Slashdot Mirror
AOL Bans Mail From DSL-Hosted Servers
kmself writes "As first reported at linux-elitists by Aaron Sherman, and with a demonstration of the denial at zIWETHEY, AOL has begun blocking mailservers identified with residential DSL lines as an anti-spam measure, apparently heedless of the huge collateral damage this move imposes (and guess who can't send mail to Mom...). This action was unannounced, and has received virtually no coverage, spare an oblique mention at News.com. It also violates SMTP RFCs, as Aaron points out, not to mention the 'good neighbor' conventions of Internet communications. Mail to AOL's postmaster is also bounced -- this is RFC-ignorant.
I strongly recommend that as a compensatory measure, non-AOL MTAs be configured to deny all incoming mail from AOL's domain."
You (don't) have mail!
I thought that was a requirement of having a domain and you can lose the domain if mail is not accepted or read there? I'd have to check the rfc's but wouldn;t that be a thing, someone taking aol's domain from them because they don;t accept mail for postmaster?
dave
I long ago includedevery mail from aol.com, yahoo.com and hotmail.com in my static spam filters. If anybody with such an account wants to mail me, they need to get in touch with some other account (or other means) first so I can add an excemption to them. To date I have three such excemptions total, all on yahoo.com.
I can't very well block them further than I already do, in other words.
Trust the Computer. The Computer is your friend.
Don't worry, I am on AOL. I will send your mom a note.
The United States Postal Service has announced it will stop delivering
any mail from Florida, due to the large number of mail-order scams
originating from that state.
My friend pays for a "static" Ip address on his cable modem to run some private corporate web forums. A few weeks ago, all email notifications from the forums going to anyone hosted at earthlink.net were bouncing - The message is "No email accepted from dynamic IP addresses".
Both AOL and Earthlink have TONS of subscribers.
If they both decide to carry on doing this, there is nothing you can do about it.
Truth is, SMTP sucks. They are only doing this because of all the spam. Yes they are violating RFC's. Too bad...
--jeff++
ipv6 is my vpn
If you want to send mail to AOL you just need to use something different than DSL. No big deal. May I suggest AOL/Time Warner Road Runner Cable Modem Service?
Hermm....
I found out about this issue few months after i got my DSL connected almost a year ago. Used to be I'd use sendmail to send email out, and worked great since I could put my email address (which was defined through a domain name email forward) in the reply-to field. then, one day i get a message from AOL claiming I'm running an open mail relay, or using a "banned" IP. Got me worried a little bit, but I found out the real reason after i got a friend to nmap my box
$cat
If AOL doesn't want to accept your mail, that's their choice. It's their network, and their mail servers. Of course, when AOL customers find that they can't receive any email, AOL might lose business.
Like all other spam blocking attempts, there will be collateral damage. They try to keep their customers happy, and the market decides if they succeeded.
Tarsnap: Online backups for the truly paranoid
It should be pointed out that AOL isn't blocking "All DSL" MTAs but those that have dynamically assigned IP addresses. On one hand, this is a stinky, no-good, rotten thing for them to do. On the other hand, the elitest in me says "go get a real DSL connection if you're going to run your own MTA." :-)
But really, I know it's not an option for some, and this move by AOL is pathetic.
Laugh at stupidity: mod idiots +1 Funny.
If you have DSL you should still use your upstream SMTP server for outgoing mail. About 90% of incoming SPAM on my box originates from Windows boxes on DSL lines with open relays. I've set up exim to ignore all incoming SMTP calls from dsl hosts (*.dsl.*) and also to block hosts without proper reverse-DNS. These 2 simple steps take care in blocking a huuuge quantity of incoming SPAM at the doorstep...It's not fullproof, but it helps a great deal.
-adnans
"In short: just say NO TO DRUGS, and maybe you won't end up like the Hurd people." --Linus Torvalds
Services like Verizon, that use DHCP and/or PPPoE and already have a "no servers" policy? What's the criteria, here??? It will be interesting to see how AOL differentiates "residential" DSL from other types of DSL.
I use SpeakEasy DSL via Covad. This service is technically residential, because my servers are sitting in my house. But I have a legitimate domain, and static IPs on my servers. However, reverse DNS lookups return "dslwww-xxx-yyy-zzz.phl.yadayadayada," NOT my registered domain name.
