Slashdot Mirror
AOL Sued For Over-Zealous Blocking
mik writes "America Online
has been sued by CI Host,
a Texas-based hosting company for defamation, interference with
contractual rights and unfair competition. CI Host
has been
awarded a temporary restraining order, though AOL has apparently not complied.
This may be the first such in a series of suits leading up to, perhaps, to class-action status relating to AOL's recent zealotry in
anti-spam policy
resulting in the presumption that shared-hosting providers are guilty (of spamming)
unless proven innocent."
Now we just need to put together some kind of class action suit for them spamming my regular mailbox with those damn CDs
I manage the web and email account for the church I attend. The pastor has an aol account, so his e-mail from our server simply redirects to his aol account. Just last week, I found that we had been put on aol's blocklist for some reason - all e-mails being redirected through the server to aol were being blocked for 2 weeks by aol. Blocking messages like this results in missed personal communication. This could possibly result in lawsuits from consumers themselves.
And I'm going to enjoy watching.
CI Host is a lousy company. I had nothing but trouble with them when I was hosting there. They continued to charge me after I cancelled my account, they refused to issue refunds in a timely manner. I very nearly took them to court over it. CI Host has spammers as customers. I told them about a few that were causing problems for me, and they never did anything about them. Doesnt' surprise me, because their customer support is poor, bordering on non-existant.
AOL is going to turn around and clean them out in court, and I'm going to thoroughly enjoy it. All they have to do is point to a few CI Host customers that spam, and that CI Host has been notified of several times, and it will either be a wash (in which case, AOL wins because they can stand the legal fees better than CI Host), or AOL will be able to counter-sue without a problem and make CI Host feel the hurt. Either way, I say yay AOL, which is something that I don't often say.
-Todd
"The details of my life are quite inconsequential..."
At least AOL can defend itself
I had the misfortune of having a dedicated server with them for 2 long years. The machine would lock up frequently, and i'd have to make a 30min call from Australia to the US to listen to their on hold crap so i could talk to a tech and then try and convince him to hit the big red button.
CI Host has a huge marketing and sales department and tiny tech support division. Dont you dare, ever, believe a word of their marketing crap. They suck. Pure and simple. They've cost me thousands because of the clients i've lost because of their incompetence. Some of the people are nice enough but they simply dont have the technical skills of other places.
I'm now with rackspace.com and they kick arse!
wait a sec, I thought we hated AOL on even numbered days.
Too many zeros, not enough ones
Seriously. I realize AOL has the deep pockets, but the spammers are the cause of AOL's blocking email from the domain. The spammers, not AOL, are responsible for any monetary damages the plaintiff here suffers. Public policy dictates that AOL should be immune and the spammers who spammed from that address should be liable. Does everyone have the right to send email to AOL addresses? I would say no, although AOL should have to say "hey, when you have an account with us there are people who will be unable to email you."
Stupid people make stupid things profitable.
Don't be to quick to defend them.
0 27 3.html is another link.
http://www.forumhosts.com/cihost.htm for a taste of what these guys are like.
http://www.stevemaas.com/selbstbild/archives/00
Let's hope to god the EFF's and Timothy don't fall for their lawsuit stuff.
More of AOL's anti-spam zealotry is a good thing (I speak as someone who has had something like 10,000 emails blocked by them in the past few weeks).
Been with CI Host for awhile, pretty good network, really like the price too.
Also, AOL/RR is blocking email from my office (Sprint SHDSL, fiber optic DSL, faster than T1, business only stuff in case you weren't aware). Ever since I got the first bounced message AOL has been #1 on my shit list.
Bravo, CI Host, Bravo.
Being as I at one time worked in the abuse capacity for a ISP. Although AOL may have over zealous policies as of late they do have a postmaster number which they could call and have the validity of the block checked. I had done this in the past and had resolution in ~24hours.
Am I the only one that finds this ironic? It's not okay for AOL to filter spam, but it's okay for us to. Uh huh.
Just do a quick /. search to see what people think of ci host. I was a ci host customer back in 99/2000 when their whole accounting database was open to the internet, customer information and credit card numbers. There were $5000 of fraudulent charges on my check card around the turn of millenium from my information being readily available to any idiot with a web browser. The bank took care of everything but it was a pain the in ass.
