Slashdot Mirror
You've Got Spam: AOL Blocks 1/2 Trillion Spam
yohaas writes "Yahoo! News is reporting that AOL blocked more than 500 billion spam messages for its users in 2003. That comes to 40 messages a day per user. The company regularly blocks 75-80% of all incoming mail as spam! The article also lists the top 10 spam phrases for the year, including such come-ons as: 'Viagra online', 'Online pharmacy', 'Get out of debt' and 'Get bigger'."
AOL has been losing email for over a decade now.
(is this another dupe story?)
Is this truly the only Earth I can live on?
It's been suggested in nanae that as a brutal display of the efficacy of spam-fighting and, most importantly, blocklisting, major ISPs all simultaenously turn off their spam defenses for a day to show users just how much UCE spew is clogging the internet every day.
Of course, the idea is repeatedly turned down for its utter lack of pragmatism.
But damn, 500 billion spams, and that's only to AOL.
Just imagine.
The instant clogging of mail-servers around the world and subsequent technological disruption might actually get the general computer-using public to take more of an interest in the fact that around 200 gangs of people are effectively raping and pillaging the Internet right under their eyes.
But then again, what can one do when faced with the Tragedy of the Commons?
Now if they'd only block going outbound too!
I know AOL bashing is a treasured hobby of many Slashdotters, but based on those numbers it seems that they're doing a fairly good job at blocking spam. Especially since they're a huge ISP who has to be conservative with their spam blocking techniques.
. . . to make a crack about the Post Office blocking the shipment of trillions of AOL CDs. I prefer to work for my karma. :)
Instead of sending the mails to the bitbucket AOL should do something about the abuse. They've got the IP addresses of half a trillian zombies and open proxies. Where's the AOL goon squad? They should be kicking down doors, not writing press releases.
if they block 500 billion spam messages if a couple trillion spams are sent around in a year? Despite how large that number sounds, I still see client AOL inboxes stuffed with all sorts of junk, and see this more as a publicity stunt on AOL's part. I read the article, and no where in it does it say how much spam total there was in 2003. 500 billion may sound impressive by itself, but if it's 500 billion blocked out of 50 trillion, it's not such a big deal.
They may block a lot of garbage, but they also refuse to admit that my email to my mother is not spam.
Maybe there is something she's not telling me.
Mom!
If you think deeply enough, you will have no single direction for your outrage.
They bounce back ALL mail to addresses that don't exist, and if some spammer users YOUR domain or YOUR email address, you get all the bounces. They also don't respond when you try to get them to stop. It's incredibly frustrating.
I think the phrase "stop spam now" should be added to the list of top 10 spam phrases.
seriously, I get 5-10 spam email / day telling me how to stop receiving spam emails.
Consensus is good, but informed dictatorship is better
I just took a gander at my logs on my postfix-amavisd-spamassassin front ends for one of my smaller ISP's and after doing the math, it's blocking ~36 spam/user/day on average (with spamassassin only blocking at score 9+). It doesn't surprise me that AOL is getting somewhere around ~40spam/user/day as it is more widely visible and the userbase as a whole is generally a lot more likely to do things that would encourage spammers . . .
that was nowhere near 581%.
HOW'S MY POSTING? CALL 1-800-POSTING
When they started blocking "unknown relays" they dropped a pile of legitimate email
comment directly in my journal
It has nothing to offer me since I work from home using my degree (obtained online) in pharmaceuticals. I have a huge cock, am quite rich, get my insurance for free and own my home outright. I do have to use viagra occasionally because it is sometimes hard to get it up for some good Oprah XXX action but I can get it through the pharmacy which I run online.
AOL blocks a lot of legitimate email as well, however. If you prefer to run your own email server (for example, about half of all the Linux broadband users on Slashdot) then you cannot send to an AOL user... same goes for SWBell users too I think. Sure they block a lot of email and I can kinda understand their purpose in blocking "dynamic" or "residential" IPs... but that is collateral damage.
If they're blocking that much spam, makes me wonder how much of the mail that was NOT spam is being blocked. Maybe AOL users are not getting all the email they should be getting.
On the other hand, I get spam from AOL and they dont seem to be doing anything about it, maybe they should be concetrating on blocking their outgoing spam too.
