Dealing with False AOL Spam Reports?

aohell-guy asks: "I handle the mail servers for a business that has 20% of our members using AOL. We regularly send out email that our members have agreed to receive. In AOL 8.0, it was possible to click a single message and report it as spam. You would be prompted to confirm the spam report, although no details explaining what happens with the report are given to the user. Through AOL's Postmaster site, it is possible to get in on the spam 'Feedback Loop,' where AOL will send you the spam reports it receives for mail sent from your servers. When you receive a report, you are supposed to immediately cease the sending of email to that AOL address. The only problem is, we have found that most of the time the AOL users are reporting our email as spam on accident! These complaints can negatively impact your ability to send email to AOL members. How are you handling the false reports?" "In version 9.0, AOL made two incredibly stupid mistakes which make false positive spam reports skyrocket. First is they now allow their users to select multiple messages at once and report them all as spam. Second, when you hit the spam report button (which is located DIRECTLY next to the delete button), it IMMEDIATELY files the spam report -- there is no confirmation required. Sure, the AOL user can see they made a mistake and move your email back out of their spam folder...but the report is still filed against your server. Rack up enough of these reports, and you will not be able to send mail to AOL. We have had plenty of complaints come in, and we delete their accounts as they do -- except with our paying members. We ask them if they really want to cancel? In ALL cases but one, we have received replies stating it was an accident.

We have spoken to people within AOL that deal with the mail. (Amazingly, it is not too hard to speak with them if you are a business sending email to AOL users.) The ones we've spoken to are not happy with these changes in AOL 9.0, and admit they result in many false positives.

If you are sending a lot of email to AOL users, you will want to get in on their feedback loop ASAP, and also look into getting on AOL's 'whitelist,' which ensures that your mail will not be silently filtered into the bit bucket, as long as you keep your mail bounces and spam reports (ahem!) at a low level."

Whaaaat? Cluesless AOL users?

Who would've thought that possible.

Re:Whaaaat? Cluesless AOL users?

[Moonpie+Madness]

Dont be too hard on AOL, if it weren't for that sore thumb '@aol.com' it'd be a lot harder for me to identify dummies out there. dumb people are simply a fact of life, and they deserve to get some internet access. a spoon feeding paternalistic service is great for them, and worth the money, and they give a lot of their money (more loosely than most) to a lot of internet businesses, though i have to admit they arent really much effect on the Linux community

Re:Whaaaat? Cluesless AOL users?

[drooling-dog]

Of course you're assuming that they actually wanted this mail that they "agreed to receive". It could be that many/most of them actually did consider it to be spam. After all, they went to the effort to report it as such...

Re:Whaaaat? Cluesless AOL users?

[jrockway]

Well, they paid for it. The guy should unsubscribe them and keep their money instead. Much better solution, eh *cough*.

Re:Whaaaat? Cluesless AOL users?

[pete6677]

A lot of people, even some who are somewhat computer literate, will click the Report Spam button on an email from a mailing list that they no longer want to subscribe to instead of actually unsubscribing. They have no idea how much this screws up spam filtering and reporting systems.

Re:Whaaaat? Cluesless AOL users?

[l810c]

Not only are they Clueless, but your typical AOL user has:

A Short Flaccid Penis
A High Mortgage Rate
High Insurance Rates
A Hugh Amount of Debt
No Online Diplomas
Does Not work from home..

Re:Whaaaat? Cluesless AOL users?

[gabec]

It's not AOL users, it's simply the way we interact with email now-a-days. You can't trust "unsubscribe" links, as all they do is confirm that you read your email. :P

Sure, at one point they might have opted in, but people forget or get tired of getting your newsletters or even the occasional guilty-by-association of simply looking like a professional email (as in, from a company) instead of a personal email.

So don't bash AOL users ... for this reason anyway. ;)

Re:Whaaaat? Cluesless AOL users?

[yiantsbro]

If stupid people only had a sign, we would know to avoid them...oh yeah...

Here is your sign: @aol.com

Re:Whaaaat? Cluesless AOL users?

[ArseneLuppin]

A lot of people, even some who are somewhat computer literate, will click the Report Spam button on an email from a mailing list that they no longer want to subscribe to instead of actually unsubscribing.

And even more people will do so if some actual spam does find its way to the mailing list (it happens... we had a some dogfood spam on the E-patents mailing list recently...).

And guess what, most good spam reporting services (such as spamcop) correctly detect the situation, and do not flag the list operator's systems, but only the system(s) of the perp who sent the spam to the list.

Re:Whaaaat? Cluesless AOL users?

It's times like these I wish I didn't use up all my Mod points... someone please mod parent down.

Re:Whaaaat? Cluesless AOL users?

[hesiod]

Oh, here's another sign to point out a stupid user:
> by Anonymous Coward

Re:Whaaaat? Cluesless AOL users?

[schwaang]

Typical pimply-faced slashdot prejudice.

I've been using email since the days 300baud acoustic modems roamed the earth. The email address on my resume is @aol.com, because it's the only address I've had which hasn't changed in over 10 years.

Sure I don't use it for everyday mail, but it has already paid for a lifetime subscription. Previous employers have been able to contact me for new contracts, despite many changes of physical address, phone #, ISP.

These days there are other "permanent" solutions, like pobox.com. But I bet aol outlasts them...

Re:Whaaaat? Cluesless AOL users?

[wideBlueSkies]

>>They have no idea how much this screws up spam filtering and reporting systems

They have no idea that things such as Spam Filters even exist, much less having a lack of knowledge about fsking their effectiveness.

wbs.

Re:Whaaaat? Cluesless AOL users?

You are such a smart business person. 25 million people - who needs'em! They are all so dumb they can't figure out your poorly engineered EMAIL products. dumbasses. They should make everyone learn the vagaries of YOUR email system, personal preferences, because you, sir, have an excellent mind, and you execute flawlessly. The world would be so much better if we could get those 25 million idiots to be just like you.
UGH!

Re:Whaaaat? Cluesless AOL users?

[schvoo]

I've had problems with AOL's spam lists on more than one occasion. The first was a few months ago when people working for my dads company began receiving notices telling them that they were on the aol spam list and could not send e-mail to aol uses. My dad attributed this to my powermac, which happened to be on his network so I could access it from school. He didn't know why he was getting the spam messages and new that my powermac was running some kind of server software, so he concluded that someone had used it to send spam from his network and he could no longer send e-mails to aol users. I did not argue, though I knew he was wrong, because he is a bit stubborn in his ways, and I had no solid evidence of what else might have happened. Then people with accounts on my server and domain (dotapple.net) reported that they were receiving similar bounce back letters. I contacted my hosting company and learned that the SMTP/POP server had been used by one of their other clients to send spam, and they were working on resolving the issue. Then I told my dad about this event, and he allowed me to put my powermac on his network, provided he had an administrator account. The problem is solved but AOL gave me a lot of trouble.

Re:Whaaaat? Cluesless AOL users?

[yiantsbro]

"The world would be so much better if we could get those 25 million idiots to be just like you"

I couldn't agree more. Well said---at least for such an asshole. Oh, yeah, let me guess--you've already got your sign.

Re:Whaaaat? Cluesless AOL users?

[cronl]

AOL users are just refusing to grow up, that most notably includes not growing up with the internet. Somebody here even bragged about having an AOL account for ten years. Probably got the account while in junior high.

Re:Whaaaat? Cluesless AOL users?

Wow! That sure seemed to upset you! Somebody made you mad by pointing out AOL isn't for technological genius types... It will be ok.

Re:Whaaaat? Cluesless AOL users?

[hesiod]

> That sure seemed to upset you! Somebody made you mad by pointing out AOL isn't for technological genius types... It will be ok.

Oh ho, ho! You are a master of genius wit and utter cluelessness. Not too quick, are you? I never showed any inclination (that means "tendency" in this case, although I should explain what that means too, since you're obviously a fucking dolt) of being upset, you just assumed that everyone gets their panties in a twist like you. Sorry, we don't all fly off the handle insulting others cluelessly. Or at least when we get mad, we get mad for a reason and put together a good (at least sensical) argument. You, sir, are not worth the bitch of a camel you came from.

Not your fault - you're dealing with AOL

[eaglebtc]

Unfortunately you're dealing with AOL, a company that has always been a few cents short of a dollar. There's probably not much you can do. Sorry this isn't helpful, but it's not your fault they placed the Junk button so close to the delete button.

Re:Not your fault - you're dealing with AOL

All of my email is dumped into users' spam folders on AOL. I run a website which they subscribe to for services which require updates on interactions between them, the system and other users. They need these reports in a TIMELY fashion.

Thanks to AOL, people dont' know they've recieved their registration confirmation, password reminder, auction updates, etc... It's a PAIN IN THE ASS and there's nothing I can do about it. *shrug*

It's a pain having to tell EVERY SINGLE PERSON in a giant blurb before signing up that "AOL WILL FILE YOUR EMAIL AS SPAM SO PLEASE CONFIGURE YOUR CLIENT APPROPRIATELY FIRST". Worse, I can't email peopel personally to talk to them about the problems - or even just regular friends... because they're on AOL AND I'll be filtered to spam.. so if I'm filtered to their spam folder and they don't realize it, then they'd never get an email from me saying "hey, check your spam folder for my email"

GOD DAMN IT!

Oh, and no my domain and server have never been used for ANY spam or unsolicited mail. The domain has only ever existed under my ownership, the IP is mine alone, the servers are physically built and owned by me and I am the only one who has ever controlled the email server and had any accounts on it. AOL is just fucking stupid about spam.

Re:Not your fault - you're dealing with AOL

This is the situation I find myself in also.

Re:Not your fault - you're dealing with AOL

[dubiousmike]

i am hearing of lots of complaints about AOL in this thread. What about refusing to take aol addresses when customers fill out forms. There are a number of people in my life who still use AOL only because of email. I find myself explaining to them that they don't receive emails they didn't know got sent to them that are legitimate. They don't believe me.

Maybe if we don't let them enter an aol address, they will either use a non AOL address, or call AOL to complain after they read the explanation on your website that says why you wont take an AOL address.

We just...

[Valiss]

.... aviod AOL altogether. I know that's not helpful, but our company simply gives our users dial-up accounts to dial into the building. Seems to circumvent the situation. If your company can afford it, setting up your own private "ISP" is the way to go.

I have this same problem

[Xshare]

My emails get routed to null at aol as well. Really sucks when trying to contact a client who uses AOL. Get the owner of the box (root access, some stupid AOL rule) to call the AOL Postmaster, stay on hold a bit, and you can get it all sorted out.

Re:I have this same problem

[Thing+I+am]

Stay on hold a bit? The first time I called, I was on hold for 25 minutes. The second time was a bit less, 18 minutes. The loop of music they play sucks too.

Re:I have this same problem

[Xshare]

I've stayed on hold much longer than that, for different things.

Re:I have this same problem

[c1ay]

My emails get routed to null at aol as well. Mine too, which is just fine by me. It gives me more time to email Darl with stupid questions and post his email address on /. repeatedly so others can do the same :-) OK now, group mail hug, everyone email Darl and let him know you're thinking of him.

Re:I have this same problem

[Kerbz]

Note: If your mail server's ip address does not have a reverse dns lookup entry, your email is indeed immediately deleted by AOL's email servers, with no bounce message and no indication of any problem whatsoever.

Re:I have this same problem

[1u3hr]

Periodically my personal (not bulk) mail to AOL addresses (which includes netscape.com) is bounced with an extremely rude message saying that my server has been banned because of "too many complaints about my ISP". There is absolutely no way suggested to get a message through, no email address for enquiries and the webpage referenced doesn't even mention the error number they give. So I call my ISP who say they're dealing with it, and it's fixed a few days later. Then a week later, it happens again. Why don't these arrogant pricks use a whitelist? I'm pretty sure it's email worms from infected users setting off their alarms, is it really so hard to filter these (which always come with an executable attachment anyway).

Re:I have this same problem

[Desert+Raven]

I'm pretty sure it's email worms from infected users setting off their alarms, is it really so hard to filter these

Is it really so hard for *your* ISP to filter these before they pollute someone else's network? You ISP's mail server should be filtering for these, and they should be blocking outbound port 25 from clients unless specifically requested by the client.

I have no problem with folks sending their own mail out if they know what they're doing, and they specifically request it. But I have a HUGE problem with ISPs leaving port 25 open for every jughead on their system. If all of the ISPs followed this rule, the spam problem would decrease by 75% or more.

Re:I have this same problem

[1u3hr]

Is it really so hard for *your* ISP to filter these before they pollute someone else's network?

I have no control of *my* ISP's policies and no choice in my area.

Re:I have this same problem

[FireFury03]

Every so often someone mails me from their AOL account. AOL insist on binning my mail, and frankly I don't have time to chase them about it so people mailing me from AOL don't get replies. Wonder if AOL lose a significant number of customers because they're silently binning a significant chunk of legit mail.

Re:I have this same problem

As a paying customer, you have more control on *YOUR* ISPs policies than anyone else. Just keep complaining to the customer care.

Re:I have this same problem

[pqdave]

You might not have a choice for your connectivity provider, but you most certainly have a choice of email providers--There are a ton of third party mail providers out there, with whatever price and features you need. I've had the same email address for 8 years and 3 different ISP's. Mine is free and more reliable than any of my ISP's mail servers have been, another I know of is $10/year. Ask for advice on news.admin.net-abuse.email--That's how I got the free account I use.

Re:I have this same problem

[Desert+Raven]

I have no control of *my* ISP's policies and no choice in my area.

Yet, you expect everyone else's ISP to deal with your ISP's pollution. Your lack of choice is not my problem. Your ISP allowing a flood of sewage to enter my network *is* my problem. I choose to deal with it by blocking. I suggest you actually try to talk to your ISP before you find yourself on a rather exclusive intranet.

Re:I have this same problem

[1u3hr]

Yet, you expect everyone else's ISP to deal with your ISP's pollution.

You keep saying "your ISP" as if I had any influence. Actually, it's a subsidiary of Sony. Do you really think I can influence the Sony Corporation in any way at all? I can talk to someone at customer service all day long and get be sure that it'll be logged and forgotten immediately. The only upside is that Sony is too big to cut off completely.

And in fact I have no idea if my mail is blocked because of a "flood of sewage" from my ISP, because those bastards at AOL never explain why they've blocked me.

You asked....

[Smitedogg]

I think you've done all you can. I would even go so far as to say that you've answered your own question. Call AOL, make sure they know you're legit, and wait for the next version of AOL to fix what turned out to be a bad design choice. In the meantime, maybe add a note to one of your mailings suggesting that they make sure to be careful about that. It's not like you can do anything else.

Dogg

Re:You asked....

[plierhead]

I think you've done all you can. I would even go so far as to say that you've answered your own question....It's not like you can do anything else.

No disrespect but you talk like an employee, not someone who cares. Imagine your liveliehood depends on keeping your company - which sends out hundreds of thousands of valid, asked for emails per day - running so you can feed your brood and keep a roof over. Thats how I'm thinking while reading these posts. I'm guessing if you really cared you would have a more constructive comment to make.

Re:You asked....

[ThogScully]

No offense, but you sound like a PHB. Just because you want to do more, doesn't mean you can.

My brother and I run our own business that has lately been having many problems with this. We've been doing all the same things mentioned in this story and hopefully will soon work out to a resolution.

But just because I recognize that all I can do is limited to all AOL can let me do doesn't mean I am just an employee who doesn't rely on his job for his livelihood.
-N

Re:You asked....

[Maestro4k]

• I think you've done all you can. I would even go so far as to say that you've answered your own question. Call AOL, make sure they know you're legit, and wait for the next version of AOL to fix what turned out to be a bad design choice. In the meantime, maybe add a note to one of your mailings suggesting that they make sure to be careful about that. It's not like you can do anything else.

Perhaps instead of noting to be careful state that AOL users persistantly reporting order confirmations as spam will be required to provide a non-AOL E-mail address to order in the future. I know as a business you hate to lose a customer, but when a customer is causing you to get black-listed from their ISP and making you jump through hoops and spends hours on the phone trying to fix that, then you're LOSING MONEY on them because of all the extra work. Then it's just not worth it, make the idiots who do this consistantly over and over get an address somewhere else to continue to order, so you can cut down you support expenses. I would imagine it would be fairly simple to setup a black-list of sorts that would reject E-mail addresses from a list of known idiots. A bonus is you could word this generally and use it for any spam-reporting-happy customers from any ISP as well.

Before someone flames me saying many AOL users aren't total idiots and this would penalize them, notice I'm saying only those AOL users who consistantly report your order confirmations as spam. All the ones with at least half a brain won't be affected at all, just the idiots.

Re:You asked....

[lrucker]

wait for the next version of AOL to fix what turned out to be a bad design choice

What's *really* bad about the design is you can't see the entire email address. If all you can see is "orderconfirmation@", you can't tell if it's really an order confirmation or a spam - you can see the whole title, but those rarely say where they come from, since they assume you can see the domain in the address. Don't know about the PC version, but on Mac and web-based AOL mail, that column doesn't resize.

I still have an AOL account because I've had it since it was the only way to get Internet email, and because unlike Geocities, my websites can take anything short of a slashdotting - not bad for $4/month. I get around 100 spam/week, and I only check it weekly, so having to click two dialog boxes for every single spam is tedious.

Granted, clicking only one with no confirmation isn't a good idea, but if they go back to the old system, I'll go back to deleting without reporting.

BTW, I've never seen the option to correct accidental "report as spam", but I usually check the mail via the web - AOL for Mac still has the "two dialogs for each spam" system.

no chance for us...

[wo1verin3]

I work in a tech support environment dealing with end users, many using AOL. The e-mails we sent out come from the same or a similar address, and all have a similar format such as opening and closing, AOL seems to 'randomly' block them. I know it's really not random, but trying to figure it out is next to impossible.

Re:no chance for us...

[techno-vampire]

A few years ago, AOL was known to block all mail from random domains to lower its server load when things got overloaded. I see no reason to think they've stopped.

Re:no chance for us...

[wo1verin3]

ugh, that ACTUALLY kind of makes sense.

Because we can send one e-mail, it won't get there... but two hours later send the exact same e-mail and it may...

Re:no chance for us...

[jCaT]

Plenty of mail servers do this. In practice I've seen both AOL and Yahoo mail do this at certain times during the day. The thing is, the way the email is "blocked" does not cause it to never get delivered... it is just delayed. The mail just gets a deferred, and it is up to the mail server to try sending it again until it is accepted by the remote server.

The implications are that the message is not delivered *IMMEDIATELY*, but it will get there... just late.

Re:no chance for us...

[Jay+L]

AOL was known to block all mail from random domains to lower its server load when things got overloaded

You do realize that this is standard sendmail behavior, and not some sort of nefarious AOL plot to make your mail disappear? Refusing connections at a high load average just delays delivery of the mail until the next retry. It isn't related to the OP's mention of mail disappearing, which sounds like a spam-filtering problem.

That said, when I was at AOL, delivery times were usually in the seconds to minutes - I can't remember the last time we actually had a significant load average on the inbound relays.

Re:no chance for us...

[techno-vampire]

The thing is, the way the email is "blocked" does not cause it to never get delivered... it is just delayed

Back at the time I was writing about, It did mean that all mail from that domain bounced. Delayed wouldn't have been a problem, and probably not even noticed.

Re:no chance for us...