C I Host, one of the world leaders in Web hosting and Internet solutions, was awarded a temporary restraining order against America Online
I can't be the only one that finds the concept of an online restraining order more than a little amusing.
The coolest voice ever.
> So what do you call getting numerous AOL installation CDs?
Untargeted marketing.
The unofficial
Consider if you have an AOL client who has a site on your hosting server. They forward their site mail to their AOL account. Their site account gets spam. What happens? Well, the spam gets forwarded, the clueless AOLer reports it as SPAM, and AOL's system sees your hosting server as a spam source. There is nothing you can do to protect your hosting server. Nothing.
This really happens. If you call AOL, they basically say it isn't their problem. If an AOL client thinks a mailing list email they signed up for is spam, then AOL thinks it is spam. They tell you to setup a feedback loop where they send spam reports, but you have no way to respond to AOL. You just get flooded with tons of reports by clueless AOL users with no way to tell AOL, "Hey, this isn't SPAM!"
Only on two occasions where a client had an exploited formmail script did the AOL system work as it should (i.e. spam was reported, we saw the report and found the problem). Every other day of the week, it is a massive time-sink that you get nothing out of.
AOL wanted to make up for sucking on the SPAM front. So they become complete asses and made the job that much harder for the rest of us. Bravo!
I hope the class-action suit makes them stop. I don't expect anyone will see any money, but at least AOL will be held accountable for being such idiots.
"Doubt your doubts and believe your beliefs." -- Switchfoot, Ode to Chin
AOL are a bit zealos with their blocking. Worse there is no apparent (from what we could see) removal process or information on *why* you were blocked.
/19.... we can play this game for a while.
I maintain a few mail server that a number of customers of ours use to send out mail. We have a non-spam TOS and we check up on our customers. We got blocked. We went on to complain to a mass of different addresses. We got a two replys a few days later, the most notable was one from an address that didn't exsist (at aol.com) scolding us for not providing information that we had actually provided in our barrage. The other was just as worthless (telling us to read the usless help) though a reply to it didn't bounce.
Then as mysteriously as we went on the RBL we came off it again. To this day we are still cluless as to how we got on this RBL or how we got off it.
Worse though is Excite. There RBL is entirly hidden. No URLs, no help, no reasons, no nothing. We have had NO reply to our barrage of mails after a week and a bit. We even opened an account and complained as a customer. So we have taken to re-assigning our SMTP sender's IP address. I'm sure they will block that too, but we have a
Maybe I should see if we can sue Excite....
>
I am on a small ip block, with losers that catch the latest winshit worm and start spamming every few weeks.
Because of this, AOL has blocked my mailserver despite 7 requests to whitelist it (3 from myself, 4 from AOL victims^H^H^H^H^H^H^Hconsumers). It gets whitelisted for a few days, then group punishment kicks in and it's blacklisted again.
I have never spammed, I never intend to spam. Getting accused of sending half a billion unrequested emails in half an hour from a upstream as small as mine is both hilarious and insulting.
Fighting spam is one thing, blanket bombing to prevent spam is quite another. If anyone at the evil empire's apprentice is reading, "Hope you're glad that my dad left you because of your stunts. See you in court."
You can't judge a book by the way it wears its hair.
From: State District Judge Bonnie Sudder jbsudder@state.texas.us
To: legal@aol.com; abuse@aol.com
Subject: AOL, Save Thousands in Under One Minute! Quickest Quote!
Dear AOL,
This is your chance to opt-out of a completely unique program! You May Be Closer (Maybe Hours Away) To Financial Punishments than you think...
* 100% Safe To Take, With Abosultely No Side Effects
* Totally confidential, no one needs to know!
Among other petty annoyances, AOL is incorrectly refusing connections from blacklisted hosts, as follows:
According to RFC 821 (sections 4.3 and 4.2.2), the server can respond to new connections in with a 220 ("let's dance") or a 421 ("go away, I have a headache") response. Not a 554 ("you're lousy in bed") code. Among other things, the manner in which they reject mail from residential IPs causes it to languish in the queue, rather than bouncing as it should if they intend to permanently refuse delivery.