I just successfully sent myself a test message from my domain mail to my AOL account, so I'm not being blocked yet. I guess I'll start sending a test message once or twice a day to make sure it still works, until AOL clarifies their policy. And if I do get blocked, there's gonna be some hell raised about it. My servers are locked down tight and laways have been. Shutting out all DSL-hosted mailservers to keep out spam is like burning your house down to keep it from being burglarized.
~Philly
The first I noticed it was March 27th (and I don't email my dad @ AOL that often, so it probably happened even before that ...)
... while talking to mailin-03.mx.aol.com.: ... while talking to mailin-04.mx.aol.com.:
The original message was received at Thu, 27 Mar 2003 13:35:36 -0600
from dougmc@localhost
----- Transcript of session follows -----
550-The IP address you're using to connect to AOL is either open to the
550-free relaying of e-mail, is serving as an open proxy, or is a dynamic
550-(residential) IP address. AOL cannot accept further e-mail
550-transactions from your server until either your server is closed to free
550-relaying/proxy, or your ISP removes your IP address from their list of
550-dynamic IP addresses. For additional information, please visit
550 http://postmaster.info.aol.com.
How about if AOL bans all of the e-mail traffic - in and out of their domain? Wouldn't that be great? They could even actually ban telnet, http, and ftp, too. And later all possible ports. In the end, they can even earn some money by selling their edge routers ;-)
iThink iHate iMod
I guess this is sort of like the New York branch post offices not delivering mail from Florida, because that's where a lot of junk mail originates from.
t -commercial-speech protest email.
I have a fairly nasty conspiracy theory on why AOL and Comcast are cooperating on this. By shutting out the innovative do-it-yourselfers on the Internet from their network, they squelch potential competition from their "value-added" services.
The next step might be to block web servers that don't originate from big corporate server farms. After all, who knows what could be on those independent things but kiddy porn and terrorist training instructions?
The irony is that the great mass of obtrusive commercialism on the Internet originates on the corporate, big-player side. AOL was the innovator in turning the WWW into a virtual shopping mall.
You would like to think, however that this will backfire on them, as customers look to alternatives to their increasingly sanitized pseudo-Internet network.
And how does one fool their IP filters anyway? It makes one want to "spam" everyone of AOL's customers with a protected-from-legal-prohibition-because-it-is-no
evanchik.net
As a network engineer of a DSL and T1 only ISP (we have dialup but only for traveling DSL/T1 customers) I can let you know that this will probably stop oodles of spam.
The latest spammer tactic is not to seek out open relays, but open windows proxies, and from there they can initial outbound SMTP connections to legit SMTP servers and send spam.
Already a large number of dialup providers will only allow you to send through their mail server, and a larger number of ISPs user the DUN RBL to block email directly from dialup pools.
This is just more of the same. Your ISP should provide you with SMTP service, use them as a smart host even if you're running your own SMTP server, so it'll offload the requeing/etc from your box to theirs.
DSL and Cable are the new dialup, and should be treated as such, a place where the majority of the customers are clueless idiots who ruin the party for the smart people.
Several ISPs are starting to scan mail servers sending them mail for open proxy/open relay before accepting the mails, expect to see this practive and AOL's solution spread to most ISPs in the near future.
If you want to run a real mail server, perhaps you should get a real internet conenction, like Colocation or T1.
Please send all UCE to scally@devolution.com so I can f
Slashdot's RFC-ignorant too.. Bounces abuse@ emails.
I'd expect users of RBLs (see http://www.spews.org) and certainly the denizens of NANAE to argue that they have the right to refuse to receive email from anyone, for any reason, since that mailserver is private property.
It can be used in ways you like (refusing emails from Verizon's corporate HQ because they refuse to kick their spammers) or in ways you don't like (making it more difficult to send outgoing mail), but I don't see how you can reasonably kick and scream against one and not the other.
Actually, several providers have been refusing email from dial-up pools for a year or more, which is what caused me to decide that I would need to send outbound email through my ISP. IIRC, attbi refused email from my server on my ISDN line over a year ago.
The solution isn't difficult - go dig around on your ISP's website (or call them) and figure out the mailserver that you'd be using if you WEREN'T running your own MTA. Set your mail server to relay outbound emails through them. (See your man pages - it isn't difficult.) There's NO way your ISP's mailserver is going to refuse to accept your email, since if they did, no one not running an MTA could get email out. Sure, you'll have an extra line of headers in your outbound email, but it doesn't seem like such a big deal. Was the location of your mail server a secret anyway?