[techno-vampire]

You do realize that this is standard sendmail behavior, and not some sort of nefarious AOL plot to make your mail disappear? Refusing connections at a high load average just delays delivery of the mail until the next retry.

That wouldn't have been a problem. What happened was that all mail from our ISP bounced, for at least several hours, if not a day or more.

Re:no chance for us...

[Jay+L]

Ah. Then that's an operational problem, either at AOL's end or yours, and nothing to do with refusing mail when the system's busy.

Re:no chance for us...

[techno-vampire]

Right. Operations at AOL would just tell its servers to bounce all mail from random domains to lower the load. Operations problem is exactly right.

Re:no chance for us...

[Jay+L]

I'd love to hear who told you that one. There has never been anybody anywhere in the entire mail operations management chain, from Steve Case down to the guy sitting in the NOC at 3 a.m., who would randomly bounce mail to lower the load. That's quite an accusation.

Re:no chance for us...

[techno-vampire]

When I worked at Earthlink (1995-2003) there were a number of times we were getting complaints from members that all mail to AOL bounced. Our Operations people would get in touch with AOL. Sometimes it would clear right up, sometimes it would take a day or so. Word filtered down that this is what had happened. Naturally, we didn't tell this to callers, just that there was a difficulty and we were working with AOL to resolve it. In no case did we have to do anything at our end to change things; all we could do is wait until AOL decided to let our mail through again.

Re:no chance for us...

[Jay+L]

Ha! I never cease to be amazed at what explanations floor-lore can come up with... reminds me of the Q-Link days when we used to tell customers to wrap their disk drives in tinfoil. (Which, to be fair, actually worked sometimes on Commodores, since they were usually hooked up to TVs which emitted huge amounts of radiation in close proximity to the poorly-shielded external floppy drive..)

I worked in development, not operations, so I don't remember specific episodes, but it sounds like Earthlink was getting caught up in AOL's spam filters. Here's a cite showing it happening at least once.

Re:no chance for us...

[techno-vampire]

I worked in development, not operations, so I don't remember specific episodes, but it sounds like Earthlink was getting caught up in AOL's spam filters.

That happened too, of course, but I'm not thinking of that. All mail from us to AOL would bounce without explanation but mail from other domains would get through at the same time. I first heard about AOL blocking us because of server load from my lead, who got it from a meeting of all supervisors with people from the NOC. The NOC guys told us about this, and we were told *not* to pass it on to members as we didn't want to badmouth another service, nor to give them any reason not to accept our mail. I think I may have heard about it happening to other services, but I'm not sure and won't insist on it. I also can't prove that AOL blocked us for the reason I was given, but I do know that it would fit the facts quite nicely.

Incredibly stupid mistake

[superpulpsicle]

When I hear incredibly stupid mistake about AOL, it's like hearing the word patch associated with M$.

Seriously a spam report is the least of AOL's problem. As soon as the rest of the internet noobs figure out how to use the internet via a regular ISP, AOL is history.

Re:Incredibly stupid mistake

[wampus]

As soon as the rest of the internet noobs figure out how to use the internet via a regular ISP, AOL is history.

They have been around since the mid eighties, when n00bs who didn't know how to use real BBS's used Q-Link.

AOL is not leaving any time soon.

Re:Incredibly stupid mistake

[gl4ss]

what exactly makes you think that the 'noobs' would figure it out?

-

My email never gets blocked by AOL

[Grey+Ninja]

Just put "Enlarge your Member" in the subject line. It NEVER gets marked as spam in my experience. I sell about 200 pounds of snake oil a day to AOL users.

Re:My email never gets blocked by AOL

[benchbri]

Your stuff can't be the real thing; everybody in the buisness knows snake oil is measured in hogsheads...

Re:My email never gets blocked by AOL

I sell about 200 pounds of snake oil a day to AOL users.

Email me. My pet snake has had this really annoying squeek for the last month, and when I call local pet stores asking if they sell snake oil they just hang up on me.

No one likes scomp

I work for an internet hosting provider and we get an incredible number of AOL spam complaints daily.

We manually file almost all of them as spam.

We haven't automated it yet because getting an even more excessive number of them at once might indicate an owned server or something.

Other than that, they are almost completely worthless. 90% of them (or more) come to us because people forward mail for their domains to AOL.

Lucky clients...

[lukewarmfusion]

"The only problem is, we have found that most of the time the AOL users are reporting our email as spam on accident!"

Sure... on "accident."

Seriously - I'm not sure what business you're in, but do your clients really need to be using AOL? Could be worse, I guess. It could be Netzero. Still, I have a few clients that are AOL customers, and the host of problems that they've faced has been enough to convince them to switch.

Connections, mail problems, whatever.

Re:Lucky clients...

The thing is, it likely is NOT by "accident". I bought some products from swansonvitamins.com. I started getting spammed to my hotmail address (heh, which is precisely why I HAVE a hotmail address). Every mail provides links to click if I want to opt out of some or all of the "offers". I chose "opt out of all" on more than one occasion, but swanson continues to spam me. So even though I am (was) a happy customer of theirs with a "pre-existing business relationship" (ie. implicit permission to spam me), I now report all of their shit as JUNK, and they can go take a flying fuck if they think I'm doing so by "accident".

Re:Lucky clients...

Sure... on "accident."

No, honestly they did!

P.S. while you're there - some of my other "clients" accidentally installed and used Bayesian filtering. Silly them - now they can't buy my p3ni5 enlarjement p1LLs^W^W^W^W^W er... read important er... stuff they want to see... please tell me how I can help these other clients receive my important messages!

If it looks like spam, it wants money and you didn't want it: it's spam.

Re:Lucky clients...

[Unholy_Kingfish]

Seriously - I'm not sure what business you're in, but do your clients really need to be using AOL?

I am not sure about what he means by clients, but we have this problem with customers. One of the sites I manage DressKids.com , sends out an email conformation for the order, a CC card conformation from the processor (not my choice) and then an email when the order is shipped. Plus we send out a newsletter about every 3-4 months. Pretty reasonable right? We don't spam, we don't sell lists. Our emails do not get through to AOL subscribers. Why? because people repost them as spam, whether it is intentional or not. We get many phone calls from cranky customers complaining they didn't get their email. But those same people are reporting those emails as spam. About 20% of our base is on AOL. Most of them are new moms/housewives on AOL. They have no clue what they are doing. Plus they don't care that they have no clue and take it out on us. AOL needs to do something about this. Having to contact AOL on a regular basis to reverse something dumb that their customers are doing is unreasonable. Spam is a problem, no argument with that. But when legit emails do not get through because of false reports, who's fault is it? Who should fix it? Who has the time?

Re:Lucky clients...

[arodland]

Of course you want to prevent this, but at least when they call up you can say "Are you using AOL? Oh, I'm sorry, they have a policy of blocking our mail. We're doing our best to get this resolved, but in the meantime you might want to try someone better, and save a lot of money into the bargain."

Re:Lucky clients...

[Tony+Hoyle]

I've had the same with 'Mobile Fun'.

I bought *one* item from them. 3 years ago.

2 years ago I lost it with them after unsubscribing constantly and getting nowhere. Reported them to spamcop, a few RBLs and their upstream provider. They sent me a stroppy letter insisting that their unsubscribe link worked, that they were a 'Microsoft Partner' and didn't spam. After that they seemed to actually stop sending me junk.

Last month out of nowhere they started again. Usubsctibed again, for what it's worth... if that doesn't work it's back to the RBLs again. I hope this time these clowns are shut down for good.

Re:Lucky clients...

[garwain]

The sales droids where I work have AOL accounts on their laptops so that they can connect when on the road. at least once a week, I get a call from an annoyed user half way across the continent saying that MY server is messed up because they can't connect to the OWA site, or log via Terminal Service Client, or open a VPN connection. My response is always the same... Let me know when you get back so I can LOOK at the machine! they never call back because everything works fine over the office LAN. so I'll keep telling them to drop AOHell and get an account with a REAL provider

Re:Lucky clients...

[lukewarmfusion]

We used to recommend Earthlink, FWIW.

Or you could provide a local dialup and give them a phone card (or 10-10-987). Cheaper than AOL, much easier to control.

it is a tough situation

[LupusUF]

Unfortunately there is not much you can do except listen to them. Even if you think someone reported you on accident, drop them from the list. If they complain later, simply supply them with a copy of the e-mail that you were sent by AOL saying that you were reported by them as SPAM. This is an annoying solution, but you don't want to get added to AOL's spam list. It is VERY difficult to get taken off once you have been put on. You can even spin it in a positive light if you get complaints from users asking why they no longer get e-mail from you. Say that you are aggressively opposed to spam, and stop sending mail at the first sign that your letters are unwanted.

The only other thing I could think of is maybe put a note in the messages of your AOL users asking them to contact AOL and fix their policy. The chances of this working are beyond slim, but it will make it appear to your users that you are trying to serve them the best that you can.

Re:it is a tough situation

[Wycliffe]

Maybe anecdotal, but one of my servers was once accidently added to AOL's spam list, and although it took about 2 days, I was able to get removed from their list fairly easily. So yes, it is possible, but the better thing is obviously to never get put on it to begin with.

Re:it is a tough situation

[circusnews]

The only other thing I could think of is maybe put a note in the messages of your AOL users asking them to contact AOL and fix their policy. The chances of this working are beyond slim, but it will make it appear to your users that you are trying to serve them the best that you can.

I have found having 20 or 30 AOL users call AOL's tech support screaming about AOL bouncing importiant mail as spam gets you off the list fairly quickly.

Re:it is a tough situation

[David+Rolfe]

I have found having 20 or 30 AOL users call AOL's tech support screaming about AOL bouncing importiant mail as spam gets you off the list fairly quickly.

This statement is pretty much false. I am a now retired 7 year veteran of the Tech and CAT dept's at AOL (jax south). Anyone screaming about not getting email because their host is blacklisted has to follow the same procedure that the other sensible and honest posters have mentioned. You have the mail administrator responsible contact tech support and the post master. Tech support files an email problem report from the information you provide this is first line, you will then recieve email or a phone call from a noc guy that handles mail, and if problems persists you contact the 703 number or the use the postmaster website as instructed.

Irate callers get nothing but a soothing voice repeating that we need the responsible party to contact us as soon as possible. I apologize for the inconvenience. I guess until they push a coach or maybe agm over the edge, at which point they get a stern repetition, an inquiry if we can help with any other issues, and if not, then silence. At that point, they can move on to other business or hang up.

User's don't report Spam on accident....

[LostCluster]

You seem to be confused, you're sending mail that is prompting users to click on the "This is Spam!" button even though your readers tell you they want to hear from you.

It might work better if you provided useful content "above the fold" of every message you send, then follow it with "Today's content was sponsored by...". If you're sending a pure ad in e-mail, it smells like Spam and users are going to turn it in...

Re:User's don't report Spam on accident....

You, Sir, are an idiot.

A lot of users subscribe to some stuff, then are too lazy or too stupid to unsubscribe again.

Since we are talking about AOL users, the benefit of doubt definitely belongs to the sender in this case.

Sheesh.

Re:User's don't report Spam on accident....

It might work better if you provided useful content "above the fold" of every message you send, then follow it with "Today's content was sponsored by...". If you're sending a pure ad in e-mail, it smells like Spam and users are going to turn it in..

Ummm... the email we send has ZERO ad content in it. The email we send is part of the service they are subscribing to when they join our network. It is not spam by any definition. Our company is completely anti-spam, and has been for our entire life (9 years).

Had the same problem...

[Keighvin]

I used to work for a (legit) marketing firm, and had this same issue with AOL. They were technologically savvy enough thought, and had enough latitude with the membership services, that we set up aliased email accounts on our own servers for our subscribers. This dramatically cut down on our false-positives after we asked filters to be set up by our clients to get them into the right place to begin with (i.e., different folder).

Your mileage may very, and not everyone has the option to ask that kind of technical activity of their clients, so we lucked out. Might want to give it a try though.

Re:Had the same problem...

(legit) marketing firm

(non-violent) mass murderer

Take the hint

[domodude]

Take the hint and unsubscribe them from the newsletter/mailing that they "opted" to receive. It is not too hard.

Re:Take the hint

[tupps]

the users are paying for the newsletter, so not only have they 'opted' to receive it your future income depends on it.

Re:Take the hint

[Cecil]

Take the hint and unsubscribe them from the newsletter/mailing that they "opted" to receive. It is not too hard.

Uh, it is in fact 'too hard' when you never get a notification from AOL that person 'x' thinks your mail is spam, or any notification from AOL at all. Just one day your IP goes over the magic limit of complaints and you get kicked out of AOL's mail servers.

Unless you mean unsubscribing all AOL users, but if you're just going to avoid sending AOL users any mail at all, why do you care whether you get blacklisted or not?

SourceForge mailing lists are blocked by AOL

[tramm]

I run several projects on SourceForge, including autopilot, that have had all of the AOL subscribers removed from the mailing lists due to spam bounces. Since so many AOL users receive mail from SourceForge hosted mailing lists, it does not take many accidentally clicking the spam button to blacklist the SF servers.

I submitted a support request to SF about it, and they said (rightfully) that it is AOL's problem.

Re:SourceForge mailing lists are blocked by AOL

[ajs]

This has been AOL's approach since the beginning. They started with convoluted means of "proving" that you were not a spammer. Then they moved on to refusing to listen to any servers that they considered "residential"...

I really expect that within the next 5 to 10 years, they will not send or recieve email at all unless it involves a "partner" of theirs.

Re:SourceForge mailing lists are blocked by AOL

[smack_attack]

You gotta hand it to them though, if they reject 90% of messages, spam will obviously go down.

Re:SourceForge mailing lists are blocked by AOL

[Neon+Spiral+Injector]

And the circle will be complete. AOLers should have never been let loose on the Internet in the first place. :P

Re:SourceForge mailing lists are blocked by AOL

> Then they moved on to refusing to listen to any servers that they considered "residential"

Yes, they blacklist dynamic IP's. Do you suggest they hire someone to wait for your call and say "I'm connected on this IP, could you please unlist it while I send mail? I'll let you know when I change IP's next".

Or that they hire a team of psychics to guess who an IP without RDNS belongs to?

If you can't afford a static IP in a colo with RDNS, you obviously don't have enough interest to be running your own mail server. Thankfully your ISP provides one for you, which AOL won't block.

Re:SourceForge mailing lists are blocked by AOL

[silas_moeckel]

And this is a bad thing how? No offence to some of the better AOL users but for the most part I dont want to email or receive email from people on AOL. For business it just plain looks bad to send mail from an aol address. For personal use not even my relatives use aol.

AOL is it's own little world on purpose thats what they sell. Persoanly I have never had issues with sending mail to AOL it's simply a matter of using smarthosts at home and normal configuration at work.

AOL eh?

[LordK3nn3th]

I find AOL to be rather laughable now.

AOL, as crappy as their business is, is rather large. You think you're the only one dealing with this problem? Unlikely.

If worst comes to worst, you just might not have to support AOL e-mails.

there's life outside of....

[HFactor_UM]

...AOL? But AOL's so shiny and fancy, how could it be?!? Pretty, pretty AOL.

A professor of mine had a similar situation with some class mailings that he did. Some odd configuration of his email server had caused AOL to blacklist him - period.

AOL almost knows me by name....

[m0rb0]

I work for an independt-regional isp, and often have to serve as the conduit for users who cannot e-mail AOL. Quite simply, I have to spend 20-30min each time with customer support to have our ip addresses "removed" from their abuse list. If there IS a better solution, I have not found it yet!

Re:AOL almost knows me by name....

[hetairoi]

I agree that there should be a better way to fix this problem. I also agree that putting the 'spam' button next to the 'delete' button was a poor design idea. I myself have made the mistake of highlighting the wrong email and marking it as spam. Yes, I am an AOL user (have been for more than a decade, I have my reasons and will explain if asked nicely, but that's not my point here).

However, having seen the evolution of AOL mail over a long period of time I have to say it's getting much better. Each new version offers better control, better filtering and more ease of use. It's not perfect, but they are working to make it as good as possible. I am hopeful that the next version of AOL will allow the user to UNMARK spam that was mistakenly marked. I also think they could use statistics to see if the same people are marking confirmation emails as spam over and over. It should be possible to block a domain for one user, but not all. So if I deciede that I don't want any email from @whatever.com AOL blocks that for me, but not for everyone else.

AOL does have a whitelist feature, which is nice, but not helpful in this situation. AOL also has a large amount of unsavy computer users, but that's why they exist, as a convenience for people that don't want or need to learn how to setup an internet connection or install and configure an email client and browser. They provide, at a premium cost, a conventient package where everything is already setup and right in front of you. They are not perfect, they are not for everyone, but they are getting better with each new version. It really seems that they are doing much more than any other ISP to curb the spam problem they have, it's rocking the boat right now for some people, but hopefully it can be fixed. AOL is learning how to deal with large amounts of spam, it's not going to be solved all at once, but it's moving in the right direction.

The amount of AOL bashing going on here is silly and childish (not the parent post, he seems to be dealing as best he can). If you have no business with AOL, block them. But if you would like to do business with the millions of users with large amounts of disposable income AOL has, then you're just going to have to learn to deal with them somehow. I don't particularly enjoy removing spyware and virus' from the same users computer over and over, but their money spends just the same.

It's pointless trying to talk to anyone in aol

[zakezuke]

At some point in my history... I was using pine, and sending mail. I set name using chfn "first I last", though my memory could be foggy and it could have been "first I. last". This wasn't a problem for any mail server except for AOL... for some reason it wouldn't parse correctly and try to send mail to "first I@domain.com"

Dispite honest efforts trying to get a hold of the mail staff, by my self and my isp... at no point was it possible to actually report the problem to anyone.

The final solution was just changing my name to "first last"... as it was important at the time to actually to get proper replies from people at AOL for some reason.

While not directly related to story... it just goes to show you that trying to actually communicate with anyone with in the AOL realm is practicaly impossible, and you should just give up before you start. The best you can do is communicate to people that AOL has *this* problem and your only resolve is to either do things diffrently, or switch services.

AOL's fault ?

[ThomasFlip]

Shouldn't AOL be the people policing the spam ? The last people qualified to distinguish between a piece of spam from a normal piece of email are AOL users. For god's sake, how do you think the MyDoom virus got spread ? people not knowing how to properly identify illegitmate email. You would think AOL be able to identify the fact that their users are at the bottom of the food chain when it comes to online aptitude.

My experience...

[ptomblin]

I run a bunch of Mailman mailing lists. One time, one of the people on this mailing list false SpamCop-ed one of the monthly mailing list reminders, which caused my ISP to complain to me. I kicked him off the mailing list and told him he couldn't come back until he'd convinced my ISP that the spam report was in error. I don't think he ever did come back on, but fortunately the ISP didn't kick me off - perhaps it's giving RoadRunner too much credit, but even *they* must realize the huge false positive rate from SpamCop.

Re:My experience...

[jesser]

Monthly mailing list reminders *are* spam.

Re:My experience...

[Sircus]

To be spam, it's got to be unsolicited. You signed up to the mailing list, it told you you were going to get the reminders, ergo, it's not unsolicited. I find them irritating too, but I wouldn't pretend they were spam.

Re:My experience...

[ArseneLuppin]

Moreover, with mailman, each user has the option to turn them off.

This happened to me.

[cmburns69]

Actually, I'm not sure I ever received any spam reports against my server. But it was terrible getting whitelisted. They directed me to call a certain number that didn't work 1/2 the time, and I had to wait on hold for at least 30 minutes.