I'm sure they do this intentionally so that it will look like your mail server is at fault ("sorry, couldn't get through") rather than theirs ("buzz off, I don't like your IP address").
I work for an ISP (holding the name for obvious reasons). We recently had a customer abuse our AUP by sending 3,000+ unsolicited emails with attachments to AOL customers in just one week (total emails reached ~18,000). AOL in turn blocked any and every email with attachments from our domain indefinitely. Our legal team is now trying to resolve this issue with them. Even though emails without attachments go through fine, it has become a huge inconvience for many our customers. I don't understand why they did not block the specific account only instead of our domain. The following is the rejection notice we receive when sending emails with attachments to *@aol.com: > ----- The following addresses had permanent fatal errors ----- > > > ----- Transcript of session follows ----- > ... while talking to mailin-02.mx.aol.com.:
> ... while talking to mailin-03.mx.aol.com.:
> >>> QUIT
There are substantial disadvantages to a client-side filtering only spam defense as opposed to a server-side blocking only defense. It is, of course, fully possible to use both; I merely wish to point out some factors you may not have considered.
For the definitions of "filtering" and "blocking", please see this Wikipedia article. Roughly, DNSBLs and Sendmail's milter feature are blocking tools -- they take effect during the SMTP transaction. Client-side tools are filtering tools -- they take effect when you check your mail.
Consider:
However, as I mentioned above, it is possible to combine blocking and filtering in useful ways. A mixed strategy is what I prefer for my own site: we use a number of blocking strategies (such as DNSBLs and regular-expression patterns matching common spam elements), but we also use SpamAssassin and encourage users to filter with its scores or other criteria.
There are several separable issues here.
The first thing to notice is that our only information on this dispute comes from a press release put out by CI-host. I find it somewhat surprising to see it alleged that AOL is in contempt of court. On the other hand one wonders how a judgement from a Texas court affects AOL off in Loudoun county VA. I suspect the AOL/Time lawyers may have a different opinion.
Another thing missing from the report is any mention of the reply filled by AOL? Was AOL even aware of the hearing? In most cases a court order does not have immediate effect, thus allowing the defendant to file an appeal. It seems unlikely that a court would issue an order with immediate effect given that AOL has had considerable success in preventing spammers gaining orders of this type in the past.
Another suspicious factor is the rapid escalation to littigation. A legitimate ISP would be unlikely to sue until it was clear that AOL was not going to be reasonable - unless of course they knew AOL was being reasonable.
At this point it is reasonably settled law that an ISP cannot be forced to accept email from an address that it does not want to service. The defamation claims might work against a third party such as a blacklist but it is hard to see how a company can be prohibited from acting on its own assesment of CI's behavior.
The other thing that is odd here is that Sudereth is a recent President of the American Judges Association. You would not expect a judge in that situation to be making whacky judgements which suggests strongly that there is something here that we are not being told in the CI PR puff. It is very rare for a court to order an injunction with immediate effect unless the damage done is irreversible. In this case the effect is very obviously only money.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Recently, one of our mail servers got listed with a major spam list with a major time lag. It was allowing open relay (but was never used for nefarious purposes) 6 months ago, and this was resolved 3 months ago.
As a result, all of the mail that was sent to paying Road Runner customers was bounced back, this was mail that was requested, and mail they had just paid to receive. I attempted to forward from my ISP, but lo and behold, my personal ISP (different country than our corporate mail servers) had also been blocked by Road Runner.
I attempted to email Road Runner to get more information, but got standard auto-responders that didnt answer my question.
I ended up mailing the paying customers via my webmail account on my personal domain.
We lost about six accounts to refunds over non-recipt of information, since it took us a week to figgure out what was going on (mails are sent from an unmonitored account).
Also:
Most non-technical users don't know how to properly manage opt-in spam blockers (the ones with auto responders pointint you to websites where you can fill out all your personal information, your mothers maiden name, and perhaps the person might deem it acceptable to let your mail in). They sign up for things, dont add the posted address to their list, the mail gets blocked, so they email us complaining, not bothering to add the email address they just messaged to the allowable list. With the current virii going around, spoofing return headers, I just dont have the time to wade through all the mailer daemon/postmaster/spamblocker/virus blocker emails comming in.
