Slashdot Mirror
Dealing with False AOL Spam Reports?
aohell-guy asks: "I handle the mail servers for a business that has 20% of our members using AOL. We regularly send out email that our members have agreed to receive. In AOL 8.0, it was possible to click a single message and report it as spam. You would be prompted to confirm the spam report, although no details explaining what happens with the report are given to the user. Through AOL's Postmaster site, it is possible to get in on the spam 'Feedback Loop,' where AOL will send you the spam reports it receives for mail sent from your servers. When you receive a report, you are supposed to immediately cease the sending of email to that AOL address. The only problem is, we have found that most of the time the AOL users are reporting our email as spam on accident! These complaints can negatively impact your ability to send email to AOL members. How are you handling the false reports?"
"In version 9.0, AOL made two incredibly stupid mistakes which make false positive spam reports skyrocket. First is they now allow their users to select multiple messages at once and report them all as spam. Second, when you hit the spam report button (which is located DIRECTLY next to the delete button), it IMMEDIATELY files the spam report -- there is no confirmation required. Sure, the AOL user can see they made a mistake and move your email back out of their spam folder...but the report is still filed against your server. Rack up enough of these reports, and you will not be able to send mail to AOL. We have had plenty of complaints come in, and we delete their accounts as they do -- except with our paying members. We ask them if they really want to cancel? In ALL cases but one, we have received replies stating it was an accident.
We have spoken to people within AOL that deal with the mail. (Amazingly, it is not too hard to speak with them if you are a business sending email to AOL users.) The ones we've spoken to are not happy with these changes in AOL 9.0, and admit they result in many false positives.
If you are sending a lot of email to AOL users, you will want to get in on their feedback loop ASAP, and also look into getting on AOL's 'whitelist,' which ensures that your mail will not be silently filtered into the bit bucket, as long as you keep your mail bounces and spam reports (ahem!) at a low level."
We have spoken to people within AOL that deal with the mail. (Amazingly, it is not too hard to speak with them if you are a business sending email to AOL users.) The ones we've spoken to are not happy with these changes in AOL 9.0, and admit they result in many false positives.
If you are sending a lot of email to AOL users, you will want to get in on their feedback loop ASAP, and also look into getting on AOL's 'whitelist,' which ensures that your mail will not be silently filtered into the bit bucket, as long as you keep your mail bounces and spam reports (ahem!) at a low level."
.... aviod AOL altogether. I know that's not helpful, but our company simply gives our users dial-up accounts to dial into the building. Seems to circumvent the situation. If your company can afford it, setting up your own private "ISP" is the way to go.
-Valiss
My emails get routed to null at aol as well. Really sucks when trying to contact a client who uses AOL. Get the owner of the box (root access, some stupid AOL rule) to call the AOL Postmaster, stay on hold a bit, and you can get it all sorted out.
I work in a tech support environment dealing with end users, many using AOL. The e-mails we sent out come from the same or a similar address, and all have a similar format such as opening and closing, AOL seems to 'randomly' block them. I know it's really not random, but trying to figure it out is next to impossible.
Unfortunately there is not much you can do except listen to them. Even if you think someone reported you on accident, drop them from the list. If they complain later, simply supply them with a copy of the e-mail that you were sent by AOL saying that you were reported by them as SPAM. This is an annoying solution, but you don't want to get added to AOL's spam list. It is VERY difficult to get taken off once you have been put on. You can even spin it in a positive light if you get complaints from users asking why they no longer get e-mail from you. Say that you are aggressively opposed to spam, and stop sending mail at the first sign that your letters are unwanted.
The only other thing I could think of is maybe put a note in the messages of your AOL users asking them to contact AOL and fix their policy. The chances of this working are beyond slim, but it will make it appear to your users that you are trying to serve them the best that you can.
I used to work for a (legit) marketing firm, and had this same issue with AOL. They were technologically savvy enough thought, and had enough latitude with the membership services, that we set up aliased email accounts on our own servers for our subscribers. This dramatically cut down on our false-positives after we asked filters to be set up by our clients to get them into the right place to begin with (i.e., different folder).
