, among other things, it's not easy to switch, unlike dialup.) The solution is cutting off bad ISPs from backbones...but that's not likely to happen any time soon, because the backbone providers don't give a crap- every packet is money in their pocket, regardless of what kind of packet it is.
And guess what? If you are getting lots of spam from DSL/Cable users, it's really easy to solve. Report it. If there's a report of spam, the ISP disconnects the customer until they fix it. Imagine how fast people will learn to keep their machine clean if their internet connection goes down. ISPs will whine about the work, but, gee, that's like the gas station attendant whining about having to give directions to people all the time. Comes with the territory, bub.
It's ignorant people like you(who think "since -I- don't need to send mail directly, neither does anyone else!") that cause people like me grief.
We get next to NO money from subscribers to pay for costs- $5 donations here and there. DSL and Cable offer a nice, cheap way to host a mailing list, or a webboard; we don't use very much bandwidth at all, and occasional hiccups aren't a problem, especially given the design of SMTP; if at first you don't succeed, try, try, again. Commercial DSL is just less down bandwidth, slightly more up bandwidth, a 'real' static IP instead of a DHCP-assigned address that basically never changes...and a HELL of a lot more expensive. Oh, and instead of telling you to go screw yourself when you scream at them for your line being down, they -politely- tell you there's nothing they can do(and, by the way, -please- go screw yourself.)
Luckily, we're sucking bandwidth off a hosting company that has graciously allowed the box to sit off their network- but if they tank, we'll be screwed- commercial hosting runs about $90+ or more, and our box isn't rackmountable, so there's another $25-50/mo.
Slowly but surely, the media companies are doing their best to squeeze out other sources of competition- the little guys. Check your Terms of Service/Acceptable Use Policy. My home connection(ATTBI, now Comcast) has banned "messageboards and mailing lists" for years, along with FTP, web, mail, IRC...and specifically states it's an "entertainment service", and I am a "consumer" of that service- ie, sit down, shut up, and be a good little consumer of mass web media. How dare you produce your OWN media...
Please help metamoderate.
There is no way to Spam from AOL/Yahoo or Hotmail. It's physically impossible for a common user to do it.
What is possible to do to forge a 'from' address in an email header. Look again at the emails you have in your spam bucket and look at the recived-from: header. I'll bet you $100 they didn't come from anywhere with a '.yahoo.com' at the end.
autopr0n is like, down and stuff.
I hadn't considered that, but they've got a $1 billion interest in just that area.
What part of "gestalt" don't you understand?
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Try sending 2 oz letter 3500 miles for $0.36
.37 + .23 each additional oz.
US Mail is
My ISP has not shown that its servers are reliable. I like to be able to use mailq to see what's backed up. I'd also like to be able to use my own mailer's parameters for bounces. There's lots of reasons to prefer to use your own mailer instead of your ISP's, even if you technically could use your ISP's. But now, you'll want to relay through your ISP for all the mail that AOL won't accept, while sticking to your own SMTP services for everything else. That's what this document is for.
I encourage people to write corresponding documents for other MTAs. Also, some people can only send mail through their ISP with their ISP-assigned username. It's possible to configure sendmail to adapt AOL-bound mail to have the ISP-assigned sender. That is not discussed in this document; email me if you need it, and I'll write a followup post.
HOWTO: Configuring Sendmail to use your ISP's relay for AOL
This uses the sendmail mailertable feature. The mailertable feature allows you to specify the mailer and relay parameters for individual domains. That's exactly what we need here.
Remember that some ISPs may require you to use your ISP-assigned email address to relay through them. This won't help with that, but there's easy solutions for it. (This sort of thing is where Sendmail rocks.) Email me if you need it, and I'll post a followup.
Why does the USPS need to get it's act together? you cite that our already privatzed postal service is the envy of the world, but why say it needs to get its act together? They are efficient, statistically reliable (anecdotes about US mail getting lost are mere, well, anecdotes) and very cheap. 37 cents for a first class letter? 2-3 day express mail is comprable to UPS and Fedex in speed and reliability and waaaaaaay cheaper. Of course, Fedex is a bit safer for overnighting and UPS cuts great deals, but as far as a post office system goes, the USPS 0wnz3rs.
BTW, did you know that the USPS does not take taxpayer money? Not a cent.
And frankly our postal system is a bargain. Try sending 2 oz letter 3500 miles for $0.36 in any other country in the world.
48 cents in Canada, which is about 31 US cents at current exchange rates.
Try again.
If you're a zombie and you know it, bite your friend!
Let me just point out a few things:
1) Although I've never used my ISP's mailservers for outgoing mail, my friends have -- and mail is constantly lost, or delivered hours late.
2) Likewise, my ISP's incoming mail servers are frequently down, losing mail, and full of spam (the address was either harvested or sold, I don't know which. I have evidence of it, but that's another thread). A couple of my own local accounts suffer from spam as well, but I managed to install Spamassassin, which must be too difficult for my ISP.
3) Privacy is a concern with me, and I'd prefer to handle mail transactions myself.
4) I like the reassurance of looking through my Sendmail logs, knowing that an important message was delivered, and if it wasn't, the reason why.
5) Although this is unrelated, my friends often complain of outages when my service is fine. The reason? My ISP's DNS servers are constantly screwed up, yet I run my own.
