Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL Blocking Spammers' Web Sites

Posted by Hemos on from the fighting-the-good-fight dept.

Nuclear Elephant writes "According to this article, AOL has decided to take a fresh approach to fighting spam and is now blocking the spammer's web address. The philosophy is, if the customers can't visit spammers sites, spammers will not be able to make any money. On a side note, I suggested this concept about six months ago but nobody thought ISPs would adopt it. Now perhaps we can get a group like NANOG interested in sponsoring a blacklist for spammer addresses?"

11 of 238 comments (clear)

  1. Re:Is this a *smart* idea? by SacredNaCl · · Score: 3, Informative

    The more interesting story about AOL today is this one:

    AOL_Crooks

    I think going after the sites that spam loads it's images from is a great way to go after spammers. Most of them use the img src tag with a uniqe ID (usually the email address of the person) to retrieve the images so they know when a person received it. No hit, might have hit a blackhole and they have no way of knowing.

    This doesn't appear to be what they are doing though. They appear to be going after the link the person clicks on to buy. Still waste the spammers time, but I can see this getting abused if the system is automated -- or even if it isn't.

    --
    Freedom is merely privilege extended unless enjoyed by one and all.
  2. Legality != morality by sacrilicious · · Score: 3, Informative
    This would only be fair from a moral point of view if: ...[various conditions]...[and] UCE were considered illegal in the jurisdiction of the website owners

    On this last condition I disagree. Don't confuse legality with morality.

    --
    - First they ignore you, then they laugh at you, then ???, then profit.
  3. Re:Is this a *smart* idea? by DocSnyder · · Score: 2, Informative
    But in this case we're back to square one - we're already fighting KNOWN spammers like Ralsky...

    We only blacklist his spamvertised hosts on SPEWS, Spamhaus and other DNSBLs to prevent the bulletproof hoster from sending email. Use the same DNSBLs in a HTTP proxy or a router and the spammer's servers are "invisible". If a spam filter can check spamvertised targets against DNSBLs, it can recognise a lot of spam emails which otherwise might get through.

    But do you seriously think, AOL will pay dozens of employees to find out just WHETHER a spam is "legit"

    I don't think so. They rely on content filters and their users determining if an email is legit or not. If they notice a frequently spamvertised site, they put pressure onto the hoster - if possible by their legal staff, as they did in Germany with a pr0n dialer operator who is out of business now. If legal methods don't work, AOL can only eat the spam or "unsubscribe" from spam friendly hosters' dirty traffic.

  4. Re:Is this a *smart* idea? by beh · · Score: 5, Informative

    > They rely on content filters and their users determining if an email is legit or not.

    And - how would a content filter find out whether the content of the spam would actually try and sell the product listed in the spam, or whether it's advertising a product listed on the target server in the hopes that the target server gets blocked?

    You *can't* read the true motives of a spam out of its content...

  5. Re:Would this work or be fair? by BobTheLawyer · · Score: 2, Informative

    Is this a troll?

    "I can see legal problems in many jurisdictions for ISP's censoring the Internet."

    what legal problems? what jurisdictions? Seems unlikely to me - if AOL's terms of service allow them to restrict access to certain websites then they can do so.

    "not only are AOL a big spammer"

    I get hundreds of spam each day; I've never had one from AOL. Is this really correct?

    "most spam comes from their network"

    oh come on - spam often contains a spoof AOL e-mail address, but the idea "most" spam actually *comes* from AOL is daft

    "they encourage people to use their networks for spam, and they are funded by spammers."

    this is just tin foil hat time

  6. Re:what about all the spam AOL sends? by AndroidCat · · Score: 2, Informative

    Did you check the IP address to see where the email was really coming from, or did you blindly accept the other system's word that it was an AOL server? Stuff like 23.really.real.aol.com [208.55.71.153] needs a closer look. :^)

    --
    One line blog. I hear that they're called Twitters now.
  7. Re:Is this a *smart* idea? by Jay+L · · Score: 4, Informative

    , AOL blocked newsgroups that were created to discuss (and flame of course) problems with AOL

    Eh? Which newsgroups were those? alt.aol-sucks was certainly available from AOL, and I posted there frequently, often via AOL IIRC - in fact, although the flames were annoying and juvenile, some of us occasionally got useful bug reports there.