Of course, if your ISP is a notorious hoster of spammers, you're going to need to find a new ISP. You didn't really want to support those spammers anyway, did you?
I run my own mail server on a "business DSL" connection with a static IP address, but it runs to my home and I doubt there is any genuine distinction between "residential" and "business" DSL lines. I run my own server, of course, so that I can have a fairly powerful set of spam filters at the server side, in addition to a complex set of client-side spam filters -- all because I receive hundreds of spam emails per day, including dozens that I can identify as coming from AOL-owned servers.
I assume that AOL has only disabled receipt of email from DSL lines, and continues to send its customers' spam to folks like me. It's hard to know, since my filters already reject more than 98% of incoming email delivery attempts.
Let's at least try to be fair to AOL: they are just like the rest of us, forced to seek out triage solutions to the increasingly aggressive strategies used by spammers. Until a new structure is widely adopted for exchange of email (something that allows for true source verification and financial compensation for abuse), triage is the only solution that will work. Hence I block nearly all email from earthlink servers and customers, as well as juno.com and HUNDREDs of other domain names and IP addresses.
-- http://www.MarkWelch.com/ Pleasanton California
The United States Postal Service has announced it will stop delivering
any mail from Florida, due to the large number of mail-order scams originating from that state
Don't laugh too hard on that one, there are schemes in place of trying to privatize and eliminate the whole of the US mail system including first class postage. While it might be neat to have all your mail sent by one company like UPS and while the post office does need to get its act together ASAP, my concern is that rural areas would by stuck with only one greedy private company as their only means of communication (thus making it expensive to send or recieve mail at all). Remember, the postal system in the US is a time-honored tradition that has been the envy and model for the rest of the planet. It is also in good working order, thus if AOL chooses not to accept e-mail anymore, why not just bombard them with snail mail? We could also return their bloody disks right back to them while we're at it. Maybe after they get several hundred thousand they'll get the hint.
And if you think the AOL-Time-Warner lawyers will allow their most lucrative domain to be taken from them then I have to disagree. I figure they've already got a loophole in the fine print somewhere that is as easily exploited as the pictures of children for those old Sally Struthers commercials (the ones where the kids keep starving but she kept growing). There hsa to be some reason behind this that is not yet shared, hopefully their decision has a more rational basis than some of the arguments for privatizing the US postal system.
As long as there is a Second Amendment, there will always be a First Amendment.
50% of the spam I receives has an odd number of letters in the domain name,
but I wouldn't consider filtering based on that.
A 70% false negative rate is pretty meaningless without knowing the false positive rate as well.
What percentage of your non-spam email comes from dsl ip's?
Sounds like a load of claptrap to me.
Care to cite an RFC that suggests such a thing?
How about a good network reason why email should be relayed instead of sent directly?
-- this is not a
How to post a negative AOL reply on Slashdot.org just like a veteran /.er.
1. Start off by naming the previous number of times AOL has done something you dislike, noting that this particular incident is "the worst yet."
2. State your greivances about the topic. Explain, in near-irrevelant detail, how this will negatively effect you and others.
3. Throw random arguments in about how non-AOL services are far superior to AOL services.
4. Also imply that anyone who still uses AOL must be of inferior intellect that yourself.
5. Notate the sudden revelation that you don't use the services of AOL (in fact, can't recall any time at which you did use AOL) and, if you did, you and anyone else using AOL probably deserves the a forehand mentioned greviance and whatever similar issues they get.
6. Close with witty remark about poor service and/or "AOHell" reference and offer cliche signature of either "Step 1. AOL reference, Step 2. (blank), 3. Profit!" or "All your base..." adaption.
IN RUSSIA, AVERAGE AOL REPLY WRITES YOU!
Yeah...because when a big corporation does something wrong, we should exact revenge upon all of its customers.
That's very mature. Particularly in the case of AOL, which services the vast majority of under-educated internet users. You'll fuck up all of their personal email communications, and they won't have the first clue why.
Brilliant solution.
crib
Please don't read my journal
There has to be some other underlying reason to move to block e-mail for this one group of internet users,
<tin-foil-hat>Does any part of AOLTW compete with DSL, like umm cable modems maybe? </tin-foil-hat>
Best. Comment. Ever. Enjoy!
If I did that, I'd be accused of spamming by my ISP, since I run a VERY high volume mailing list. We have approximately 12 lists; the bigest list has 1,500 subscribers and gets about 100 emails a DAY. We have another major list that's about 500 people and similar volume.