All to tell them that my server wasn't blocked. They told me it wasn't. I told them that was the error I was receiving. They told me my server wasn't on the list.

Eventually I mentioned that my server was in Rackshacks datacenter. Apparently they had banned a whole range of IP addresses, and their utilities didn't show if an IP were in that list.

So after a very frustrating conversation, they whitelisted me. Any way, I don't know how this helps you, but it feels good to vent!

EmailOK field

[Kris_J]

For our database at work we have an EmailOK field. If an email bounces or otherwise doesn't get to the recipient as expected, the email address is tagged as suspect and a message is sent using another method of communication indicating that the email we currently have needs to be replaced or re-confirmed. Any process that sends emails is supposed to look at the EmailOK field and only send if it's empty or Y. (Other values are N for not okay and O for over quota, you could add an R or S for reported as spam.)

We have an IT meeting soon where I will be leading a discussion about on-line communications. I will be suggesting that we don't accept all email addresses from Hotmail (so many bounce with user unknown or over quota) and "hanmail" (incoming messages get tagged as spam because of the HTML that the service wraps user messages in), and that we start recording IM accounts as a backup communications option. I'm not saying we refuse emails from Hotmail accounts, I'm just saying that when you tell us your address, we won't accept a Hotmail address.

Re:EmailOK field

[GlassUser]

(incoming messages get tagged as spam because of the HTML that the service wraps user messages in)

The proper way to send a web page begins with http: not helo.

solution

[erikdotla]

if ($emailaddress =~ /aol.com/i) {
&RejectAddress();
}

Re:solution

[Green+Light]

I hope you know that you are now filtering out all mail from aolacom! Not to mention aolecom, aolucom, ... oh forget it.

Maybe you meant /aol\.com/i for the RE?

Re:solution

Noobs, please.

@(.*\.)*aol\.com$

So did I

[sjb2016]

My mom had her account frozen because of a similar mistake. I've been trying to get her to stop using AOL for years, but she was too afraid it'd be too complex. This was finally the straw that broke the camel's back. Now she uses Juno and I provided her (and my whole family) e-mail addresses through my account with Lunarpages in case she doesn't like Juno. The best part is, for some reason, attachments are now more intuitive to use for her, so I don't get a phone call 3 times a week as she tries to view the picture of her granddaughter. All at half the price.

Re:Three Words

argh...that's only two words, or four depending how you view it

Re:Three Words

[Squirrley]

wait... isn't that 2 words? or four, i guess, if you count the letters...

Accidental spam reports, eh?

[void+warranty()]

Most likely they signed up for the newsletter by accident and now they don't want it anymore.

When I get newseletters that claim I signed up for them, the first things I utterly avoid are reading them and following any links or instructions in them.

So, just stop sending email to people who obviously don't want it anymore; consider the spam report as unsubscribe requests.

Re:Accidental spam reports, eh?

[jnicholson]

I know we don't read the article here on /., but I didn't realise we weren't supposed to read the question either.

The users weren't accidentally misclassifying the messsages as spam; they were accidentally hitting the wrong button. And even if you don't ever send to them again, the problem is that there's a multitude of users and if enough of them hit the wrong button even once, none of your AOL subscribers can now receive the messages. Add to this that the messages are paid for, and you can understand the poster's question/problem.

misc

[erikdotla]

First your message should say "This message is part of your Whatever.com subscription, which you signed up for on mm/dd/yyyy." If you have anything else than this as the first line of your message, you're asking for it.

But this is nothing. I run a mail server and I set up accounts which auto forward to AOL accounts. The users would spread their address everywhere, and when spammers would spam it, it would forward to AOL and they'd mark it as junk, and AOL would block ME since *I* sent it to them - makes no sense. I stopped forwarding to AOL (or to anyone, really.) POP or Nothing.

trash emails --- spam

You recipients, and I, just add the senders of emails that they don't the fuck want to their mark-as-spam list.

Your users think you emails are shit, and they can't be bothered the - probably - ordeal of unsubscribing. De-list those who don't want your ... yup, spam, spammer.

Great story!

Thanks for not using the trite "read on" phrase!

You're F***ed.

[Lord+Kano]

The only problem is, we have found that most of the time the AOL users are reporting our email as spam on accident!

My personal opinion is that since AOL caters to the lowest element, that's what their users tend to be. If you're in a situation where you have to send business emails to someone using an AOL address, perhaps you should try to persuade them to get a yahoo address as well.

Unless you're willing/able to hire someone to work full time on dealing with the idiots who requested your emails and them reported them as spam, I don't see an end to your problems.

LK

parent's website

[timmarhy]

luck you didn't post it or mention it's name or AOL black lists will be the last of your problem.

Excessive block

[Slotty]

AOL has blocked a huge portion of I.P addresses in Australia like 61.8.0.0 has been blocked off or something insane like that so AOL is no concern of mine if our clients have to contact AOL users we suggest they try hotmail or yahoo mail for those clients as AOL refuses to remove the ban. Now that's outrageous

Re:On accident?

[batkiwi]

RTFPost!!!!

We have had plenty of complaints come in, and we delete their accounts as they do -- except with our paying members. We ask them if they really want to cancel? In ALL cases but one, we have received replies stating it was an accident.

Or are you using AOL 9.0 and accidentally clicked the submit button before reading the full text of the post?

Hey retard

[autopr0n]

If you'd read the article you'd see that they know it was accidental (these were paying customers), and when they tried to confim the email, the users themselves claimed it was an accident.

Re:Hey retard

[DavidTC]

Tough. Cancel them anyway. They obviously don't want it there.

Granted, if they then ask you where their stuff is, say 'We've got it right here, do you have an email address you wish it to be sent to, as the last address we sent it to reported it as spam?'.

The spam problem is bad enough without having to tip-toe around users so stupid they report email they've paid for as spam.

Re:Hey retard

[Rahga]

Well, here in the real world, when customers sign up to use stuff like an online product support site, they are asked to provide and e-mail address and passively agree to get e-mail mailings. Many of them are PAYING CUSTOMERS. Just because you are sending regular e-mail to paying customers does not mean it is not spam.

Re:Hey retard

[Ironica]

Many of them are PAYING CUSTOMERS. Just because you are sending regular e-mail to paying customers does not mean it is not spam.

No, but just because you contacted the customer out-of-band and *confirmed* that they marked the message in error, does mean it is not spam (as stated in the original post).

And, for that matter, if you agree to get emails from a party, they're not spam. If you let them know you don't want emails anymore and keep getting them, they become spam... but reporting them such that the entire *ISP* gets blacklisted (too bad for anyone else using the same domain who actually *wants* those emails) isn't the first-string approach.

Re:Hey retard

So if you pay to subscribe to my newsletter, and I send you your newsletter subscription which you paid for, you're saying it's still spam?

"Retard" is right, though I would have used a much stronger word.

Re:Hey retard

"reporting them such that the entire *ISP* gets blacklisted"!

Yes, it is a small price to pay against spam.

Blocking entire domains is a used in certain companies and universities just to avoid spam.

Re:Hey retard

Great move, genius. Cancel the accounts of your paying customers - what a great business plan.

Re:Hey retard

[DavidTC]

I didn't say cancel their accounts, I said stop sending them email.

Re:Hey retard

[Ironica]

Blocking entire domains is a used in certain companies and universities just to avoid spam.

-1, redundant... this is exactly what the entire article is about. Problem is, rather than an admin making a decision to block a domain, a small committee of AOL users are able to do this... by accident.

+5 Informative

"on accident" is nonsense. that's like "setting" on the bed. try "by accident."

Wow

[PingXao]

I don't know where to begin...

First and foremost, don't assume they are reporting your turdlets as spam "by accident". Perhaps they really don't want your emails after all. If they really want to hear from you they'll be signing up again. You're SOL as far as I can tell. The only responsible thing to do is stop sending them to anyone who has complained. Whether on purpose or by accident. Unless you're really spamming, in which case you're the scum of the earth and will keep on sending unwanted email regardless of whether or not the recipient wants it, but I'm not making that accusation.

Secondly, if you're a business then why do you refer to your email recipients as "members"? Are they in some sort of "affiliate" program you manage? I really don't understand this. No real business refers to their cusomers as "members". Well, I guess health clubs, country clubs and other clubs do... And shady operations that want to spin what they're doing as "not spam".

So stop sending the emails and put in place a method where people who really want to receive your email re-sign up with you. Then email them once and ask them to respond affirmatively if they really want to receive email from you. I's called "confirmed opt-in". Once you have that affirmative acceptance in hand you should be able to use it to positively refute any aaccusation by AOL that you are sending unwanted, unsolicited email.

Re:Wow

[Malc]

Trouble with people complaining at AOL is that the complaint doesn't get forwarded to the sender... so you can't really avoid them again.

When he said members, perhaps he has some mailing list software that defines subscriptions to the list(s) as membership. Obvious terminology to a techie and not businessman.

Re:Wow

[Medieval]

You dumbass. Maybe he's running a personals service or something like that. Sites like match.com refer to their customers as 'members.'

Re:Wow

First and foremost, don't assume they are reporting your turdlets as spam "by accident".

We didn't. If you had read the original post, you would see that we confirmed it was an accident (at least with all of our paying members, the only ones we contacted after they reported us).

Secondly, if you're a business then why do you refer to your email recipients as "members"?

Because our business is an organization, sort of an association, and people register to join it. These people are then members of our association.

So stop sending the emails and put in place a method where people who really want to receive your email re-sign up with you.

Why on earth would we do that? These people already joined us, knowing full well that the primary part of our service is sending email to them. This is not spam, it is part of our service.

Then email them once and ask them to respond affirmatively if they really want to receive email from you. I's called "confirmed opt-in". Once you have that affirmative acceptance in hand you should be able to use it to positively refute any aaccusation by AOL that you are sending unwanted, unsolicited email.

Uhhh, well since our registration process is double-opt in and we record the IP address used when registering AND when confirming the opt-in, I'd say we have this covered. It still doesn't help us with AOL.

Re:Wow

[PingXao]

"Double opt-in" is pure spamer-speak. You ARE spammers. I knew it. I called you on it. My original comment got modded as Flamebait. You know what? I don't care about the moderation. I was right.

There IS no such thing as "double opt-in". And to boot, you retort posting as an Anonymous Coward!

Anonymous Spammer is more like it. Fuck you.

Re:Wow

[Malc]

What is this twaddle? You were correctly modded flamebait. And now you post stuff like this that makes you sound like a juvenile. Chill-out and try to think beyond your zealous militant irrelevant niche.

Don't mail them - and tell the users why

We have 125,000 AOL users (including 3,000 Compuserve) who are marked in our DB as hold due to being blocked by AOL mail servers. These are opt-in lists for product updates and news letters. People have to jump through hoops just to get on to the list in the first place. It's not worth the hassle to us. If this makes a large number of AOL customers unhappy, then they should change ISP. We're providing a service, but the goodwill it garners is only worth so much when the issues of dealing with AOL become too expensive. People like our products and seem to come back whether or not they get the mailing list stuff from us that they've requested. We've been through the process of getting unblocked twice, but it seems to take up a month. The third time we were blocked we said fuckit (or words to that affect).

Now lets talk about Yahoo. They seem to have faulty logic somewhere. I have a Yahoo account and find a lot of false-positives. As far as our mailing list goes, on one occasion we ended up being filtered to their bulk folder... which can be a lot harder to notice than being completely blocked.

Let your users know

[sirdude]

How about letting the recipients of your emails know that they have subscribed to this. If need be put this line right at the top of hte email.. Alternatively add this to the subject.. something along the lines of :
[{companyname} subscribed newsletter]

Try to make it obvious for them, and similarly for the AOL "minder" who checks them.

asdf

www.aimprogz.net

Re:Tough fucking shit.

[LordK3nn3th]

Troll. He said he handles the mail servers for a business. He didn't say mailing was the business. Almost every big business has mail servers for many reasons.

A human is a lousy spam filter

[titaniam]

When I realized over a year ago that spam was starting to be a huge headache for me, I started saving all my spam and good mail to separate directories, in preparation for using a Bayesian filter. At that time I was getting 20 per day, now I get 350, of which a few make it to my inbox. Anyway, I read Paul Graham's plan for spam and decided to write my own filter, and built in a feature where it would check my classification. Lo and behold, about 5% of the mail I classified was identified by my filter as being incorrectly classified. The filter was correct in almost all cases - I was either misinterpreting the emails or ending up saving them to the wrong directories after correctly categorizing them. Now, whenever someone wants to use my filter, I first require them to classify by hand all their mail for a few weeks. Once they run my program they are amazed - they can't believe they made so many mistakes, and they are instant believers in the power of Bayesian filters. My point is that in implementing these spam reports, the ISPs MUST take human error into account, and only penalize mass-senders if over (roughly) 5% of a given sender's recipients complains.

Re:A human is a lousy spam filter

When manually sorting your emails into good and spam folders how the hell do you misclassify your good messages as spam or your unwanted spam as good?

How exactly is a Bayesian filter supposed to know better than you what is spam and what isn't? You have to train the filter yourself so if you are screwing up manual sorting of email then you'd make about as many mistakes when training the filter no?

Perhaps your filter has parameters for your mortgage interest rate, whether or not you are single, what medications you take, your stock purchase preferences and how big your johnson is so that it may better decide that you should be reading some of the messages you decided were spam?

Re:A human is a lousy spam filter

[titaniam]

I know no-one will see this response because the parent poster will not be modded up, but your second point deserves some explanation. A Bayesian spam filter would never work if it were not able to overcome the trainer's frequent and unavoidable mistakes. Take a simple and impossible situation as an example: My friend sends me 20 emails I deem to be important, consisting solely of the word "BayesianRules". As an infallible human, I save 19 in the good folder and one in the spam folder. Now I train my filter. Since no-one else used that made up word, it is assigned the probability 19/20=95% as being good. Since my filter is conservative, it only calls an email bad if its' probability of being good is less than 1%. Lo and behold, my misclassified email has a 95% chance of being classified as good by the filter if it only looked at the message content. The filter can easily identify its training flaws. Now consider all of the information in the email header, my friend's signature, the actual content, etc. With one piece of information the filter is great, with many it is nearly infallible. In practice, my filter reverts to a flip-flop -- the content of real and spam mail is so different it is childs play to tell them apart.

Just don't send email to AOL users

[autopr0n]

Simple solution, don't send email to AOL users unless it's critical. Sure, they may have 'agreed' to recive it, but do they really need your newsletter or whatever? My guess is that they don't.

If you have a web service, set things up so that users are notified about messages when they log on. If they are not AOL users, then also mail them.

Simple solution. Honestly I'd much prefer if all of the mail in my mailbox was from individuals who actualy wanted to say something to me personaly.

Re:Just don't send email to AOL users

Honestly I'd much prefer if all of the mail in my mailbox was from individuals who actualy wanted to say something to me personally.

... or send you porn.

Catch-22

Like most folks, you have to target Windows users, since that is where 90% [for example] of your audience is.

On the other hand, you might want to ignore AOL users as clueless and so, who cares about them.

However, if you are selling something, these are just the suckers you might want.

what to do, what to do...

Simple solution

[buss_error]

The only problem is, we have found that most of the time the AOL users are reporting our email as spam on accident!

Quit sending AOL accounts email. Tell them that the daily/weekly/monthly newsletter is on the web site, they want to read it, vist the site.

Simple, no?

fax or mailout?

[narkotix]

Thought about faxing or snail mailing them instead?

Issues with AOL and email

[baddogatl]

I had a problem with a customer who wanted all of his email to be forwarded to his AOL account and then repeatedly marked it all as spam without notifying us that there was a problem.

The result: our server was blocked as a spam relay.

AOL helped correct this quickly, but when I emailed the customer to let him know what happened he flagged my emails as spam and our servers were blocked again!

Our customer wasn't returning calls so I disabled his account. After that he was very willing to contact me to speak about things :)

Re:Issues with AOL and email

[Jay+L]

Fascinating - what did he actually say when you talked to him?

Small lists too...

[dcigary]

I run a small (~200 user) mailing list for my homeowner's association, and I've been fighting the AOL Spam filters for years. From what I can tell, the process of notifying AOL that your email is indeed something that users have signed up for and WANT is near impossible. I'm almost to the point of telling the HOA that we can't accept AOL accounts any more, as nothing gets through. I've also had the same experience with Time Warner Roadrunner, EarthLink and others as well... What I find MOST disturbing is that on AOL the user NEVER receives the email, nor a notification that something was rejected. Ignorance is bliss as far as AOL is concerned, and they like keeping their users in the dark.

Re:Small lists too...

[ameoba]

It's perfectly understandable, tho... I mean, really... what's the difference between getting 100 spams per day and getting 100 "we blocked some spam' messages?

Re:Small lists too...

[ArseneLuppin]

Maybe they could send out max one "we blocked spam" summary message per day? Which would have just the subjects and senders of the spam?

But then users will probably just start ignoring these, because 99% of the entries in those messages would indeed be spam...

Re:Small lists too...

[Secrity]

Is your IP or ISP on a blacklist such as SORBS or Spews? If your IP address is on such a list many, if not most, ISPs will reject or silently drop your email. Do not blame the ISPs, blame the spammers. One place to check to see if your IP address is listed is at http://www.moensted.dk/spam/

Re:Small lists too...

[Lumpy]

doesn't matter..

as an Ebay seller I always hate finding AOL address on people that win things from me. I know that my emails have a 40% chance of getting through espically if I use my ebay email address at yahoo.com..

I have almost thought of putting on my auctions that no AOL email address will be allowed for communication due to the unreliability of the AOL email system recieving my requests for payment and shipping status reports.

Um, no I dont spam BTW... I only keep someone's email address long enough to get the transaction done and then their address is expunged.

AOL = headache for everyone trying to do business on the internet or even sell some old crap on ebay.

Re:Small lists too...

> It's perfectly understandable, tho... I mean, really... what's the difference between getting 100 spams per day and getting 100 "we blocked some spam' messages?

The fact that the blocked spam is in a folder that doesn't count against your mail quota (it just expires after X amount of time), doesn't automatically load images or fetch URL's, and can be batch-deleted after a quick scan of the subjects and senders. You can always create a rule to trash spam notifications (well maybe not, this *is* AOL, basic features like that aren't conducive to a "friendly" experience)

Re:Small lists too...

[Eraser_]

Possibly one email saying "we blocked 100 spams today, here are the highlights:" and put some of the "lower scoring" email on the list. I don't know if AOL just uses black and white filtering with no scoring mechanism, but if something got a low score (Go Ask Alice gets flagged once every so often as 5.1 points in Spam Assassin) but still flagged as spam, put the from and subject headers in that email, with a link to get it back.

On a side note, I e-mailed the Go Ask Alice people with a copy of the spam assassin score card and pointed out a few things they could do to lower their score. I told them I happen to get all my SA'd email, but other users might not, and I would hate to see you get a false report of spam. The next week all of those changes had been implemented and their score dropped 3 points. For those wondering, it is a mailing list run out of columbia.edu which answers questions on health and sex related matters. Lots of penis vagina breast orgasm too little too long in the email, with plenty of links to go around.

Users agreed to receive?

[ect5150]

I don't know about the rest of you, but I get plenty of emails that I have never agreed to receive, regardless of what the company says. Could it be that if they are reporting it as spam that they don't want your emails? It could be that the users are stupid, but in this day and age, given our spam problems, telling the company you don't want spam seems to only give a verification that you use that email address (thus you get more spam). So it could be that they are taking the easy route. They let some filter catch it.

