AOL Sued For Over-Zealous Blocking

mik writes "America Online has been sued by CI Host, a Texas-based hosting company for defamation, interference with contractual rights and unfair competition. CI Host has been awarded a temporary restraining order, though AOL has apparently not complied. This may be the first such in a series of suits leading up to, perhaps, to class-action status relating to AOL's recent zealotry in anti-spam policy resulting in the presumption that shared-hosting providers are guilty (of spamming) unless proven innocent."

Bout Damn Time

[Sklein382]

Now we just need to put together some kind of class action suit for them spamming my regular mailbox with those damn CDs

Mail server

I manage the web and email account for the church I attend. The pastor has an aol account, so his e-mail from our server simply redirects to his aol account. Just last week, I found that we had been put on aol's blocklist for some reason - all e-mails being redirected through the server to aol were being blocked for 2 weeks by aol. Blocking messages like this results in missed personal communication. This could possibly result in lawsuits from consumers themselves.

CI Host does indeed suck

[SkoZombie]

I had the misfortune of having a dedicated server with them for 2 long years. The machine would lock up frequently, and i'd have to make a 30min call from Australia to the US to listen to their on hold crap so i could talk to a tech and then try and convince him to hit the big red button.

CI Host has a huge marketing and sales department and tiny tech support division. Dont you dare, ever, believe a word of their marketing crap. They suck. Pure and simple. They've cost me thousands because of the clients i've lost because of their incompetence. Some of the people are nice enough but they simply dont have the technical skills of other places.

I'm now with rackspace.com and they kick arse!

Re:Anti-spam zealotry is a good thing

[Rellik66]

wait a sec, I thought we hated AOL on even numbered days.

They should sue the spammers for $ damages

[kaltkalt]

Seriously. I realize AOL has the deep pockets, but the spammers are the cause of AOL's blocking email from the domain. The spammers, not AOL, are responsible for any monetary damages the plaintiff here suffers. Public policy dictates that AOL should be immune and the spammers who spammed from that address should be liable. Does everyone have the right to send email to AOL addresses? I would say no, although AOL should have to say "hey, when you have an account with us there are people who will be unable to email you."

I'm now definitely a proud customer....

[heXXXen]

Been with CI Host for awhile, pretty good network, really like the price too.

Also, AOL/RR is blocking email from my office (Sprint SHDSL, fiber optic DSL, faster than T1, business only stuff in case you weren't aware). Ever since I got the first bounced message AOL has been #1 on my shit list.

Bravo, CI Host, Bravo.

ci host == bad isp

[asv108]

Just do a quick /. search to see what people think of ci host. I was a ci host customer back in 99/2000 when their whole accounting database was open to the internet, customer information and credit card numbers. There were $5000 of fraudulent charges on my check card around the turn of millenium from my information being readily available to any idiot with a web browser. The bank took care of everything but it was a pain the in ass.

Re:Anti-spam zealotry is a good thing

AOL are a bit zealos with their blocking. Worse there is no apparent (from what we could see) removal process or information on *why* you were blocked.

I maintain a few mail server that a number of customers of ours use to send out mail. We have a non-spam TOS and we check up on our customers. We got blocked. We went on to complain to a mass of different addresses. We got a two replys a few days later, the most notable was one from an address that didn't exsist (at aol.com) scolding us for not providing information that we had actually provided in our barrage. The other was just as worthless (telling us to read the usless help) though a reply to it didn't bounce.
Then as mysteriously as we went on the RBL we came off it again. To this day we are still cluless as to how we got on this RBL or how we got off it.

Worse though is Excite. There RBL is entirly hidden. No URLs, no help, no reasons, no nothing. We have had NO reply to our barrage of mails after a week and a bit. We even opened an account and complained as a customer. So we have taken to re-assigning our SMTP sender's IP address. I'm sure they will block that too, but we have a /19.... we can play this game for a while.
Maybe I should see if we can sue Excite....

>

am I your enemy?

[SHEENmaster]

I am on a small ip block, with losers that catch the latest winshit worm and start spamming every few weeks.

