Slashdot Mirror
AOL Blocking Spammers' Web Sites
Nuclear Elephant writes "According to this article, AOL has decided to take a fresh approach to fighting spam and is now blocking the spammer's web address. The philosophy is, if the customers can't visit spammers sites, spammers will not be able to make any money. On a side note, I suggested this concept about six months ago but nobody thought ISPs would adopt it. Now perhaps we can get a group like NANOG interested in sponsoring a blacklist for spammer addresses?"
I don't know, whether this is such a brilliant idea - if this gets widely adopted it can't be long before some idiot will get the idea of paying for a spam to "advertise" one of his competitors just to get HIS site blocked...
I see loads of abuse potential here... While AOL might be smart enough not to block sites like microsoft.com or ebay.com if they showed up in a spam, it could be a knock-out blow to relatively
small and medium (and hence little known) companies on the web.
It would be better if instead of completely blocking the page, it re-directed to a page saying that this site is implicated in spamming, but with a link to the real page. Would mimimize impact to falsly accused sites.
that with the negative backlash, some legal, that has occured against blacklist maintainters of all sorts (causing the SPEWS mainttainers to go anon), the fine people at NANOG will be smart enough to leave it alone. Not to say that some motivated members might not do it, but NANOG ain'ta gonna touch it.
- it were proven that the owners of the website commsioned the spam
- it were bulk UCE
- UCE were considered illegal in the jurisdiction of the website owners
Even if it was morally justfied, I can see legal problems in many jurisdictions for ISP's censoring the Internet. Of course, AOL are not an ISP but an online service provider -- they don't actually say they will give any user any Internet access at all -- so they might get away with it.Joe Llywelyn Griffith Blakesley
[This post is in the public domain (copyright-free) unless otherwise stated]
These are the same concerns people are having with FFB (Filters that Fight Back) which are capable of creating massive DoS's against a spammer, but don't really affect anyone else. I think blocking is certainly a step in the right direction, as it conserves bandwidth rather than consume it. AOL will definitely have to keep on their toes to make sure a legitimate website isn't blocked. Some of this can be automated, though - every time it thinks about blocking a website, crawl the site and perform the same type of language classification on it that you would a spam. The website should be even spammier than the email in most cases, or at least provide enough information to classify it as a spammy website. If it doesn't, throw up a red flag and let someone manually review it (or just drop it completely). The great thing about this function is that it not only blocks the spammer's method of contact, but it also makes it much more difficult for a spammer to move around. It's easy to use a different IP to send the spams, but to change your website every day or two is a bit more time consuming, and hopefully will exhaust spammers.
I have commented several toimes about a need for providers of internet services to take more care of their customers
AOL is a family ISP - most techies wouldn't use it as it doesn't provide what we want, but all those kids surfing on it deserve to be protected from the people who target them with spam
It's been demonstrated over and over that there are enough people out there willing to buy from spammers to make it a highly profitable industry, but that most of those profits come from taking payment by fraud and never supplying the goods
I would not use an ISP that did this, but the marvel of free will means I don't have to. For AOL's target market (largely clueless and wanting an all-in-one service to supply services and protect them) this is the right action.
One final recommendation to AOL
Please supply the latest Windows service pack and the latest Internet Explorer update patches on your CDs and make them a prerequisite to going online. Microsoft would love you to do this, techies would love it too and it would close down a lot of spam relays by closing the holes.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
" For example, a local television station's site is hosted on the same machine as a spammer's site. I got calls from users wanting to visit that station's site so I had to unblock it.
If AOL blocks a local TV site for sharing an IP with a spammer, then the service provider will rush to close down the Spammer
This plan doesn't just stop AOL users seeing spam sites, it provides a powerful incentive for hosting firms to prevent spammers using them
It's brilliant.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
Now, if only my webhost would have a way to prevent people from forging email to appears as if it originated from my domain... ...great fun for someone who makes his money selling art and shirts through his website, nobody on AOL will be able to visit my site because some spammer forger email.
Machine9dotNet
First of all, are all spammers bad?
Yes.
I mean, there ARE some people that buy crap advertised in spam.
Doesn't mean the other two billion people need to see those ads too. Go to an advertizing site. Just make 'em leave my mailbox allone.
And is it all bad, or a ripoff?
Yes.
There was an link on Fark a week ago to an article about some guy that actually looks forwards to receiving spam, and had bought a lot of things from spam mails.
Indeed, about some compulsive man getting a kick out of buying something over the internet.
Doesn't mean *MY* mailbox need to get stuffed with junk, too. That man can go to some ad site or Ebay or something. If he's got the guts. I suspect he's the dependent kinda guy who needs to be told and handed over everything.
On the other hand, do people want AOL to shelter them from the web, from the real world?
