Slashdot Mirror
AOL Sued For Over-Zealous Blocking
mik writes "America Online
has been sued by CI Host,
a Texas-based hosting company for defamation, interference with
contractual rights and unfair competition. CI Host
has been
awarded a temporary restraining order, though AOL has apparently not complied.
This may be the first such in a series of suits leading up to, perhaps, to class-action status relating to AOL's recent zealotry in
anti-spam policy
resulting in the presumption that shared-hosting providers are guilty (of spamming)
unless proven innocent."
I manage the web and email account for the church I attend. The pastor has an aol account, so his e-mail from our server simply redirects to his aol account. Just last week, I found that we had been put on aol's blocklist for some reason - all e-mails being redirected through the server to aol were being blocked for 2 weeks by aol. Blocking messages like this results in missed personal communication. This could possibly result in lawsuits from consumers themselves.
And I'm going to enjoy watching.
CI Host is a lousy company. I had nothing but trouble with them when I was hosting there. They continued to charge me after I cancelled my account, they refused to issue refunds in a timely manner. I very nearly took them to court over it. CI Host has spammers as customers. I told them about a few that were causing problems for me, and they never did anything about them. Doesnt' surprise me, because their customer support is poor, bordering on non-existant.
AOL is going to turn around and clean them out in court, and I'm going to thoroughly enjoy it. All they have to do is point to a few CI Host customers that spam, and that CI Host has been notified of several times, and it will either be a wash (in which case, AOL wins because they can stand the legal fees better than CI Host), or AOL will be able to counter-sue without a problem and make CI Host feel the hurt. Either way, I say yay AOL, which is something that I don't often say.
-Todd
"The details of my life are quite inconsequential..."
Been with CI Host for awhile, pretty good network, really like the price too.
Also, AOL/RR is blocking email from my office (Sprint SHDSL, fiber optic DSL, faster than T1, business only stuff in case you weren't aware). Ever since I got the first bounced message AOL has been #1 on my shit list.
Bravo, CI Host, Bravo.
AOL are a bit zealos with their blocking. Worse there is no apparent (from what we could see) removal process or information on *why* you were blocked.
/19.... we can play this game for a while.
I maintain a few mail server that a number of customers of ours use to send out mail. We have a non-spam TOS and we check up on our customers. We got blocked. We went on to complain to a mass of different addresses. We got a two replys a few days later, the most notable was one from an address that didn't exsist (at aol.com) scolding us for not providing information that we had actually provided in our barrage. The other was just as worthless (telling us to read the usless help) though a reply to it didn't bounce.
Then as mysteriously as we went on the RBL we came off it again. To this day we are still cluless as to how we got on this RBL or how we got off it.
Worse though is Excite. There RBL is entirly hidden. No URLs, no help, no reasons, no nothing. We have had NO reply to our barrage of mails after a week and a bit. We even opened an account and complained as a customer. So we have taken to re-assigning our SMTP sender's IP address. I'm sure they will block that too, but we have a
Maybe I should see if we can sue Excite....
>
I am on a small ip block, with losers that catch the latest winshit worm and start spamming every few weeks.
Because of this, AOL has blocked my mailserver despite 7 requests to whitelist it (3 from myself, 4 from AOL victims^H^H^H^H^H^H^Hconsumers). It gets whitelisted for a few days, then group punishment kicks in and it's blacklisted again.
I have never spammed, I never intend to spam. Getting accused of sending half a billion unrequested emails in half an hour from a upstream as small as mine is both hilarious and insulting.
Fighting spam is one thing, blanket bombing to prevent spam is quite another. If anyone at the evil empire's apprentice is reading, "Hope you're glad that my dad left you because of your stunts. See you in court."
You can't judge a book by the way it wears its hair.
There are substantial disadvantages to a client-side filtering only spam defense as opposed to a server-side blocking only defense. It is, of course, fully possible to use both; I merely wish to point out some factors you may not have considered.
For the definitions of "filtering" and "blocking", please see this Wikipedia article. Roughly, DNSBLs and Sendmail's milter feature are blocking tools -- they take effect during the SMTP transaction. Client-side tools are filtering tools -- they take effect when you check your mail.