Your mileage may very, and not everyone has the option to ask that kind of technical activity of their clients, so we lucked out. Might want to give it a try though.
Any spoon would be too big.
I submitted a support request to SF about it, and they said (rightfully) that it is AOL's problem.
-- http://www.swcp.com/~hudson/
I work for an independt-regional isp, and often have to serve as the conduit for users who cannot e-mail AOL. Quite simply, I have to spend 20-30min each time with customer support to have our ip addresses "removed" from their abuse list. If there IS a better solution, I have not found it yet!
At some point in my history... I was using pine, and sending mail. I set name using chfn "first I last", though my memory could be foggy and it could have been "first I. last". This wasn't a problem for any mail server except for AOL... for some reason it wouldn't parse correctly and try to send mail to "first I@domain.com"
Dispite honest efforts trying to get a hold of the mail staff, by my self and my isp... at no point was it possible to actually report the problem to anyone.
The final solution was just changing my name to "first last"... as it was important at the time to actually to get proper replies from people at AOL for some reason.
While not directly related to story... it just goes to show you that trying to actually communicate with anyone with in the AOL realm is practicaly impossible, and you should just give up before you start. The best you can do is communicate to people that AOL has *this* problem and your only resolve is to either do things diffrently, or switch services.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
I run a bunch of Mailman mailing lists. One time, one of the people on this mailing list false SpamCop-ed one of the monthly mailing list reminders, which caused my ISP to complain to me. I kicked him off the mailing list and told him he couldn't come back until he'd convinced my ISP that the spam report was in error. I don't think he ever did come back on, but fortunately the ISP didn't kick me off - perhaps it's giving RoadRunner too much credit, but even *they* must realize the huge false positive rate from SpamCop.
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
Actually, I'm not sure I ever received any spam reports against my server. But it was terrible getting whitelisted. They directed me to call a certain number that didn't work 1/2 the time, and I had to wait on hold for at least 30 minutes.
All to tell them that my server wasn't blocked. They told me it wasn't. I told them that was the error I was receiving. They told me my server wasn't on the list.
Eventually I mentioned that my server was in Rackshacks datacenter. Apparently they had banned a whole range of IP addresses, and their utilities didn't show if an IP were in that list.
So after a very frustrating conversation, they whitelisted me. Any way, I don't know how this helps you, but it feels good to vent!
Online Starcraft RPG? At
Dietary fiber is like asynchronous IO-- Non-blocking!
We have an IT meeting soon where I will be leading a discussion about on-line communications. I will be suggesting that we don't accept all email addresses from Hotmail (so many bounce with user unknown or over quota) and "hanmail" (incoming messages get tagged as spam because of the HTML that the service wraps user messages in), and that we start recording IM accounts as a backup communications option. I'm not saying we refuse emails from Hotmail accounts, I'm just saying that when you tell us your address, we won't accept a Hotmail address.
My mom had her account frozen because of a similar mistake. I've been trying to get her to stop using AOL for years, but she was too afraid it'd be too complex. This was finally the straw that broke the camel's back. Now she uses Juno and I provided her (and my whole family) e-mail addresses through my account with Lunarpages in case she doesn't like Juno. The best part is, for some reason, attachments are now more intuitive to use for her, so I don't get a phone call 3 times a week as she tries to view the picture of her granddaughter. All at half the price.
We have 125,000 AOL users (including 3,000 Compuserve) who are marked in our DB as hold due to being blocked by AOL mail servers. These are opt-in lists for product updates and news letters. People have to jump through hoops just to get on to the list in the first place. It's not worth the hassle to us. If this makes a large number of AOL customers unhappy, then they should change ISP. We're providing a service, but the goodwill it garners is only worth so much when the issues of dealing with AOL become too expensive. People like our products and seem to come back whether or not they get the mailing list stuff from us that they've requested. We've been through the process of getting unblocked twice, but it seems to take up a month. The third time we were blocked we said fuckit (or words to that affect).
