Slashdot Mirror
AOL Blocks 2 Billion Spam/Day
T_moz writes "According to this article
AOL has blocked over two billion (2000000000) SPAM emails in one day!"
This figure is 70-80% of all mail incoming to AOL users. Utterly insane. Unfortunately, all this blocking means spammers will just send more mail to make
up for it until a real solution is found.
About 80% of all my incoming mail is spam.
And why aren't there any comments on this story?
Why are there no responses?
2bn! wow - if, they only had a dollar for each one blocked, they would almost be profitable again.
No wonder I can't get any help with my nigerian bank account problems!
I know I've tried to send several LEGIT mails off my linux server hosted on comcast's network and have bounced every time.
Fuckers.
weird, why has no one posted
Wow, the filters are sooo good they blocked all the comments to this story.
Execute a spammer. It's clean, it's quick, and it's efficient. Desperate times call for desperate measures.
See if people will keep sending unsolicited email then. Matt Groening had it right with Futurama.
Computer: "You've got mail!"
Leela: (Groans)
Computer: "It's not spam!"
Leela: Ohhh
"It takes many nails to build a crib, but one screw to fill it."
.. what AOL should be doing is including penis enlargement gel packs when they mail out their CDs. After a few months when everyone is walking around with John Holmes type girth, the spammers will stop their barrage of penis enlargement emails, thus reducing spam by at least 50%.
Another good side effect is that the average size of the hand will also be enlarged, thus requiring bigger gloves, thus again which will fuel the economy thus stopping the recession.
Live web cams
Wow, talk about those mystery articles from the future. Or the past, whatever the case may be.
The scary part is that there are probably another billion left to filter out.
Now, if I could only stop these assholes who send me unwanted CD-Rom's to my home 3 times a month...
Maybe the solution is to stop blocking spam. If users received the 4,000 emails of spam a day that they would get w/o spam blocking instead of 40, it would turn an annoyance into something that is totally unacceptable. It would be interesting to see what the public would do in such a situation. In other words, that kind of dissatisfaction might force true change.
just looking at AOL's numbers, the claim that there are only 180 'problem spammers' starts to lose credibility
2 Billion emails divided by 180 spammers equals approx 11 millions emails per spammer per day *just to AOL alone*.
Unless the 'problem spammers' that were alluded to a few days ago are the ones that make it through the blockers, the 2 billion spams are from several thousand 'non problem spammers' (Is there such a thing?)
Real SUV's don't have cupholders
It's 5:42 A.M., do you know where your stack pointer is?
this huge amount of spam makes me think of all the people who are walking around with penises 1-3 inches shorter than they could be. makes me feel better, when I look down and smile about my inability to set up an effective spam filter.
Most AOL users I know still see at least 15 spam messages per day... bad, when most of them only get 1 or 2 legitimate messages a day.
I'll wager that a fairly significant portion of that blocked mail is wanted by the recipients. I know that we get many calls when our AOL recipients don't recieve their expected daily/weekly newsletters.
The only ``intuitive'' interface is the nipple. After that, it's all learned.
AOL has blocked over two billion (2000000000) SPAM emails in one day!
So their outbound mail servers went down that day?
d
Funny how nobody ever mentions the false positive and false negative rates in these stories.
.sig
If AOL has a false positive rate of 0.01%,
That means over 200,000 incorrectly blocked emails per day.
If they have a false negative rate of 1%,
That means over 20,000,000 spams got through.
2 billion sounds like a big number, but it's still only 10-30 spams for the typical AOL user.
-- this is not a
Since many spam (or appears to) comes from AOL, all they have to do is disconnect themselves from themselves...
Considering I still get about 80 spams a day, I'm not that impressed with AOL's efforts.
100% Insightful
I can't compete with 2bil., but here's my spam blockage for a measly 80 users on Sunday the 27th:
Postfix log summaries for Apr 27
Grand Totals
------------
messages
2454 received
185 delivered
183 forwarded
1 deferred (17 deferrals)
0 bounced
2359 rejected (92%)
0 reject warnings
0 held
0 discarded
3102k bytes received
3162k bytes delivered
152 senders
98 sending hosts/domains
39 recipients
2 recipient hosts/domains
:wq!