Consider:
However, as I mentioned above, it is possible to combine blocking and filtering in useful ways. A mixed strategy is what I prefer for my own site: we use a number of blocking strategies (such as DNSBLs and regular-expression patterns matching common spam elements), but we also use SpamAssassin and encourage users to filter with its scores or other criteria.
There are several separable issues here.
The first thing to notice is that our only information on this dispute comes from a press release put out by CI-host. I find it somewhat surprising to see it alleged that AOL is in contempt of court. On the other hand one wonders how a judgement from a Texas court affects AOL off in Loudoun county VA. I suspect the AOL/Time lawyers may have a different opinion.
Another thing missing from the report is any mention of the reply filled by AOL? Was AOL even aware of the hearing? In most cases a court order does not have immediate effect, thus allowing the defendant to file an appeal. It seems unlikely that a court would issue an order with immediate effect given that AOL has had considerable success in preventing spammers gaining orders of this type in the past.
Another suspicious factor is the rapid escalation to littigation. A legitimate ISP would be unlikely to sue until it was clear that AOL was not going to be reasonable - unless of course they knew AOL was being reasonable.
At this point it is reasonably settled law that an ISP cannot be forced to accept email from an address that it does not want to service. The defamation claims might work against a third party such as a blacklist but it is hard to see how a company can be prohibited from acting on its own assesment of CI's behavior.
The other thing that is odd here is that Sudereth is a recent President of the American Judges Association. You would not expect a judge in that situation to be making whacky judgements which suggests strongly that there is something here that we are not being told in the CI PR puff. It is very rare for a court to order an injunction with immediate effect unless the damage done is irreversible. In this case the effect is very obviously only money.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Its their servers and if you still kept the person on your server ( as a customer ) after the the first day of the abuse ( says you took 1 week to notice; that's far too long to notice an abuse ). Did you not read your Abuse@ when the first spam message was reported? Why'd it take you so long to act?
A spam run doesn't just happen for a week long without going unnoticed. Your server logs would have shown the unusual amt of traffic being sent from your space.
Just playing devi's advocate. Again, AOL can run their servers as they like. Dont like it? Set up a smart-host so you can send attachment from that ip unti lits resolved.
Oh and is that customer still with you? The one that spammed? Why not collect damage fees from them?
One of our TD guys posted the following:
We just finished a conversation with staff from AOL's postmaster team. We have an agreement, but it may or may not be satisfactory to users.
First, let me say what they are doing. They have a button on their mail software that lets users report email as spam. They check to see the host
from which AOL got the mail, i.e. the previous hop. In principle, if they get a significant number of complaints for any given host, they refuse to accept mail from it. In practice, there is sometimes human review, although they don't guarantee to do that. In practice, they will often alert abuse@rutgers.edu before cutting off mail, although they don't promise to do that either. They will, however, allow us to give them a list of our major MTA's, and exempt that list. What we believe they will do reliably is notify us after the fact when they have cut an IP address off. We will dispatch those reports to the liaison.
They should have most of the major MTA's by now. However we don't have a complete list of all MTA's on campus, so it is certainly possible that in
the future some might be cut off. If that happens, we will find out about it after the fact. In some cases, the abuse staff may recognize it as an
MTA, and ask them to add it to the list. However we won't always know the way departments use systems, and thus cases might occur where we would have to depend upon responses from the system administrator.
Note that in principle they could remove systems that send announcements to the user community, if users report the messages from the President or
other official email as spam. They regard the customers as right, and accept their definition of spam. In practice, that system will be on the
list of MTA's. For the moment they look OK.
There are some systems that were on earlier lists that we have been unable to understand. In one case we verified that they had no forwarding entries pointing to AOL. The system itself is not an open relay, and being Solaris, would not have been contaminated by Sobig. In the discussion today, it didn't seem possible to develop an understanding of what had led to these systems being considered problematical. However those systems are MTA's, and should not be cut off in the future.
They have offered to send us all email from any Rutgers host that users report as spam, so we can review it and try to forestall any problems.