6) I run majodomo to host a small mailing list of 20 of so members (that moves perhaps 500 messages a month); that's not enough traffic to justify having it hosted somewhere else, and Yahoogroups butchers messages with advertisements. Luckily none of its members use AOL.
7) I check my mail logs often (to make sure nothing unordinary is going on), and do not allow relaying.
Many of us run mail servers simply because our ISPs are unreliable. Many ISPs can't even host a measly 5mb of web space adequately, so I feel weary letting them handle important E-Mails. I wish Speakeasy was available in my area, it would be a no-brainer switch.
You've probably heard the saying, "tolerating excesses in order to preserve freedoms." Well, Spam is an excess -- a very horrible excess. At the same time, enough people use home mail servers for justifiable reasons that outlawing them, or blocking mail from them isn't a logical decision.
And besides, there's other ways to prevent spam without making anyone unhappy. Spamassassin, once configured correctly, nails just about all spam. My university filters spam on my POP account, and I receive maybe one (if that) a month; couple that with Mail App's built in filtering and I haven't actually seen a Spam message in months. The best way to get rid of spammers is to implement solutions that make their efforts ineffective on ANY level, not just by killing off one of their hundreds of other options (AOL's method).
This site lists Korean and Chinese netblocks.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
"Yes, but have they told their subscribers?"
Of course not. In fact, they're downright lying about it.
I've got a free AOL account at the moment, and your question prompted me to go check out the "mail controls" that entails. I've found an option to "allow all email to be delivered to this screen name." This translates to "allow e-mail from all AOL members, e-mail addresses, and domains." (emphasis mine.) This is the default setting.
Does that mean this account is still affected by this email blockage? They're apparently blocking it at the SMTP level, not just failing to deliver it, so, Yep! It sure is.
It's worse. Here are the ways that I know AOL is violating RFCs for valid mail traffic:
1. Mail bound for postmaster@aol.com is not accepted.
2. They issue a 550 response before the client has a chance to issue a greeting. There are two allowed responses at that point: 554 and 220. 550 is right out.
3. They disconnect before the client issues a "QUIT" command or times out. Also bogus.
AOL is playing a game of chicken here to see how much of the net will blacklist them for breaking the RFCs. Once they smell blood in the water because not enough sites care, they can pretty much start writing their own book....
Let me preface this with a disclaimer. I worked in AOL's mail and anti-spam groups for 5 years, ending back about a 2 years ago. I still keep in touch with the people back there, and I have a good idea what's up, as I still work in the anti-spam 'industry'.
Not that anyone will see this, as it's on the second page of comments...
A massive percentage of spam (well over 50%) comes from compromised windows boxes running either trojan software to open ports for spammers to proxy through, software like AnalogX that does the same, or just users who somehow manage to set up a proxy that's open to the world. There's also a big problem with a LOT of the DSL hardware on the market, that allows people to proxy through it transparently, via use of a security hole. Check Bugtraq if you want to find details.
These broadband connections are where the spammers are headed for anonymity. Yeah, sure, there's still a bunch of big-time professional spammers out there who spam away from their often-moving netblocks. That bunch isn't so hard to keep up with.
There's also the problem of Klez and other SMTP aware worms that busily want to send you lots of infected mail. Sure, *nix users don't really care about that, but companies like AOL, with a crapload of less-than-savvy users have to.
It's been this way for 56k dialups for about 3 years or so... but the noise about that only lasted a few weeks, much like this will. If your DSL company can't support your needs, vote with your feet! Switch your service to one that can. If Verizon can offer you service, you can pretty much bet that Covad can too.
(shameless plug: Check out lmi.net for that stuff.. small companies make for better service, and if you need the medium-sized company feel, go with Speakeasy.)
So what if you have a contract... if they can't get your mail to AOL with the right domain, it sounds like grounds to break it to me. =)
It covers other countries too, as well as some ISPs (including certain ones that don't give a damn like wannadoo and interbusiness.it)
AOL is also their own registrar, so it's pretty much impossible for them to ever lose their domain. =)
Arrgh. RFC821 is way out of date...should have been looking at RFC 2821. But looking at that only seems to strengthen my case:
(implying that if you receive email from a host, that host should either be a mail exchanger for the sender's domain, or the originating host itself)
and
Basically, it looks like the use of source routes is deprecated, and the only situation in which the source route will not be the sender is when it's null -- which should generally only happen when the message is a bounce message of some sort. I'd say in that case it would be acceptable to check the From: line using the same heuristics, even though the RFC says that the SMTP relay should never examine mail headers.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
You don't need to set up a mail server to be talking SMTP directly, it is an entirely valid way for a mail client to deliver mail.
You also don't need to set anything up if you're using Unix, sendmail often comes configured in send-only mode.
It is particularly useful if you have a laptop and connect to the net from various places at different times, and don't want to figure out a valid relay at each place separately.
As far as I understand this is not about AOL blocking AOL residential accounts from sending mail directly via SMTP, either, but AOL blocking users of any ISPs that are known to be residential from sending mail directly via SMTP to AOL.
I grew up in a town of 231 people. Mail was delivered in town up and down main street only. Not a problem. All the mailboxes for everyone in town were placed on main street in order. If you don't want to do that then you get a PO Box down town. They also run rural routes. They are required to service your mailbox if it is within 1/2 mile of the next nearest mailbox.