About 90% of incoming SPAM on my box originates from Windows boxes on DSL lines with open relays.
99% of MY spam comes from chinese and eastern european ISPs that don't give a crap what people do with their internet connections. The solution is not blacklisting DSL and cable connections(because, among other things, it's not easy to switch, unlike dialup.) The solution is cutting off bad ISPs from backbones...but that's not likely to happen any time soon, because the backbone providers don't give a crap- every packet is money in their pocket, regardless of what kind of packet it is.
And guess what? If you are getting lots of spam from DSL/Cable users, it's really easy to solve. Report it. If there's a report of spam, the ISP disconnects the customer until they fix it. Imagine how fast people will learn to keep their machine clean if their internet connection goes down. ISPs will whine about the work, but, gee, that's like the gas station attendant whining about having to give directions to people all the time. Comes with the territory, bub.
It's ignorant people like you(who think "since -I- don't need to send mail directly, neither does anyone else!") that cause people like me grief.
We get next to NO money from subscribers to pay for costs- $5 donations here and there. DSL and Cable offer a nice, cheap way to host a mailing list, or a webboard; we don't use very much bandwidth at all, and occasional hiccups aren't a problem, especially given the design of SMTP; if at first you don't succeed, try, try, again. Commercial DSL is just less down bandwidth, slightly more up bandwidth, a 'real' static IP instead of a DHCP-assigned address that basically never changes...and a HELL of a lot more expensive. Oh, and instead of telling you to go screw yourself when you scream at them for your line being down, they -politely- tell you there's nothing they can do(and, by the way, -please- go screw yourself.)
Luckily, we're sucking bandwidth off a hosting company that has graciously allowed the box to sit off their network- but if they tank, we'll be screwed- commercial hosting runs about $90+ or more, and our box isn't rackmountable, so there's another $25-50/mo.
Slowly but surely, the media companies are doing their best to squeeze out other sources of competition- the little guys. Check your Terms of Service/Acceptable Use Policy. My home connection(ATTBI, now Comcast) has banned "messageboards and mailing lists" for years, along with FTP, web, mail, IRC...and specifically states it's an "entertainment service", and I am a "consumer" of that service- ie, sit down, shut up, and be a good little consumer of mass web media. How dare you produce your OWN media...
Please help metamoderate.
Having zero background information on this topic, I am prepared to make an indignant response to AOL's clear violation of YOUR RIGHTS ONLINE! AOL has blatantly violated YOUR RIGHTS ONLINE by deciding not to accept mail from dial-up and residential DSL IP addresses! Dammit, I am sick and tired of providers who think they have the right to do what they want with servers and pipes that they pay for! They are obviously violating my right to free speech by censoring me with their heavyhanded spam-fighting measures! They are probably going to use the DMCA to defend this decision! My guess is the RIAA is behind all this! If we don't all get up in arms about this blatant violation of YOUR RIGHTS ONLINE, next thing you know there will be an AOL camera in your TOASTER OVEN! You will have to ask AOL permission to GO TO THE BATHROOM!
There is no way to Spam from AOL/Yahoo or Hotmail. It's physically impossible for a common user to do it.
What is possible to do to forge a 'from' address in an email header. Look again at the emails you have in your spam bucket and look at the recived-from: header. I'll bet you $100 they didn't come from anywhere with a '.yahoo.com' at the end.
autopr0n is like, down and stuff.
I hadn't considered that, but they've got a $1 billion interest in just that area.
What part of "gestalt" don't you understand?
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
My ISP has not shown that its servers are reliable. I like to be able to use mailq to see what's backed up. I'd also like to be able to use my own mailer's parameters for bounces. There's lots of reasons to prefer to use your own mailer instead of your ISP's, even if you technically could use your ISP's. But now, you'll want to relay through your ISP for all the mail that AOL won't accept, while sticking to your own SMTP services for everything else. That's what this document is for.
I encourage people to write corresponding documents for other MTAs. Also, some people can only send mail through their ISP with their ISP-assigned username. It's possible to configure sendmail to adapt AOL-bound mail to have the ISP-assigned sender. That is not discussed in this document; email me if you need it, and I'll write a followup post.
HOWTO: Configuring Sendmail to use your ISP's relay for AOL
This uses the sendmail mailertable feature. The mailertable feature allows you to specify the mailer and relay parameters for individual domains. That's exactly what we need here.