    Jay, the ex-AOL Mail Guy

  8. Re:Is this a *smart* idea? by HD+Webdev · · Score: 2, Informative

    Eh? Which newsgroups were those? alt.aol-sucks was certainly available from AOL, and I posted there frequently, often via AOL IIRC - in fact, although the flames were annoying and juvenile, some of us occasionally got useful bug reports there.

    alt.aol-sucks was not available to AOL users for quite a while.

    I know this because I posted in & read alt.aol-sucks. At the time, I had both AOL and shell accounts. I was unable to see or search for that group from AOL. The only way to access that newsgroup from AOL was by using dejanews.

    While alt.aol-sucks was full of a lot of noise, it did give information about some of AOL's worst practices.

    Remember when AOL kept denying that it was overcharging people by counting 50 seconds as 2 minutes? AOL kept saying it wasn't true but alt.aol-sucks was right.

    BTW: IIRC, I do remember you posting in a.a-s around 1995. I was the guy who created a newsgroup next to a.a-s so that people in a.a-s could crosspost and get their messages seen on AOL.

    --
    This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
  9. Re:AOL fighting SPAM? Really? by The+Famous+Brett+Wat · · Score: 2, Informative
    Are these legitimate MTAs or open relays?

    AOL answers this question, and others like it. More helpful than you were expecting, no? In answer to your question, the servers are for bounced messages. Block them, and the worst false positive you'll get is a legitimate bounce.

    --
    proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
  10. AOL doesn't care about spam by hacker · · Score: 4, Informative
    I've emailed the requisite 'abuse@aol.com' address hundreds of times, with copies of the spam emails, log entries, dates, times, and so on. Has anything changed? No.

    I even emailed Carl Hutzler, Director of Anti-spam at AOL, and he hasn't returned my emails or my calls. The same goes for the hundreds of thousands of spams we get from *.verizon.net, comcast.net, voyager.net, compaq.com, and others. Clearly people inside the business infrastructure have infected systems propagating spam on the weekends, using the corporate bandwidth to do it.

    At this point, this is what I do:

    1. Sendmail as my MTA, blocks a significant amount of spam, before receiving it, with some custom antispam rulesets I've cooked up.
    2. I also have triple-RBL set up in the MTA (ordb.org, mail-abuse.org, and so on).
    3. blackholes.us is set to block known-spammers from Argentina, Brazil, China, HongKong, Japan, Korea, Russia and Taiwan.
    4. virtusertable in the MTA chain blocks attempts at some common internal system accounts.
    5. SpamAssassin is tuned down to 3.5, and catches a significant portion of the emails that make it past the above measures.
    6. AV is done through procmailrc, with some custom heuristics in the recipes (contact me if you want these)
    7. Anything that SA catches, is tagged and put into /var/spool/mail/SPAM
      1. I manually go through that SPAM folder, and report every entry there to the 'abuse@address' for the resolved provider (not the forged provider in the From: line, of course)
      2. For hosts that do not resolve, they are permanently blocked at the firewall.
      3. For providers that do not support the 'abuse@address' address, they are permanently blocked at the firewall.
    8. I then go through the mail logs themselves, and catch the brute-force attempts at sending mail to the dozen-or-so domains I host, and block them at the firewall.

    So far, the more I block, the faster the spam comes in, and the more I block, ad nauseum.

    Here is today's counts. At 5:30am, this was 164 hosts, and now it is 109 more than that.

    iptables-save | grep "dport 25" | wc -l
    273

    Spam is definately getting worse, as more and more machines are hijacked for the purposes of propagating it, with these trojans.

    The more I block, the more incoming spam we get.

  11. Re:Is this a *smart* idea? by Tony-A · · Score: 2, Informative

    Methinks that blacklisting the spammers is a good idea if (only if?) whoever is maintaining the blacklist is smarter and sneakier than the spammers. I suspect that anything automated will do more harm than good because there will always be ways to use it in ways that were not originally intended. Automated tar pits might be workable. The first few go through normally but the more that try, the slower the system gets. Reporting spam could work, but you need a cadre of more or less anonymous volunteers who in bulk can be trusted and not easily fooled. Something like grabbing the low-numbered slashdot accounts would be ideal.