AOL Blocking Spammers' Web Sites

Nuclear Elephant writes "According to this article, AOL has decided to take a fresh approach to fighting spam and is now blocking the spammer's web address. The philosophy is, if the customers can't visit spammers sites, spammers will not be able to make any money. On a side note, I suggested this concept about six months ago but nobody thought ISPs would adopt it. Now perhaps we can get a group like NANOG interested in sponsoring a blacklist for spammer addresses?"

Is this a *smart* idea?

[beh]

I don't know, whether this is such a brilliant idea - if this gets widely adopted it can't be long before some idiot will get the idea of paying for a spam to "advertise" one of his competitors just to get HIS site blocked...

I see loads of abuse potential here... While AOL might be smart enough not to block sites like microsoft.com or ebay.com if they showed up in a spam, it could be a knock-out blow to relatively
small and medium (and hence little known) companies on the web.

Re:Is this a *smart* idea?

[beh]

But in this case we're back to square one - we're already fighting KNOWN spammers like Ralsky...

There's nothing new in that. But do you seriously think, AOL will pay dozens of employees to find out just WHETHER a spam is "legit" (in the sense that it's really advertising the target site) or "fake" (in the sense that the real goal is to get the target site blocked)? This will become some seriously tough piece of work!

And it's kind of doubtful, whether it will help or not.

Also - surfing TO a website just to find out whether it's a spam site or not is nowadays also giving away WHO is doing the surfing. By now I get more and more spams that have my email address encoded in the host names of the target site, e.g. the first part of the host name http://sx1piznvxr0svy.froidnet.com/
sx1piznvxr0sv y is beh@icemark.ch (a replaced with z, b with y, ..., y with b, z with a, 0 with @, and 1 with '.' -- and the whole thing in reverse).

So by now we are in a situation, where not just 'unsubscribe' lists are a way for a spammer to check the validity of our email addresses - no, even the host name we use to 'look at their "great" sites' give our identities away.

It'd be really great if some people would finally clue in that the more successful spammers are actually pretty smart as well! (unfortunately for us though)

Right now I think the best policy is still the passive filtering of incoming spams.

- Filtering destination sites will open doors to abuse in terms of using fake spam to block unwanted sites...

- automatic downloading of spamvertised sites will confirm which addresses are "good".

The latter idea MIGHT still be workable, since the spammer will also get to know WHO has spam-scanners installed (provided the automatic download of the page actually has the name of the spam-filter in the User-Agent header field of the get request). That way the spammer would also be able to drop email addresses blocking his sites.
On the other hand, this has one very big issue with it - if the spammer filters out these addresses for his sales, he could at the same time COLLECT these addresses for DDoS uses...

No - PASSIVE measures are the only GOOD solution we have. Spam-Filters in addition to tar-pits slowing the the spam delivery...

Everything else will - as sad as it sounds - open way to many doors to abuse!

Better to re-direct to a warning page with a link

[ripnet]

It would be better if instead of completely blocking the page, it re-directed to a page saying that this site is implicated in spamming, but with a link to the real page. Would mimimize impact to falsly accused sites.

Spammers now, who's next?

[nysus]

It doesn't take a lot of foresight to imagine the day when the political interests can persuade AOL to block other "undesirable" sites. Technically, it's not censorship because AOL has supposedly done it voluntarily; just like Clear Channel has "voluntarily" removed Howard Stern from their radion stations.