The answer is to NOT deal with AOL

I have told several users that AOL takes actions that are unique to AOL which suggest they consider themselves to be an AOL Service Provider (ASP) and is *NOT* an ISP. As such, the user needs to subscribe to something that more closely fits the defination of an ISP.

Some key areas that AOL differs from an ISP include:

- an ISP will look up in whois a technical contact to send a SPAM report to
- AOL ignores the whois database and requires the user to subscribe to AOL's "postmaster" site
- ISPs will take reports that go to either postmaster@ISP or abuse@ISP seriously
- AOL ignores email to postmaster@aol.com and abuse@aol.com in favor of a non-standard tosemail1
- If an ISP continues to be issuing SPAM, they will usually be willing to discuss the problem by phone with the reciever of the SPAM
- AOL will only discuss issues with the reciever of SPAM if they have an AOL screen name
- ISPs consider it a problem if they are sending SPAM just as much as it is a problem if they are recieving SPAM
- AOL does not consider it their problem when they issue SPAM but do complain that recieving SPAM is costing them alot of money
- ISPs will usually require account holders to provide credit card information or some other form of information making them aware of who you are and that they haven't already had problems with you
- AOL prides itself on providing throw away accounts with lot of free hours and no longer require a credit card

The bottom line is that AOL is a safe haven for SPAM to be issued from but AOL is quick to complain when they are getting the same crap that they dish out to the Internet. If AOL 9.0 makes it easier for AOL to blackhole itself then more power to them. Just warn everyone of the blackhole that AOL has decided to put itself into rather than trying to slow down the progress of the blackhole by "supporting" an organization that considers itself above being supported.

Save their agreement

[azav]

Of course, you must save the user's most recent record of agreeing to receive email from you and submit that to AOL to refute their report.

AOL is quite reasonable

[arglesnaf]

As a matter of fact AOL handles this quite reasonably. The secret is reverse resolution.

I am postmaster and in the IT security department of a fortune 150 Office Supply company. We started to experience this problem, and contacted AOL. We were added to the whitelist, set up the feedback loop yet we kept getting blacklisted. Spoke with a tech who told us to call the corporate phone number and speak with the "Spam Czar" whose name I cannot recall and cannot locate via google.

After speaking with him we discovered we were still getting blacklisted after around five complaints, when we send thousands of order confirmations to AOL addresses a day. They tracked down the problem, and it was that one of our mail servers did not reverse resolve. We fixed this, and bam, we now take nearly a hundred complaints to be blacklisted.

(You wouldn't believe how many people flag an order confirmation as spam. You also wouldn't believe how many corporate employees forward there email to AOL and flag it as spam, when they forwarded the spam to themselves!)

It was quite embaressing that we were not reverse resolving the host that sends order confirmations. We do send some opt-in marketing, but it originates from a different server.

(Our marketing you opt into while ordering, don't flame me, we do not purchase lists!)

Re:AOL is quite reasonable

[LordWoody]

Reverse DNS, eg: 192.168.1.1 -> mail.yourdomain.com
forward DNS: mail.yourdomain.com -> 192.168.1.1

Woody

Re:AOL is quite reasonable

[jdew]

jdew@chronos:p7[~]$ host slashdot.org slashdot.org has address 66.35.250.150 jdew@chronos:p7[~]$ host 66.35.250.150 150.250.35.66.in-addr.arpa is an alias for 150.0/24.250.35.66.in-addr.arpa. 150.0/24.250.35.66.in-addr.arpa domain name pointer slashdot.org.

Re:AOL is quite reasonable

[Neon+Spiral+Injector]

Reverse DNS, when you look up an IP and get its PTR name. Like 127.0.0.1 gives localhost on most machines.

It is important that your mail server has a reverse lookup that resolves to a name where a postmaster can be contacted. It is also a very good idea, to have that name also forward resolve to the same IP (even if other names also resolve to that same IP).

Re:AOL is quite reasonable

[Surazal]

I had to deal with this issue a lot while working as a system administrator at the last company I worked at.

I don't know about other domain name servers (like Microsoft's offerings, for instance), but I know in BIND, it's not only necessary to set up the forward resolution of a hostname, for instance:

www.slashdot.org => 66.35.250.151

It's also necessary to explicitly set this up too:

66.35.250.151 => www.slashdot.org

The reason it's necessary to define the reverse hostname resolution is because a hostname may resolve to the same IP address as several, or even hundreds of other hostnames. Rob Malda could have www.shashdot.org, my.slashdot.org, woohoo.slashdot.org all to the same IP address. But the IP address can only reverse-resolve to one hostname by definition. So, you define both the forward lookups and reverse lookups explicitly so that your company network can run smoothly without anyone knoiwing the major hack you just pulled to *get* the thing running. :^)

Sometimes, though, even seasoned admins forget to put in the reverse-lookup rules in there as a matter of oversight. For this reason you see a lot of automated scripts at ISP's that handle hostname maintanance for you.

And, unfortunately, they didn't have this set up at my last job.

(story, boss wants a new server set up, I have to make a phone call to set up the new IP address and hostname to our system adminsitrators at the data center)

Me: "Can you get hostname blah.blah.blah pointing to 10.0.0.123?"
Other Guy: "Sure! Will be going in a few hours or so"
Me: "No problem"

Three hours later...

Me: "Um, I wanted the reverse-lookup tables set up, too."
Other Guy: "What? Why do you need reverse lookup tables?"
Me: "Because half the network applications ever written since the inception of the internet require that be done *every time*. Just like the last 7 times I asked you to do this."

Yeah, I hated my last job. :^)

Re:AOL is quite reasonable

"reverse resolution" is merely confirming an address is valid in order to send it spam. Nice try, buddy. You may not think you're spamming, but the phrase "We do send some opt-in marketing" is a dead giveaway. Justify it however you like. You're a spammer.

Re:AOL is quite reasonable

[Glug]

(Our marketing you opt into while ordering, don't flame me, we do not purchase lists!)

Not a flame, just letting you know: If I place an order with a company, I never check any boxes that opt me in to receive advertising. If I get "defaulted" to receiving ads and do receive some later, then I report the spam to the company's upstream and, obviously, I never buy anything from that company again. You might check to see whether your order forms try to "default" people into receiving spam or not - it is possible that the opt-in list that your marketing department thinks it has accumulated is not an opt-in list at all, and that people are reporting your company's email as spam because your company is in fact sending them unsolicited bulk email.

Re:AOL is quite reasonable

[Lost+Race]

But the IP address can only reverse-resolve to one hostname by definition.

No, one IP address can resolve to many hostnames.

$ORIGIN 0.168.192.in-addr.arpa.
1 ptr hosta.example.com.
1 ptr hostb.example.com.
1 ptr hostc.example.com.

% host 192.168.0.1
1.0.168.192.in-addr.arpa domain name pointer hosta.example.com.
1.0.168.192.in-addr.arpa domain name pointer hostb.example.com.
1.0.168.192.in-addr.arpa domain name pointer hostc.example.com.

Similarly one hostname can resolve to multiple IP addresses.

% host mx1.mail.yahoo.com.
mx1.mail.yahoo.com has address 64.156.215.7
mx1.mail.yahoo.com has address 64.157.4.78
mx1.mail.yahoo.com has address 64.157.4.79
mx1.mail.yahoo.com has address 67.28.114.33
mx1.mail.yahoo.com has address 64.156.215.5
mx1.mail.yahoo.com has address 64.156.215.6

Re:AOL is quite reasonable

Get a life. Stop with the conspiracy theories. Not everyone is out to get you and if you would just come out of your parent's basement and go outside, you would see that.

Re:AOL is quite reasonable

[A.+Lynch]

I handle abuse for a very large ISP, and I've found the same thing.

We get a few million reports from AOL per day. Its a lot, but that is the strength of the system.

I process the messages, and based on the number of complaints, I block my customer from sending email though our relay servers (we block port 25/tcp outbound from our largest markets). Stops the spam, and not just to AOL.

This system works very, very well.

I honestly think AOL should be commended for their anti-spam work.

Re:AOL is quite reasonable

[elronxenu]

We fixed this, and bam, we now take nearly a hundred complaints to be blacklisted.

It doesn't sound like much of an achievement, nor something you should be proud of. AOL still blacklists you, albeit at a higher threshold, and when it happens you still need to do some kind of pleading with AOL to take you out of their spammer list.

Re:AOL is quite reasonable

[arodland]

So you're allowing millions of the world's LEAST qualified internet users to make your policy decisions?

Re:AOL is quite reasonable

[.nuno]

I don't know about other domain name servers (like Microsoft's offerings, for instance), but I know in BIND

Not that I am proud to admit it, but a few years ago I did have to install and configure one windows DNS server (only once, I swear) and, IIRC, the only thing needed to add the reverse lookup was to check a box 'Create Reverse Lookup' or something like that when creating a new host.

Why some people still don't do it is a mistery to me...

Re:AOL is quite reasonable

[A.+Lynch]

Hardly. Each entry is hand-verified before its added.

However- if out of, say, 3 million messages recieved from AOL in a certain time period, 30,000 of them from one of my customers IPs come back from AOL as spam (in near real-time), I can be reasonably sure that the message is spam.

This isn't unique to AOL. We do it with a number of other ISPs, as well.

Re:AOL is quite reasonable

[arglesnaf]

The first blackout in a three day period is 20 minutes. I think each blackout gets longer, but we have not exceeded a 2 hour blackout since our initial problems. If you go something like 3 days without exceeding some magic threshold they don't disclose they reset the counter.

The soulution is not perfect but very good and it seems to be based on ratio of "not spam" to "spam" you send to AOL. We have a complaint rate of less than 1/10th of a percent so until the virus of the day comes we almost never have blackout beyond the 20 minute one.

We usually quickly catch the virus of the day anyway since it crushes our inbound queues before NAI even announces it.

Re:AOL is quite reasonable

[arglesnaf]

Well, we are quite a bit larger a company than our (or just about anybodys) upstream, so your complaint is better serviced by sending it to abuse here, and not the upstream. I imagine that this is true of any company who does over a billion in e-commerce a year. I know its a sad state, but for most companies when the 800 pound gorilla is one of your customers, you tend to tred very lightly around them.

The opting is a check box in our order checkout process. I have fought with marketing over various defaulting type strategies, some victories and some losses. (Almost all rebate forms produced by any vendor are an implicit opt-in, at any company, not just ours. I don't buy things with mail-in rebates unless its really great.)

Re:AOL is quite reasonable

[Joe+U]

I worked for a company in a similar situation, and yes, I too argued with marketing over opt-in vs opt-out.

And they boiled it down to a simple formula.

If the person is a current customer, they get a monthly newsletter, they can opt-out at any time.

If the person never ordered, they can opt-in to the newsletter.

If the person was a customer, but has not ordered in over a year, they stop getting newsletters, and can opt-in to keep getting them.

Personally, I don't think it's the best solution, but it works, and we rarely get complaints.

Re:AOL is quite reasonable

[fwr]

You should be using CNAMEs

Re:AOL is quite reasonable

[heybo]

Yes with MS DNS you must set the reverse lookup on all IPs. Reverse lookups stop a lot of spam too. About 60% of the hits on our mail servers are rejected and we get only about one call in 2 months that someone can't send real mail to our due to a bad set up by their Admins. Normally this resluts in a call to their Admins and the records get straight and the mail goes through.

Re:AOL is quite reasonable

[firewood]

how about immediately imposing an injunction on Microsoft making it illegal to sell their products in Europe until they comply with the EU's terms. I think this is the only way to get them to change their corporate behavior.

Tough beans. In some jurisdictions, it doesn't even need to be hidden in the fine print or TOS you agreed to when you sent payment; you have entered into a "business relationship" with the seller. They may be required, by law, to send you notices about product defects, and anything else which they consider to be of equal importance.

Re:AOL is quite reasonable

You're at bsdnet.officedepot.com, right?

Maybe you should start honoring 5xx rejections - you know, stuff like "User unknown". It's been polluting my logs for a long time, and I'm getting tired of it. AOL probably felt the same way.

Re:AOL is quite reasonable

No. (I don't know if our site has this problem, but I'm not with depot)

Re:AOL is quite reasonable

Not for MX records.

Re:AOL is quite reasonable

[vreiner]

Actually, I just went through this with AOL last week. It can be a touch more complicated than checking that checkbox. I have 1/2 a Class C address space - and MS-DNS standard PTRs only work for NSLOOKUP and HOST requests. They do not work for DIG requests! How did I find this out? Even though I had PTRs set up, AOL was still rejecting my mail. If one has less than a Class C then one must create subnetted PTRS, i.e. one must make a subfolder in the reverse DNS zone and put the PTRs there. This apparently must be done manually, the checkbox that creates the PTR for you doesn't do it automagically (unless I've missed something). Once this is done, then Dig will work correctly and AOL will accept your mail.

Re:AOL is quite reasonable

[vreiner]

An adendum - I hit Submit too fast. MS-DNS works properly for full Class C DNS zones with all the tools, but for sub-Class C zones it breaks Dig. NSLookup and Host still work fine. I got into an argument with the AOL folks because I was able to do lookups all day long - using NSLookup. As soon as I tried Dig (which is apparently what AOL uses to do reverse lookups) I realized something was amiss. That's what I meant to say.

Re:AOL is quite reasonable

[Surazal]

Bad context. It seems like you're referencing some kind of "round-robin" configuration, which isn't the standard. Round-robin is usually handled below the hostname-resolution level these days (though I definitely remember that that was the preferred methods not too long ago), so this example basically highlights an obsolete method for load balancing.

Of course, these days, with virtual clusters and the like, such hostname resolution "trickery" is not only unnecessary, but *ugly* as well.

AOL is unaccountable for blocking

[eggboard]

It's one thing to run aggressive spam reporting filters. It's another to have no procedure that can get you out of the doghouse. My father and I run a very very small commercial service for monitoring the rank of various books at Amazon that's sold to authors. They pay for the service. It's double opt-in. We keep records of each sign-up and each opt-in confirmation, as well as payment records.

AOL banned our URL but not our email. The error said the URL in our messages couldn't be sent to AOL addresses. We contacted our three (yes, just three) AOL subscribers and asked them to try to use AOL's tools to make sure our email went through, but they didn't have any options that helped.

I contacted AOL, spoke to a guy who believed what I had to say, and I sent email including a variety of details to a Yahoo (ironic) address that they obvious use for disposable purposes and change from time to time. No response. A week later, I email there again as a follow-up. No response.

So what are we to do? Convince AOL subscribers to switch to another ISP? Nope.

Re:AOL is unaccountable for blocking

[meringuoid]

It's double opt-in.

When you log on to a network service, and it asks you for a username _and_ a password, do you call it double log-on? No? You just say 'log on'?

So why do you say 'double opt-in' when you actually mean 'opt-in'?

This drives me, and my customers nuts

[Bug-Y2K]

I work for a colo/hosting outfit. I also read the "abuse@*" address here. I found out about this system at AOL back in November, and spent a few weeks working my way through the postmaster group at AOL. I finally did get a really clued guy, who did a lot to help out... however, the system is so completely flawed that there isn't much that can be done to fix it.

Easily 98% of their reported "spams" are false positives. I've collected the 10,000 or so rejected mails and They break down like this:

40% are auto-mails from some website notification system
(example: one of our clients is an "aprtment finding service" that you sign up and I assume pay for. It notifies you if an apartment that meets your needs becomes available, via email.)
30% are mailing list traffic
10% are confirmation emails for ecommerce purchases!
10% are *personal correspondence!*
8% are actual spam, but being legitimately forwarded to an AOL address via a domain hosted by us, but whose user has configured it to forward to an AOL address.
2% is who knows what.

To have a system that fundamentally flawed is amazing. I don't use AOL... in fact I've never even seen what it looks like, so I don't know if this is *user* generated or auto-generated, but I do know it just doesn't work.

Re:This drives me, and my customers nuts

[texaport]

AOL's Top 2003 Spam E-Mail Subject Lines:

special offer
As seen on oprah
Online degree
Viagra online
Lowest insurance rates
Hot teen action
XANAX online
lower your mortgage rates
Get out of debt
Hot porn action
Online pharmacy
Get Bigger
Lowest mortgage rates
online prescriptions
Hot XXX action
lower your insurance now
improve your sex life
meds online
satisfy your partner
Valium online
online diploma
refinance

--
Today on Oprah:
A special offer to get your online pharmacy degree by refinancing and
lowering your insurance. Sexy teens will want you. Free meds for life!

Re:This drives me, and my customers nuts

[iamacat]

This is because your customers are not spammers. Even a very effective filter will only reject legitimate messages if that's all it gets.

do what i do

I block ALL mail that is going to/from AOL addresses. Makes things so much simpler to deal with. (It helps a lot when the IQ of a user is > age of user....)

My bitch about AOL

[DarkHelmet]

Ah God... AOL is a complete and total bitch when it comes to detecting spam.

My project Slashster, being a Friendster clone per se, sends out email recommendations from people on the site to others inviting them to join the site.

I found with Yahoo and Hotmail, that typically altering the email message not to include any sort of links (other than possibly slashster.com without the http://), typically allows the message to go through the filter. After all, most spam messages include some kind of tracking url in order to show where they came from. Right?

Not so with AOL. Pretty much any sort of attempt I do of sending an email through it have it flag up as spam. I suppose what happened was that someone hit the spam button for my site, and it was blacklisted.

It is possible to get whitelisted though. But you have to contact AOL in order to be part of the whitelist. You also need to fill out an application saying how many emails you plan on sending out a day, whatnot.

What kind of crap is this? I mean, they don't actually expect us to fill out an application for EVERY ISP out there that wants to lower spam. Ugh. Do I have to honestly write Hotmail, Yahoo, Earthlink, AOL, Adelphia, Comcast, and every other ISP / email provider out there to say "Hey, I'm not spam. Don't block me." or is there a better way? I doubt there's anything better.

It gets on my nerves, especially considering that I've started receiving mass emails from people who have invited me to Orkut. I haven't even joined that site yet, and of course, any sort of message from them does *NOT* show up as spam... Figures.

Note: I know some of you saying that sending Social Networking emails would be considered spam. I'm not sure if it could, after all, it's not the same email sent out to thousands of people. It's rather, one person sending another person a message, through my server. I know some of you will disagree, but eh.

Comment removed

[account_deleted]

Comment removed based on user account deletion

AOL security

[humankind]

I spoke with the head of AOL's security/IT system. Let me tell you they analyze EVERY e-mail that goes through their system. They look at all the popular RBLs and if you use *certain* politically-incorrect words in your e-mails, they flag the messages for further review. I am unaware of any system on the planet that is more thorough (or privacy-invading) than AOL. Don't let them fool you - their system is the focal point, probably, for a huge amount of intelligence-gathering efforts.

i have a hard time feeling sorry for you..

[Suppafly]

If a large amount of your mailings are "mistaken" as spam, they probably are spam.

Don't worry..

[CharAznable]

It's not like AOL will be around for long...

Some Practical Advice

[ErichTheWebGuy]

I have had my mail servers IPs blocked 4 times by AOL. Every time, it was because some of our franchisees or other legitimate business contacts have falsely reported our mail as spam.

The best thing you can do is to call the postmaster number, remain calm, and be patient with the person on the other end. Also, send out reminders to your members or whatever that if they report your legit mailings as spam, they will be missing out on important announcements etc.