In 2003 Spamprobe blocked just over 12000 on my personal domain, which is low compared to many others.
If tits were wings it'd be flying around.
I'm not sure if it has to do with the new United States anti-spam law or not, but I have received the same amount of spam in 48 hours as I would have in 12 hours in 2003. About 45 emails.
Of that half trillion emails, I wonder how many of them originated inside aol itself.
All those 1000 hour free CDs being put to use in the wrong hands...
=9,765.6 petabytes [I guessed at the average size of a spam email]
I wonder how much that costs AOL?
Hey. I get a fair amount of spam, but I am not afraid. It is all filtered. You can see some recent ones at drpa.us/spam.html. Try to send me an email, and check if it gets through! You can also see a plot of my daily spam frequency for the last 400 days or so at drpa.us/spam0.jpg. Advice to all: start saving all your spam and good mail in separate folders. The more you save, the easier it is for a smart filter to automatically identify them. And many thanks to Paul Graham for teaching us all the Bayesian solution (we just need to listen).
iiNet is one of the largest ISPs in Australia (third or fourth now, I think). I got an advisory yesterday saying AOL and RR had both blocked all inbound mail from iinet as 'spam' They can crow about 500 billion mails all they like, but if a lot of it involves turning off mail from whole slabs of legitimate users, then it's not much of a service. The other thing is, if spammers are using trojans to create spam relays, then it's a bit hard to blame a particular ISP if a bunch of their users have been infected with this stuff. iiNet has a policy of advising users when they appear to be infected, they're cluey people too, they run everything on Debian as far as I can tell, and they have local mirrors for many Linux distros etc. I guess what I'm saying is that if you're going to block an ISP's mail you'd start with clueless behemoths who don't give a damn. Anyway, they appear to have a work-around in place, but RR is still blocking. Simon
Hal Spacejock: Science Fiction with Nuts
A less deceptive way of phrasing it is that AOL has blocked 500 billion emails from reaching the intended recipients. I doubt very much that this figure takes into account the ridiculous rate of false positives that AOL's rather loose definition of "spam" results in.
"That comes to 40 messages a day per user" Wow, anyone who gets 40 spam emails a day must not be very smart. Or their friends must not be very smart and put peoples names on those "Tell your freinds" things (You know, you see a short clip or something and it has like 10 slots underneath for friends e-mail address') If anybody gets a lot of spam, it is usually their fault. I get on average 2 spam emails per day (The most i have gotten in a long time is about 5), and i dont even use any sort of spam blocker/filter. For those of you who get mass spam, here is a hint. For things where you have to enter your e-mail address (Aside from shopping from legit sites or other highly legitimate things), but you dont have any use for mail from them, enter the address of a secondary account you set up for that purpose. That way, if there is confirmation required, you can sign on your secondary account, do any verification required, and never have to read any other spam you may get from that company and/or any companies that may buy your address from the original company.
Note: I did some thinking earlier on spam, and I figured I would post this the next time slashdot does a story on spam... You can find a link to this at:
http://sillygoth.com/journal/21669
This is my writing... I just want some feedback on it from the slashdot crowd.
Okay...
One of the things that I've been tired of recently is dealing with lots and lots of spam in my inbox. I've become even more tired of hearing about how there's a lack of solutions for dealing with it. It's one of the things that slashdot has been endlessly parading about.
To me, the primarily problem with spam is that emails are too easily spoofable. Solve this, and spam will become *much* more managable.
So, what technology is there right now that deals with certifying legitimacy?
Digital Certificates!
When you go to a site that's protected with https, the owners of the site usually have to get a certificate from a trusted source (Verisign, Thawte, etc) signifying that the site is legitimate (so that you don't end up giving credit card information to someone fronting for that company).
You actually *can* get a digital certificate for your email, but it costs money. Plus, to make something like that mandatory, each user would have to set up a certificate individually. Evil.
Why not move authentication to the domain itself? When accounts are setup on a user's machine, create an RSA public / private key per account. Simple enough.
When a user sends an email, force this user to relay the email through the mail server rather than directly from his/her computer. Force the user to authenticate their email / password to send the message. Some servers already force this, I believe.
