Slashdot Mirror
You've Got Spam: AOL Blocks 1/2 Trillion Spam
yohaas writes "Yahoo! News is reporting that AOL blocked more than 500 billion spam messages for its users in 2003. That comes to 40 messages a day per user. The company regularly blocks 75-80% of all incoming mail as spam! The article also lists the top 10 spam phrases for the year, including such come-ons as: 'Viagra online', 'Online pharmacy', 'Get out of debt' and 'Get bigger'."
They bounce back ALL mail to addresses that don't exist, and if some spammer users YOUR domain or YOUR email address, you get all the bounces. They also don't respond when you try to get them to stop. It's incredibly frustrating.
I'm not sure if it has to do with the new United States anti-spam law or not, but I have received the same amount of spam in 48 hours as I would have in 12 hours in 2003. About 45 emails.
Hey. I get a fair amount of spam, but I am not afraid. It is all filtered. You can see some recent ones at drpa.us/spam.html. Try to send me an email, and check if it gets through! You can also see a plot of my daily spam frequency for the last 400 days or so at drpa.us/spam0.jpg. Advice to all: start saving all your spam and good mail in separate folders. The more you save, the easier it is for a smart filter to automatically identify them. And many thanks to Paul Graham for teaching us all the Bayesian solution (we just need to listen).
I must ask this as well. I have had one of my email addresses stuck on newsgroups, forums, and websites for over 3 years now, so out there for all the little spam harversters. I average about 3-5 SPAMs a day. It is still annoying but I do not know how others get hundreds of SPAM a day.
Is there something others are doing with their email, or is the fact that the people who do get hundreds of SPAM or whatever amount it takes to be unproductive, just popular or is there something else they are doing?
Make me your friend. All my friends get +1 modifier and I need friends :)
Those people who get spammed a lot on aol probably go in chat rooms and since your aol screen name is your email address well I guess a spammer could make a program to collect the names in those chat rooms. Then later on spam you...
If too much spam starts coming from a particular IP block, AOL sends a nastygram to the ISP that owns the IP block, threatening to blacklist the IP block, or the entire ISP. If that happens, no customers of that ISP can send mail to @aol.com at all, so the ISP pretty much has to do their own policing, or risk causing major problems for all their other customers.
As much as I'd love for AOL to start kicking down spammers' doors, they can't exactly do that legally themselves.
Anybody attorneys want to comment on the feasibility of filing lawsuits on that kind of scale?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I go to purdue universtiy in lafayette and when I try to email anyone with an AOL address, I get a return message saying that @purdue.edu has been blocked for spam. Its easy to reach 500 billion when you block out entire organizations and probably count all the legit email as spam. Their is no way a universities email server was used for spam, if a student sent spam their is no way they would be caught. This suggests aol makes no complaints with providers and just blocks automatically. Very bad. Whats the point in blocking spam if you don't report it to the ISP so that the spammer can go down for it.
The post office places those CDs there because they make money off them if people sign up for service. If people take the bait...uh, I mean sign up for AOL, the USPS gets a fee.
So why the hell do they get to advertise in a public company for FREE?
Um, how did you get the idea AOL was getting to advertise "for FREE"? The United States Postal Service is being paid by AOL for every person who signs up with a disc distributed by the post office. In theory, it means that postal rates won't go up as often or as much.
I know that was a joke (and a decent one, at that), but I must point out that there's a significant difference between AOL paying their money to mail you a nigh-infinite quantity of CD's and some a-hole spammer making you and AOL both pay to process and read their Viagra spam.
And to give AOL a little credit, even they are making fun of all the CD's they mail out in their most recent TV ads.
Though it makes my head hurt to see Jerry Stiller and Snoop Dogg in a commercial together. That's just wrong on so many diffferent levels...
-- Josh Turiel
"2. Do not eat iPod Shuffle."
at spam filtering if not at anything else. You've got to try this crap to believe it.
"I'm thinking, ok, the Postal Service is supposed to be a government agency right?" Wrong. Its a business like Fedex or UPS.
No, the regulations are non-existent, and not just overseas, either. Regulations - in the sense of laws, that is - are nearly non-existent in the USA, Canada, and Europe as well. Spammers spam with near-impunity in all those places. The worst thing that can happen - unless they have the bad luck of being in a state that has a spam law with teeth and an attorney general to match - is they get their service disconnected. In a day or two or three, they've bought another connection somewhere else.
/21 bought from some other upstream, and after some digging it became obvious that this entire network provider was nothing but a front for providing bandwidth to spammers.