It is important to remember that you are dealing with AOL and AOL members, so it is necessary to use 1-2 syllable words and speak slowly, often repeating complex concepts like 'Delete' vs. 'Report Spam'. Given time, the problem eases up a bit, but will never go away as long as AOL has this system in place.

Affecting my university

[m3000]

The school I'm going to, University of Florida has been having it's headaches with spam for this same reason. It sends out a weekly newsletter about what is going on in the university, important dates, events, that kind of thing. It's sent out to everyone's university appointed email address (foobar@ufl.edu) but people can then have that forwarded to their AOL address.

Now some people don't like this weekly thing (which is somewhat important so students get needed information, but whatever. When you're a student here, you get the email.), and so they mark it as spam when they get it, or else they do the accidental spam report thing. AOL then sees all these "spam" mail coming from ufl.edu addresses, and promptly blocks ALL email from any ufl.edu address. This has happened 3 times now, and each time the university system adminstrator has had to go through a ton of hoops to get it back in the clear. Meanwhile everyone using an AOL account doesn't get teacher emails, club announcements that they signed up for, and any sort of personal mail that someone sends from their ufl.edu account.

Hopefully AOL will get it's act together. In the meantime they're trying to get people to stop having their mail forwarded to AOL accounts, but of course even college educated people want to use AOL, for whatever god forsaken reason.

Re:Affecting my university

[GlassUser]

If you own the server, it's arguably okay. But when you send unsolicited commercial email to third parties, you're a spammer and should be reported as such. Sounds like stuff is working exactly how it should WRT blocking your spamhaus.

Re:Affecting my university

[Crispin+Cowan]

You would think that, after the second time this happened, it would occur to either UFL or the admin that if people hate the newsletter enough to spacop it, then just maybe it needs an "unsubscribe" mechanism. Clever CS majors that don't want it will have it forwarded to fuckoff@example.com, but the rest of campus is unlikely to think of that.

Crispin

RETARDED

Call AOL

[Com2Irq5]

Call ALL at 703-265-4670 and ask them to remove you from the black list.

Standard practice at AOL

[techno-vampire]

Years ago, I realized how AOL works: it walks around with a gun in each hand. Each gun points at one of its own feet. Then, at random intervals, it pulls one or both triggers. AOL shooting it in the foot isn't news; AOL managing not to shoot itself in the foot would be news indeed.

maybe you should stop sending anyway?

[laugau]

Scenarios:
1) They didn't mean to file you as spam, but they get so much spam anyway that they are deleting it - in otherwords, they are sick of stuff they don't care about
2) They agree that your mail IS solicited, but maybe they are sick of getting it and dont' want it anymore but don't know how to unsubscribe? - solution if they don't want it, its spam, leave them alone
3) They really do think it is spam but when confronted, they realize that it IS solicited (see #2)
4) They never flag your mail as spam.

Seems like #4 is the only category that you should keep sending to?

However, #4 could be sub-categorized:
4a) they don't know how to flag as spam
4b) they don't check that mail anymore
4c) they really want your mails because they are lonely.

If it is 4a, then they probably don't know how to click your links to come buy your product
If it is 4b, then they will never read the mail to click the link to buy your product
If it is 4c), then go for it... they are your gold customer.

All this leads to my assertion that you should send mail to as small of an audience as necessary. For instance, your boss needs to have a general idea of what you are doing from day to day and that you are meeting deliverables. However, do you CC your boss on EVERYTHING you mail? Probably not.... so why would you do the same for your customers?

It would probably be more effective to collect the specific stats around your buyers habits and target next sales on that.... providing they don't object TOO much to that. an email from companies like:
"Hey, I see you bought X 3 months ago and we are now selling X.2 for $Y."

is much better than
"Hey, want some viagra for your small, floppy wang?"

VERY, VERY few online companies should know anything about my wang and I can therefore rule those mails out as spam very quickly.

Just my $.02

its hopeless

we run a handful of newsletters where the user can either sign themselves up online or mail in a subscription card. The AOL people mark us as spam despite the fact that we have a subscription card from them.
Being put on the spam list is a PIA because half the business uses AOL while on the road. So one half of the business can't email the other half.

Our latest experiment is to force aol subscribers to get an extra confirmation email. If that doesn't work, we will probably scrap the whole lot of them....I just hope it means we get to scrap AOL as an ISP service too...hehe

Discourage AOL usage

[jmichaelg]

I gave up trying to work with AOL over a year ago. Now, whenever a new client signs up for our service and they tell me they use AOL, I suggest they go with another ISP. I explain to them that the weekly reports we send to our customers get to them by 8 AM the next day unless they're an AOL customer in which case it's a craps shoot as to whether they'll get the email or not.

They usually blow me off until the third or fourth time they call wondering why they haven't received their weekly status report at which point they'll ask for recommendations as to which ISP to go to. The final piece de resistance is when they start raving about how much simpler email is now that they don't have to slog their way through all the ads.

Playing nicely with AOL (Re:Take the hint)

[ziegast]

Take the hint and unsubscribe them from the newsletter/mailing that they "opted" to receive.

Preach on, brutha.

I've had a good experience with the people at AOL. They have full-time staff dedicated to serving their customers and outside mail administrators alike. You can actually call them and get yourself taken off a blacklist within hours (if you're polite). They tell you the thresholds their spam filters use. Once you know how the game is played, you can decide how you continue to play. AOL is enforcing rules that they enforce on behalf of their customers.

Some suggestions for postmasters with lots of AOL customers....

1. Make sure you have forward/reverse DNS for each of your mail servers. Your odds of getting blacklisted go down sharply if you properly list your mail servers in DNS.

2. Call them and schedule a phone appointment to get your servers onto their whitelist. You tell them the business you're in and what IP addresses are servers that belong to you. You also give them a contact address (eg: aolspamcomplaints@yourdomain.com) to where they can forward spam complaints. Once you sign/fax a document that says you understand their policies, you get put on the whitelist. It's not a guarantee that you'll never get dropped, but you at least see it coming before it happens.

2a. Register an additional address on your network from which you don't send mail. If at any time one of your other addresses does get blacklisted, you have another address through which you can relay AOL mail after you address the problem.

3. Something you must do is include a user's e-mail address as part of the mail message itself (not just in the headers). If any of the users' spam reports come back to you, AOL anonymizes the headers. You'll need the address information in the body to determine which idiot hit the "this is spam" button. You might send them a warning after you recieve two messages saying that if they claim any more of your messages are spam, they get removed from your list automatically. You need to protect your mail service for all of the other AOL users you have subscribed. Something else you might do is make sure your list or company name is part of the subject line. It'll make it easy for them to know it's your content. They do want to recieve your content, yes? Make it easy for them to read or delete your message by looking at the subject line (instead of mistaking it for spam). Good mailing lists include the list name in the subject line.

I run domain-based mail forwarding service for some of my web hosting clients. My customers' domain-based e-mail is forwarded through my servers (spam and all) to their AOL account at their request. When they say "this is spam" to their inbound mail, my servers get the bad reputation, not the spammers becasue I'm the one delivering the messages to AOL's servers. It sucks, but now that I've done steps 1/2/2a after my first blacklist experience, things seem to have been going pretty well. I need to do step 3 and help educate my customers about inadvertent spam tagging, but I've been too busy to implement it.

Aside: Compared to AOL, AT&T WorldNet sucks. I got wrongfully blacklisted by them recently. Their system is not as transparent as AOL. I had to use ARIN Whois network information to find a phone number for someone who could find me a phone number of someone who could give me the e-mail address of the people to whom I can request to be taken off their blacklist (aka runaround). Getting off their list takes several days and repeated e-mails instead of a single phone call. Boo! If one is going to blacklist mail servers and reject mail, make sure the mail server puts a URL in the rejection message so that white-hat mail administrators can find policies and contact info that can help them quickly resolve errant blacklisting. To do less is poor customer service.

-ez

Re:Playing nicely with AOL (Re:Take the hint)

[icebike]

All well and good if you host your own domain.

But if you are a small business you often CAN NOT buy your reverse dns even if you CAN purchase a static IP for your linux server.

This forces you send all your aol mail thru your ISPs mailserver even when your ISPs AUP may not allow your emails to your subscriber list due to bulk rules.

Further, AOL selectivly decides which IPs it will receive
email from based on the netblock. If your ISP assigns you a static out of the same block as it uses for cable modems or ADSL you are just out of luck.

Re:Playing nicely with AOL (Re:Take the hint)

If one is going to blacklist mail servers and reject mail, make sure the mail server puts a URL in the rejection message so that white-hat mail administrators can find policies and contact info that can help them quickly resolve errant blacklisting. To do less is poor customer service

Agreed. The place I used to work was given a "used-to-be-dynamic-but-isn't-anymore-honest-we-me an-it" IP range by our ISP and subsequently got blacklisted by the lovely Joe Jared at dialups.relays.osirusoft.com. He wasn't contactable and we couldn't remove ourselves because the self-removal procedures didn't apply to dial-up equivalent ranges he listed. Result: a long stressful weekend altering our static IPs to a new range just to accomodate his whimiscal blacklisting. Sure, as his site stated, it was other admin's decisions to use his blacklist, but he could at least have provided a decent, well documented proceedure which we could use to remove ourselves. When I found out relays.osirusoft.com had gone offline last year, I was overjoyed. The guy's a grade A tosspot. Rant ends.

Re:Playing nicely with AOL (Re:Take the hint)

AOL is enforcing rules that they enforce on behalf of their customers.

We don't have a problem with them fighting spam. We have a problem with them making it so insanely easy to file a false spam report on accident, without even telling their users how the spam reports can negatively affect the people they are filing against.

The other side

[Professor+D]

From the subscriber side of things it can be just as frustrating. My ISP (a national one) is swallowing up posts from gentoo.org mailing lists. Some of them aren't that busy, and I'm on digest mode, so it took me several weeks to notice they weren't coming in.

I've tried to get my ISP to unblock the posts, but as a subscriber I have no standing to make a formal request. The list master says they get no bounce messages, which the ISP requires postmasters to send them in order to get off the block list.

What to do ...

remember kids

[geekoid]

If you agree to the terms of business with some online site, and part of there terms is that thyey, or anyone they do business with can send you emails it is NOT spam.
Spam is not something you do not like, it's getting something you has no dealing with.

Don't like? don't agree to the service.

Once again proving that spam is not as bad as people make it out to be. The problem is lack of user knowledge and education.

Re:remember kids

[the+arbiter]

Well, here's the awful truth. Frequently, I'll buy something from a site, and as part of that purchase they'll make the completely unrealistic demand that I agree to receive emails from anyone they deem fit to sell the address to, or maybe even just from themselves whenever they like.

But, I don't want these emails. Just the product, thanks. I know where to find them should I need more. But this sentiment is not respected. They want to maximize their sales at any cost, and damn my peace of mind.

Now, I do realize, fully, that I agreed to this condition as part of the purchase.

And, well, that's too bad. I'm sure I'll spend some time in hell roasting for it, but I have absolutely no intention of honoring that commitment. It's unrealistic to assume that anyone would want to do so. Be realistic, not idealistic, I say.

So, I report the unwanted mails as spam. Every time. And, in all seriousness, I hope it causes them a tremendous amount of expense and hassle to resolve it. If they have to do this enough times, perhaps they'll think of a new method of doing business that doesn't piss off their customers so much.

Remember, for this is what business still lives and dies by: The customer is really always right.

If your customers report your "newsletters", "reminders", etc., as spam, they're not stupid, they're not doing it because of an "AOL design flaw" and they're not doing it by accident. They consider them as spam. You should respect the obvious message you're being sent, their clear message that you're to leave them alone, and take the proper and decent course of action. Stop sending these folks mail. If they want it, they'll tell you loud and clear.

Good luck. Business is not easy. Don't make it harder on yourself than you have to.

Re:remember kids

[Ironica]

Well, here's the awful truth. Frequently, I'll buy something from a site, and as part of that purchase they'll make the completely unrealistic demand that I agree to receive emails from anyone they deem fit to sell the address to, or maybe even just from themselves whenever they like.

You're buying from the wrong places. Reputable, decent vendors give you the opportunity to opt out of any third-party or even first-party non-transaction-related emails. Ever since I bought something online from Macy's, I get mail from them every time they have a sale, but I don't get mail from anyone else who is their "partner." I'm careful what I click, and read the messages (sometimes it's "check here if you want us to send you tons of email" and sometimes it's "check here if you DON'T want us to send you tons of email"). If they're not giving you that option, don't buy from them, for pete's sake.

Oh, and, how can I tell whether my spam is from "partners" or from scum-sucking bottom dwellers? Whether they call me "pixel" or "Monica." The companies I actually do business with know my name.

Re:remember kids

[firewood]

Now, I do realize, fully, that I agreed to this condition as part of the purchase.

If you lie, then it's not a spam problem. It's fraud, committed by you. If you check the "I want to get email" box (and I've got your settled payment to prove it), and then report my email as spam, I should be able to sue you to pay for the full cost of cleaning up any blacklisting of my servers. If you don't want email, don't use the ecommerce site, or read the fine print and don't check to box, or take your business somewhere else.

Sheesh, I've had people buy a software license key, reject the email containing thay key, demand a refund, and then reject the email containing the offer of a refund.

Re:remember kids

If your customers report your "newsletters", "reminders", etc., as spam, they're not stupid, they're not doing it because of an "AOL design flaw" and they're not doing it by accident.

Actually, they ARE doing it by accident. Please try reading the full post you are commenting on next time.

Re:remember kids

Remember, for this is what business still lives and dies by: The customer is really always right.

You may be talking about the mom and pop stores... But your arguments are better applied to AOL.

My brother uses AOL, god help him. AOL bounces my emails to him. I can hack around it on my end. But it's a real pain in the ass forwarding emails back and forth amongst my various work accounts trying to find the "current" way in. So, surprise, I no longer email him. Or his wife. I email my Dad and ask him to show it to John. Or I fax him. Eventually, he's going to get fed up with paying for email service that doesn't work. And when that happens, I'll help him move on...

PARENT IS A REPOST! MOD DOWN!

Check the front page of Anti-Slash and you'll see a poster bragging about this in the "Comments in need of moderation" section. Mod the parent down. It's a repost.

Re:PARENT IS A REPOST! MOD DOWN!

Post a link to the original or shut up. If it is a repost, it should only take you ten seconds to find proof. You are not doing anything useful.

stupid company too

1)aol users report your emails as spam
2)whine to slashdot community
3)????
4)profit!!!

Easy

[qtp]

Block all of all types traffic to and from AOL.

I find it rather funny that now there's a problem with spam going to AOL users.

Re:Easy

I doubt that the comment was meant as a troll or flaimbait, but I can see why it was modded that.

He was refering to the long-since-past practice of spammers using free AOL accounts to distribute spam, as was common six or seven years ago.

It was meant as a joke.

Re:Mod this up +5 insightful

wow, I am touched.

and your're right, I was serious

Stupid SPAM tricks

I work for one of AOL's competitors. We also have spamlists, whitelists, and so on. The problem with these is that people are constantly trying to game the system -- and I don't just mean spammers. Here is one such scheme:

1. A runs a well-vetted, opt-in mailing list.
2. Competitor B gets several email accounts on our system (it's not that hard, alas), and sign up for A's newsletter.
3. B reports A's newsletter as spam from each of those accounts in an attempt to get it blocked.

Realtors seem to be especially fond of this technique for some reason. Although we've developed ways of spotting games like this, no doubt we still wind up blocking legitimate lists from time to time.

The end result is that email, which would otherwise be idea for sporadic but time-critical notifications, is becoming damn near useless for such things. (I don't know about you, but I'd rather not have to spend time every day checking various websites just in the odd chance that some useful news has appeared.) One partial solution might be to allow personal whitelists to override system-wide spam lists. But there tends to be a chicken-and-egg problem with such a feature, since having people manually enter whitelist entries is tedious and error-prone -- there's no way to have them click on a message they never received.

Oh man don't get me started on this...

[Grimster]

As a web host, we have a BIG problem with AOL just blocking us on a whim, and when you don't get any sort of bounce or refusal from their end your email server THINKS it delivered email properly. Meaning we don't know it's happening until the complaints start.

I host a little over 13,000 web sites, on over 60 servers. We allow people to run CGI and PHP (I mean people wouldn't like it much if we didn't) and as a result we do get the occasional open formmail.cgi or formmail.php being used to spam. We usually catch them pretty fast and it doesn't happen "that" often. But it happens, and before we can stop it there might be several thousand emails sent. Which is enough to get us on AOL's block, we've been silently placed on their block roughly 7 times now. The thing is EACH TIME I signup for this "in the loop" mailing so I am SUPPOSED to get a warning as soon as spam is reported from one of my servers, ok fine, know what? Not one warning, not a single one, and we were still blocked 6 more times after that.

I applaud AOL's efforts at stopping spam, but they've got to get it to be a little less troublesome.

I will say, we haven't been blocked in a couple months now, so MAYBE we're finally on the white list "for real" so here's hoping things ARE improving.

I like earthlink's challenge response better, I'll get a couple of these per day, some are from spam with my domain forged, most are from things like invoices/reciepts/other business, I click the link and jump through the hoops and from then on things seem to flow to that email account from our billing or forum system.

Re:Oh man don't get me started on this...

Two words:

SMTP Proxy

You leave port 25 wide open, you get what you deserve.

Re:Oh man don't get me started on this...

Let me explain my "SMTP Proxy" comment a bit more. You're an ISP, providing web hosting. You allow people to run CGI and PHP. That's fine, as far as it goes. The problem is that some of that PHP or CGI is going to be woefully insecure, and easily exploited by spammers. You can reduce the risk to yourself and other customers by (1) blocking outbound port 25 (SMTP), and (2) setting up a controlled mail relay, (i.e. an SMTP proxy) where you can monitor and limit the amount of outbound email a customer can send over a specified period of time. You can, of course, provide a higher or unlimited cap for trusted users and users with demonstrable needs. But you've at least kept too much water from spilling over the dam when someone puts up a hackable web form.

Believe me, its much better not to rely on other ISPs to notify you of when one of your sites has become spamfood.

You might have a few customers who resent this sort of policy, but if you explain it well most of them will realize that it helps protect them from being blocked through the actions of others.

Re:Oh man don't get me started on this...

[emtboy9]

Ummm... I had the same problem at an ISP I worked as the SA. (RE: cgi and php scripts). We had a very easy solution to that problem that was inplemented after the second time we ended up on AOL's blacklist due to a spammer getting ahold of an open formail.cgi script.

A simple cron job to parse all user website directories for formail.cgi and formail.php scripts which then rm -f'd the offending script, and logged which web site contained the script.

We would then send an email to all the customers caught by the script, tell them that we had removed formail.cgi (or the php scrip), pointed them to the TOS, and to the policy page that very clearly stated that we will allow cgi's and scripts on customer sites, BUT formail and related scripts are strictly forbidden and will be immediately deleted on discovery.

That all came about because I got tired of tracking down rogue scripts and removing them. At first we caught about 20 a month, and eventually it got down to about 1 or 2 a month once people realized they could not do that.

If customers really needed some way to send mail directly from their site, they were pointed to our web developer who would help them in putting up a secure mail script that would not be easily taken over by a spammer scanning for formail.cgi.

Re:Oh man don't get me started on this...

[Grimster]

Yeah we've thought about doing this, one of our customers wrote a form to mail script in php that is so far un-exploited by spammers and when we find a misconfigured formmail we point them at his script and say "use that".

