Slashdot Mirror
AOL Blocks 2 Billion Spam/Day
T_moz writes "According to this article
AOL has blocked over two billion (2000000000) SPAM emails in one day!"
This figure is 70-80% of all mail incoming to AOL users. Utterly insane. Unfortunately, all this blocking means spammers will just send more mail to make
up for it until a real solution is found.
Most AOL users I know still see at least 15 spam messages per day... bad, when most of them only get 1 or 2 legitimate messages a day.
I'll wager that a fairly significant portion of that blocked mail is wanted by the recipients. I know that we get many calls when our AOL recipients don't recieve their expected daily/weekly newsletters.
The only ``intuitive'' interface is the nipple. After that, it's all learned.
Funny how nobody ever mentions the false positive and false negative rates in these stories.
.sig
If AOL has a false positive rate of 0.01%,
That means over 200,000 incorrectly blocked emails per day.
If they have a false negative rate of 1%,
That means over 20,000,000 spams got through.
2 billion sounds like a big number, but it's still only 10-30 spams for the typical AOL user.
-- this is not a
Simple rule of thumb:
1 spam = 1 bps.
11 million spams = 11Mbps or less than a 1/3 of a T3.
Even if they weren't using relays to multiply the bandwidth, it's doable.
-- this is not a
2 Billion emails divided by 180 spammers equals approx 11 millions emails per spammer per day *just to AOL alone*.
The word I hear from a reliable source is that to do spamming as a viable business, you must be sending at least 10 million spams per day.
So if the low end of the bell curve is circa 10m, it's easy to believe that AOL's share of that can peak at an average of 11m per major spammer. It would make sense for spammers to focus on AOL users, both because there's a lot of 'em in one place and because they are, uh, less sophisticated than your average internet user.
I can't compete with 2bil., but here's my spam blockage for a measly 80 users on Sunday the 27th:
Postfix log summaries for Apr 27
Grand Totals
------------
messages
2454 received
185 delivered
183 forwarded
1 deferred (17 deferrals)
0 bounced
2359 rejected (92%)
0 reject warnings
0 held
0 discarded
3102k bytes received
3162k bytes delivered
152 senders
98 sending hosts/domains
39 recipients
2 recipient hosts/domains
:wq!
There is the graph they have on the wall in one of their Dulles offices that shows how the filters are working. It's scary, when a new type of spam filter is put out, AOL mail traffic decreases about 60%. The graph line plummets. Then, you watch it creep and spike until barely a month, maybe even a couple of weeks later, it's back up again. The spammers have found another way around it. People joke and laugh about AOL and spam, but AOL is really serious about getting rid of it. It costs them uncountless piles of money just to keep spam from breaking down their walls.
I have also attended some pretty heavy security conferences about spamming for ISP folks. It's not just a mail flood technique anymore. Spammers are not just some freak in China with an ISP who looks the other way, some spammers are actually crackers. Crackers who break through an ISP's security, just to get around mail filters, or relay it from within. Some of the spam you get is not just because the ISP didn't filter it, it's sometimes because some cracker found a new way to bypass the filter, a back door to the ISP's internal services, so they send it in, even relaying spam from personal accounts. These are not script kiddies doing this, there are bonafide hacking geniuses working as spammers.
Spam can shut down an ISP, and AOL knows that all too well.
There seems to be a solution to the spam problem - but one that is not backwards compatible.
:), the hash function could be controlled by the server which would require the sender to sign using a function of higher complexity when loads are higher.
I have seen this solution posted as a comment to some story in the past - so the credit is not mine, but of some comment writer I do not recall.
The idea is to create a complicated and expensive hashing algorithm that costs quite a few cycles - and use it as a "signature" for each mail's content, including the from and to addresses.
This would mean that sending mail could require a few seconds and be cpu-bound instead of network bound, but this is almost nothing for the average mail user. The spammer, however, would be required to calculate the hashes of the hundreds of thousands of mails he is sending - which could be a costly calculation.
Perhaps, (and this is my idea
Perhaps (another idea of mine), users could signify as part of their email addresses - the complexity of the hash function required to send them mail, or at least know what complexity of a hash function was used when sending them mail.
This could allow users to reject mails that weren't at least a bit costly for the sender to send, thereby making spam too costly to practically send.
White lists can also be used by users to save their friends from the trouble of calculating a hash of their mails - but this is probably unnecessary as it should only take a few seconds at most.
Ofcourse verifying the mail's hash should be trivial, no matter the complexity of the hash function - and mails with unmatching hashes would simply be thrown away immediately.
My friend Luis is a mail admin for AOL in Dulles (it's funny, I gave him his first Linux CD a couple years ago...). He runs a server off his Comcast cable modem, and has had to remove himself and me from the block list a few times, due to entire IP ranges being blocked (he does this by adding exception rules). He says AOL spends 20-30 million dollars a year paying for servers, storage, bandwidth, technicians, etc. related to spam. He himself works on the block lists. When you think about the distributed nature of the internet, all that spam is eating EVERYONE's bandwidth. Tends to piss me off, and I'm glad these big guys might be getting slapped around a bit soon.
"The Tree of Liberty must be refreshed from time to time with the blood of Patriots and Tyrants." --Thomas Jefferson
i know the feeling
/etc/postfix/transport to route aol.com mail thru my isp, but it's stupid i have to do that (and i understand aol's view on it, it's the spammers abuse that caused this). /And/ i didn't even get an alert about this, my girlfriend just said she didn't get that email when i mentioned it and i had to check my logs. go.com is even worse, they just close connections without giving a little reason why.
550-The IP address you are using to connect to AOL is either open to
550-the free relaying of e-mail, is serving as an open proxy, or is a
550-dynamic (residential) IP address. AOL cannot accept further e-mail
550-transactions from your server until either your server is closed to
550-free relaying/proxy, or your ISP removes your IP address from their
550-list of dynamic IP addresses. For additional information,
550-please visit http://postmaster.info.aol.com.
550 Goodbye
And yes I just added the line to my
Because I'm on a "dynamic IP" I'm blocked as spam. My IP hasn't changed in over a year, and my server does *NOT* allow open relaying. Thanks AOL, you're really helpful.
~Anztac