I used to work for a large, well-known hosting company whose name is taken from a book of the Bible. They didn't have to many spammers or pr0n sites in their space when things were booming, but now they're among the worst for hosting spammers.
There are network providers all over the country that are as bad or worse. I recently ran across one that had a
A lot of spam is sent through China by contract with network providers there, and through South Korea because it's the open proxy capitol of the world, and there is a very large and well organized spam ring operating in eastern Europe as well, and it seems soundly connected to US spammers. The spam business has gone international in a big way.
In none of those places, including the US and Canada, generally, is spam illegal, so it's never necessary to bribe any government official into looking the other way. It's just easier to pay off the ISP to look the other way in some countries, but again, that's pretty easy in a lot of places in North America too. When the economy goes down, pink contracts go up. Many companies and individuals will do just about anything to survive, and network providers are certainly no exception. For every one that will cut a spammer's connection as soon as they notice, there's another that will happily sell the spammer as much bandwidth and IP space as he wants. Then they pass that space on to some other unsuspecting customer, who finds that she can't send mail to a lot of places because that netblock is in every RBL - good, bad, or ugly - in the world.
As much as we rightly despise spammers, those who sheeld them and knowingly sell them bandwidth and colo space are just as bad.
You'd pay your upstream connections to approve you. The cost would cover verifying your ID at a court or escrow office, and doing a credit check, so people would know how to collect after winning a lawsuit if you violate the TOS for sending signed email. Since your assets would be on the line, you would take similar care verifying your downstream connections. Mailing lists would all move to web sites, where the only way to opt-in is set up your web browser to visit periodically (The way "opt-in" should be done.)
I think solutions like this likely do far more to Balkanize the Internet than to protect it.
That's the idea, to Balkanize internet connections to those mailservers most likely to properly police their outbound email. Legitimate users would all gradually move to one of these ISP's, leaving spammers 100% of SMTP bandwidth. Of course, then the major hubs will merely throttle SMTP connections to 0.001% of available bandwidth since there no longer would be any money in it.
Forget the spammers. Track down their clients, the ones paying for the ads.
Only if someone can figure out a way to weed out "Joe Jobs".
The only historically proven method to prevent a tragedy of the commons is via the use of weapons, and/or some mechanism which allows lawyers to make lots of money.
From my ~/.procmailrc :
* ^From:
That happened at my college a couple years ago when AOL started cracking down on open mail relays. They basically said, "You have an open relay, close it or you can't send e-mail to us" - so they closed the relay and we were let back through their filters. Basically what changed was that I could no longer use the college mail server to send my mail from home. Now you had to be on campus to use it to send mail. Which is really how it should be, since anyone around the world could have punched in the mail server name and sent any mail they wanted, hence the "open relay" I guess...
If I had to guess, something similar is happening over there. I'd recommend looking into it. It is very resolvable.
You can share the connection over a LAN and 7 people including one dial-up user can be on at the same time (although its not necessary for each client to log on through AOL), even if everyone isn't on the LAN. I've done this for people, ironically using Linux as a router. AOL broadband uses PPPoE as its protocol so pretty much anything can connect to it. It was no differnet then setting this up with anyother ISP.
Regards,
Steve
P.S. I'm not sure how ironic the Linux thing was, I guess it wasn't very ironic at all. What else would you use to make a router out of an old PC?
At San Jose State your port would be automatically shut down by the management software in a few minutes. Same thing would happen if you started pinging, port scanning, or were infected with a virus. You really have to have systems like this in place in a large university environment.
Tim Smith - Ramblings from Nerd Land
This google search gives a sample of falsely positive sites AOL has blocked with this "technology". My guess is, AOL doesn't want the email in the first place. Cutting out some legitimate email is not a concern. What possible downside is there for them? They can blame everything on the sender. Ultimately they gain because the most reliable way to send email to AOL customers (who are too naive to switch to some other ISP) is to be an AOL customer. False positives are good for AOL.
To anyone that gets caught by this, sure, go ahead and call up AOL and try to get your IP address off the list. In the meantime, change to a different outgoing IP address. They only block the single IP (which is probably the only thing saving them from a major backlash), and thus it's easy to get around. A telnet to the SMTP port from the server being blocked will immediately return with the RLY:B1 error. It's easy to test if it's happening, and just as easy to see when you've worked around it.
I can't imagine this system is blocking any spammers.
--Bill
As I state in many of my posts, I work for a medium-large size software company.
We have a website, and about 1 million customers (not sure how many active..) have accounts on our website to download updates, patches, etc.
When they forget a password, they choose can option to have their password sent to them.
They can also request technical support via e-mail.
