Slashdot Mirror
AOL Sued For Over-Zealous Blocking
mik writes "America Online
has been sued by CI Host,
a Texas-based hosting company for defamation, interference with
contractual rights and unfair competition. CI Host
has been
awarded a temporary restraining order, though AOL has apparently not complied.
This may be the first such in a series of suits leading up to, perhaps, to class-action status relating to AOL's recent zealotry in
anti-spam policy
resulting in the presumption that shared-hosting providers are guilty (of spamming)
unless proven innocent."
Now we just need to put together some kind of class action suit for them spamming my regular mailbox with those damn CDs
I manage the web and email account for the church I attend. The pastor has an aol account, so his e-mail from our server simply redirects to his aol account. Just last week, I found that we had been put on aol's blocklist for some reason - all e-mails being redirected through the server to aol were being blocked for 2 weeks by aol. Blocking messages like this results in missed personal communication. This could possibly result in lawsuits from consumers themselves.
And I'm going to enjoy watching.
CI Host is a lousy company. I had nothing but trouble with them when I was hosting there. They continued to charge me after I cancelled my account, they refused to issue refunds in a timely manner. I very nearly took them to court over it. CI Host has spammers as customers. I told them about a few that were causing problems for me, and they never did anything about them. Doesnt' surprise me, because their customer support is poor, bordering on non-existant.
AOL is going to turn around and clean them out in court, and I'm going to thoroughly enjoy it. All they have to do is point to a few CI Host customers that spam, and that CI Host has been notified of several times, and it will either be a wash (in which case, AOL wins because they can stand the legal fees better than CI Host), or AOL will be able to counter-sue without a problem and make CI Host feel the hurt. Either way, I say yay AOL, which is something that I don't often say.
-Todd
"The details of my life are quite inconsequential..."
At least AOL can defend itself
I had the misfortune of having a dedicated server with them for 2 long years. The machine would lock up frequently, and i'd have to make a 30min call from Australia to the US to listen to their on hold crap so i could talk to a tech and then try and convince him to hit the big red button.
CI Host has a huge marketing and sales department and tiny tech support division. Dont you dare, ever, believe a word of their marketing crap. They suck. Pure and simple. They've cost me thousands because of the clients i've lost because of their incompetence. Some of the people are nice enough but they simply dont have the technical skills of other places.
I'm now with rackspace.com and they kick arse!
wait a sec, I thought we hated AOL on even numbered days.
Too many zeros, not enough ones
I'd rather spam filtering be left to myself. Any decent e-mail client has the capability for filtering, and by doing that way, I have control over what gets thrown out and what doesn't. I would not trust AOL to tell my what e-mail I should and shouldn't read. That, of course, is one of the many reasons why I would never be an AOL customer.
Seriously. I realize AOL has the deep pockets, but the spammers are the cause of AOL's blocking email from the domain. The spammers, not AOL, are responsible for any monetary damages the plaintiff here suffers. Public policy dictates that AOL should be immune and the spammers who spammed from that address should be liable. Does everyone have the right to send email to AOL addresses? I would say no, although AOL should have to say "hey, when you have an account with us there are people who will be unable to email you."
Stupid people make stupid things profitable.
Don't be to quick to defend them.
0 27 3.html is another link.
http://www.forumhosts.com/cihost.htm for a taste of what these guys are like.
http://www.stevemaas.com/selbstbild/archives/00
Let's hope to god the EFF's and Timothy don't fall for their lawsuit stuff.
More of AOL's anti-spam zealotry is a good thing (I speak as someone who has had something like 10,000 emails blocked by them in the past few weeks).
Been with CI Host for awhile, pretty good network, really like the price too.
Also, AOL/RR is blocking email from my office (Sprint SHDSL, fiber optic DSL, faster than T1, business only stuff in case you weren't aware). Ever since I got the first bounced message AOL has been #1 on my shit list.
Bravo, CI Host, Bravo.
Being as I at one time worked in the abuse capacity for a ISP. Although AOL may have over zealous policies as of late they do have a postmaster number which they could call and have the validity of the block checked. I had done this in the past and had resolution in ~24hours.
Am I the only one that finds this ironic? It's not okay for AOL to filter spam, but it's okay for us to. Uh huh.