I'm sure they're blocking a lot of mail. But you can't say it's all spam if you block it -- no one is looking at all of the blocked mail to make sure it's spam. I won an eBay auction from someone with an AOL address and discovered that I can't send mail directly to AOL from my cable modem anymore. Normally I would just let it slide, but since it was a financial transaction I had to use another server. I'm still debating whether to fix it long term or continue to ignore AOL...
do
iptables -A FORWARD -j DENY -s ${i} -p tcp --destination-port 25
done
Click here or here.
There is the graph they have on the wall in one of their Dulles offices that shows how the filters are working. It's scary, when a new type of spam filter is put out, AOL mail traffic decreases about 60%. The graph line plummets. Then, you watch it creep and spike until barely a month, maybe even a couple of weeks later, it's back up again. The spammers have found another way around it. People joke and laugh about AOL and spam, but AOL is really serious about getting rid of it. It costs them uncountless piles of money just to keep spam from breaking down their walls.
I have also attended some pretty heavy security conferences about spamming for ISP folks. It's not just a mail flood technique anymore. Spammers are not just some freak in China with an ISP who looks the other way, some spammers are actually crackers. Crackers who break through an ISP's security, just to get around mail filters, or relay it from within. Some of the spam you get is not just because the ISP didn't filter it, it's sometimes because some cracker found a new way to bypass the filter, a back door to the ISP's internal services, so they send it in, even relaying spam from personal accounts. These are not script kiddies doing this, there are bonafide hacking geniuses working as spammers.
Spam can shut down an ISP, and AOL knows that all too well.
Most email that appears to come from AOL in fact comes from somewhere else. Same for all the big ISPs like yahoo, msn, hotmail, and so on. Not only do spammers forge the From: headers, they are also forging the SMTP envelope MAIL FROM as well.
Actually we were inadvertently relaying undeliverable spam back to AOL customers and found ourselves blacklisted by AOL until we cleared it up. No, this is not an "open relay" problem; this was an "undeliverable bouncing" problem. But the effect was similar. You really need to be careful because spammers are getting very smart.
What was happening was that mail which got through our SMTP gateway (running sendmail) and into our back end internal email server (running Exchange) was being bounced as being undeliverable because of the made up recipient addresses that spammers use. The problem was Exchange was creating these "bounces" as NEW email messages rather than as an SMTP DSN rejection, mearly prepending "Undeliverable:" to the subject and sending the message to the supposed sender. But those forged senders turned out to be real AOL user accounts, and being AOL users they flagged our bounces as being spam, and poof, after about 15,000 in one day we got blacklisted....actually I can't blame AOL at all.
The AOL postmasters were surprisingly helpful and courteous in helping us resolve this. What I now do is to take the connecting IP address and do a reverse DNS lookup. If it is not from within the aol.com or aol.net domains, it is rejected as being forged (regardless of what the headers or even the envelope say). Likewise I also check the responce on the HELO/EHLO greeting to make sure it is also from aol.com. And just as an extra check, I finally configured our sendmail milter interface to use LDAP to the exchange backend server to reject mail for invalid mailboxes before it is ever passed through to our backend server.
Now if there were reliable was to detect forged mail from the other big ISP players. I can only perform those forgery catching tricks with them because AOL has a policy that ALL outbound mail from AOL will ALWAYS be sent from an SMTP server registered within the aol.com DNS domain. I don't know if that is necessarily true for the other big ISPs.
There seems to be a solution to the spam problem - but one that is not backwards compatible.
:), the hash function could be controlled by the server which would require the sender to sign using a function of higher complexity when loads are higher.
I have seen this solution posted as a comment to some story in the past - so the credit is not mine, but of some comment writer I do not recall.
The idea is to create a complicated and expensive hashing algorithm that costs quite a few cycles - and use it as a "signature" for each mail's content, including the from and to addresses.