Remember that some ISPs may require you to use your ISP-assigned email address to relay through them. This won't help with that, but there's easy solutions for it. (This sort of thing is where Sendmail rocks.) Email me if you need it, and I'll post a followup.
But having your own SMTP server doesn't provide any functionality that you can't get from Comcast at base price anyway.
Actually, it provides three bits of functionality:
This move by AOL is a good thing.
No, actually, it's a fucking bad thing. But you won't realize it until the day that you want to send your friend on MSN email but can't, and neither of you can talk to your parents who are on AOLMail, both of which are playing games to close their protocols to make sure that GnuMail can't play.
Providing an open replacement for SMTP that has the authentication and accountability that SMTP is sorely lacking would be a good thing. Segregating the Internet address space into ghettoes is not.
30% of the spam that comes in to our mailserver is from residential dsl ip's.
Yet another reason to choose Speakeasy. I have a static IP and I am not blocked by AOL (already tried).
LedgerSMB: Open source Accounting/ERP
My MTAs have been set up to blackhole AOL mail (on a whitelist basis) since about 1997 or 98 :-). I had almost forgotten... At that time, I was getting a heap of spam from their domains, and as I'm in Australia and AOL doesn't have a significant coverage here it's pretty safe from false positives.
Never invited 15 friends to a barbeque?
Never tried to announce a new baby to more than 10 people?
Never sent out "I'm moving, my new snail mail address is..."?
I guess if you don't have more than 10 friends, you'd never need to bcc more than 10 people. But if that's the case, I feel sorry for you.
Let me preface this with a disclaimer. I worked in AOL's mail and anti-spam groups for 5 years, ending back about a 2 years ago. I still keep in touch with the people back there, and I have a good idea what's up, as I still work in the anti-spam 'industry'.
Not that anyone will see this, as it's on the second page of comments...
A massive percentage of spam (well over 50%) comes from compromised windows boxes running either trojan software to open ports for spammers to proxy through, software like AnalogX that does the same, or just users who somehow manage to set up a proxy that's open to the world. There's also a big problem with a LOT of the DSL hardware on the market, that allows people to proxy through it transparently, via use of a security hole. Check Bugtraq if you want to find details.
These broadband connections are where the spammers are headed for anonymity. Yeah, sure, there's still a bunch of big-time professional spammers out there who spam away from their often-moving netblocks. That bunch isn't so hard to keep up with.
There's also the problem of Klez and other SMTP aware worms that busily want to send you lots of infected mail. Sure, *nix users don't really care about that, but companies like AOL, with a crapload of less-than-savvy users have to.
It's been this way for 56k dialups for about 3 years or so... but the noise about that only lasted a few weeks, much like this will. If your DSL company can't support your needs, vote with your feet! Switch your service to one that can. If Verizon can offer you service, you can pretty much bet that Covad can too.
(shameless plug: Check out lmi.net for that stuff.. small companies make for better service, and if you need the medium-sized company feel, go with Speakeasy.)
So what if you have a contract... if they can't get your mail to AOL with the right domain, it sounds like grounds to break it to me. =)
IMO too much time is spent ranting about how Tha Man is keeping the $30/mo broadband user down by not allowing the minority who know how to run a secure server to use their residential line as a commercial line. We should be putting a hell of a lot more energy bitching about the masses of clueless users who randomly click on any email attachment they get, setup their P2P apps in slut-mode, and otherwise connect to the Internet in such a way that they become:
- just another hop for viruses to propagate through
- just another misconfigured AnalogX proxy or Lovgate infected SMTP/NNTP open relay
- just another DDoS drone host
Its sad, but the majority of broadband users have forced this action. If people understood the concepts of due diligence and responsibility we wouldn't have David Ritz and others spending huge amounts of time battling USENET spam, ISPs getting slammed with DoS all the time (and I mean that litterally), and spam gangs doing automated scans of broadband networks for open relays so they can spread their email polution.Its a myth that spam only comes from networks in Asia that don't give a damn. It comes from Ma and Pa's Windows 98 box that got infected with one of several variants of Lovgate and helps spam the planet, all from their speedy little DSL/cable connection.
Before the /. community jumps down AOL's throat at this carpet-bomb tactic, we need to realize that it is a business response to the realities of security on broadband networks. If users took responsibility for their connections and had good firewalls, anti-virus and intelligent email practices then this problem probably wouldn't exist.
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'