Just do a quick /. search to see what people think of ci host. I was a ci host customer back in 99/2000 when their whole accounting database was open to the internet, customer information and credit card numbers. There were $5000 of fraudulent charges on my check card around the turn of millenium from my information being readily available to any idiot with a web browser. The bank took care of everything but it was a pain the in ass.
C I Host, one of the world leaders in Web hosting and Internet solutions, was awarded a temporary restraining order against America Online
I can't be the only one that finds the concept of an online restraining order more than a little amusing.
The coolest voice ever.
> So what do you call getting numerous AOL installation CDs?
Untargeted marketing.
The unofficial
Consider if you have an AOL client who has a site on your hosting server. They forward their site mail to their AOL account. Their site account gets spam. What happens? Well, the spam gets forwarded, the clueless AOLer reports it as SPAM, and AOL's system sees your hosting server as a spam source. There is nothing you can do to protect your hosting server. Nothing.
This really happens. If you call AOL, they basically say it isn't their problem. If an AOL client thinks a mailing list email they signed up for is spam, then AOL thinks it is spam. They tell you to setup a feedback loop where they send spam reports, but you have no way to respond to AOL. You just get flooded with tons of reports by clueless AOL users with no way to tell AOL, "Hey, this isn't SPAM!"
Only on two occasions where a client had an exploited formmail script did the AOL system work as it should (i.e. spam was reported, we saw the report and found the problem). Every other day of the week, it is a massive time-sink that you get nothing out of.
AOL wanted to make up for sucking on the SPAM front. So they become complete asses and made the job that much harder for the rest of us. Bravo!
I hope the class-action suit makes them stop. I don't expect anyone will see any money, but at least AOL will be held accountable for being such idiots.
"Doubt your doubts and believe your beliefs." -- Switchfoot, Ode to Chin
AOL are a bit zealos with their blocking. Worse there is no apparent (from what we could see) removal process or information on *why* you were blocked.
/19.... we can play this game for a while.
I maintain a few mail server that a number of customers of ours use to send out mail. We have a non-spam TOS and we check up on our customers. We got blocked. We went on to complain to a mass of different addresses. We got a two replys a few days later, the most notable was one from an address that didn't exsist (at aol.com) scolding us for not providing information that we had actually provided in our barrage. The other was just as worthless (telling us to read the usless help) though a reply to it didn't bounce.
Then as mysteriously as we went on the RBL we came off it again. To this day we are still cluless as to how we got on this RBL or how we got off it.
Worse though is Excite. There RBL is entirly hidden. No URLs, no help, no reasons, no nothing. We have had NO reply to our barrage of mails after a week and a bit. We even opened an account and complained as a customer. So we have taken to re-assigning our SMTP sender's IP address. I'm sure they will block that too, but we have a
Maybe I should see if we can sue Excite....
>
I am on a small ip block, with losers that catch the latest winshit worm and start spamming every few weeks.
Because of this, AOL has blocked my mailserver despite 7 requests to whitelist it (3 from myself, 4 from AOL victims^H^H^H^H^H^H^Hconsumers). It gets whitelisted for a few days, then group punishment kicks in and it's blacklisted again.
I have never spammed, I never intend to spam. Getting accused of sending half a billion unrequested emails in half an hour from a upstream as small as mine is both hilarious and insulting.
Fighting spam is one thing, blanket bombing to prevent spam is quite another. If anyone at the evil empire's apprentice is reading, "Hope you're glad that my dad left you because of your stunts. See you in court."
You can't judge a book by the way it wears its hair.
From: State District Judge Bonnie Sudder jbsudder@state.texas.us
To: legal@aol.com; abuse@aol.com
Subject: AOL, Save Thousands in Under One Minute! Quickest Quote!
Dear AOL,
This is your chance to opt-out of a completely unique program! You May Be Closer (Maybe Hours Away) To Financial Punishments than you think...
* 100% Safe To Take, With Abosultely No Side Effects
* Totally confidential, no one needs to know!
Anti-spam zealotry is a good thing
A good friend of mine is no longer able to send her regular op-ed piece to AOLers due to anti-spam zealotry. She can't reply to her subscribers when they write and ask why she's stopped sending it. She's even blocked from emailing AOL tech support to ask why she's blocked in the first place.