The forms sent out for both of those are very similar and AOL appears to 'randomly' block many of these e-mails. Sometimes they'll go through, sometimes they won't. We can trace the e-mail to aol's server, watch it be accepted but never have the customer on the phone recieve it.
They're 'spam prevention' isn't as great as it could be, especially since we've contacted them and they've promised to 'look in to it'.
AOL blocks any mail that is routed direct to the Mail Exchanger (Or simply has the headers stripped to anonymize it's origin)
This excludes a whole lot of out of the box UNIX/Linux/BSD installs, as well as anonymizers and some website registration verification scripts. I'd rather not have to send your website login password through 3 different servers before it reaches your ISP. (Of course, the password shouldn't be sent through the email anyways, but a lot of sites do).
That's not what I'd call "being conservative". To me, being conservative would be tagging suspected spam as such, and letting the MUA filter it into a seperate mailbox. AOL can include a MUA (Netscape) on it's disk, so it can be pre-configured.
How about the fact that neither I nor any of the members of my organization can send email to any AOL members, because AOL's overzealous filter interpreted a forum subscription as spam? Not to mention the fact that it's essentially impossible to get oneself removed from the block list unless you're a major ISP.
user@127.0.0.1 works well too!
Why don't the headlines ever read 'Psychic wins lottery'
Huh? No way! I have a business level cable modem plan, and my ISP (cox) refuses to change the RDNS of my static to the domain I have it pointed to unless I register the domain through them (with a nice markup) and pay them to hold my DNS entries too. I've got to the point where I have to funnel all my outbound mail through cox's server to keep it from getting bounced. And my friends who used my SMTP server (account auth req'd to send mail) dont use it anymore to send mail. And what about webhosting? Say my friend owns abcxyz.com and wants to send mail from it, and I own foo-bar.com and want to send email from that. I'm not going to get a seperate physical computer and IP for each customer that wants to send mail, I'm going to virtualhost in apache and run a mail server that can do multiple domains. Can I have multiple RDNS names?
The Doormat
If you're not outraged, then you're not paying attention.
Now, if only they could do something about the pop-ups, crashes, dropped connections, high prices, incessant self-promotion, etc, they might have a good product.
One time, when my usual ISP was down, I needed internet. Desparate, (back when I ran Winders) I threw on an AOL CD to use some of the 1045 hours of free access, planning to cancel when my regular ISP was back online. Cancelling AOL is interesting, first off, the person who answers the calls has been brainwashed to think AOL is the greatest THING ever, and will first ask you why you want to cancel, then argue with your reasoning. Once you go through all that, they will offer you two free months of service while you reconsider. DON'T FALL FOR THIS. I did, and forgot, and the bastards charged my credit card three months later. I was mad as hell and had to go through the Movementarian "You're free to leave anytime you want, but tell us why you're leaving" grilling on the phone all over again. Of course, they offered me two free months again, so apparently you can stay on AOL for free indefinitely this way (But why would you want to?).
Kaolin may be the only English word with "aol" as a substring.
Unknown host pong.
They block anything that doesn't come from the main MX record. Gets alot of spam but it gets a lot of network SMTP relays too. Not a big deal and probably a good idea to block folks who don't have their network configured entirely properly but it's not all spam and the number is largely inflated.
Our mail server has somehow erroneously been blacklisted.
So go email the antispam guy on AOL (not from YOUR email address naturally), his name's Carl, and he's a nice and reasonable guy who will tell you precisely why your server was blocked. AOL can make mistakes, but they don't sustain blocks without evidence.
You'll have to subscribe to SPAM-L (http://www.claws-and-paws.com/spam-l) to find his full name and email address since I won't share it here, but that shouldn't take too long.
I've finally had it: until slashdot gets article moderation, I am not coming back.
Even the ones running on fixed IPs, which tend to be a more savvy class of user, and much easier to trace, too.
Now that you mention this, I think a reject from AOL was exactly the reason I finally got around to fixing my Sendmail config to route my outgoing mail through my ISP's server. ( define(`SMART_HOST',`mail.sbcglobal.net') ) So in that sense, I guess their plan is working.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
SMTP AUTH has existed for ages; it allows one to authenticate themselves to the SMTP server.
In fact, my e-mail provider, gmx.net, uses it. (It's a free provider.) So does my ISP, Speedline.ca.
By "opt in", does your company mean "If you want to do business with us, you must give use you email address and agree to recieve our junk mail?"
Because that's not "opt-in". Opt-in email should be separate and distinct from any business relationship you have with a customer.
Article X: The powers not delegated... by the Constitution...are reserved...to the people