Because of this, AOL has blocked my mailserver despite 7 requests to whitelist it (3 from myself, 4 from AOL victims^H^H^H^H^H^H^Hconsumers). It gets whitelisted for a few days, then group punishment kicks in and it's blacklisted again.

I have never spammed, I never intend to spam. Getting accused of sending half a billion unrequested emails in half an hour from a upstream as small as mine is both hilarious and insulting.

Fighting spam is one thing, blanket bombing to prevent spam is quite another. If anyone at the evil empire's apprentice is reading, "Hope you're glad that my dad left you because of your stunts. See you in court."

AOL mail filtering to the extreme

[japorms]

I work for an ISP (holding the name for obvious reasons). We recently had a customer abuse our AUP by sending 3,000+ unsolicited emails with attachments to AOL customers in just one week (total emails reached ~18,000). AOL in turn blocked any and every email with attachments from our domain indefinitely. Our legal team is now trying to resolve this issue with them. Even though emails without attachments go through fine, it has become a huge inconvience for many our customers. I don't understand why they did not block the specific account only instead of our domain. The following is the rejection notice we receive when sending emails with attachments to *@aol.com: > ----- The following addresses had permanent fatal errors ----- > > > ----- Transcript of session follows ----- > ... while talking to mailin-02.mx.aol.com.: > ... while talking to mailin-03.mx.aol.com.: > >>> QUIT

Re:AOL mail filtering to the extreme

[RipCurl808]

Its their servers and if you still kept the person on your server ( as a customer ) after the the first day of the abuse ( says you took 1 week to notice; that's far too long to notice an abuse ). Did you not read your Abuse@ when the first spam message was reported? Why'd it take you so long to act?

A spam run doesn't just happen for a week long without going unnoticed. Your server logs would have shown the unusual amt of traffic being sent from your space.

Just playing devi's advocate. Again, AOL can run their servers as they like. Dont like it? Set up a smart-host so you can send attachment from that ip unti lits resolved.

Oh and is that customer still with you? The one that spammed? Why not collect damage fees from them?

Re:Any filtering is too much

[Frater+219]

I'd rather spam filtering be left to myself. Any decent e-mail client has the capability for filtering, and by doing that way, I have control over what gets thrown out and what doesn't.

There are substantial disadvantages to a client-side filtering only spam defense as opposed to a server-side blocking only defense. It is, of course, fully possible to use both; I merely wish to point out some factors you may not have considered.

For the definitions of "filtering" and "blocking", please see this Wikipedia article. Roughly, DNSBLs and Sendmail's milter feature are blocking tools -- they take effect during the SMTP transaction. Client-side tools are filtering tools -- they take effect when you check your mail.

Consider:

• Client-side filtering destroys false positives rather than bouncing them. Any spam defense can have false positives, in which non-spam email is incorrectly classed as spam. When a mail server doing blocking experiences a false positive, it returns an SMTP error to the sending system. Ultimately, the human sender sees a bounce message, which indicates that their message did not make it to the intended recipient. The sender can then attempt to get around the block (by sending from another site) or can try to contact the recipient by other means. However, when a client-side filter has a false positive, the mail is either deleted or filed in a rarely-seen "spam folder". The sender gets no notification that it will not be seen (or not seen promptly). Since false positives do happen, it is better that they not happen silently!
• Client-side filtering isolates and hides useful information. A mail site, particularly a large one such as AOL, is in a position to gather a great deal of information about spam sources and patterns. Users complain about receiving spam. If a site can cause these complaints to be expressed in a useful way (such as sending full headers to an abuse address) rather than a useless one (such as cussing out the helpdesk), the site can aggregate a huge amount of information about spam offenders, which can be used to the whole site's spam defenses (or to mount litigation or prosecution of spam offenders). In contrast, your client-side filtering is informed chiefly by your own experience, and has no access to the experience of the other bazillion people on your ISP or mail site.
• Client-side filtering doesn't alleviate large mail sites' resource problems. A site such as AOL dedicates significant amounts of disk space, backup capacity, and network bandwidth to email. Since over half of AOL's incoming email is spam, if AOL did no blocking then it would probably spend over twice as much money on these resources than it would on a spamless Internet. In client-side filtering, mail must be delivered to the user's mailbox on disk, and the user must then check his mail, before any spam is removed from disk. If that spam were blocked at SMTP time, however, it would never have occupied AOL's disk and never consumed those resources.