Now lets talk about Yahoo. They seem to have faulty logic somewhere. I have a Yahoo account and find a lot of false-positives. As far as our mailing list goes, on one occasion we ended up being filtered to their bulk folder... which can be a lot harder to notice than being completely blocked.
The thing is, it likely is NOT by "accident". I bought some products from swansonvitamins.com. I started getting spammed to my hotmail address (heh, which is precisely why I HAVE a hotmail address). Every mail provides links to click if I want to opt out of some or all of the "offers". I chose "opt out of all" on more than one occasion, but swanson continues to spam me. So even though I am (was) a happy customer of theirs with a "pre-existing business relationship" (ie. implicit permission to spam me), I now report all of their shit as JUNK, and they can go take a flying fuck if they think I'm doing so by "accident".
When I realized over a year ago that spam was starting to be a huge headache for me, I started saving all my spam and good mail to separate directories, in preparation for using a Bayesian filter. At that time I was getting 20 per day, now I get 350, of which a few make it to my inbox. Anyway, I read Paul Graham's plan for spam and decided to write my own filter, and built in a feature where it would check my classification. Lo and behold, about 5% of the mail I classified was identified by my filter as being incorrectly classified. The filter was correct in almost all cases - I was either misinterpreting the emails or ending up saving them to the wrong directories after correctly categorizing them. Now, whenever someone wants to use my filter, I first require them to classify by hand all their mail for a few weeks. Once they run my program they are amazed - they can't believe they made so many mistakes, and they are instant believers in the power of Bayesian filters. My point is that in implementing these spam reports, the ISPs MUST take human error into account, and only penalize mass-senders if over (roughly) 5% of a given sender's recipients complains.
I run a small (~200 user) mailing list for my homeowner's association, and I've been fighting the AOL Spam filters for years. From what I can tell, the process of notifying AOL that your email is indeed something that users have signed up for and WANT is near impossible. I'm almost to the point of telling the HOA that we can't accept AOL accounts any more, as nothing gets through. I've also had the same experience with Time Warner Roadrunner, EarthLink and others as well... What I find MOST disturbing is that on AOL the user NEVER receives the email, nor a notification that something was rejected. Ignorance is bliss as far as AOL is concerned, and they like keeping their users in the dark.
I don't know about the rest of you, but I get plenty of emails that I have never agreed to receive, regardless of what the company says. Could it be that if they are reporting it as spam that they don't want your emails? It could be that the users are stupid, but in this day and age, given our spam problems, telling the company you don't want spam seems to only give a verification that you use that email address (thus you get more spam). So it could be that they are taking the easy route. They let some filter catch it.
I have never let my schooling interfere with my education.
It's one thing to run aggressive spam reporting filters. It's another to have no procedure that can get you out of the doghouse. My father and I run a very very small commercial service for monitoring the rank of various books at Amazon that's sold to authors. They pay for the service. It's double opt-in. We keep records of each sign-up and each opt-in confirmation, as well as payment records.
AOL banned our URL but not our email. The error said the URL in our messages couldn't be sent to AOL addresses. We contacted our three (yes, just three) AOL subscribers and asked them to try to use AOL's tools to make sure our email went through, but they didn't have any options that helped.
I contacted AOL, spoke to a guy who believed what I had to say, and I sent email including a variety of details to a Yahoo (ironic) address that they obvious use for disposable purposes and change from time to time. No response. A week later, I email there again as a follow-up. No response.
So what are we to do? Convince AOL subscribers to switch to another ISP? Nope.
Freelance tech journalist for the Economist, MIT Technology Review, Macworld, and others
I work for a colo/hosting outfit. I also read the "abuse@*" address here. I found out about this system at AOL back in November, and spent a few weeks working my way through the postmaster group at AOL. I finally did get a really clued guy, who did a lot to help out... however, the system is so completely flawed that there isn't much that can be done to fix it.
Easily 98% of their reported "spams" are false positives. I've collected the 10,000 or so rejected mails and They break down like this:
40% are auto-mails from some website notification system
(example: one of our clients is an "aprtment finding service" that you sign up and I assume pay for. It notifies you if an apartment that meets your needs becomes available, via email.)