No. *Especially* AOL filtering URL's seems like a very bad idea to me.
We already have a government 'sheltering' us from things, such as the real truth behind assassinations, aliens, and the disappearance of Elvis.
I thnk you're acting like a conspiracy theory troll.
Finally, the more things AOL blocks, the more reason for people to take the red pill, wake up to the monopoly, and get on a real ISP. Then those stupid CDs will stop showing up in my mailbox.
They make for splendid frisbees
AOL, being an ISP, can block these sites at the DNS level for its customers. Eg., herbalviagra.com resolves to 127.0.0.1.
re-directed to a page saying that this site is implicated in spamming, but with a link to the real page
:)
A notice like "we know who you are, pervert, and we're going to tell your mom" will surely help to reduce even more the number of clicks.
Anyway, excellent idea ripnet, even without my modest contibution.
The problem with spam-filtering schemes is what about people like this to whom there is no unwanted email?
It's really not fair to those customers. This is why filtering has to be controlled by the user and nobody else should make the decisions.
Why is it that the companies selling these products are even allowed to continue to operate anyway? Most of them seem to be pharmaceutical suppliers and are based in the US. Further they often sell what are classed as Schedule 4 drugs in Australia (must be sold by a licensed pharmacist by doctor prescription only). Does not the US FDA have similoar powers to shut these operators down? If we could stop the shady operators from selling this stuff (and I can't see how they operate legally) there would be no spam.
Many have already noted the comments where a DDOS may be launched via sending out spam in order to deliberately draw the attention of IP blocking filters, but at the same time, it is also worth noting that many web servers have multiple domains on one IP address using both virtual directories and virtual domains. In fact, almost every ISP does this, in order to give their users a place to oput Mom and Dad's pictures with the kids, etc.
So, if implemented uninteliigently, filtering by ISPs would simply p/o their own customers. All script-kiddie John has to do is get an account on say, Earthlink, put his little target V-iagra content there and then use an SMTP mailer to draw the attention of Earthlink's own IP blocker after his mails rattle along the 'net.
Sure, they'd clean it up pretty quick, and then unblock, but do you really think that Mr. and Mrs. Non-Techie User are going to be so understanding while their fabulous portraits of their kids are intermittently available as this little war plays itself over and over again? I think not. Grandma is even less technical than them and just can't understand why her AOL dialup can't open the web site where they were just yesterday.
That said, the spam content IP blocking idea has merit, but it's not going to be as simple as merely blocking an IP address. It's probably going to have to be quite smart, smarter than both spammers AND script-kiddies in order to work and thus be accepted. I say the technology merits study but is not ready for prime-time.
That would be great if people were to actually read and understand the intermediate page. However, most of the people browsing the World Wide Web won't take the time to read the explanation. They're just going to click the 'click here' link.
Perhaps slap one of those 'text in image' verifications and have the text read 'I love spam'?
-- Stu
/. ID under 2,000. I feel old now.
It doesn't take a lot of foresight to imagine the day when the political interests can persuade AOL to block other "undesirable" sites. Technically, it's not censorship because AOL has supposedly done it voluntarily; just like Clear Channel has "voluntarily" removed Howard Stern from their radion stations.
---Technology will liberate us if it doesn't enslave us first.
On the other hand, do people want AOL to shelter them from the web, from the real world?
Yes. Absolutely. That is why many use it. Look at the ads - it is all about parental controls and filtering. AOL was dragged into allowing users basic things like telnet, usenet and the like kicking and screaming.
I'm not just spouting here - the parental controls and all are the REASON several people I know use it, and they leave the controls on when they, themselves use the internet. "Keep me safe."
God is real unless declared integer
The idea is the web site hoster is doing the spaming. The way this works in the real world is the idot that is tring to sell something talks to some spamers who convince them that its an op-in list and pays like $5000 to send his crafted message out. Of course the "demo" shows about one hit in 30 so its got to be good right? The real world is the spamer takes the cash from some moron and then may spam a different product. by that time the person paying is out of the loop an the rest of us pay.
The only solution to spamers is jail or a clue by 4 to the brain.
"Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety."
~Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the
governor, November 11, 1755
The problem with AOL is they make it too easy to get their customer's email addresses. If you have an AOL account, you have access to seeing everybody else's screenname which is a great security risk. When I had an AOL account, I had more spam then I've ever had with any other account.
There's at least two serious problems with such unilateral approaches by any "authority" rather than the recipient. What's spam to you may be ham to me and vice versa. Additionally, it opens a rather insidious door: if someone rather than you is the gatekeeper of your mail, then there is always the possibility that they can be influenced (usually by monetary means) to let mail through that you'd consider spam (User: "Why am I getting these unwanted ads? This is spam" Authority: "Oh? We'd never have thought our users would consider such an upstanding member of the business community a spammer." User: "That's not the point. I don't want this mail". Authority: "Tough. Read the terms of your contract with us. We get to decide." ...) This is =not= a good idea in my book.