This would mean that sending mail could require a few seconds and be cpu-bound instead of network bound, but this is almost nothing for the average mail user. The spammer, however, would be required to calculate the hashes of the hundreds of thousands of mails he is sending - which could be a costly calculation.
Perhaps, (and this is my idea
Perhaps (another idea of mine), users could signify as part of their email addresses - the complexity of the hash function required to send them mail, or at least know what complexity of a hash function was used when sending them mail.
This could allow users to reject mails that weren't at least a bit costly for the sender to send, thereby making spam too costly to practically send.
White lists can also be used by users to save their friends from the trouble of calculating a hash of their mails - but this is probably unnecessary as it should only take a few seconds at most.
Ofcourse verifying the mail's hash should be trivial, no matter the complexity of the hash function - and mails with unmatching hashes would simply be thrown away immediately.
Tagged Message Delivery Agent (http://www.tmda.net/).
For mail coming in, the user maintains a "whitelist" of accepted sender addresses. Unknown senders get a confirmation request that says, "Thanks for your mail, please reply or click here to verify you're a legitimate sender".
For mail sent out, the user's mail gets tagged automatically so the recipient can reply and the reply will be accepted automatically.
TMDA is GPL licenced, and it works with all the popular MTAs (Postfix, Exim, Sendmail, etc).
AOL does the same thing to everyone else. And yes there are reliable way to tell if the mail was actually from who it claimes to be. Just look at the IP of the relay, if it is an MX for aol.com then it is a legit AOL email. It is necessary for everyone. There should not be any open proxies anywhere.
I have spent hours and hours of time trying to block bounced messages from AOL. They do the same and they usually have 30 mailservers trying to crash my poor mailserver. I use iptables to cut those suckers off, since none of the uses they are trying to bounce back to exist.
It is shameful that AOL mailservers do not look at the envelope themselves it is easy to fugure out that the mail relay wasn not my MX.
Strap each spammer convicted into an electric chair and apply, accumulatively, one nanovolt per spam sent.
I think that should just about eliminate the problem.
I wonder how many of those 2 billion SPAMS that were stopped were directed to email accounts that do not exist. I know I usually pay more attention to the spam I get personally (very little because of my methodology), but I've seen spam get dumped into our main corporate email account where user1@company-name.com doesn't exist, but we "own" all @company-name.com email addresses. How much spam is sent to fabricated emails (the way those automatic dialers used to start at 111-1111 and work up to 999-9999)?
I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
> 99% of mail FROM AOL is spam...
According to this post on March 5, AOL canned a billion spams. Today, two months later, they canned two billion. In four more months, they will have canned more than one spam for every single human being on earth. Is that fascinating or just a little fucked up?
I'd love to know if they set their net too wide, and if so by how much. I know that when I email my parents (who have an AOL account...what can you do?), they sometimes don't get it. Of course, this might have something to do with trying to get them to look at naked celebs/buy mini RC cars/help Dr. Oooongaboonga and myself retrieve millions of dollars we swindled in Nigeria...
For your security, this post has been encrypted with ROT-13, twice.
A story about AOL and their spam genocide attempts?
Shoot people that spam. If spammers started dying, the whole spam phenomenon would come to a screeching halt PFQ.
Get Virtual.
The solution is for ISPs to start billing by bandwidth used, or the number of emails sent. Block out other ISPs or nodes who don't conform to the policy.
In this way, high bandwidth customers PAY for the bandwidth they use. In this way spamming activity would have to cost efficient and all those idiots emailing you for opportunities in Cameroon condos would quickly lose their money without adaquete returns on such nonsense.
-------- -------- Support Wesley Clark for president!!!
I spot spam with multiple email addresses on my own domain. The email address I use here, for example, is TomorrowistSlashDot@alanmrobertson.com. I know that email sent to ScrapplefaceReader@alanmrobertson.com is most likely spam, whereas mail sent to -my first name-@alanmrobertson.com is good.
Trolling for karma since 2003.
But, I somehow still have 50+ junk emails in my box everyday. The damned AOL software dosen't let you report spam with more than one email selected. So, to report that spam, I'd have to go through 50 cycles of clicking the spam, clocking the report spam button, and then following the dialog that follows. How's that for convience?