Since this is in the thousands per day during periods when problems are occuring, we are not currently taking them up on this. In the opinion of our staff, if AOL can't afford the staff time to do intelligent review of their own users' reports, we can't do that job for them.
In this situation, I recommend that no system administrator use AOL for email, since we need to make sure we can contact sysadmins no matter what
decisions AOL might have made. Other uses with critical need for mail connectivity might want to do the same. Also, it might be useful for users
to understand that they should be careful about reporting as spam mail that comes through Rutgers.
-- Is "Sig" copyrighted by www.sig.com?
Now we just need to put together some kind of class action suit for them spamming my regular mailbox with those damn CDs
I actually called them and asked to be removed from their mailing list and they told me that it wasn't possible because they send the CDs at random. That is, they just pick a few hundred thousand fucking addresses and then spam them with CDs. So I told the representative to whom I was speaking (after I told her that I was not angry with her) what I would do about it.
Basically, anytime I see a stack of AOL CDs at a supermarket or restaurant, I pick the whole damn thing up and put it in the nearest garbage can.
Fuck them.
Oh... and print up some "return to sender" labels and take them to the mail box with you every day. I put them on all postal spam and send it back before I even get it into my house. Junk mail is down about 75% after 6 months or so.
Good luck!
Life is the leading cause of death in America.
Historically, AOL has viewed itself as an entertainment company. The AOL muckity mucks cared about the big business deals, the marketing drive that will change the world, etc. The media mogul in Barton Fink is an example of the style of executive that ran the show during the height of the dot.com bubble.
But AOL Email Operations was just another overworked technical dept. The email application didn't bring in any revenue directly. Also, it was an overhead application that couldn't be cleanly assigned into one of the Balkanized divisions at AOL. For years, it had little marketing and little development effort applied to it. Buying Netscape for $4 billion dollars got lots of attention, upgrading the pre-internet AOL email infrastructure didn't.
The top level AOL exec's heard about spam complaints, but they heard lots of complaints about lots of things. Nothing was catching on fire and exploding in email so they assumed it must not have been that bad.
Another reason why AOL business exec's tended to ignore the techies. Keep in mind that hardcore techies had spent years vehemently ragging on AOL. Inspite of that, AOL became a major business success (well, at least for a few years). So whenever an internet purist gave a lecture on how things were supposed to be done, it triggered a gut level hostile response with many exec's at AOL.
So the result of all of this is, for the past several years, there were only background projects for fighting spam (and handling ISP complaints). Current problems are a result of that legacy.
But I think things might be changing. Remember AOL tried to takeover Time Warner? Well Time Warner has essentially staged a reverse coup and kicked out all the "deal junkies" at AOL. I think the Time Warner folks are pushing a much more back to basics approach for business deals, financial accounting, and for the AOL online service.
The upcoming AOL 9.0 release is supposed to be a lot better at spam fighting (although I haven't tried it much yet).
I hope that the new exec's really are making spam fighting a strategic priority (which I think they might be). If so, you should see real results in a year or two. Including, hopefully, a lot less false positives for spam (where positive really means negative delivery of mail, whatever) and much higher levels of support for email delivery complaints.
Ben in DC
"It's the mark of an educated mind to be moved by statistics" Oscar Wilde
My mom, using Earthlink, has been unable for 4 days to email her business partner. Which is wasting her time. Preventing her from getting work done.
The thing to realize here is that, while punishing an ISP may or may not be a good thing, harming *tens of thousands* of innocent users of that ISP (and Earthlink is a good one, IMHO) is incredibly irresponsible.
The bounce email said basically "Go whine to your ISP" which was, frankly, insulting. Never having been a fan of AOL, I'm not really surprised by this, but I can tell you it's caused her business partner to drop his account damn quick. Hope other AOL customers are doing the same.
Email is critical infrastructure. It's a public communication medium just like telephone lines are. How would you like it if all Bell South customers couldn't call you because your regional Baby Bell didn't like dealing with all the telemarketing coming in from Atlanta?
At a certain point, services become too valuable to play this kind of game with. I think email has passed that threshhold long ago.
Looking for a Rails developer in Chapel Hill?