Of course, if we'd get people properly educated about the use and effectiveness of Bayesian Content Filtering, such actions by "authorities" would be totally irrelevant since BCF can solve the problem without such negative consequences.
Agreed, this is a clear conflict of interest. Even though I could legally and technically block HTTP traffic between spammer websites and our university network, I wouldn't feel comfortable doing so, precisely because those most likely to complain about it would not be the spammers (or those unfortunate enough to share their web server with a spammer), but rather my own colleagues. And, they would complain to me, rather than to the spammer's ISP.
I'm all for public blacklists, and I keep using those to protect my own mailboxes from inbound junk. If somebody wants to send me mail, I'm justified in asking that person not to pay money to (or otherwise support) the ISP of a spammer. Likewise if they want to access my web pages, though I haven't implemented a blacklist check for those yet.
However, when I prevent my friends and colleagues from viewing somebody else's website just because that website shares hardware with a spammer, things are getting real tricky, because I'm interfering with traffic that doesn't necessarily benefit the spammer or his ISP anyway, and the only ones hurt by it are my friends and colleagues. This is clearly not desirable.
I admit that it makes a little more sense for AOL to do this, given their millions of users who supposedly don't know what's in their own best interest, but I wouldn't want to be a customer of such a company, nor would I want to work for it.
What about Joe-jobs? What about innocent advertisers? What about them? They're collateral damage. So sorry, flowers to the family, but the war takes priority.
With all the annoying warnings that users have learned to bypass without reading, will another warning really matter?
Really, it's just a game of motivation where the user is expected to press the right button to see the requested webpage as quickly as possible. "Check this box if you don't want to see this warning in the future."
Just like tagging e-mail as spam before passing it on to the recipient minimizes impact on legit mail? Impact? What impact?
I think AOL has made an unwise decision, not because of collateral damage to wrongly listed sites, but in a not-caring-what-the-users-want kind of way. If AOL had a million users asking for this feature, eager to send informed complaints to the blacklisted website operators to encourage them to kick out the spammers, then this may have some effect. AOL saying "Our customers will no longer have the freedom to read your advertising" isn't likely to be noticed by anybody with any influence here.
The more I block, the more incoming spam we get
What I've noticed is the more we block the harder they try to get stuff through, and apparently the stuff that makes it through is the Viagra, penis enlargement, etc. type ads that we really want to block the most.
Spam is getting worse, the incoming attempts to the ISP servers I manage has grown to more than double what it was in August 2003 already, one ISP I deal with in particular is rather pissed, he is dialup only and slowly but surely is losing users to broadband, he doesn't really care about that so much since I think he plans on just winding down operations once it is no longer profitable, however while he is losing clients his mail server requires more and more resources to keep up.
Now we use about 8 RBL checks at the gateway, this helps block about 90-95% of the incoming connections but still the spam gets past that, if we open the floodgates the users go nuts on us.
And as usual there are always a couple of users in the mix who actually want the spam, funny enough it is usually because it is the only email they get, nobody else sends them anything. Likely due to the fact those same idiots are the ones who forward every cute little dancing Santa they get.
I agree on principle that this is the wrong way to do this but also offer a compromise;
;-p
Give people an informed choice. Tell them that the website they are attempting to access has been identified as a security risk/spam house/pron site/etc then let them decide if they want to continue.
It is just as open to abuse but it also seems like it would fail gracefully in the event that the site is not a problem or that as an individual you don't have a problem with it's content.
Go one step further and allow the browser or your account to keep a white list of bookmarks which pass you straight through to the site... just set a cookie or similar.
The end result is that you give people a community knowledge-based opinion about the content of a site, then you give them the choice of whether they want to go with the crowd or go their own way and you make it convenient for them to go their own way from then on.
Many tools already do this with filtering for Ads... just extend it to apply to entire sites and return the bookmark option page instead and if you are AOL you can hook it up to your community database of opinions... "mod this site up, it has 'original' pron... not just the same set of crappy old pics"
A fool throws a stone into a well and a thousand sages can not remove it.
And forward lookup of *.mx.aol.com returns the same thing?
You really need paranoid lookups to be sure-- any loon can control his own reverse DNS and pretend to be someone else.
The thing about spammers is that no matter how many proxies, zombie machines, foreign servers and fake addresses they hide behind - at SOME point, there has to be a contact between spam victim and spammer for spam to be an effective money-maker. Spammers try to sell you things - things which require monetary transactions to complete. That's where they are vulnerable. Find out the businesses that profit from spam and go after them. They can't hide forever, especially if they want to sell you something.
Men believe what they want. - Caesar