ISP Level Spam blockers MUST:
paul reinheimer
You're citing an out-of-date RFC. 821 was superseded by RFC 2821, which makes it clear that 554 is a valid connection-opening response, to indicate that mail service is not available. (Indeed, 2821 spells out two codes for use at connection establishment -- 220 to accept, or 554 to reject access.) AOL is correctly using 554 to indicate that it will not provide mail service to your IP address.
A 4xx code would be improper in this case. 4xx codes indicate temporary failures. They mean that the client should queue its messages and retry them later, rather than returning a bounce message to the sender. That's not what is intended here -- the server doesn't want you to retry, it wants you to not try. A 5xx error code is correct.
One of our TD guys posted the following:
We just finished a conversation with staff from AOL's postmaster team. We have an agreement, but it may or may not be satisfactory to users.
First, let me say what they are doing. They have a button on their mail software that lets users report email as spam. They check to see the host
from which AOL got the mail, i.e. the previous hop. In principle, if they get a significant number of complaints for any given host, they refuse to accept mail from it. In practice, there is sometimes human review, although they don't guarantee to do that. In practice, they will often alert abuse@rutgers.edu before cutting off mail, although they don't promise to do that either. They will, however, allow us to give them a list of our major MTA's, and exempt that list. What we believe they will do reliably is notify us after the fact when they have cut an IP address off. We will dispatch those reports to the liaison.
They should have most of the major MTA's by now. However we don't have a complete list of all MTA's on campus, so it is certainly possible that in
the future some might be cut off. If that happens, we will find out about it after the fact. In some cases, the abuse staff may recognize it as an
MTA, and ask them to add it to the list. However we won't always know the way departments use systems, and thus cases might occur where we would have to depend upon responses from the system administrator.
Note that in principle they could remove systems that send announcements to the user community, if users report the messages from the President or
other official email as spam. They regard the customers as right, and accept their definition of spam. In practice, that system will be on the
list of MTA's. For the moment they look OK.
There are some systems that were on earlier lists that we have been unable to understand. In one case we verified that they had no forwarding entries pointing to AOL. The system itself is not an open relay, and being Solaris, would not have been contaminated by Sobig. In the discussion today, it didn't seem possible to develop an understanding of what had led to these systems being considered problematical. However those systems are MTA's, and should not be cut off in the future.
They have offered to send us all email from any Rutgers host that users report as spam, so we can review it and try to forestall any problems.
Since this is in the thousands per day during periods when problems are occuring, we are not currently taking them up on this. In the opinion of our staff, if AOL can't afford the staff time to do intelligent review of their own users' reports, we can't do that job for them.
In this situation, I recommend that no system administrator use AOL for email, since we need to make sure we can contact sysadmins no matter what
decisions AOL might have made. Other uses with critical need for mail connectivity might want to do the same. Also, it might be useful for users
to understand that they should be careful about reporting as spam mail that comes through Rutgers.
-- Is "Sig" copyrighted by www.sig.com?
My mom, using Earthlink, has been unable for 4 days to email her business partner. Which is wasting her time. Preventing her from getting work done.
The thing to realize here is that, while punishing an ISP may or may not be a good thing, harming *tens of thousands* of innocent users of that ISP (and Earthlink is a good one, IMHO) is incredibly irresponsible.
The bounce email said basically "Go whine to your ISP" which was, frankly, insulting. Never having been a fan of AOL, I'm not really surprised by this, but I can tell you it's caused her business partner to drop his account damn quick. Hope other AOL customers are doing the same.
Email is critical infrastructure. It's a public communication medium just like telephone lines are. How would you like it if all Bell South customers couldn't call you because your regional Baby Bell didn't like dealing with all the telemarketing coming in from Atlanta?
At a certain point, services become too valuable to play this kind of game with. I think email has passed that threshhold long ago.
Looking for a Rails developer in Chapel Hill?