When the user authenticates him/herself, encode a confirmation id using some elements of the email (first xx characters of message, subject, date, etc) using the RSA private key and attach it to the message.
Here's what should change with the receiving server... When a mail server receives the message, the mail server should initiate a separate connection that looks up the domain's MX server, and communicates with it.
This MX server should then provide the RSA public key for the account listed. The public key will then be used to decrypt the stamp that the MX server included with the message. If the stamp is legitimate, deliver the message to the inbox.
If a stamp is not legitimate, or there's no stamp, simply don't deliver the message. Simple enough.
This method has its series of strengths:
There would be absolutely no point in spammers taking over people's machines with viruses in order to send email if email must be sent through a qualified mail server. It's possible that worms could be written to auto-send messages through these relays, but at least then the mail server could detect it and shut the person out.
If mail sent is authenticated from a domain, people would then have the option to blacklist domains that aren't responsible for keeping tabs on its users.
Mail *will* come from where it says it's coming from. If not from the exact user on the domain, it'll come from that particular machine.
Of course, there are possible weaknesses to this strategy too.
If the mail server is hacked, hackers would be able to still send mail from it using the private key. Fortunately, they would only be able to send from email addresses listed under domains they own.
Spam software like SpamCop / Spamassassin / etc would be able to keep tabs on servers that exhibit hacked behavior, and temporarily blacklist these servers until resolved.
This doesn't necessarily stop users with legitimate email addresses from sending spam. Someone with a legitimate email address can still be spammed.
But at least when you block their email address or domain, it'll be a real email address, and a real domain name.
This method is not 100% in eliminating spam. But it's a damn good start.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Whitelisting makes sense--trusting certain mailservers more and not bothering with intense heuristics on mail coming from them. But blacklisting anyone you don't know makes none. The Internet is too vast to really implement something like this without huge costs and huge losses; I think solutions like this likely do far more to Balkanize the Internet than to protect it.
The solution mentioned in a previous Slashdot article a few days ago of making SMTP servers run a small computation per e-mail makes much more sense. This allows you to impose restrictions on non-whitelisted servers without completly ignoring them, either.
But when you talk about the anonymity preferred by the spammers, you ignore the fact that they are, in fact, selling a product. Forget the spammers. Track down their clients, the ones paying for the ads. Problem solved.
Do you think that a bunch of poor people in China are all of a sudden picking up laptops and peddling viagra? It's not the Chinese, it's the same people who have always sent spam. They are just buying their hosting/bandwidth from companies overseas, where regulations are non-existant.
...why AOL users have such small penises and breasts.
It seems like the latest attack on Bayes-based filters is to throw misspellings and random characters into the message. I'm surprised the major Bayes tools haven't linked to a standard spell-checker and consider really bad spelling a sign of spam...
they simply want everyone to use AOL. if you cant email your friend on AOL, its your fault, and you gotta use AOL to fix it. maybe one day they will block mail from any non-AOL members. i could see it happening.
http://ipod.fresh27.net/
if you couldn't send anonymous snail mail.
Or anonymous e-mail. That's where this "signed" e-mail crap is going.
Imagine every message you send being tracible right back to you.
But hey, what's the trashing of rights in the name of convienience.
If you can send e-mails without being traced, so can spammers.
If spammers can't send e-mails without being traced, neither can you.
"Spammers are most afraid of being tracked and identified. "
Yeah, and nobody has a legitimate reason to not want to be traced.
I spent all of 2 hours modifying RinetD to do proper logging in between senders and my mail server. I spent another 3 hours writting a simple program to parse that log pulling out who a message is from, who it's going to, the subject line and what links it contains and the domains of those links.
Any entry "to" entry that isn't one of my e-mail addresses is deleted. The remaining are then examined for spam domains by looking at the froms and subject lines and the domains themselves.
A short list:
If expression both matches "*imgehost.com*" Delete ""
If expression both matches "*mydailyoffer.com*" Delete ""
If expression both matches "*topofferz.net*" Delete ""
If expression both matches "*adweawen.biz*" Delete ""
If expression both matches "*divineprice.com*" Delete ""
If expression both matches "*stamps.com*" Delete ""
And poof, no more ads from those companies and nobody's right to privacy is infringed. If they happen to have multiple domains for the same campaign I'll catch them as they come.