Arbitrarily cutting off an entire ISP with the inexplicable finality AOL has shown towards several ISPs isn't making the world a better or more spam-free place.
Repeat after me: arrogant zealotry is a bad thing, and we could use less of it.
"Stop throwing the Constitution in my face, it's just a goddamned piece of paper!" - George W. Bush Nov. 2005
Among other petty annoyances, AOL is incorrectly refusing connections from blacklisted hosts, as follows:
According to RFC 821 (sections 4.3 and 4.2.2), the server can respond to new connections in with a 220 ("let's dance") or a 421 ("go away, I have a headache") response. Not a 554 ("you're lousy in bed") code. Among other things, the manner in which they reject mail from residential IPs causes it to languish in the queue, rather than bouncing as it should if they intend to permanently refuse delivery.
I'm sure they do this intentionally so that it will look like your mail server is at fault ("sorry, couldn't get through") rather than theirs ("buzz off, I don't like your IP address").
For those thinking that CIHost sounds like some insane overlitigous company that tries to use lawsuits to make its profit... You're right. :)
:) You can play with the search and creative misspellings, and you'll find a lot of posts about them.
I spend some time at WebHostingTalk.com (a huge forum site for web hosting), and they have a horrible reputation. Actually, you can't search for "CIHost" -- it's banned, apparently due to WHT itself being threatened with legal actions because of posts about CIHost in the forums. But I've read some posts about "See Eye Host" and such.
________________________________________________
suwain_2
So, given that their users have signed up consenting to this, the only people who can legitimately be pissed, are third parties - who have no right to use AOL's network at all.
nutter.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I work for an ISP (holding the name for obvious reasons). We recently had a customer abuse our AUP by sending 3,000+ unsolicited emails with attachments to AOL customers in just one week (total emails reached ~18,000). AOL in turn blocked any and every email with attachments from our domain indefinitely. Our legal team is now trying to resolve this issue with them. Even though emails without attachments go through fine, it has become a huge inconvience for many our customers. I don't understand why they did not block the specific account only instead of our domain. The following is the rejection notice we receive when sending emails with attachments to *@aol.com: > ----- The following addresses had permanent fatal errors ----- > > > ----- Transcript of session follows ----- > ... while talking to mailin-02.mx.aol.com.:
> ... while talking to mailin-03.mx.aol.com.:
> >>> QUIT
I've been a happy CI Host customer for almost two years. My domain gets very little traffic, but the few times I've had to call for support, they've been quick and very helpful.
> ERROR
> KERNEL PANIC
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
There are several separable issues here.
The first thing to notice is that our only information on this dispute comes from a press release put out by CI-host. I find it somewhat surprising to see it alleged that AOL is in contempt of court. On the other hand one wonders how a judgement from a Texas court affects AOL off in Loudoun county VA. I suspect the AOL/Time lawyers may have a different opinion.
Another thing missing from the report is any mention of the reply filled by AOL? Was AOL even aware of the hearing? In most cases a court order does not have immediate effect, thus allowing the defendant to file an appeal. It seems unlikely that a court would issue an order with immediate effect given that AOL has had considerable success in preventing spammers gaining orders of this type in the past.
Another suspicious factor is the rapid escalation to littigation. A legitimate ISP would be unlikely to sue until it was clear that AOL was not going to be reasonable - unless of course they knew AOL was being reasonable.
At this point it is reasonably settled law that an ISP cannot be forced to accept email from an address that it does not want to service. The defamation claims might work against a third party such as a blacklist but it is hard to see how a company can be prohibited from acting on its own assesment of CI's behavior.
The other thing that is odd here is that Sudereth is a recent President of the American Judges Association. You would not expect a judge in that situation to be making whacky judgements which suggests strongly that there is something here that we are not being told in the CI PR puff. It is very rare for a court to order an injunction with immediate effect unless the damage done is irreversible. In this case the effect is very obviously only money.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Recently, one of our mail servers got listed with a major spam list with a major time lag. It was allowing open relay (but was never used for nefarious purposes) 6 months ago, and this was resolved 3 months ago.
