Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL Blocks 2 Billion Spam/Day

Posted by CmdrTaco on from the now-thats-just-flat-out-scary dept.

T_moz writes "According to this article AOL has blocked over two billion (2000000000) SPAM emails in one day!" This figure is 70-80% of all mail incoming to AOL users. Utterly insane. Unfortunately, all this blocking means spammers will just send more mail to make up for it until a real solution is found.

2 of 108 comments (clear)

  1. Re:That's easy. A tale of bouncing AOL spam. by dmeranda · · Score: 3, Informative

    Most email that appears to come from AOL in fact comes from somewhere else. Same for all the big ISPs like yahoo, msn, hotmail, and so on. Not only do spammers forge the From: headers, they are also forging the SMTP envelope MAIL FROM as well.

    Actually we were inadvertently relaying undeliverable spam back to AOL customers and found ourselves blacklisted by AOL until we cleared it up. No, this is not an "open relay" problem; this was an "undeliverable bouncing" problem. But the effect was similar. You really need to be careful because spammers are getting very smart.

    What was happening was that mail which got through our SMTP gateway (running sendmail) and into our back end internal email server (running Exchange) was being bounced as being undeliverable because of the made up recipient addresses that spammers use. The problem was Exchange was creating these "bounces" as NEW email messages rather than as an SMTP DSN rejection, mearly prepending "Undeliverable:" to the subject and sending the message to the supposed sender. But those forged senders turned out to be real AOL user accounts, and being AOL users they flagged our bounces as being spam, and poof, after about 15,000 in one day we got blacklisted....actually I can't blame AOL at all.

    The AOL postmasters were surprisingly helpful and courteous in helping us resolve this. What I now do is to take the connecting IP address and do a reverse DNS lookup. If it is not from within the aol.com or aol.net domains, it is rejected as being forged (regardless of what the headers or even the envelope say). Likewise I also check the responce on the HELO/EHLO greeting to make sure it is also from aol.com. And just as an extra check, I finally configured our sendmail milter interface to use LDAP to the exchange backend server to reject mail for invalid mailboxes before it is ever passed through to our backend server.

    Now if there were reliable was to detect forged mail from the other big ISP players. I can only perform those forgery catching tricks with them because AOL has a policy that ALL outbound mail from AOL will ALWAYS be sent from an SMTP server registered within the aol.com DNS domain. I don't know if that is necessarily true for the other big ISPs.

  2. Re:If you're blocking it you don't know WHAT it is by caouchouc · · Score: 3, Informative

    Same thing here. I know legitimate email from my server is part of their 2bn figure. AOL may block 2 billion emails a day, but that includes a larger number of false positives than ever in light of their cable/dsl blockage months ago.

    I can't even receive from AOL now as they've landed on a RBL I reference. Not because they're blocking cablemodems (which is their choice), but because their implimentation violates the SMTP RFC. The RBL blocks non-compliant servers, confirmed open relays and smtp agents confirmed vulnerable to exploit (via correlation between version # and security advisory).

    AOL's mail server sends a 550 and disconnects you the instant you connect. 220 and 554 are the only allowed responses at that point, and immediate disconnection is not permitted; The server must wait for the client to send a QUIT before closing the connection.
    Since you're disconnected immediately, this behaviour also indirectly violates the requirement that the server always accept e-mail for postmaster.