I will not support a means to subvert my right to privacy over some stupid ads.
How much are your rights worth to you? Not much apparently.
Terrorists blow up buildings and we get the patriot act. "terrorists" flood inboxes and you demand tracable e-mail.
Get bent.
Ben
Work Safe Porn
...those companies would probably prefer to deal with legit businesses. They're still poor, relative to the equivalent American or European, just a little less poor. Moreover, as someone already pointed out, the government's pretty corrupt. Also, let's not forget Nigeria. I seem to remember during the 90's they got a whole bunch of computers and network infrastruction from some well meaning idiots (they don't have food or schoolbooks, but by god they'll have the internet) with predictable results.
It's not that I think people are basically honest, it's just that most would rather not bother with the consequences of shady dealings. I think given the chance, the hosting companies would be happy to tell spammers to shove off, and the local police would be more than happy to enforce laws. That's just not going to happen the way things are right now. Until something changes (I'm holding out for a massive plague and/or war to kill off the surplus population, either that or world peace) you're just treating symptoms of a disease, not the disease itself.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
"You actually *can* get a digital certificate for your email, but it costs money"
Yeah, you can get those in your BIOS and media files and anywhere else. "Trusted Computing" EVIL. "Trusted E-Mail" GOOD.
What is wrong with you people?
You know what I do to block spam?
I filter out links contained in e-mails and block the COMPANIES.
I don't care how forged the header is. If the e-mail contains a link to spam domain it doesn't get through.
Nobody's right to privacy is infringed and it's 100% effective and 100% accurate. Nobody is going to be sending a legtimate e-mail with a link to and/or an image from www.topofferz.com or with an affiliate link to click-com
I'm not going to regurgitate the whole system I use here, you can find it talked about in older posts of mine and it will be posted on my site this weekend along with all the source code for the programs I use to automate some of the process.
I can't believe how quick and eager people are to burry their rights over nothing more than ADVERTISMENTS.
Ben
Work Safe Porn
No, the regulations are non-existent, and not just overseas, either. Regulations - in the sense of laws, that is - are nearly non-existent in the USA, Canada, and Europe as well. Spammers spam with near-impunity in all those places. The worst thing that can happen - unless they have the bad luck of being in a state that has a spam law with teeth and an attorney general to match - is they get their service disconnected. In a day or two or three, they've bought another connection somewhere else.
/21 bought from some other upstream, and after some digging it became obvious that this entire network provider was nothing but a front for providing bandwidth to spammers.
I used to work for a large, well-known hosting company whose name is taken from a book of the Bible. They didn't have to many spammers or pr0n sites in their space when things were booming, but now they're among the worst for hosting spammers.
There are network providers all over the country that are as bad or worse. I recently ran across one that had a
A lot of spam is sent through China by contract with network providers there, and through South Korea because it's the open proxy capitol of the world, and there is a very large and well organized spam ring operating in eastern Europe as well, and it seems soundly connected to US spammers. The spam business has gone international in a big way.
In none of those places, including the US and Canada, generally, is spam illegal, so it's never necessary to bribe any government official into looking the other way. It's just easier to pay off the ISP to look the other way in some countries, but again, that's pretty easy in a lot of places in North America too. When the economy goes down, pink contracts go up. Many companies and individuals will do just about anything to survive, and network providers are certainly no exception. For every one that will cut a spammer's connection as soon as they notice, there's another that will happily sell the spammer as much bandwidth and IP space as he wants. Then they pass that space on to some other unsuspecting customer, who finds that she can't send mail to a lot of places because that netblock is in every RBL - good, bad, or ugly - in the world.
As much as we rightly despise spammers, those who sheeld them and knowingly sell them bandwidth and colo space are just as bad.
You'd pay your upstream connections to approve you. The cost would cover verifying your ID at a court or escrow office, and doing a credit check, so people would know how to collect after winning a lawsuit if you violate the TOS for sending signed email. Since your assets would be on the line, you would take similar care verifying your downstream connections. Mailing lists would all move to web sites, where the only way to opt-in is set up your web browser to visit periodically (The way "opt-in" should be done.)