As a result, all of the mail that was sent to paying Road Runner customers was bounced back, this was mail that was requested, and mail they had just paid to receive. I attempted to forward from my ISP, but lo and behold, my personal ISP (different country than our corporate mail servers) had also been blocked by Road Runner.
I attempted to email Road Runner to get more information, but got standard auto-responders that didnt answer my question.
I ended up mailing the paying customers via my webmail account on my personal domain.
We lost about six accounts to refunds over non-recipt of information, since it took us a week to figgure out what was going on (mails are sent from an unmonitored account).
Also:
Most non-technical users don't know how to properly manage opt-in spam blockers (the ones with auto responders pointint you to websites where you can fill out all your personal information, your mothers maiden name, and perhaps the person might deem it acceptable to let your mail in). They sign up for things, dont add the posted address to their list, the mail gets blocked, so they email us complaining, not bothering to add the email address they just messaged to the allowable list. With the current virii going around, spoofing return headers, I just dont have the time to wade through all the mailer daemon/postmaster/spamblocker/virus blocker emails comming in.
ISP Level Spam blockers MUST:
paul reinheimer
You're citing an out-of-date RFC. 821 was superseded by RFC 2821, which makes it clear that 554 is a valid connection-opening response, to indicate that mail service is not available. (Indeed, 2821 spells out two codes for use at connection establishment -- 220 to accept, or 554 to reject access.) AOL is correctly using 554 to indicate that it will not provide mail service to your IP address.
A 4xx code would be improper in this case. 4xx codes indicate temporary failures. They mean that the client should queue its messages and retry them later, rather than returning a bounce message to the sender. That's not what is intended here -- the server doesn't want you to retry, it wants you to not try. A 5xx error code is correct.
One of our TD guys posted the following:
We just finished a conversation with staff from AOL's postmaster team. We have an agreement, but it may or may not be satisfactory to users.
First, let me say what they are doing. They have a button on their mail software that lets users report email as spam. They check to see the host
from which AOL got the mail, i.e. the previous hop. In principle, if they get a significant number of complaints for any given host, they refuse to accept mail from it. In practice, there is sometimes human review, although they don't guarantee to do that. In practice, they will often alert abuse@rutgers.edu before cutting off mail, although they don't promise to do that either. They will, however, allow us to give them a list of our major MTA's, and exempt that list. What we believe they will do reliably is notify us after the fact when they have cut an IP address off. We will dispatch those reports to the liaison.
They should have most of the major MTA's by now. However we don't have a complete list of all MTA's on campus, so it is certainly possible that in
the future some might be cut off. If that happens, we will find out about it after the fact. In some cases, the abuse staff may recognize it as an
MTA, and ask them to add it to the list. However we won't always know the way departments use systems, and thus cases might occur where we would have to depend upon responses from the system administrator.
Note that in principle they could remove systems that send announcements to the user community, if users report the messages from the President or
other official email as spam. They regard the customers as right, and accept their definition of spam. In practice, that system will be on the
list of MTA's. For the moment they look OK.
There are some systems that were on earlier lists that we have been unable to understand. In one case we verified that they had no forwarding entries pointing to AOL. The system itself is not an open relay, and being Solaris, would not have been contaminated by Sobig. In the discussion today, it didn't seem possible to develop an understanding of what had led to these systems being considered problematical. However those systems are MTA's, and should not be cut off in the future.
They have offered to send us all email from any Rutgers host that users report as spam, so we can review it and try to forestall any problems.
Since this is in the thousands per day during periods when problems are occuring, we are not currently taking them up on this. In the opinion of our staff, if AOL can't afford the staff time to do intelligent review of their own users' reports, we can't do that job for them.
In this situation, I recommend that no system administrator use AOL for email, since we need to make sure we can contact sysadmins no matter what
decisions AOL might have made. Other uses with critical need for mail connectivity might want to do the same. Also, it might be useful for users
to understand that they should be careful about reporting as spam mail that comes through Rutgers.
-- Is "Sig" copyrighted by www.sig.com?
Today's Monday. Is Monday a 1 or a 0?
Monday is definately a zero.