Oddly it hasn't happened in several weeks now, for a while it was a weekly occurance, almost spooky when it stops for a while. But not having to deal with Spamcop and AOL blocking is a nice break...

Simple solution

Get smarter users.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Yahoo did the same thing.

[Kelmenson]

And I accidentally did that last week; its real easy... Checking my email, saw the topmost message was spam, hit the topmost checkbox, and clicked the spam button. I do it so often, I barely thought about it. Until I realized the topmost checkbox was for "Check All", and I had just told Yahoo that a bunch of personal non-spam emails were spam. Oops.

Very annoying to have no confirmation prompt at ALL when you are sending 50 messages at once to the spam processor... It really is a bad UI decision. And once its clicked, no way to stop it! I wonder what processing Yahoo has in place to handle obviously erroneously marked messages?

On accident?

[icebike]

"we have found that most of the time the AOL users are reporting our email as spam on accident!"

ON Purpose.
BY Accident. ...
English.

It IS spam

[curtlewis]

If they are reporting it as spam, then it's email they don't wish to receive. That means you should stop sending it, even if they previously agreed to receive email from you.

I am going to invoice AOL for their shit

I regularly get bounced spam virus reports from AOL because a virus somewhere forged my headers. Unfortunately, I cannot complain to AOL because AOL blocks my cable modem IP address because it is residential.

So AOL can send mail to me, but won't let me complain back.

I am collecting up a few of these. I am going to bill AOL with a nice official invoice. I doubt it will acheive much.

If it's that important...

The recipient can still check their "spam folder" for your message. No big deal really, I look through there every once in a while to make sure nothing good went it.

Now what I want to know is why AOL is blocking entirely email from certain bittorrent forum sites...

nobody ever marked an rss feed as spam

The best opt-in I've ever seen is an RSS feed.

• If you put it in your aggregator, you want it.
• If you remove it from your aggregator, you don't want it.

Mass-mailers/mail-mergers/automated-mailers (including my-cowardly-self) can deal with the fact that people are simply friggin' overwhelmed with inbox influx. I'm not an AOL user, but I've dealt with lousy unsubscribe procedures by crying "spam" to CloudMark etc... Go cry to mommy that they accidentally marked your carefully crafted newsletter as spam. Get over it.

Spread the word, RSS doesn't suck. Overload of inbox crap, opted-in or not, in the inbox does suck.

Thank you MS for making Outlook 2003 not download e-mail images by default! Thank you SpamCop and SpamHaus! Thank you Netscape engineers and Dave Winer for RSS!

While I'm on a roll. What the F is up with the national do-not-call list? Shouldn't it be a national call-me-i'm-an-idiot list instead?

RSS OPML

Re:nobody ever marked an rss feed as spam

[/dev/trash]

How do you download attachments with RSS?

100% blocks all spam

[pwarf]

if they reject 90% of messages, spam will obviously go down

If they block 100% of messages, there will be NO spam.
That's a better spam blocking percentage than even whitelisting since trusted senders might turn bad. :)

How? Easy!

How are you handling the false reports?

Easy: we wouldn't be caught dead sending mail to people so stupid in the first place.

Yeah Right.

[jelwell]

Yeah right, stop spamming people, you spammer!

if people are accidently marking your emails as spam, odds are they thought it was spam for a reason in the first place. Even if later they changed their mind.
Joseph Elwell.

AOL and IT?

[Locutus233]

I work on an Helpdesk. I cringe when people use the world AOL. I get a large number of people calling me telling me AOL told them there modem is dead.

I frequently spend 20-30 minutes of troubleshooting modems only to find its the AOL software. I then tell people that rather then using AOL use another ISP. I tell them to avoid Earthlink, AOL, and MSN. I suggest they look at ISP's that are locally based.

I think that AOL's software and email makes American's dumber. It allows people to live in a shielded world that lacks any understanding of how things like email really work.

I also have to deal with people having trouble sending to aol and recieving email from AOL. One other type of business i have to deal with is an email forwarding service. Many of the members of this email forwarding service have there mail forwarded to aol. Every so often AOL decides to block this customer. So this Customer got tired of handling the support calls from there members using AOL that they put in there monthly newsletter reason why you should not use AOL as your ISP and since that we have barely gotten any AOL related calls.

My though is who in IT really uses AOL ?

Re:AOL and IT?

I am a consultant that handles small buisnesses and home users.

I pay for an AOL "extremely low useage account" that allows me 5hrs/month for $4.95 (the plan is no longer avail) only because as a consultant, I sometimes (rarely, but it has happened) need to be able to access either AOL "content", or to verify that something is a real problem... {many of the home users that I deal with ARE "typical AOL users"

So turn the tables on them!

[pla]

Every few weeks, I read another article here at Slashdot about the hell of getting off AOL's blacklist.

AOL can get away with this because they do this filtering silently. Their users have no idea what has gone on.

The solution? Stop accepting AOL email addresses from clients. Put a great big blurb on your webpage that you do NOT, under any circumstances, accept signups from AOL email addresses.

If only you do it, you'll lose a few customers with no benefit in general (though with luck, at least some percentage of those will understand your goal and switch to a "real" ISP).

If, however, everyone started doing this, AOL would have to change their policy very quickly. Imagine AOL tech support getting a few thousand calls each day, asking why every web site an AOL user goes to says they can't sign up simply because they use AOL... Yeah, that would go over well.


Take a stand! Back in the day (jeezus, I sound like a geezer), half the BBSs out there refused traffic from AOL. Why has this changed? Their user base certainly hasn't improved, and it would appear that their admins have dropped down to the legendary cluelessness level of their users. Well, don't put up with it! All the "little guys" out there need to tell AOL what they can do with their blacklist. "You want to block us??? Let's see what your users do when two out of three sites they visit refuse to serve them because they use AOL!"

on accident?

[boola-boola]

The only problem is, we have found that most of the time the AOL users are reporting our email as spam on accident!

...well, maybe because to some people it _IS_ spam? In my opinion, half of the time companies send emails out, it is unwanted. Some might even call it spam ;) And with modern mail filters, isn't it easier to just hit "mark as junk mail" (or however your client calls it) than to actually go through the "unsubscribe" process?

It does seem bad that all it takes is a few clicks from a few lazy users to get email blocked for _ALL_ of AOL's customers, so maybe it would be wiser for them to implement some sort of local junk mail scheme, where it's a bit more cumbersome to globally mark mail as junk for all AOL users? Just a thought...

Good luck getting the reverse DNS internet wide

[Sun]

I'd like to see that happen...

Re:Good luck getting the reverse DNS internet wide

[operagost]

What do you mean? It's a simple PTR record. Read some RFCs.

Re:Good luck getting the reverse DNS internet wide

[Sun]

Read some RFCs.

I have. In particular, I have read RFC 1918.

Re:Good luck getting the reverse DNS internet wide

I would say 80 percent of mail servers out there will dump your message if it can't reverse resolve the host. Get with the times my friend.

Re:Good luck getting the reverse DNS internet wide

[hesiod]

> I'd like to see that happen...

Well, open your eyes, son! Err... Sun! You are obviously not a System administrator, and reverse DNS is becoming pretty standard (at least for mail servers) internet-wide. Now obviously, many workstations (behind NAT guaranteed, behind DHCP usually) will not respond to reverse-lookup.

Re:Good luck getting the reverse DNS internet wide

[Forgotten]

I have no reverse resolution, because I send mail directly from exim on a roaming notebook with a dyndns.org address. The only place I can't send mail is AOL. Unless a whole lot is getting dropped on the floor silently (which doesn't appear to be the case, since people are getting my mail).

PTR records are nice, but they're not always possible and they shouldn't be required by a receiving system. They offer no real defence against spam nor anything else.

Re:Good luck getting the reverse DNS internet wide

[Sun]

I don't get it. This is a 192.168 RFC 1918 private internet address. noone is authorized for the reverse lookup of this IP, and it follows that you cannot register it.

I stand by my original comment.

Re:Good luck getting the reverse DNS internet wide

[tohlan]

It is the responsiblity of the service provider to set up the DNS for addresses it hands out. For example if you are in a coffee shop and get a dhcp address of 10.10.10.10, it is the administrator of that IP who is responsible for setting reverse DNS to wireless-10.example.com and making sure wirless-10.example.com resolves back to 10.10.10.10. It is irrelevant that you have a dyndns.org address that also points to 10.10.10.10.

What is not so irrelevant is that you will not be able to send email to anyone who uses any of the DNS Black lists that has 10.10.10.10 listed because it is a dynamically assigned address. The proper behavior for sending mail is the your MUA should be using an MTA that allows 10.10.10.10 to connect to it and relay mail.

Re:Good luck getting the reverse DNS internet wide

[tohlan]

It doesn't matter really. A 192.168 address will get translated via NAT or PAT to a 'real' Internet address, which should have reverse resolution.

Ofcourse if you are using 192.168.x.x in an enterprise setting, you are more than welcome to set up reverse resolution for a local view. Ofcourse, no one else on the Internet will see that view, but its still good to have for internal use.

Re:Good luck getting the reverse DNS internet wide

[Forgotten]

I agree that each forward address should also have a reverse address, and if that were what's being checked I'd be fine with it. For an SMTP connection, it's not. Rather, my MTA is saying "HELO something.dyndns.org" and the AOL server is apparently(*) balking when my IP address doesn't resolve back to "something.dyndns.org". Perhaps I could find out what my current IP resolves to and use that for HELO instead - could probably even automate it - but then I may as well just use an external SMTP server.

I don't have a problem with doing a reverse lookup and then a forward lookup based on the name returned, though the actual utility of the data so logged remains questionable.

As for the RFC1918 addresses, I don't see the problem - the external MTA isn't going to ever see that address.

* At least I assume a failed reverse lookup is what's happening. Oddly, I have been able to mail to AOL from my home site in the past. What may be happening is that my entire current IP range is being blacklisted temporarily, in the rolling fashion described elsewhere in this discussion. That's even more reprehensible, since this is a large ISP with gobs of customers using both ADSL and dialup. If AOL continue to make themselves more and more unreachable, they'll slowly but surely lose customers.

I don't have this problem with Mozilla Thunderbird

[prandal]

Oh, look where the "Junk" button is! ;-)

easier solution

[phntm]

AOL works with hebeas and they got a white list so i'd think that's an easier solution to the problem.
My IRC network sends mail verification to check the users' addresses to make sure you can mail them later, and we had dynamic ip which is hell for a mail sender, solution: tunnel though some great free server i.e. myrealbox.
I'm running mail servers for quite some time now and though AOL is one of the most aggressive stupid-policy enforcers out there, I've got some totally weird bounces from mail servers that hardly have the number of users we have on our network just because they don't like it, and no explanation, no policy, no abuse-support, nothing.
Hotmail however, nothing bad to say about it, not bouncing dyn, not ending up in junk, yahoo are pretty good too though spam filter sometimes is being a bit aggressive.

Re:easier solution

[man_ls]

Agreed...I have to relay mail through my ISP's mailserver in order to send to pretty much anyone.

And it's so poorly implimented that when not on their network, I can't send my own email out using my account, I have to send mail through my private server which then smarthosts back through my ISP's server.

damnit all to hell........

ISP Standpoint

[The_Systech]

The ISP where I work is currently participating in AOL's "Feedback Loop" It actually works out pretty well for us. I've got a script that downloads all of the "complaints" on a nightly basis and parses them for the IP address in our block that they come from. Then I total up the number of complaints per IP. From this I can look at IP's with more than 2 or 3 complaints and look at the actual emails sent. This has been a great tool for us to help find those users whose PC's have become infected with one of the many viruses that turns their computer into a spam relay.

Bullshit (Mod parent -1, Troll)

I spoke with the head of AOL's security/IT system. Let me tell you they analyze EVERY e-mail that goes through their system.

Nice troll. You expect people to believe they review billions of emails per day? Hah!

Only Send Encrypted Email

[billstewart]

If you can do this with your user base, require that all subscribers set up PGP and use PGPdomo or some similar encrypted mailing list system. That greatly reduces the likelihood of somebody pressing the spam button by mistake, and more to the point it puts a reasonably large clue barrier in front of your system, so people will tend to take it more seriously (if they're willing to put up with it, anyway...)

Something that might help...

[goldfndr]

You might already be doing this, but if you aren't, I suggest:

Mention the exact date/time/site/address they used.

For the newsletter, where it mentions that they opted in, don't merely mention the "fact" that they did. Also include the exact date/time (adjusted to their local time if possible, only need to do that once) and URL they used. If it's from a "partner", name the partner's website and date/time. Just a few more bytes per customer. And if you can do a reverse-lookup on their IP address, that's even better.

For an order, the short descriptive name of the most expensive item should be included in the subject line, e.g. "Your DressKids.com order for Embroidered Organza Dress and...", as this should instantly jog anyone's memory.

Ideally the date/time/site/address would be in both body and header (e.g. X-Subscribed-From, X-Subscribed-At - I wonder if there's a standard?). I hope you're already doing this.

Re:Something that might help...

[JuggleGeek]

If it's from a "partner", name the partner's website and date/time.

If it's from a "partner", then it's spam. Buying and selling lists is just a marketers way of pretending that they aren't spammers - but they are still putting people onto mailing lists without those people asking.

You clicked...

[fozzmeister]

...We can't send you mail you any more. We can't do anything unless you get another email address

Yahoo can lock users out too

[ojQj]

I had a related problem with Yahoo a couple of years ago.

My aunt sent me and several other people an inflammatory forward which, among other things, compared Sept 11th to the Holocaust, claimed the Afghanistan wedding party which was bombed was to blame for their own demise, and criticized the Palestinians for their widely broadcast and falsified celebration of Sept 11th. I replied that three thousand sudden unexpected deaths can't be compared to six million deaths through torture and medical experiments, and that it was disrespectful of the holocaust victims to do so. I also pointed out that the Palestinian celebrations were a hoax. (I later learned I was wrong on this point. Fake footage: Palestinians dancing in the street) I was upset enough about the e-mail that I sent my answer to all the recipients of the original forward.

Somebody wasn't amused at my response (or maybe an automated spam filter detected the words "hoax" and "holocaust" in the same mail?) and decided to report it as spam to yahoo. Yahoo immediately blocked my account without warning or recourse. This was very upsetting for me because I had a number of old e-mails and address information stored in that account which I didn't have anywhere else and which would have been impossible to replace. It took me several hours of research spread out over a couple of days to find the telephone number for paying customers to call and get the problem corrected.

Lessons learned: Don't keep important information in a free account. Some things are worth paying for. Don't use Yahoo.

Ignore AOL users as subhuman.

[Tatarize]

Don't get me wrong but banning AOL users outright from services does save gobs of headaches. Just instantly get rid of folks who happen to be a cut below the rest.

And with any luck all this banning will lead AOL users to goto some non-coddling ISP, and AOL will whither and die.

Charge as much as I pay for broadband... YOU WILL GET YOUR COMEUPINS! I hear the grand canyon is void of AOL CD's... Fill that sucker to the brim.

20% of the people, are 80% of the problem... Guess what? They are all located at one ISP.

Re:Ignore AOL users as subhuman.

[emilymildew]

Comeuppance.

(Just informing, not trying to be a jerk.)

Re:Ignore AOL users as subhuman.

[Tatarize]

Offtopic:
Hmmm, that's what I get for using a word I've only heard and not double checked.

Double Opt-In is a meaningful term

[billstewart]

• "Opt-In" means that you, or someone claiming to be you, requested that you be put on the list. (Except for spam, of course, where it usually means that somebody lied about you asking to be on the list, or claims that they opted you into the list, or whatever.)
  
• "Double opt-in" means that you asked to be on the list, and the list sent mail to you asking if you're *sure* you want to be on the list, and you ask *again* to be put on the list.
  

Re:Double Opt-In is a meaningful term

[ArseneLuppin]

"Double opt-in" means that you asked to be on the list, and the list sent mail to you asking if you're *sure* you want to be on the list, and you ask *again* to be put on the list.

And the point of this is not only to give you another chance to make up your mind, but rather to make sure that it was indeed you (the reader of the mail address being opted in) who is doing the optin (by using the unique cookie contained in the confirmation message).

As such, it avoids "third-party" or prank subscriptions, and it can be argued that without this step, it's not really an opt-in. Hence eggboard's point that saying double opt-in is redundant.

Re:Double Opt-In is a meaningful term

[eaolson]

"Double opt-in" means that you asked to be on the list, and the list sent mail to you asking if you're *sure* you want to be on the list, and you ask *again* to be put on the list.

No, that's confirmed opt-in. "Double opt-in" is a term made up by spammers to make the confirmation step sound difficult and unnecessary.

The purpose of the email isn't to double-check that you still want to be on a mailing list, but to verify that the person that submitted your email address was, indeed, you.

username/password isn't a "double login"

Re:Double Opt-In is a meaningful term

[eggboard]

First, I'm using terminology that's standard.

Second, you're opting in through two different methods, which is why I like the term. So perhaps "double method opt-in" would be more accurate.

Any opt-in mechanism that doesn't confirm some part of an identity (even, "this email is unique") is single method, even if it has multiple steps.

Re:Double Opt-In is a meaningful term

[meringuoid]

"Opt-In" means that you, or someone claiming to be you, requested that you be put on the list.

'Or someone claiming to be you'? If someone claiming to be me, but not me, enters my email address into Eddie Marin's web form, does that constitute opt-in? Can Eddie Marin then begin sending with impunity until I tell him not to? Ever heard of Nadine?

Returning to the analogy of login: you, or someone claiming to be you, typed your username into a computer. Should the security program say 'That's a perfectly legitimate log-in' and grant access to your files, or should it wait for a password to complete the login by verifying that it really _is_ you?

Logging in to a computer requires that you prove that you are who you claim you are by supplying a password. This does not constitute a second log-in, it constitutes the second half of a complete log-in, without which the process is fatally broken and wide open to abuse. Requiring a password is not double log-in.

Similarly, subscribing to a mailing list requires that you prove that you are who you claim you are by responding to a confirmation message. This does not constitute a second opt-in, it constitutes the second half of a complete opt-in, without which the process is fatally broken and wide open to abuse. Requiring a confirmation is not double opt-in.

You need your own AOL account for QA

[billstewart]

Since AOL doesn't tell the senders or the intended recipients that it's dropping emails, you need to get your *own* AOL account that you can use to make sure your emails are going through, and at least check it occasionally for Quality Assurance. Annoying, but if you're trying to deal with moderately high volumes, or smaller volumes of people who are paying you money, you probably should be doing it. I don't know if there's any way to automate your AOL system to autoforward your postings to your regular account (or to a bot on your regular system), or whether you've got to do it by hand (grumble grumble).

Re:You need your own AOL account for QA

[Jay+L]

AOL doesn't tell the senders or the intended recipients that it's dropping emails

This is actually starting to change; they are doing more bouncing and less blackholing these days. The spammers set up their own QA accounts anyway, so hiding the bounces doesn't really prevent the spammers from figuring out the filters.

Re:You need your own AOL account for QA

[billstewart]

I'm glad to hear they're doing that. The usual reason for silent dropping isn't just to hide it from the spammers, though - it's also because sending bouncegrams adds to your outgoing email load, and sending bouncegrams to various flavors of bogus addresses adds even more to your outgoing email load. That's especially true when 80% of your incoming mail is spam.

