Slashdot Mirror
AOL Blocking Spammers' Web Sites
Nuclear Elephant writes "According to this article, AOL has decided to take a fresh approach to fighting spam and is now blocking the spammer's web address. The philosophy is, if the customers can't visit spammers sites, spammers will not be able to make any money. On a side note, I suggested this concept about six months ago but nobody thought ISPs would adopt it. Now perhaps we can get a group like NANOG interested in sponsoring a blacklist for spammer addresses?"
I've been doing this for the past year. Every so often I get a call from a user that needs to get to a sight that is associated with a spammer. For example, a local television station's site is hosted on the same machine as a spammer's site. I got calls from users wanting to visit that station's site so I had to unblock it. This is a never-ending job since spammers many time host their "web sites" on virus-infected broadband home PCs. Since I only have to work with 1000 or so users, it's not a big deal. If I had billions like AOL. Gads. I'd rather not think about it. And that's not taking into account those people that truly want to visit the spammer's sites. Who is AOL to deny them the ability to go to the websites they want.
There are just too many pitfalls in this. I don't think all large ISPs will go this route.
But why is the rum gone?
I too am concerned about the potential for abuse of a web site black list. I'm also concerned that AOL did not inform members of this change. Any ISP that implements a web site black list should redirect browsers to an HTML page that explains that the web site address is associated with known spammer. The user should then be given the choice to procede to the site or abandon the attempt. The black list should also be transparently available to the Internet community. Last, but not least, there has to be a clear policy for appealing a listing to allow for reporting of incorrect listings or other abuses of the blacklist.
Wow, this means I can take down other people's web sites by putting them into a message and spamming AOL users with it. Cool!
I'll start with Microsoft, move on to SCO...
--G
I'm sure AOL won't block any joe-jobbed targets but only bulletproof servers hosted at Chinanet, Telecom Malaysia, Procergs.com.br etc. which have been spamvertised by known spam gangs.
This is *really* a good idea - Alan Ralsky uses several "throw-away" domains per spam run, but only a handful of different servers to host his crap. Null route these and Ralsky can enlarge his own penis.
The company I'm working for provides free web service ( http://www.skymail.fr ).
:
This kind of service frequently gets abused by spammers. Two they abuse it
1) they open an account, just to have a valid address in order to bypass basic spam filters. Then, they send their spam through other servers using this address as the sender.
2) they use scripts to send spam through the service, as any regular user would. This is extremely annoying.
For 1) we publish SPF for all domains we send mail from. Now, it's up to people to enable SPF on their mail servers.
For 2) we filter _all_ packets coming from China, Korea, Nigeria and addresses listed in Spews and Spamhaus databases. That's about 13000+ filtered networks. Thanks to OpenBSD packet filter, it's trivial to set up and it doesn't introduce any slowdown.
{{.sig}}
Surely I should be able to visit any website I want?
I've got mixed feelings about that.
First of all, are all spammers bad? I mean, there ARE some people that buy crap advertised in spam. And is it all bad, or a ripoff? There was an link on Fark a week ago to an article about some guy that actually looks forwards to receiving spam, and had bought a lot of things from spam mails. Weird things, like a carpet cleaner, but things.
On the other hand, do people want AOL to shelter them from the web, from the real world? I can't mail some friends on another ISP because their ISP has blacklisted Roadrunner Email. We already have a government 'sheltering' us from things, such as the real truth behind assassinations, aliens, and the disappearance of Elvis.
Finally, the more things AOL blocks, the more reason for people to take the red pill, wake up to the monopoly, and get on a real ISP. Then those stupid CDs will stop showing up in my mailbox.
I want to see the web, the whole web, the whole glorious ugly sex-ridden spam-filled seething mass of crap, and naught else.
At least to some extent, they've been rejecting mail that contains urls believed to be connected with spam. This can be mail from domains that aren't otherwise blocked by their filters. I forget the exact text I saw in their bounce message. A user at ISP where I work NOC had complained of not being able to send mail to an aol address. I could see she was trying to forward a spamish mail she had received to her aol-using friend (gee, what are friends for, if not to share spam); my recollection months later is fuzzy, but it was clear from the body of the rejected mail and the aol bounce did specifically mention that it was rejected on the basis of the url contained in the mail.
But the idea is to force the spammers out of business by taking away the small fraction of customers that they get from sending out their spam. If you just have an intermediate page saying this website is involved in spam, all you're doing is putting one more mouse click between the customer and the website. Remember, these are people that *want* to visit the spammers site that are being blocked.
IMHO, even though it is all for a good cause, once you start blocking websites "for the good of the internet" it's a slippery slope to full-on censorship.
Why not build this capability into browsers? Follow the cookies handling model.
Make it optional, stick it in "preferences", stock it with an initial list of spam sites, and give the user the ability to add additional sites, delete sites, and select/deselect the block.
-- Slashdot: When Public Access TV Says "No"
Instead of simply blocking the connection, AOL could redirect the visitor to a special error page, explaining that the page was blocked for spam reasons and offering an override if the user really wants to see it.
After reading through a page explaining that it is a spam site and that the user might be tracked and harrassed further by those companies for giving them a visit, I'm sure most of them would not click through.