I think solutions like this likely do far more to Balkanize the Internet than to protect it.
That's the idea, to Balkanize internet connections to those mailservers most likely to properly police their outbound email. Legitimate users would all gradually move to one of these ISP's, leaving spammers 100% of SMTP bandwidth. Of course, then the major hubs will merely throttle SMTP connections to 0.001% of available bandwidth since there no longer would be any money in it.
Forget the spammers. Track down their clients, the ones paying for the ads.
Only if someone can figure out a way to weed out "Joe Jobs".
The only historically proven method to prevent a tragedy of the commons is via the use of weapons, and/or some mechanism which allows lawyers to make lots of money.
From my ~/.procmailrc :
* ^From:
My ISP blocks outgoing port 25 activity but not incomming so my sig points to a catch all on my home connection for analyzing spam. Recieving on port 25 is no different than getting mail any other way. The ISP only cares about one way communication.
To get around the port 25 block I run my mail server on an alternate port for myself and then use RinetD on port 25 which fowards to the mail server. My e-mail going out is none of my ISP's business. The server that actually sends the mail is hosted by another ISP. Which doesn't break any clauses since I'm not running a server on my home system.
I've had people using AOL signup for subscriptions since I started back when I was running out of house. But then I had a business connection.
Residential connections tend to have clauses about not being allowed to run servers. My home ISP doens't block port 80 but I'm still not allowed to run an HTTP server.
If AOL is blocking residential accounts that are allowed to run mail servers then you have a case. However, if you're violating your TOS then too bad. Get a business connection like you're supposed to.
Blocking non static IPs is a good thing. If you're seriously trying to run a mail server then you need a static IP. So pay for it.
Ben
Work Safe Porn
Complain to AOL about it? They do nothing--since it's not a @aol.com address, they deny responsibility, yet collect cash from their spam customers. Very convenient. I find it funny that AOL supported the CAN SPAM act, which legalizes spam and invalidates tougher local laws, such as California's. Boycott AOL if you dislike spam.
She gets her celebrity news, she can send Instant Messages to her friends, she can send email to my wife and her brother but usually can't remember how to send it to me, it's less passive than TV, and it lets her be lots more social, and after she retired she was starting to feel pretty isolated, especially since she's not all that mobile. So it's a good thing, and she's sufficiently immune to saccharin overdoses that she misses all those online greeting cards people used to send.
Would I recommend it for my side of the family? Not a chance! My mother hasn't replaced the MacOS 7.x 68030 Macintosh she and Dad used (he died about five years ago), but it does email, browsing, and letter-writing just fine, and she's perfectly willing to try new technology if there's a good reason for it, and she's got a small local ISP that can actually have a live intelligent human being answer questions if she needs support, plus my sister lives nearby and can go kick the printer a few extra times if it's stubborn. She did get a bigger monitor and had my sister set the thing to the biggest print should could run, though - much easier on real machines than AOL. My younger brother eventually got something with modern graphics on it, so I don't think he's still telnetting to a real computer to do email much any more. My sisters have mostly downgraded from Macs to newer faster Wintel boxes, but that was mostly because their kids needed Games. For the most part, they all use real ISPs, though one sister might be on a cable modem now.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I appriciate them sending me dvd cases I can retask into storing pornos downloaded off p2p networks and freshly burned and ready for archiving.
Again. If they were spamming me by sending me actual hot wet nubile asian cheerleader teens willing to do my every bidding I'd have precious few complaints.
You can share the connection over a LAN and 7 people including one dial-up user can be on at the same time (although its not necessary for each client to log on through AOL), even if everyone isn't on the LAN. I've done this for people, ironically using Linux as a router. AOL broadband uses PPPoE as its protocol so pretty much anything can connect to it. It was no differnet then setting this up with anyother ISP.
Regards,
Steve
P.S. I'm not sure how ironic the Linux thing was, I guess it wasn't very ironic at all. What else would you use to make a router out of an old PC?
I do believe that was the point. There is a high degree of correlation between well to do countries and regulations. The regulations do not cause them to be prosperous, prosperity allows them to make such regulations and enforce them.