Re:You need your own AOL account for QA

[Jay+L]

Yep, definitely - bouncing is a ridiculously expensive operation, especially when most of it can't be delivered and just sits there clogging up your queue. At AOL we had entire banks of separate machines just to handle the bounce queues - but of course moving mail from one machine to another is a load in itself.

I know we were always working on ways to push spamfighting back to the inbound relays, and so I imagine that what you'll see is SMTP rejects, not bounces.

Give users what they want

[iamacat]

Your e-mails are obviously easily mistaken for spam. Stick to always using the same From: address. Prefix the subject with your company name and keep it informative rather than marketing oriented. Then post detailed instructions for AOL users on how to filter them to a separate folder.

Better yet, let customers login to your website and read whatever information you are providing. Write an optional tray icon that will change when there is something to read and open the browser when clicked.

Spam is out of control, and if AOL didn't provide an easy way to mass-report it, e-mail would be unusable for its intended purpose. I am not going to click on each of 200 spams individually and confirm reporting. It's up to you and AOL to figure out how to correct user mistakes.

Re:Give users what they want

Spam is out of control, and if AOL didn't provide an easy way to mass-report it, e-mail would be unusable for its intended purpose. I am not going to click on each of 200 spams individually and confirm reporting. It's up to you and AOL to figure out how to correct user mistakes.

So you think it's reasonable for AOL 9.0 to (1) file an irrevocable spam report against a site when a user clicks a single button, (2) without ever requiring confirmation, (3) without informing their users what happens when they click that button, and (4) placing the button next to the delete button?

This sounds reasonable???

Here's a clue

[euroBob]

Don't do business with people that do business with AOL for starters. Let me guess, the email that you send them you probably advertise viagra? Run a legit business that doesn't require mass mailing people dork!

Are you sure you're not spam?

Quite a lot of marketers would be quite offended that their mass emails would be classified as "spam". It's just other people's mass emails that are spam...

For example, I sometimes get legit emails from reputable companies selling genuine products. I didn't want it, it was not a specific request for info, it's spam.

Of course I am a "Subscriber"

A business that makes $$$s sending email to AOL subscribers then receives legitimate postmaster warning not to send any more stuff to certain AOL animals. How apropos. The Dastards!

And this ability to select more than two items from the user's spambox before reporting spam - pure evil. Sounds like someone doesth protest too much (c) William Shakespeare 1543.

Not just AOL

[Bender+Unit+22]

Having mailing lists is a bitch as soon you get over a couple of 1000 people on it.
Where are always people complaining about it as being spam.
Even though it's a double opt in, the mail server sending the mails, are always going to be marked in some blacklist somewhere. And you have to configure postfix right when dealing with big companies such as aol, hotmail etc. so you throttle mails send to them at a slow pace.

Let the users know it is *not* spam?

[baafie]

Perhaps you should start the emails saying.. "When you visited www.thissite.com, you requested you be sent messages concerning A and B. Well, here it is! If you'd no longer like to receive these emails, click here.." And you could title the emails with "subscription follow-up: ..", for example. Hopefully that would help people see that they really want to receive your *cough*advertisement*cough*.

Re:Let the users know it is *not* spam?

[fuzzybunny]

Funny thing, that's exactly what I see at the top of every two-bit v1@gr@ shop sending me mails :-)

Personal experience with report spam links

[weave]

I'm the receipient of spam reports where I work. Imp (www.horde.org) webmail program has a report spam button that can be enabled. I did, and had it send reports to me.

A scary number of reports are obviously false, including people reporting personal email. I sometimes get a desperate "I didn't mean to click it" message from the person later.

There's also a lot of mailing lists reported as spam even though I recognize many as being legit. People forget, or are too lazy to unsubscribe themselves.

What I do with spam reports is quickly scan and delete most, recent ones that are clearly spam (forged headers, from addresses, v1agr@ crap, I submit to spamcop. Others can get added to the system's black list. And some legitiamte mailing lists, like certain academic interest ones, I just send off the unsubscribe for the user myself.

Those I report get saved so if someone complains, I know *why* I did the action.

Sometimes I think I should just turn off the link, but it makes people feel better and I at least get the full headers this way correctly. I also sometimes notice a particularly bad problem, like when netsky.c hit and our virus defs hadn't been updated yet.

But overall, yeah, I can confirm, users report spam falsely A LOT.

This Makes me wonder.

[jellomizer]

When I get to work today. I should check out the logs for the newsletter sender program I have. It is setup to take all bounce backs and delete the user from the list. I should see if there are anybody in the list from AOL. If not I guess I should contact the customer and tell him that his newsletters were marked as spam.

Re:This Makes me wonder.

[rf600r]

Yes, but you missed the repeated points that AOL usually does NOT send a bounce. The traffic, if blocked, is done so silently. The messages are just black-holed and never arrive. You'll probably never know unless one of your users calls you and says "Dude, where's my carp?"

AOL are the largest ISP, you can't just disregard

[blorg]

I'm not sure what business you're in, but do your clients really need to be using AOL?

AOL are the largest ISP in the US, in the world if you discount DoCoMo as a mobile ISP. Most businesses can't just disregard AOL's members.

That's odd...

[No+Such+Agency]

When I click "This is spam" in Yahoo mail it sends me to a page asking if I want to submit the message for analysis (presumably filter tuning), or block the sender(s). Does it bypass that for over 10 messages or something?

Content problem?

[Cragen]

(Disclaimer: This is not a rant.)You might also consider that your legitimate customers have decided that your content is not worth viewing anymore and are using this method to not have to view what they now view as worthless content, without actually having to get out their "deal" with your company. Could be...

cragen

*We* Don't Spam...

[LinuxIsStillBetter]

OK. So, *We* don't spam. We just send email to a lot of AOL users.

Those *other guys* are the bad spammers. *They're* the ones that must be stopped!

Uh huh.

Sign me up

With all the annoying things that AOL has, I am thinking to switching to AOL because of this policy. I do not care about people who "claim" of running a business using mass email.

I have been using the internet since early 1990s (~10 years) and I can tell you that due to spam, viiruses, and lack of any security (teaching my girl friend to use PGP was an unpleasant experience and of no benefit) my usage of email has DECREASED significantly. I even avoid giving my friends my email for the fact that I may accidentally delete their message along with junk email. Snail mail or telephone is much more reliable and less annoying for my communication.

The effect of spam is in my opinion "dramatic". The only reason you do not find that common joe user is not complaining as much is that stupid joe relies on chating (IM) clients for the major portion of usual communication.

I have no respect of any business which relies on mass email. People who accept to get emails from these businesses probably have little else to do.

I am with AOL on this

Staples = Spammers

[Spoing]

1. I am postmaster and in the IT security department of a fortune 150 Office Supply company.

If that's true, and you work for Staples, can you get me off of your spam lists? I've done everything including calling by phone and all I get is "yes, you will be removed...in a few weeks" -- even after I said that I'd start reporting the spam as spam! (Very much bending over backward here as this is not my normal tactic for UCE.)

After about 6 months of that I gave up and just report the Staples spam along with the rest.

If you work for Office Depot or Office MAX or ... no problems! Keep up the good work!

Re:Staples = Spammers

> If you work for Office Depot or Office MAX or ... no problems! Keep up the good work!

Can't speak for Office MAX, but Office Depot was using eTracks a while back. Spam spam spam lovely spam, all over the place, spam to lists, spam to spamtraps, spam everywhere.

Re:Staples = Spammers

[Spoing]

No, seriously, can you take my whole domain off of your lists?

Is there a lawyer in the house?

Can an organization that carries e-mail be classified as a common carrier?

A common carrier can not unreasonably refuse to carry anyone's traffic. They can have rules which you have to abide by but they can't be unreasonable.

The common carrier principle has been used successfully in other industries and I don't see why it doesn't apply here but of course IANAL.

Spammer?

[CalvinR]

IMHO you are sending out spam. I hate it when companies send me spam, just because you didnt see the tiny little "tick here for no emails" button on a form or a website. And if so many people are voting your mail as SPAM, then they must consider it spam..... So stop spamming!? lol

Social Networking email

[ccarr.com]

What bothers me about receiving social networking email is that it usually means someone has given you (the social network host) my email address without my permission. I think most people understand that you should not disclosure others' contact information to strangers without permission, but somehow ordinary people don't equate typing an email address into a web form with disclosure. And you (the social network host) are taking advantage of this ignorance. I have the same problem with send-to-a-friend articles and online greeting cards.

Call it "spam" or call it something else if you like; I call it "damn rude."

Am I different? Wasn't that bad.

[sof_boy]

I work for a major university that was blacklisted about a month and a half ago. People were marking messages sent by the university as spam. The messages weren't even sent to their AOL address, but their university address, where the user then forwarded all messages to their AOL account. I called the AOL postmasters at the number found here: http://postmaster.aol.com/contact/index.html and they told me they couldn't do anything immediately, but once the current complaints timed out, we would be added to their whitelist. It does seem to be a way to perform a DoS attack, because the guy I spoke to said that if they get enough spam reports for a specific domain, it is automatically blocked for a certain number of hours.

Agreed to receive?

[fmaxwell]

We regularly send out email that our members have agreed to receive.

Just what do you mean by "agreed to receive"? To many bulk e-mailers that means something like:

Someone else entered your e-mail address on our web form. We did not e-mail back a verification and, instead, just started bombarding you with unwanted e-mail. Don't complain to us. Complain to the random person who signed you up. No, we won't tell you who that was.

We had a sign-up form on which we, by default, checked boxes that said 'I want junk e-mail from your firm'. Those boxes were at the very bottom so you could only find them if you scrolled down -- but the "Submit" button was at the top of the screen where you couldn't miss it. By the way, we recorded your IP address and the time you hit 'submit' so we can prove that you gave us permission to e-mail you.

We bought your e-mail address from some other firm with which you did business. They had a box on their web form that said you might get mail from "affiliates" of theirs. We had 3/10 of a cent to spare, so we bought your address. Howdy!

You bought a CD from us and said we could e-mail you. So we are sending out ads on behalf of our business partners. They became "business partners" by paying us to e-mail their ads to all of our customers. If you didn't want to see ads for lower mortgage rates, then why did you by a Goo Goo Dolls CD?

The only way that a firm has legitimate permission to e-mail is when all of the following conditions are met:

1. The nature of the e-mail was described in unambiguous terms. If you e-mail ads, you did not tell the person that you wanted permission to send "important information."

2. The recipient had to actively choose to receive the e-mail -- they had to check a box, choose between yes/no, etc. You didn't, by default, check the box for them and leave it up to them to discover it.

3. Your firm sent a confirmation e-mail and the person clicked on the "yes, I want to be subscribed" link enclosed in the e-mail. That way, you know that the address belongs to the person that filled out the web form.

If you didn't meet all of those conditions, you didn't have permission.

Netflix

[Jadsky]

Netflix actually maintains a survey that they send from another domain if you are an AOL user who accidentally reports one of their business e-mails as spam.

It asks you whether you remember clicking on the link, and if you do, whether you meant to or not. Seems like a decent way to compile a list of replies from disgruntled AOL users who are no longer receiving shipping or billing notifications because they accidentally filed them as spam.

anti-spam techniques and email filtering article

i wish people would quit moaning about spam ;-) http://www.geralddavies.com/archives/000026.html#m ore tum te tum...

My solution

[Felinoid]

Get an AoL account (Not gona happen with me.... Snowflake, hell.. ok?)
Sign up to a Microsoft develupers list (Ahem, Not gona happen, Snowflake, hell.)

"Accadentally" click on the spam report button.

Or better yet post this suggestion on Slashdot and let thousands of Slashdotters do it.
(PS Better if you already have an AoL account and develup Windows apps)

Then let Microsoft and AoL fight it out. And chear on Microsoft...

Confusion of Spam vs. Auto-trash

[SeanDuggan]

In my experience, people sometimes confuse the idea of spam, unwanted commerical email, with mail that's automatically sent to them that they don't want to deal with. There's an online game I play (http://www.eyeplaygames.com) where they email you a reminder when your game gets enough people to start. We've had several people in the group block the emails because they're sent even in cases where you were the last person to sign up, or where you're the only participant. ^_^ Plus most of these people are addicts enough that they're more likely to notice the game started by their compulsive checking than by the email. Anyhow, I'm mildly surprised JoeBot hasn't gotten blacklisted by AOL yet... Then too, I've seen people use the "Mark as Spam" button as being interchangeable with the "Delete Button." Some sincerely didn't seem to understand the difference as both got rid of the email.

Entire Local ISP Blacklisted

[ztirffritz]

My ISP had its entire domain blacklisted by AOL for several days, maybe a week, on multiple occasions. This was a particularaly shady move by AOL because I don't live in a particularly tech-savvy town. The users just didn't understand why their email to all of their AOL using friends was being returned, while the AOL users were just fine. This made my ISP look bad and AOL look good even though AOL was causing the problem. AOL insisted that my ISP was spamming their users. I think that this was probably the result of the last couple batches of viruses. If this was true, then AOL was probably a bigger spammer than anyone else. ISPs can not control their users infected computers.

the support burden

[ollyg]

I haven't spotted a post mentioning the Tech Support burden.

There are lots of IT staff posting here, telling their tales of woe, and my point is that AOL have craftily shifted the burden of support from their own (probably inadequate) tech support lines to your companies'.

That's certainly the case at my site's helpdesk, where they regularly field calls from AOL or Planet Online customers who are confused by their ISP's mail handling and expect us to sort it out. This is reasonable in the eyes of the customer, because our organization is the one with the blackholed emails; no-one else is.

It just peeves me that we're being taken for a ride by these corporates. And no, we can't, sadly, just say "bugger off to AOL tech support" - they're our customers, too.

Same as giving out a phone number...

[Dyrandia]

The average joe who only knows enough to barely use aol doesn't realise that giving out someone else's email address is the equivalent of giving out their phone number. Many people, when asked for a mutual friend's phone number will instead offer to pass along a message with your phone number, rather than risk upsetting the other person. What they don't realise is that by giving out my email address to any site, willy-nilly, is the same thing. Perhaps we need to set up a strongly worded netiquette site and refer anyone who has the temerity to give out our email addresses there. I know I can certainly think of many more pet peeves to add as well.

the best cure for problems with AOL is..

[maduro55]

not to use them. AOL caters to the lowest common denominator among computer lusers. Poor operability, buggy unstable software, but it has the bells, whistles and flashy things that impress the dipshits it's aimed at.

Not just AOL's problem

I work for a company that sends bulk email (opt-out, though I try to be diligent about pruning/maintaining the list). The two companies/domains I loathe at the moment are merck.com, whose bounce notices doesn't include the originating email to be removed, and lucent.com, who blacklisted the mailserver upstream. I'm not too fond of one of our users either, but that' merely because email sent to her address seems to keep running off to another domain (similar name) where it hits every account at the office.

In AOL's favor, the bounces from them include sufficient information to remove the offending address.

(posting anonymously because I'm too lazy to log in)

AOL is completely UNREASONABLE.

[Moryath]

I work at a public university. One of the problems a public university has to deal with is the phenomenon of clueless users in dorms/offices/wireless connections, who may or may not become spam zombies.

In addition, there's all the wonderful viruses that exist, and the fact that spammers regularly spoof their emails to appear to have come from us in hopes of getting through.

We've tried contacting AOL to get through, no luck. We've begged their "Spam Czar" to whitelist just the university's email server - they can go ahead and block email from the rest of the IP range, we really don't care, but we want our email server whitelisted for obvious reasons - nothing.

Every day by about 10 AM, if we're lucky, we've been blacklisted.

We're a public university. We don't send "opt-in" marketing or, for that matter, any marketing. AOL just doesn't care to deal with it, they seem willing to accept a 25% or higher false-positive rate and claim that it's helping people.

Just another reason AOL sucks.

Re:AOL is completely UNREASONABLE.

[arglesnaf]

Well, I don't know if you can pursue this tactic, but you could block outbound SMTP from user subnets, I know of at least 2 public and two private universities that do just that. (I worked on university networks in a previous career)

Re:AOL is completely UNREASONABLE.

[Mullen]

I work at a public university. One of the problems a public university has to deal with is the phenomenon of clueless users in dorms/offices/wireless connections, who may or may not become spam zombies.

Block port 25, period. There, you just fixed the problem.

Why any ISP of any kind that lets port 25 traffic go outboung is beyound me. There is no legit use for it and all outbound mail should be handled by the ISP's mail server. No one should be sending mail from client to mailserver. It should be Client -> ISP mailserver -> Other ISP mailserver -> Other Client.

Re:AOL is completely UNREASONABLE.

[firewood]

Block port 25, period. There, you just fixed the problem.

If it's a zombie problem you haven't fixed the fact there is still an intruder on your internal net.

You should kill the students net connection until after they clean up their PC, pay a fine, take a safe surfing course, stand in the student center chanting "I am an idiot" 100 times, etc...

Re:AOL is completely UNREASONABLE.

[__david__]

Why any ISP of any kind that lets port 25 traffic go outboung is beyound me. There is no legit use for it and all outbound mail should be handled by the ISP's mail server. No one should be sending mail from client to mailserver. It should be Client -> ISP mailserver -> Other ISP mailserver -> Other Client.

No no and no. If some idiot blocks port 25 then I can't run my own mail server! I don't trust my ISP as far as I can throw them. When their mail server is down I can't send any mail. I bought bandwidth, I have a server, I don't want arbitrary ports blocked. This is exactly the reason I switched away from stupid earthlink DSL to my current cable modem.

-David

Re:AOL is completely UNREASONABLE.

[nosphalot]

Why any ISP of any kind that lets port 25 traffic go outboung is beyound me.

Ummm, youve obviously never had an email address other than the one provided by your ISP. If you have, you'd know that the only way to send email via that address is to send through the mail server for that domain, since properly configured mail servers shouldn't relay email for domains they don't represent. So if my ISP blocks port 25, I can't send email from my @foo.com email through mail.lameisp.net, and because of port 25 blocks, I can't even relay through my own mail.foo.com

Furthermore, I won't use a crippled ISP. If you filter my outgoing traffic, I filter your incoming payment.

Re:AOL is completely UNREASONABLE.

[Analysis+Paralysis]

There are legitimate uses for it - people working from home who need to send email via their company email server being the best example.

Having said that, as long as ISPs provide a simple method of "registering" access to other mail servers (e.g. a web page where you enter your user ID and the names of mail servers you need port 25 access to) and make this information available with their bounce messages, then a block of port 25 would be reasonable. Spam zombies are a problem that is going to get a lot worse...

Re:AOL is completely UNREASONABLE.

[ahodgson]

Well, for starters, your mail.foo.com server should listen for your mail on port 587, the mail submission port. Then the port 25 blocking wouldn't affect you, and would still catch all the crap coming from your neighbors.

Re:AOL is completely UNREASONABLE.

[T38]

Quote: Why any ISP of any kind that lets port 25 traffic go outbound is beyond me.

I work for an ISP, and I've been trying to convince the other sys admins of that for a while now. It might be okay to leave outbound port 25 for static IP accounts since they often have mail servers on their connections but for dynamic IPs...nah--outbound port 25 causes far too many problems. Not enough people use dynamic DNS for outbound port 25 to be anything more than 1) spam zombies or 2) bonafide spammers. In either case, you don't want them sending from your network.

Re:AOL is completely UNREASONABLE.