30% are mailing list traffic
10% are confirmation emails for ecommerce purchases!
10% are *personal correspondence!*
8% are actual spam, but being legitimately forwarded to an AOL address via a domain hosted by us, but whose user has configured it to forward to an AOL address.
2% is who knows what.
To have a system that fundamentally flawed is amazing. I don't use AOL... in fact I've never even seen what it looks like, so I don't know if this is *user* generated or auto-generated, but I do know it just doesn't work.
My project Slashster, being a Friendster clone per se, sends out email recommendations from people on the site to others inviting them to join the site.
I found with Yahoo and Hotmail, that typically altering the email message not to include any sort of links (other than possibly slashster.com without the http://), typically allows the message to go through the filter. After all, most spam messages include some kind of tracking url in order to show where they came from. Right?
Not so with AOL. Pretty much any sort of attempt I do of sending an email through it have it flag up as spam. I suppose what happened was that someone hit the spam button for my site, and it was blacklisted.
It is possible to get whitelisted though. But you have to contact AOL in order to be part of the whitelist. You also need to fill out an application saying how many emails you plan on sending out a day, whatnot.
What kind of crap is this? I mean, they don't actually expect us to fill out an application for EVERY ISP out there that wants to lower spam. Ugh. Do I have to honestly write Hotmail, Yahoo, Earthlink, AOL, Adelphia, Comcast, and every other ISP / email provider out there to say "Hey, I'm not spam. Don't block me." or is there a better way? I doubt there's anything better.
It gets on my nerves, especially considering that I've started receiving mass emails from people who have invited me to Orkut. I haven't even joined that site yet, and of course, any sort of message from them does *NOT* show up as spam... Figures.
Note: I know some of you saying that sending Social Networking emails would be considered spam. I'm not sure if it could, after all, it's not the same email sent out to thousands of people. It's rather, one person sending another person a message, through my server. I know some of you will disagree, but eh.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Well, here's the awful truth. Frequently, I'll buy something from a site, and as part of that purchase they'll make the completely unrealistic demand that I agree to receive emails from anyone they deem fit to sell the address to, or maybe even just from themselves whenever they like.
But, I don't want these emails. Just the product, thanks. I know where to find them should I need more. But this sentiment is not respected. They want to maximize their sales at any cost, and damn my peace of mind.
Now, I do realize, fully, that I agreed to this condition as part of the purchase.
And, well, that's too bad. I'm sure I'll spend some time in hell roasting for it, but I have absolutely no intention of honoring that commitment. It's unrealistic to assume that anyone would want to do so. Be realistic, not idealistic, I say.
So, I report the unwanted mails as spam. Every time. And, in all seriousness, I hope it causes them a tremendous amount of expense and hassle to resolve it. If they have to do this enough times, perhaps they'll think of a new method of doing business that doesn't piss off their customers so much.
Remember, for this is what business still lives and dies by: The customer is really always right.
If your customers report your "newsletters", "reminders", etc., as spam, they're not stupid, they're not doing it because of an "AOL design flaw" and they're not doing it by accident. They consider them as spam. You should respect the obvious message you're being sent, their clear message that you're to leave them alone, and take the proper and decent course of action. Stop sending these folks mail. If they want it, they'll tell you loud and clear.
Good luck. Business is not easy. Don't make it harder on yourself than you have to.
Boycott everything - they're all trying to fuck you one way or another
All of my email is dumped into users' spam folders on AOL. I run a website which they subscribe to for services which require updates on interactions between them, the system and other users. They need these reports in a TIMELY fashion.
Thanks to AOL, people dont' know they've recieved their registration confirmation, password reminder, auction updates, etc... It's a PAIN IN THE ASS and there's nothing I can do about it. *shrug*
It's a pain having to tell EVERY SINGLE PERSON in a giant blurb before signing up that "AOL WILL FILE YOUR EMAIL AS SPAM SO PLEASE CONFIGURE YOUR CLIENT APPROPRIATELY FIRST". Worse, I can't email peopel personally to talk to them about the problems - or even just regular friends... because they're on AOL AND I'll be filtered to spam.. so if I'm filtered to their spam folder and they don't realize it, then they'd never get an email from me saying "hey, check your spam folder for my email"
GOD DAMN IT!