It *is* the chinese that are allowing said traffic to be routed through them (unless you know of a way to send a message through thier machines without routing it through there). It is not raelly the chinese peoples fault per se, but they do hold some level of responsibility for allowing it to occur.
------- Sorry about the spelling, I suffer from two problems. Dyslexia makes it difficult to spell well, lazy makes it
The solution to this is to strictly enforce some laws we have, like the California law that makes it a criminal offense to accept a credit card number online from a California resident without first disclosing the actual business name and address of the business. If every spammer who violated that law did the required six months in the county jail, we'd have far fewer spammers.
It used to be that systems on the Internet started out pretty open. If some students figured out how to get in, but kept their practical jokes clean and fun, nobody cared much. If people got out of line, things generally got patched. Like adding salt to UNIX passwords so that people don't just encrypt the whole dictionary and look for matches. Worked pretty well given CPU speeds and hackers' skills at the time it was introduced.
Whatever happened now? SMTP started out pretty open. Obviously things got out of control. So, fix it already. A group of ISPs can gang up and require all SMTP users to sign up with their username/password, which is already supported by all e-mail clients. Limit each user to 1000 e-mails a day (allowing for rather large mailing lists, but still 1000 times too low to make spam attractive for the subscription price). Then only accept e-mail from cooperating hosts over SSL pipes with a correct certificate. Prepend BORK: to the subject lines from other domains so that users can filter them to another mailbox.
If yahoo participates, I can always ask people to sign up for a free account if they really want to reach me. Smaller ISPs will jump on the chance to de-bork their e-mails and make customers happier. Once enough of them do, bigger ISPs will have an incentive as well. Problem solved!
As I state in many of my posts, I work for a medium-large size software company.
We have a website, and about 1 million customers (not sure how many active..) have accounts on our website to download updates, patches, etc.
When they forget a password, they choose can option to have their password sent to them.
They can also request technical support via e-mail.
The forms sent out for both of those are very similar and AOL appears to 'randomly' block many of these e-mails. Sometimes they'll go through, sometimes they won't. We can trace the e-mail to aol's server, watch it be accepted but never have the customer on the phone recieve it.
They're 'spam prevention' isn't as great as it could be, especially since we've contacted them and they've promised to 'look in to it'.
AOL blocks any mail that is routed direct to the Mail Exchanger (Or simply has the headers stripped to anonymize it's origin)
This excludes a whole lot of out of the box UNIX/Linux/BSD installs, as well as anonymizers and some website registration verification scripts. I'd rather not have to send your website login password through 3 different servers before it reaches your ISP. (Of course, the password shouldn't be sent through the email anyways, but a lot of sites do).
That's not what I'd call "being conservative". To me, being conservative would be tagging suspected spam as such, and letting the MUA filter it into a seperate mailbox. AOL can include a MUA (Netscape) on it's disk, so it can be pre-configured.
The problem with that is that they are CUSTOMERS meaning that they are right most of the time, or at least that is what we tell them.
A lot of our demographic that contacts us for assistance (not our target demo) because they lack knowledge are older folks, and for them AOL is the internet. Give them dial-up networking and Eudora and you'd confuse the hell out of them.
every time slashdot has a story about spam, i again wonder to myself why the world hasn't turned to the obvious solution: a new email standard. i read a comment recently to the effect of "if a given protocol allows cheating, it's a bad protocol". it should be clear to everybody that this technical problem can not be solved with legislation (not that it shouldn't be illegal anyway, but it's folly to expect laws to have any real impact). the world needs an email protocol which is encrypted and authenticated, traceable and secure, and easily combined with whitelist or pay-to-deliver filters.
and China is a big country. I'm sure there are plenty of really nasty slums that still have a network infrastructure in place to transfer data. How else do you suppose the sweatshops coordinate themselves? These countries do big business, shipping billions of items. Near as I can tell, most of that wealth winds up in the hands of a lucky few. If a few of the not-so-lucky rely on spam to make a living, who am I with my nice car, home, and regular meals to say they shouldn't. I'd certainly do the same.
Frankly I don't see the danger (although I do empathize with your feeling; look at the Nigerians). The only thing I'm suggesting is that if the standard of living in these spammer's havens where to improve, it would be tougher for them to do business there (just like it's getting to be in America). I don't pretend to understand the realities of the Chinese economy, but I know this: Fewer desparate people means fewer willing to do dishonest things. The only danger here is that Americans would lose all those cheap consumer goods made in slums and imported from China.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Now, if only they could do something about the pop-ups, crashes, dropped connections, high prices, incessant self-promotion, etc, they might have a good product.
One time, when my usual ISP was down, I needed internet. Desparate, (back when I ran Winders) I threw on an AOL CD to use some of the 1045 hours of free access, planning to cancel when my regular ISP was back online. Cancelling AOL is interesting, first off, the person who answers the calls has been brainwashed to think AOL is the greatest THING ever, and will first ask you why you want to cancel, then argue with your reasoning. Once you go through all that, they will offer you two free months of service while you reconsider. DON'T FALL FOR THIS. I did, and forgot, and the bastards charged my credit card three months later. I was mad as hell and had to go through the Movementarian "You're free to leave anytime you want, but tell us why you're leaving" grilling on the phone all over again. Of course, they offered me two free months again, so apparently you can stay on AOL for free indefinitely this way (But why would you want to?).
Kaolin may be the only English word with "aol" as a substring.
Unknown host pong.
In storage and transmission costs alone, this is a fortune.
So what do we need? Harsher laws, of course. And stop saying they won't work already. The main spammers are known all we need to do is put, say, the top-50 away for life.
Sounds harsh? I don't think so. Spammers are committing a very serious, evil crime: Stealing from the commons.
Unfortunately, in our corporate dominated world, where things don't count unless they are property of someone and can be put on a quarterly report, that idea is mostly lost.
That doesn't change the facts. Spammers are stealing from all of us. A single spam mail might be petty theft, but it's petty theft times several million.
The law needs to recognize that spam is destroying a part of society, and adapt the sentences. Fuck fines. Put the notorious spammers away for a few decades, into a prison for serial-rapists and murderers. Make their cases extremely public. Make it clear that now that the top-50 list has been cleaned out, anyone aspiring to take one of those spots has a cell reserved already.
Assorted stuff I do sometimes: Lemuria.org
Spam is not illegal you say? Since when is sending pornography to children legal? When did it become legal to commit credit card fraud? Just how is it legal to pretend that you're some foreign government official with an "offer you can't refuse" so long as people send their bank info?
The vast majority of spam is very much illegal, always has been! It's not like breaking the law is any more or less illegal just because it's done by spam instead of some other medium.
The real problem here is enforcement. That's the problem in China, as you mentioned above, and it's also the problem in the United States, Canada, Europe and elsewhere. The problem with spam is that it's so big and so difficult to track individual spammers that most law enforcement agencies just don't see the value in it unless the spammer sends something really bad. If a spammer starts sending out lots of adds for child porn, chances are that the cops will bust them. But simply trying to commit credit card fraud seems to not be seen as a sufficiently "evil" act to warrant the sort of international investigation that would be required (and probably for good reason, the cost of such an investigation would be huge with only a limited chance of a conviction).
Unfortunately the sad fact of the matter is that we can't depend on laws and law enforcement agencies to solve the spam problem. Think about it, it's illegal to steal cars, but nearly everyone still locks their car door instead of just hoping that the cops will bust any car thief. When it comes to spam, we've got to use filters (preferably at the ISP level) and hope that the police can at least catch the worst offenders.
I'm still trying to figure out what they aren't blocking. They block emails from mac.com even though a valid name, address and credit card number are required for a .mac email account, but they don't block free services like fastmail.fm or mailhaven.com.
If they really want to get a handle on spam, fwd:fwd:fwd Urban folklore... they should really block *@aol.com.
Well.. its not amazing, spam grows at leaps and bounds each day that someone new moron thinks they will make money from doing spam, cause the hear about it on TV and online so much. I spoke to a Failed spammer recently and he said " I lost my isp connection, and they never paid me" So that leaves one to think that only the High end guys are probably really making TONS of money off of this anymore, they have the little guy actually doing the mailings. AOL has so many email accounts and allows each user to have so many per account that it is not unbelievavle that they are probably blocking themost if not in the top 5 --Dave http://www.whitehatsystems.com/
It tough times, the abuse desk is one of the first to be cut by short-sighted "logic": It doesn't generate any profit, and when they cut (spammy) customers, it creates a loss.
One line blog. I hear that they're called Twitters now.
They block anything that doesn't come from the main MX record. Gets alot of spam but it gets a lot of network SMTP relays too. Not a big deal and probably a good idea to block folks who don't have their network configured entirely properly but it's not all spam and the number is largely inflated.
Unfortunately, ISPs are loathe to do that because there are customers who connect to mail servers other then the ISP.
What might work, but would require resources would be to setup some sort of profile system which only allows selective port 25 filtering. (This will be an expensive idea, with some invasion of privacy.)
For every customer, start a list of the SMTP servers that they contact, and only allow them to contact up to 10 different SMTP servers. If a customer hits their limit due to trojan'd machine or virus-infection, the damage will be (somewhat) limited. Customers should be able to reset their list once every 24 hours, but they can only reset 3 times before a CS rep has to do it.
Not a pretty solution, but a possible next step.
Wolde you bothe eate your cake, and have your cake?
Still, it's a nice attention grabbing figure to help raise public awareness of the issue, and I have zero issues with that.
UNIX? They're not even circumcised! Savages!
Even the ones running on fixed IPs, which tend to be a more savvy class of user, and much easier to trace, too.
Now that you mention this, I think a reject from AOL was exactly the reason I finally got around to fixing my Sendmail config to route my outgoing mail through my ISP's server. ( define(`SMART_HOST',`mail.sbcglobal.net') ) So in that sense, I guess their plan is working.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Seriously, hasn't anyone noticed that the spam is comming mostly from countries that have a technology infrastruction combined with lots of really poor people (China, India, etc.)? In a lot of those countries life is harsh. It's no wonder people turn to rather unpleasant means to better their standard of living. Sure spamming sucks, but it beats the hell out of 16 hrs/day making Nike shoes in a sweatshop. If you want spam to go away, do something about the general standard of living in the rest of the world.
Yeah, I'm sure that is the excuse that Ralsky uses. You just can't make it in America, he's desperate living in his million dollar home...
You know, criminals will break the law for the quick buck no matter what their income. The only thing a few of them fear is consequences. Spamming is not a crime of the impulsive, it is a planned willful act to disregard the standards of the community. It involves investment, planning, stealth, and usually some outside help (for software) to get going. We have not made the consequences fearful enough, nor do we have the enforcement means under the current laws to change the minds of those who would be affected by reasoning about the consequences.
Even if you multipled the standard of living over there 10 fold, spamming wouldn't stop. You know it, I know it. That's why guys like Ralsky exist.
Freedom is merely privilege extended unless enjoyed by one and all.
A good fourth of the time I can't communicate with AOL users period via email. Whether I use my ISP's server to send it, or the free service I have in Russia.
The free service I have in Russia blocks yahoo all of the time now, doesn't even tell the user who sent it that their mail couldn't be delivered. It just disappears into a blackhole. I'm sure they block others as well. It's pretty rare for me to get spam on that account. Since I know they block people I'm reluctant to use the address as much anymore, even though it's served me well. I change ISP's, but I keep that email address so people I know can get hold of me.
Email is quickly becomming unreliable, which is going to have severe negative effects on Ecommerce if we don't do something about it.
The way AOL is going about it is having negative impacts on other legit senders.
Freedom is merely privilege extended unless enjoyed by one and all.
By "opt in", does your company mean "If you want to do business with us, you must give use you email address and agree to recieve our junk mail?"
Because that's not "opt-in". Opt-in email should be separate and distinct from any business relationship you have with a customer.
Article X: The powers not delegated... by the Constitution...are reserved...to the people
...and ask questions later
I wonder if these statistics include all the valid email messages that have been blocked by AOL's over zelous blacklisting of servers. I work for one ISP who's mail servers have been getting blacklisted on and off for the past 2 weeks and have a friend that does web hosting and his mail servers got blacklisted. Neither were put on AOL's black list because of spam comming from the servers