However, as I mentioned above, it is possible to combine blocking and filtering in useful ways. A mixed strategy is what I prefer for my own site: we use a number of blocking strategies (such as DNSBLs and regular-expression patterns matching common spam elements), but we also use SpamAssassin and encourage users to filter with its scores or other criteria.

Re:Anti-spam zealotry is a good thing

[Zeinfeld]

AOL are a bit zealos with their blocking. Worse there is no apparent (from what we could see) removal process or information on *why* you were blocked.

There are several separable issues here.

The first thing to notice is that our only information on this dispute comes from a press release put out by CI-host. I find it somewhat surprising to see it alleged that AOL is in contempt of court. On the other hand one wonders how a judgement from a Texas court affects AOL off in Loudoun county VA. I suspect the AOL/Time lawyers may have a different opinion.

Another thing missing from the report is any mention of the reply filled by AOL? Was AOL even aware of the hearing? In most cases a court order does not have immediate effect, thus allowing the defendant to file an appeal. It seems unlikely that a court would issue an order with immediate effect given that AOL has had considerable success in preventing spammers gaining orders of this type in the past.

Another suspicious factor is the rapid escalation to littigation. A legitimate ISP would be unlikely to sue until it was clear that AOL was not going to be reasonable - unless of course they knew AOL was being reasonable.

At this point it is reasonably settled law that an ISP cannot be forced to accept email from an address that it does not want to service. The defamation claims might work against a third party such as a blacklist but it is hard to see how a company can be prohibited from acting on its own assesment of CI's behavior.

The other thing that is odd here is that Sudereth is a recent President of the American Judges Association. You would not expect a judge in that situation to be making whacky judgements which suggests strongly that there is something here that we are not being told in the CI PR puff. It is very rare for a court to order an injunction with immediate effect unless the damage done is irreversible. In this case the effect is very obviously only money.

Re:Anti-spam zealotry is a good thing

[PktLoss]

I don't know, I am tired of over zealous spam lists, network admins, strange anti-spam mechanisms.

Recently, one of our mail servers got listed with a major spam list with a major time lag. It was allowing open relay (but was never used for nefarious purposes) 6 months ago, and this was resolved 3 months ago.

As a result, all of the mail that was sent to paying Road Runner customers was bounced back, this was mail that was requested, and mail they had just paid to receive. I attempted to forward from my ISP, but lo and behold, my personal ISP (different country than our corporate mail servers) had also been blocked by Road Runner.

I attempted to email Road Runner to get more information, but got standard auto-responders that didnt answer my question.

I ended up mailing the paying customers via my webmail account on my personal domain.

We lost about six accounts to refunds over non-recipt of information, since it took us a week to figgure out what was going on (mails are sent from an unmonitored account).

Also:
Most non-technical users don't know how to properly manage opt-in spam blockers (the ones with auto responders pointint you to websites where you can fill out all your personal information, your mothers maiden name, and perhaps the person might deem it acceptable to let your mail in). They sign up for things, dont add the posted address to their list, the mail gets blocked, so they email us complaining, not bothering to add the email address they just messaged to the allowable list. With the current virii going around, spoofing return headers, I just dont have the time to wade through all the mailer daemon/postmaster/spamblocker/virus blocker emails comming in.

ISP Level Spam blockers MUST:

• Allow users to turn them on/off
  
• Allow users to view blocked mail
  
• Provide external groups with EXACT information on why a message was blocked, rather than pawning off responsibility to some Not-For-Profit.
  
• Respond to queries from external groups within 1 business day, either with removal from lists, or more detailed information
  
• Upon removal from a blocked list, spam cached within the past week from affected senders should be forwarded with an attached apology header.