Oh, and no my domain and server have never been used for ANY spam or unsolicited mail. The domain has only ever existed under my ownership, the IP is mine alone, the servers are physically built and owned by me and I am the only one who has ever controlled the email server and had any accounts on it. AOL is just fucking stupid about spam.
...well, maybe because to some people it _IS_ spam? In my opinion, half of the time companies send emails out, it is unwanted. Some might even call it spam ;) And with modern mail filters, isn't it easier to just hit "mark as junk mail" (or however your client calls it) than to actually go through the "unsubscribe" process?
It does seem bad that all it takes is a few clicks from a few lazy users to get email blocked for _ALL_ of AOL's customers, so maybe it would be wiser for them to implement some sort of local junk mail scheme, where it's a bit more cumbersome to globally mark mail as junk for all AOL users? Just a thought...
Mention the exact date/time/site/address they used.
For the newsletter, where it mentions that they opted in, don't merely mention the "fact" that they did. Also include the exact date/time (adjusted to their local time if possible, only need to do that once) and URL they used. If it's from a "partner", name the partner's website and date/time. Just a few more bytes per customer. And if you can do a reverse-lookup on their IP address, that's even better.
For an order, the short descriptive name of the most expensive item should be included in the subject line, e.g. "Your DressKids.com order for Embroidered Organza Dress and...", as this should instantly jog anyone's memory.
Ideally the date/time/site/address would be in both body and header (e.g. X-Subscribed-From, X-Subscribed-At - I wonder if there's a standard?). I hope you're already doing this.
Copyrights, Patents, Trademarks: temporary loans from the Public Domain, not real property ("intellectual" or otherwise)
My aunt sent me and several other people an inflammatory forward which, among other things, compared Sept 11th to the Holocaust, claimed the Afghanistan wedding party which was bombed was to blame for their own demise, and criticized the Palestinians for their widely broadcast and falsified celebration of Sept 11th. I replied that three thousand sudden unexpected deaths can't be compared to six million deaths through torture and medical experiments, and that it was disrespectful of the holocaust victims to do so. I also pointed out that the Palestinian celebrations were a hoax. (I later learned I was wrong on this point. Fake footage: Palestinians dancing in the street) I was upset enough about the e-mail that I sent my answer to all the recipients of the original forward.
Somebody wasn't amused at my response (or maybe an automated spam filter detected the words "hoax" and "holocaust" in the same mail?) and decided to report it as spam to yahoo. Yahoo immediately blocked my account without warning or recourse. This was very upsetting for me because I had a number of old e-mails and address information stored in that account which I didn't have anywhere else and which would have been impossible to replace. It took me several hours of research spread out over a couple of days to find the telephone number for paying customers to call and get the problem corrected.
Lessons learned: Don't keep important information in a free account. Some things are worth paying for. Don't use Yahoo.
If that's true, and you work for Staples, can you get me off of your spam lists? I've done everything including calling by phone and all I get is "yes, you will be removed...in a few weeks" -- even after I said that I'd start reporting the spam as spam! (Very much bending over backward here as this is not my normal tactic for UCE.)
After about 6 months of that I gave up and just report the Staples spam along with the rest.
If you work for Office Depot or Office MAX or ... no problems! Keep up the good work!
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
I work for a major university that was blacklisted about a month and a half ago. People were marking messages sent by the university as spam. The messages weren't even sent to their AOL address, but their university address, where the user then forwarded all messages to their AOL account. I called the AOL postmasters at the number found here: http://postmaster.aol.com/contact/index.html and they told me they couldn't do anything immediately, but once the current complaints timed out, we would be added to their whitelist. It does seem to be a way to perform a DoS attack, because the guy I spoke to said that if they get enough spam reports for a specific domain, it is automatically blocked for a certain number of hours.
Seriously.
.mil email addresses) has been automatically 'opted in' without their prior approval. