Slashdot Mirror
AOL Blocks 2 Billion Spam/Day
T_moz writes "According to this article
AOL has blocked over two billion (2000000000) SPAM emails in one day!"
This figure is 70-80% of all mail incoming to AOL users. Utterly insane. Unfortunately, all this blocking means spammers will just send more mail to make
up for it until a real solution is found.
I should have checked my sources more carefully.
AOL claims over 140 million users of AIM
Their user base is much less - 35.2 million end of 2002 according to Jupiter Research.
Like you said, about a 1/3 of what I said.
Probably slightly higher now, but yeah, it's
30-90 spams a day per user, not 10-30.
Of course, those are the emails that are blocked,
they aren't talking about how many got through.
-- this is not a
Most email that appears to come from AOL in fact comes from somewhere else. Same for all the big ISPs like yahoo, msn, hotmail, and so on. Not only do spammers forge the From: headers, they are also forging the SMTP envelope MAIL FROM as well.
Actually we were inadvertently relaying undeliverable spam back to AOL customers and found ourselves blacklisted by AOL until we cleared it up. No, this is not an "open relay" problem; this was an "undeliverable bouncing" problem. But the effect was similar. You really need to be careful because spammers are getting very smart.
What was happening was that mail which got through our SMTP gateway (running sendmail) and into our back end internal email server (running Exchange) was being bounced as being undeliverable because of the made up recipient addresses that spammers use. The problem was Exchange was creating these "bounces" as NEW email messages rather than as an SMTP DSN rejection, mearly prepending "Undeliverable:" to the subject and sending the message to the supposed sender. But those forged senders turned out to be real AOL user accounts, and being AOL users they flagged our bounces as being spam, and poof, after about 15,000 in one day we got blacklisted....actually I can't blame AOL at all.
The AOL postmasters were surprisingly helpful and courteous in helping us resolve this. What I now do is to take the connecting IP address and do a reverse DNS lookup. If it is not from within the aol.com or aol.net domains, it is rejected as being forged (regardless of what the headers or even the envelope say). Likewise I also check the responce on the HELO/EHLO greeting to make sure it is also from aol.com. And just as an extra check, I finally configured our sendmail milter interface to use LDAP to the exchange backend server to reject mail for invalid mailboxes before it is ever passed through to our backend server.
Now if there were reliable was to detect forged mail from the other big ISP players. I can only perform those forgery catching tricks with them because AOL has a policy that ALL outbound mail from AOL will ALWAYS be sent from an SMTP server registered within the aol.com DNS domain. I don't know if that is necessarily true for the other big ISPs.
Tagged Message Delivery Agent (http://www.tmda.net/).
For mail coming in, the user maintains a "whitelist" of accepted sender addresses. Unknown senders get a confirmation request that says, "Thanks for your mail, please reply or click here to verify you're a legitimate sender".
For mail sent out, the user's mail gets tagged automatically so the recipient can reply and the reply will be accepted automatically.
TMDA is GPL licenced, and it works with all the popular MTAs (Postfix, Exim, Sendmail, etc).
AOL does the same thing to everyone else. And yes there are reliable way to tell if the mail was actually from who it claimes to be. Just look at the IP of the relay, if it is an MX for aol.com then it is a legit AOL email. It is necessary for everyone. There should not be any open proxies anywhere.
I have spent hours and hours of time trying to block bounced messages from AOL. They do the same and they usually have 30 mailservers trying to crash my poor mailserver. I use iptables to cut those suckers off, since none of the uses they are trying to bounce back to exist.
It is shameful that AOL mailservers do not look at the envelope themselves it is easy to fugure out that the mail relay wasn not my MX.
What's your point? For a while now it has been pretty standard fare that the only way to have reliable outbound SMTP traffic is to smarthost it to your ISP's official mail server. There are just too many cable and DSL connections out there that can be hijacked. Also, many ISPs block outbound port 25 traffic, and lots of ISPs require that inbound SMTP traffic come from hosts that have forward and reverse DNS mapping.
What is the possible advantage of not smarthosting to your ISP SMTP server? Seems to me that you will encounter problems with many other ISPs besides AOL, and it can only bring headache...
-Steve
Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
Same thing here. I know legitimate email from my server is part of their 2bn figure. AOL may block 2 billion emails a day, but that includes a larger number of false positives than ever in light of their cable/dsl blockage months ago.
I can't even receive from AOL now as they've landed on a RBL I reference. Not because they're blocking cablemodems (which is their choice), but because their implimentation violates the SMTP RFC. The RBL blocks non-compliant servers, confirmed open relays and smtp agents confirmed vulnerable to exploit (via correlation between version # and security advisory).
AOL's mail server sends a 550 and disconnects you the instant you connect. 220 and 554 are the only allowed responses at that point, and immediate disconnection is not permitted; The server must wait for the client to send a QUIT before closing the connection.
Since you're disconnected immediately, this behaviour also indirectly violates the requirement that the server always accept e-mail for postmaster.