Those masochists looking forward to buying spam and actively supporting these scum could just click "Yes, I really want to see this page" and everyone would be happy. Right?
I didn't know they were filtering spamvertized sites but I know they block some mails based on content, specifically URLs they may contain; some emails to AOL got rejected because of this, and their smtp returns
reason: 554-: (HVU:B1) The URL contained in your email to AOL members has generated a high volume of complaints.
The URL in question was http://someplace.(can't remember).solmedia.com which doesn't sound like a spamgang operation to me..
have you been defaced today?
So, does this include sites that have 'dynamic' IP addresses as well? Currently they consider a lot of web hosts as having dynamic IP addresses, and force them to have to get on a whitelist (which I might add, is nearlly impossible). Does this mean now, not only will AOL users not be able to sign up for anything that requires an e-mail on my site, but that they'll now not be able to view it at all?
I sure hope it's just spammers they've blacklisted, rather than a comibnation of a blacklist, and whitelist. I can certainly see the possibility of this being even more of a problem than one would think.
I've already had one of my competaters complain about me (unjustly) and now I'm blocked and I can't send email to aol customers. This is the first major step in isolating aol customers from non aol parts of the internet, watch how this turns out they will start "filtering" in a big way now.
"It's so convenient to have a system where everyone is a criminal" - A. Hitler
This is real funny. I've been trying to install some new sendmail milter programs on my mail server in an attempt to cut down on the amount of spam I receive. As a result, I've been taking a closer look at my mail logs.
I'm getting a lot of mail addressed to accounts that don't exist from systems with names like omr-m14.mx.aol.com. Are these legitimate MTAs or open relays?
If AOL wants to cut down on SPAM, they should start with what gets sent by their servers.
it should be possible to opt out of the black list and also get a copy of the database.
AOL recently identified me as a spammer and blocked all future email from me to my friend in Paris, following a fairly rapid exchange of emails between us concerning tickets for a newly announced gig that I knew she would love to go to, but were not visible to her for some reason. Presumably because the emails all centred around 'tickets', AOL severed our communications. She is the onl AOL customer I contact by email, and then infrequently. If this is a measure of their accuracy in identifying spammers, God help us all
I too am concerned about the potential for abuse of a web site black list. I'm also concerned that AOL did not inform members of this change. Any ISP that implements a web site black list should redirect browsers to an HTML page that explains that the web site address is associated with known spammer.
AOL has a long history of not informing and many times outright lying.
When AOL first gave out usenet access to it's members, it promised to have every newsgroup available. Instead, AOL blocked newsgroups that were created to discuss (and flame of course) problems with AOL. On occasion, AOL staff would post in those groups saying that it wasn't true, but then of course someone would point out the fact that AOL staff were using other providers to post to those usenet groups.
I wouldn't be surprised to see AOL abuse this feature in a similar manner.
This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
Seems to me that AOl could be hit with a "restraint of trade" lawsuit.
Especially by those companies that have been incorrectly marked as spammers by AOL.
If anything, this should be opt-in, or at least, opt-out.
http://www.e4ward.com
That said, I went to www.sco.com and couldn't find the pictures you were talking about. Do I need to get some kind of free trial membership or something to see 'em?
In Russia most ISPs, including the largest hosting providers, routinly close websites belonging to spammers (repeat offenders) for a few years already. So far this has not been abused, suggesting, it might work equally well on the American and even global scale too.
Future Wiki -- If you don't think about the future, you cannot have one.
Do you have a cite for that? I just did a bit of googling, and all I can find are posts that complained about the fact that AOL, by default, showed newsgroup titles from the config database instead of dotted names, so that alt.aol-sucks showed up as "Flames and complaints about AOL". Some folks assumed that AOL renamed the group for some nefarious reason and came up with the description themselves, and others said that AOL was censoring the group because they couldn't find it. IIRC, the option to switch the list display from descriptions to newsgroup names was either always present or was added fairly early on, making it a moot point.
I'm a pretty good Googler, I don't remember AOL ever not carrying the group, I've found several posts from that timeframe (not from AOL sycophants) explicitly stating that AOL *has* always carried the group, and I find it hard to believe that not one person complained to alt-aol-sucks about AOL not carrying that very newsgroup, but maybe I'm just not searching on the right phrases.
I'll look into it but I clearly remember it happening around the summer of 1994. On the google note, google says that you didn't start posting to alt.aol-sucks from AOL until January 4, 2005...almost 10 months (IIRC) after AOL had usenet. So either you weren't posting before that time, google lost stuff, you were posting from another account, or you had x-no-archive on. (or google just plain sucks anymore)
From what I remember, you were posting quite soon after AOL got usenet access, but of course I would have no idea of where you were posting from if in fact you did post previous to Jan 4, 2005.
BTW: I'm not one of the trolls from that time period, but I see that people still Troll using your name. Sorry to see that. After all, you weren't a troublemaker in a.a-s. You tried to be helpful with problems people were having.
This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
The legal problem is the common carrier issue. Once you begin filtering for content, you become liable.
But as to spam from an AOL address -- it's been about 5 years since I last saw a spam that *actually* came from an AOL server.
~REZ~ #43301. Who'd fake being me anyway?