There are lies, damned lies, and statistics.
Because I'm on a "dynamic IP" I'm blocked as spam. My IP hasn't changed in over a year, and my server does *NOT* allow open relaying. Thanks AOL, you're really helpful.
~Anztac
So our death-squad... I mean so we can send you a free gift for being such a nice guy.
with tmda the original person who sends the mail is sent a reply from the server saying to confirm this mail by replying to the servers response.
Once done the original mail goes through.
The server admin can decide weather to allow people who reply to be automatically put on the whitelist or not.
I was thinking about this problem a while back... here's my solution: http://www.evolvingtype.com/teddy/archives/000224. html
They started blocking their own mail now?
This "alliance" makes me a little nervous, i didnt trust aol or microsoft on their own, but allied together, that kinda makes me nervous.
There really isnt much a Windows user can do about spam on the client end, so i can understand the need.
personally, I run my own mailserver, and suc every 4 hours with a databse to update my body checks on incoming mail, between that and some cool rules in KMail I havent seen any spam in my inbox in about 6 months since i set the stuff up.
as for browsing, i use phonex with pop up stopping enabled, then i turn on my squid web proxy and implement the ad-zapper module (wich also syncs with a database every 4 hours) to filter websites. All in all, i havent seen an ad on my local box in over 5 months now. So spam dosnt bother me.
If larger isps would implement a similar solution, and contribute to the online spammer database at the same time, i am pretty sure we could crush most of the spam out there. The trick is, is to implement these body checks, and html filtering at higher, route levels. Wich is more less what AOL is doing.
Its not a matter of "new and innovative solutions" its a matter of finding ways to get spammer information into online databses faster, and then getting major routes to sync with those databases more often. then its a matter of http filtering and smtp body checks at a route level, and spam could probably be stopped in its tracks.
The kinda scary apart about that is if they can filter spam like that, major routes could just start pushing information they dont like into the databases and boom, we have internet wide censorship.
Kinda a double edged sword, but i cant think of any other effective way to fight spam
They block all mail from me, by doing DNS
reverse lookup - which breaks the SMTP Protocoll.
I recommend all AOLers to find a decent provider.
If only AOL had blocked 2 billion outgoing spams
"The announcement was timed to coincide with the Federal Trade Commission's first public conference on spam, which started Wednesday." AOL announces it blocks 2B spam messages. Disgruntled local ISP client looks in email inbox, see's spam. Client hears the news that AOL blocked 2B spam emails. Client goes to mailbox, retrieves AOL CD, signs up. The next day, happy AOL client goes to email inbox...surprise! That little nugget of news must of been thought up by a former Enron PR person.
Pete Carr Owner Chatmag.com
it seems that one of the ways that they block "spam" is by not allowing any mail from a dynamicIP pool to be delivered. do people think this is a good way to block spam.
i believe hotmail is doing the same thing
-yrreb
AOl has been blocking some of the newsletters that I normally like, some are adult content even. This is not fair and most likely illegal, no?
-----------
Fight Back Against Spam!
Download Spam Inspector, the Award Winning Anti-Spam Filter
http://www.giantcompany.com
Looking at all the goofy code attached to it's source is an enlightening experience. Its a hoot to mess with it then sent it back, after making it do something else more fun. Like open IE5 in the original senders computer and reset their home page to some religious fundamentalist web site. If they haven't upgraded, use Mozilla or know how to block scripts.
Thats why I filter all mail with @hot, @aol, @yahoo. So I have to go fishing through the junk to read mail from some brain dead people that I know that use these services. Most of the mail that I receive from them are forwarded from other brain dead goofy mail users anyway. This mail usually contains jokes, flash and pics that only a moron would find interesting anyway.
AOL and MSN do not need to worry. There are still lots of sheep south of the boarder that have not caught on to how to use a real computer yet.
Guess I might have trouble getting a MSCE, but thats alright I'm too old for it anyway!
OH THE SHAME I fell off the wagon and use sigs again!