Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL Blocking Spammers' Web Sites

Posted by Hemos on from the fighting-the-good-fight dept.

Nuclear Elephant writes "According to this article, AOL has decided to take a fresh approach to fighting spam and is now blocking the spammer's web address. The philosophy is, if the customers can't visit spammers sites, spammers will not be able to make any money. On a side note, I suggested this concept about six months ago but nobody thought ISPs would adopt it. Now perhaps we can get a group like NANOG interested in sponsoring a blacklist for spammer addresses?"

3 of 238 comments (clear)

  1. Re:Is this a *smart* idea? by beh · · Score: 5, Informative

    > They rely on content filters and their users determining if an email is legit or not.

    And - how would a content filter find out whether the content of the spam would actually try and sell the product listed in the spam, or whether it's advertising a product listed on the target server in the hopes that the target server gets blocked?

    You *can't* read the true motives of a spam out of its content...

  2. Re:Is this a *smart* idea? by Jay+L · · Score: 4, Informative

    , AOL blocked newsgroups that were created to discuss (and flame of course) problems with AOL

    Eh? Which newsgroups were those? alt.aol-sucks was certainly available from AOL, and I posted there frequently, often via AOL IIRC - in fact, although the flames were annoying and juvenile, some of us occasionally got useful bug reports there.

    Jay, the ex-AOL Mail Guy

  3. AOL doesn't care about spam by hacker · · Score: 4, Informative
    I've emailed the requisite 'abuse@aol.com' address hundreds of times, with copies of the spam emails, log entries, dates, times, and so on. Has anything changed? No.

    I even emailed Carl Hutzler, Director of Anti-spam at AOL, and he hasn't returned my emails or my calls. The same goes for the hundreds of thousands of spams we get from *.verizon.net, comcast.net, voyager.net, compaq.com, and others. Clearly people inside the business infrastructure have infected systems propagating spam on the weekends, using the corporate bandwidth to do it.

    At this point, this is what I do:

    1. Sendmail as my MTA, blocks a significant amount of spam, before receiving it, with some custom antispam rulesets I've cooked up.
    2. I also have triple-RBL set up in the MTA (ordb.org, mail-abuse.org, and so on).
    3. blackholes.us is set to block known-spammers from Argentina, Brazil, China, HongKong, Japan, Korea, Russia and Taiwan.
    4. virtusertable in the MTA chain blocks attempts at some common internal system accounts.
    5. SpamAssassin is tuned down to 3.5, and catches a significant portion of the emails that make it past the above measures.
    6. AV is done through procmailrc, with some custom heuristics in the recipes (contact me if you want these)
    7. Anything that SA catches, is tagged and put into /var/spool/mail/SPAM
      1. I manually go through that SPAM folder, and report every entry there to the 'abuse@address' for the resolved provider (not the forged provider in the From: line, of course)
      2. For hosts that do not resolve, they are permanently blocked at the firewall.
      3. For providers that do not support the 'abuse@address' address, they are permanently blocked at the firewall.
    8. I then go through the mail logs themselves, and catch the brute-force attempts at sending mail to the dozen-or-so domains I host, and block them at the firewall.

    So far, the more I block, the faster the spam comes in, and the more I block, ad nauseum.

    Here is today's counts. At 5:30am, this was 164 hosts, and now it is 109 more than that.

    iptables-save | grep "dport 25" | wc -l
    273

    Spam is definately getting worse, as more and more machines are hijacked for the purposes of propagating it, with these trojans.

    The more I block, the more incoming spam we get.