Historically, AOL has viewed itself as an entertainment company. The AOL muckity mucks cared about the big business deals, the marketing drive that will change the world, etc. The media mogul in Barton Fink is an example of the style of executive that ran the show during the height of the dot.com bubble.
But AOL Email Operations was just another overworked technical dept. The email application didn't bring in any revenue directly. Also, it was an overhead application that couldn't be cleanly assigned into one of the Balkanized divisions at AOL. For years, it had little marketing and little development effort applied to it. Buying Netscape for $4 billion dollars got lots of attention, upgrading the pre-internet AOL email infrastructure didn't.
The top level AOL exec's heard about spam complaints, but they heard lots of complaints about lots of things. Nothing was catching on fire and exploding in email so they assumed it must not have been that bad.
Another reason why AOL business exec's tended to ignore the techies. Keep in mind that hardcore techies had spent years vehemently ragging on AOL. Inspite of that, AOL became a major business success (well, at least for a few years). So whenever an internet purist gave a lecture on how things were supposed to be done, it triggered a gut level hostile response with many exec's at AOL.
So the result of all of this is, for the past several years, there were only background projects for fighting spam (and handling ISP complaints). Current problems are a result of that legacy.
But I think things might be changing. Remember AOL tried to takeover Time Warner? Well Time Warner has essentially staged a reverse coup and kicked out all the "deal junkies" at AOL. I think the Time Warner folks are pushing a much more back to basics approach for business deals, financial accounting, and for the AOL online service.
The upcoming AOL 9.0 release is supposed to be a lot better at spam fighting (although I haven't tried it much yet).
I hope that the new exec's really are making spam fighting a strategic priority (which I think they might be). If so, you should see real results in a year or two. Including, hopefully, a lot less false positives for spam (where positive really means negative delivery of mail, whatever) and much higher levels of support for email delivery complaints.
Ben in DC
"It's the mark of an educated mind to be moved by statistics" Oscar Wilde
My mom, using Earthlink, has been unable for 4 days to email her business partner. Which is wasting her time. Preventing her from getting work done.
The thing to realize here is that, while punishing an ISP may or may not be a good thing, harming *tens of thousands* of innocent users of that ISP (and Earthlink is a good one, IMHO) is incredibly irresponsible.
The bounce email said basically "Go whine to your ISP" which was, frankly, insulting. Never having been a fan of AOL, I'm not really surprised by this, but I can tell you it's caused her business partner to drop his account damn quick. Hope other AOL customers are doing the same.
Email is critical infrastructure. It's a public communication medium just like telephone lines are. How would you like it if all Bell South customers couldn't call you because your regional Baby Bell didn't like dealing with all the telemarketing coming in from Atlanta?
At a certain point, services become too valuable to play this kind of game with. I think email has passed that threshhold long ago.
Looking for a Rails developer in Chapel Hill?
I expect the two litigants will need to sort out the issue of who own's AOL's network? and that depending on the outcome, things could change direction radically.
There seem to be a lot of people on /. (and on the Internet in general) who are opposed to SPAM and ready to support any cause which makes it more difficult for SPAMMers to operate. As such, they applaud AOL's efforts to keep undesirable content out of it's network.
But there also seem to be a lot of people on /. (and on the Internet in general) who support Free Speech, and are appalled when a single company (like AOL) uses the network of computers it owns to build a "gated community"; an Internet where you or I must pay to play.
These two positions are incompatible as currently conceived. Anyone who agrees with both of the above needs to do some soul searching.
If we acknowledge the right of AOL to control how it uses it's own network, then we can applaud when AOL blocks SPAM, but we cannot complain when they start blocking mailing lists, or shutting down p2p sharing, or refusing to allow their subscribers VOIP capability, or block access to web sites. We may eventually find that the only sites with any reasonable connectivity are the ones which can only be accessed through AOL.
Alternately, we could decide that AOL's network services are a type of Common Carrier network, like the airlines and the telephone system. This would mean that AOL could not prevent an AOL customer from subscribing to mailing lists, visiting web sites, or setting up their own web server. But it would also mean that SPAMMers would be guaranted a equal access to your inbox, and your neighbors worm-pool box cannot be legally blocked, so long as the worm abides by the Common Carriage rules.
The thing about things we don't know is we often don't know we don't know them.