[puck71]

Properly configured mail servers accept mail from people who are connected to their network, and from nobody else. Thus you should be able to send email from your @foo.com email thru mail.lameisp.net but NOT though mail.foo.com (your foo.com mailserver should block that connection). This happened at my college awhile back. Their mail server used to accept connections to send my email even when I wasn't on-campus. Then AOL blocked us, and told us we had an open relay, and when they fixed it, lo and behold, I couldn't send mail through the mailserver from offcampus anymore. I had to send it through the mailserver of my ISP, which is how it's supposed to work.

Opt-in spam?

[sg3235]

This is the way that I handle getting email from a company with whom I placed an order. First off, I create a special email address just for them (bestbuy@mydomain.com). Then if I get ads from them to that address, I don't consider it spam. I also don't have a problem with clicking the "unsubscribe me" link for ads directed at a specially created address. If I get ads from places other than the company named in the email, then they sold my address. If that happens (and it hasn't!) I stop accepting mail to that account and I won't buy from that company again. The majority of the spam that I get is addressed to mozilla@mydomain.com, because I posted something with that address on a newsgroup. Luckily, the only valid messages that I get to that account are from bugzilla and I just filter anything not from them and to that account directly into my spam folder. Of course, all of this is a bit too complex for the AOL users we're talking about.

Re:Opt-in spam?

[Analysis+Paralysis]

Those who do not own their own domain can accomplish the same thing using disposable addresses available from services like SpamGourmet or Sneakemail.

can't get into college if you use AOL

[SlartibartfastJunior]

I work in the admissions department for a major US college, and AOL has shunted all our emails to high school students to their spam folders. So when we offer to send out admissions decisions online, AOL customers can't get theirs, and have to wait about a week longer to receive their snailmail versions. How exactly do we fix this?

Hmmm

[Fjord]

our members have agreed to receive

Depends. Did they really agree to receive it, or did they just forget to uncheck the "receive promotions from our affiliates" when signing up for free porn?

How I dealt with this problem

[Phemur]

I run a ~700 member mailing list and a ~500 member Forum. We've had a lot of problems with the AOL Spam filter. Eventually the AOL postmaster emailed my Hosting provider, and they asked me to cease and desist.

I spent some time with my customer rep at the hosting service, and while they fully understood my point of view, they just couldn't fight AOL, so they asked me to drop all of the AOL.com addresses.

And that's what I did. I emailed all of those members, offered them help and support to setup free webmail accounts, and then dropped every aol.com accounts.

What's really ironic was that AOL told us a member complained that they were getting email from us, and we even received a copy of the offending email. It was a mailing list post from another member. You have to go through the usual subscribing process (register, wait for an email, reply, confirm, etc) to get on that list in the first place!

In the end, it turned out to be great for us, since most of my time was spent dealing with aol.com blocked emails anyway. The site runs very smoothly now.

Phemur

Its only AOL

[itsnotthenetwork]

1. Stop sending SPAM 2. .... 3. Profit !

AOL Postmaster is a spammer

When malware on the net spoofs my domain as sender to a non-existent user@aol.com, then the AOL MAILER-DAEMON spams me with a bounce. My domain even has valid SPF info proving that the original message did not come from my domain. Take your own medicine, AOL!

Subject: Refresh their memories....

[iamcf13]

Seriously.

Use the email Subject: line to remind the customer of their previous order ie:

Subject: From example.com -- Invoice #123 for your order placed March 20, 2004

That way, unless their short-term memory is shot or they are incompetent/dishonest, they won't misconstrue your email as spam.

(Our marketing you opt into while ordering, don't flame me, we do not purchase lists!)

Do they consciously have to opt out (ie. check the 'do not bother me unless I order something from you and only then only send order related information only' box) to avoid unwanted, non-order related email from your company? You should change it to an 'opt in' approach. People who consciously opt in want to be marketed to and would be on the lookout for your email ads. Unless they were incompetent/dishonest or had bad short-term memory, they would only report your email ads as spam by genuine mistake (ie. a 'mouseslip' caused them to hit 'report as spam' rather than 'delete').

What I am driving at is that the average person doesn't want to expend any more effort than is necessary in order to get something accomplished. If you run your email system with that in mind, the number of problems you are having now should drop to almost zero (if not zero).

However, thanks to the passage of CAN-SPAM at the 'behest' of the Direct Marketers Association, everybody in America with an email address (with some exceptions no doubt--.gov and .mil email addresses) has been automatically 'opted in' without their prior approval. Anti-spam advocates said CAN-SPAM will allow millions of U.S. businesses to flood the Internet with even more email marketing. If that is the case, I am, at last, ready to funnel it all to my spam archive for convenient perusal and deletion thanks to the program I wrote and use for just this purpose (see sig).

Re:Subject: Refresh their memories....

[arglesnaf]

Our subject does say that it is an order confirmation. It does not help.

Re:Subject: Refresh their memories....

[wheany]

That's because many spammers use subjects like "Your order" or "Receipt of order #12098312."

I don't think there is any kind of subject line that the spammers haven't spoiled...

Re:Subject: Refresh their memories....

[iamcf13]

Come to think of it, I do somewhat remember getting spam like that.

At the time I asked myself: Did I order anything online recently?...Nope. Spam. Plonk!


Problem solved. Case closed.

Such spam would have been filtered as such by my program I use (see sig). If I were doing business with an etailer, I would whitelist the email address or email domain the order information came from thus allowing it to bypass my program's spam filtering heuristics. Then once I personally receive all my order(s) for the time being, I can then remove them from the whitelist to prevent them from marketing to me whether I requested it or not--likely not. I view advertising as a 'necessary evil' in any capitalist society such as the one I live in here in the USA.

Anybody have a URL to a non-Quicktime version of the complete, with sound Apple/Ridley Scott '1984' commercial? Now that is my idea of a commercial! I'd like to see that one again! Nowadays, most of the commercials I see seem to be aimed at small children, crass and silly--an obvious attempt at grabbing your attention so they can sell you their product they are advertising in the commercial. This is the antithesis of what was done in the famed '1984' commercial. To heighten its impact, the commercial was officially aired only once during the 1984 Super Bowl football game and has only been seen infrequently on varous 'retrospective' TV shows in the 20 years since 1984.

Re:Subject: Refresh their memories....

[Phurd+Phlegm]

Use the email Subject: line to remind the customer of their previous order ie:

Subject: From example.com -- Invoice #123 for your order placed March 20, 2004.

Oh, I've never gotten spam with what appears to be a legitimate subject line -- that should work great. Just generate a random invoice number and use today's date and you'll probably get most of the people that ordered something today to look at it....

AOL forwarders bear responsibility

If you have a lucrative business IP that makes money "forwarding mail" to AOL customers, you should be required to run SpamAssassin or other bayesian filtering, or something to reduce the spam you send your customers.

If you don't, and AOL (or your hosting ISP) hassles you, you have no ligitimate argument.

If you're going to pretend you're an ISP and forward mail to AOL'ers and charge them, you should be providing something for the service besides a matador-like full forward with no filters.

Re:Not your fault - you're dealing with AOL losers

As a provider of a few special-interested community mailing lists, this caused some amount of consternation when AOL threatened to cut off the address block containing my server, and the folks who graciously supply me with bandwidth. Given that this is a properly operating Mailman list server and lists which have been serving this community gratis for well over a decade, anyone can unsubscribe themselves with a moderate amount of intelligence.

My only alternative is to either take a lot of time to verify that the user meant to unsubscribe - and I'll do that for friends - or as keeping with the AOL threat letter - simply unsubscribe them with extreme prejudice. I both remove them from the list and prevent them from ever re-subscribing with that AOL address. In the unsubscribe message it tells them if they want to re-subscribe, they can send a notarized letter declaring their intention to subscribe along with a re-instatement fee.

If these lists didn't run themselves I'd have given up doing it long ago, but with great open-source software and a little help from friends, there are 2,000 subscribers in a dozen countries that my mail server (now mailman on an ibook) diligently fowards mail to. If they want to access the internet with training wheels, that's fine right up until they waste my time.

Not even standard courtesy

[wytcld]

I host a few domains for people who have their e-mail forwarded to AOL. Despite my running some elaborate spam filtering, AOL reacted to their reporting of spams forwarded to them through their domains here by blocking my IP, since my IP had been the last to touch the spam before sending it on. AOL did not even have the courtesy to send a notice to the standard "postmaster@domain" address that anyone seriously running a mail server monitors. To AOL's credit, I was able to immediately get through by phone once I saw what was happening. But for AOL to block communications without notification goes against the whole idea of taking responsibility for the quality of the Net.

Now AOL's also backing up mail to these several users in my mail queue whenever it contains a URL that any AOL user has associated with spam. Granted, these are largely really spam - but why make a legitimate (not open) relaying server take the load from this? It ends up with my server trying to send a notice back up the line to what's usually the spammer's false From address, when AOL could easily enough receive the mail and then /dev/null it or whatever else they like. They're basically using this as a way to act aggressively against small, legitimate Net businesses.

Since my clients aren't always able to figure out which of the spams they've received on AOL was relayed from here, I've had to tell them that if they report any spam at all to AOL so as to get me blocked again I'll have to block their mail forwarding. I have to be hardass because AOL is being AsshOLe.

How do I get in the feedback loop?

[automatic_jack]

I can't find a link or other information on this site about a "feedback loop." How do I get on it?

AOL is completely REASONABLE.

[frankie]

clueless users in dorms/offices/wireless connections, who may or may not become spam zombies

As others have said: your problem is clueless sysadmins who have failed to properly firewall the dorms/offices/access points. Allowing outbound port 25 from random user PCs is bad netiquette that deserves blocking.

Every day by about 10 AM, if we're lucky, we've been blacklisted.

We haven't been on any blacklists since a couple septembers ago when we instituted our internal SMTP whitelist.

Re:AOL is completely REASONABLE.

Allowing outbound port 25 from random user PCs is bad netiquette that deserves blocking.

No, it's not. Random user PCs are perfectly capable of running a well-configured mail server. I do (Postfix). It means I can send mail from my notebook wherever I have it connected - coffee shop hotspot, my friend's houses on cable or DSL, a dialup line when I'm travelling - without having to figure out where the SMTP server is today.

Assuming you know every use the network will be put to by a large selection of users and taking draconian steps is the case of bad netiquette.

Re:AOL is completely REASONABLE.

[IngramJames]

I think your friend meant The September That Never Ended

Re:AOL is completely REASONABLE.

[frankie]

Actually I meant literal September. It's a real phenomenon, not just a funny phrase. In early September of both 2000 & 2001 we were listed by ORBL et al due to open proxies in the freshmen dorms. In 2002 we blocked SMTP from the dorms, and we lived happily ever after.

Re:AOL is completely REASONABLE.

[IngramJames]

I was referring to the link you posted to here (first link from your Google link). Just pointing out a minor correction to the name of the well-known September that AOL unleashed its hoardes. This may be petty, but then again, I am fairly anal :-)

September is well known for this kind of problem - precisely because that's when the clueless freshmen all arrive - albeit nowadays with their own PCs, open ports and instaiable desire to open attachments, rather than the old problem of writing "Me Too" and quoting 500+ lines of previous news article...

Re:AOL is completely REASONABLE.

Oh, I see. I didn't realize that all of the google results from that search pointed to essentially the same guy and the same info. Got it.

Re:AOL is completely REASONABLE.

[msim]

My hosting is on one of the blocklists, SORBL or something, i don't remember, it's 6am on a all-nighter. Anyhoo, it's because a company had their website hosted in the data centre a year or so ago and managed to get the entire C-class blocked.

No quantity of booing and ha'ing could get them off the list. Short of paying money to some charity (cost of $50USD or something), the data centre and my hosting co said "go fuck yourselves if that's the only way out" and it's been that way ever since

*shrugs*

Re:AOL is completely REASONABLE.

That has nothing to do with AOL blocking a known current spam source, which is what this thread was about.

solution to aol spam problem?

[alw53]

Just print off a snail mail letter to the customer and to AOL, confirming that you've removed their account because you were reported as spamming them. This puts the onus on the customer. Or send an email confirmation to the customer from another server?

Unsubscribing Much Better Now

[SeinJunkie]

You can't trust "unsubscribe" links, as all they do is confirm that you read your email. :P

I know this reply is too late to bed modded anything, but I'll say it anyway.

Last August, I had been getting way too much spam in my main mailbox. I had heard that unsubscribing just backfired and gives you even more mail, so I never did it. Then, after deleting 15-30 spam messages per day-- every day-- I decided that the spam couldn't get too much worse than this (yes, I know it can, but the point is I was sick of it). I had also read a few months prior to this in Maximum PC's article on spam that the spammers "swear the unsubscribe links work" even though they also recommended to not use them. I decided to give unsubscriptions a try.

I opened every spam mail, going straight to the unsubscribe link every time, and typing in my e-mail address, etc...

I noticed that after opening the unsubscribe links, many of them are sent by the same company and use the same unsubscribe page (whether legitimately or not, is something else altogether).

I did this process religiously for about 4-5 weeks straight. By the second week, I noticed a considerable decrease in my spam. By the fourth week, I had no unwanted e-mail, and it was refreshing. I'm sure there are some people out there who have a story about getting screwed ove by the unsubscribe links, but this is my story, and it's true.

Email is not a business process tool

Email was and is meant for one person to send a message to another. It has been adapted and misused by corporate America to do all sorts of things it was never intended for... order confirmations and spam being two of them.

It is a miracle it works for it's intended purpose, I wouldn't complain about problems with using it for business purposes, it isn't meant for that. RFC 1822 doesn't define a mission critical app. If this is a mission critical feature of your application you should design a mission critical capable system.

A bookmarked status page comes to mind as an acceptible alternative for monitoring order status. At least you have control over how the status is delivered...

l8,
AC

Wakeup call.

[pclminion]

This should be a wakeup call to all the people who are against automated spam filtering because "It's not 100% accurate."

Clearly, humans aren't even 100% accurate. Stick that in your pipe and smoke it.

Your newsletter is SPAM

I've seen many people think that their newsletter recipients want it, when it just turns out to be SPAM. Don't think that just because you aren't trying to sell penis pills, you aren't SPAM. Many "legit" emailings overdue it. Amazon was a big offender a few years ago when it started to send me ads on a daily basis.

Port 25/tcp blocking

[A.+Lynch]

This is a start, yeah. You do still have zombie issues, whereby the programs/controllers look up common relay hostnames and/or check Outlook (Express) configurations, but it helps immensely with the spam problem.

Once you do that, the ISP still has problems with users spamming through their relays, but its quite simple for them to detect and auto-block the abusers of that. Or just tiergrub and/or tarpit the high-rate senders, etc...

We've implemented all of this here (I work as a sysadmin at a large ISP), as well as Zero-RDNS blocking, and cut down a LOT of spam.

Solution: Don't trust anyone at AOL

The Bonded Sender program, where an email sender puts cash on deposit with a third party, and then forfeits that cash if the third party receives spam complaints, is an effective tool for identifying non-spam.

And like most sensible people, they realize that most AOL users are idiots and don't count count complaints from AOL users in determining if you're a spammer.

Actually we have more trouble with ATT/Worldnet

[wsanders]

I run a mail forwarding server for about 20,000 users. We land on att.com, worldnet.com, and occasionally cox.com's blacklist about once every three weeks. It has been impossible to get hold a human at these organization who can do anything besides recite the "send email to abuse" mantra.

We just tell our users, "here's a nickel, kid, get yourself a better ISP."

This is a serious problem

[sto+237]

We are an online pharmaceutical company. We provide Cialis, Levitra, HGH, and various other medications to help our customers lose weight and/or enjoy better performance.

Our primary means of business is acquiring new satisfied customers through email. We work hard to gather new prospects through combing Usenet posts, guestbook entries and mailto tags. Having so many emails to AOL addresses falsely reported as spam not only increases the workload for us, but deprives the AOL users of the benefits we can provide.

We can only hope that cooler heads prevail, and that AOL corrects its spam reporting facility. And that we are quickly removed from MAPS, ORB, Spamhaus, SpamAssassin, SPEWS, and all your .procmailrc files.

Sincerely
Alan Chickenboner
9243 Lantana Blvd.
Boca Raton, Nigeria
http://www.elite-meds-rx.com

AOL Just Say NO!

Most of you are missing the point. There is not reason for our sysadmins to be calling AOL. Simply educate your customers/users that you cannot guarantee that they will get valid email if they subscribe to AOL. THEY should complain to AOL abou it. Not us as third parties. Just tell customers not to use AOL and things will be fine. That is the most effective campaign you can mount. Let them drop the messages without complaining for THEIR customers. That is the most effective way to have AOL go out of business or come up with a competent business model. So don't bother whitelisting yourselves, tell your customers to abandon AOL. Billboards across America "AOL, Just Say No!"

Using clear and concise e-mail addresses helps

[SilentScream]

This may have already been posted but even so its probably worth repeating anyway: You can help your newsletter cause on AOL tremendously by using a short, concise e-mail address that clearly identifies who you are and a short descriptive subject. The current AOL mail web client still fixes the mailbox display of the from address to only a few characters and while the main AOL client now finally permits the adjustment of the From column to see the entire address, many people don't take the time or don't know they can. That means that if you send your newsletter from "todaysnewsletter@yourlongcompanyname.com", the AOL user will probably only see "todays.." as the From address. If you have combined this with a not very obvious Subject line (or one easily confused with Spam), then you are doomed to be accidentally sent to the Spam box. Instead, use an address like "news@yourcompany.com" and back that up with a Subject like "Company News: Latest P4 Reviewed".

Why block spam?

[ImEric12]

I really don't think companies should make much of an effort to block spam, especially plain out trashing it. It only screws up legit e-mails. I've had my e-mail address for 4 years now, and used it a good amount, and I still only get spam about twice a month, if that. I don't see how dumb you have to be to get 40 e-mails a day (as I've heard certain people at school talk about...). The only way I can see that possible is to enter your e-mail into every porn e-zine you can find. Seriously.

forwarded emails marked as SPAM

[hostspring]

As a hosting provider, we have hundreds of clients who are also AOL clients. Many of them forward all of their email sent to their hosting account with us to their aol email account.

When a SPAM is sent to their hosting account...it gets forwarded to their aol account along with all of their other emails. If they then click the 'report spam' button on aol's side for this SPAM message, AOL MARKS OUR SERVER AS THE CULPRIT AND NOT THE ORIGINAL SPAMMER!.

Obviously this is a problem which has caused us many sleepless nights:(

aol needs to teach their users!

[big+daddy+kane]

if aol were to give a short explination as to what spam really is, unsolicited mail, then maybe the accidental spam reporting rate would drop, a confermation from an online purchase is not spam, and if clarrified would help greatly.

There is no problem caused by RFC1918

Look, if your NAT gateway can't handle RFC1918, that's not a DNS problem, it's a sysadmin problem.

I have over 400 hosts on RFC1918 addressing, as well as my home network of 9 nodes (counting the cluster as one) and all of them reverse-resolve without problems.

It's trivial. (Certainly easier than connection-tracking and packet reformatting, which are required for RFC1918-based NAT.) Inside the NATted network, DNS lookups resolve to the RFC-1918 address. From outside the NATted network, DNS lookups resolve to the outside gateway address. Either way, reverse resolution returns the inverse of forward resolution. With versions of BIND that support views, you can do this from a single nameserver node (although it's a better idea to have physically separate internal and external DNS servers).

Remember, there is no requirement for a one-to-one relationship between addresses and names in forward lookups. You can have hundreds of nodes resolve to the gateway address when looked up from outside the NATted network.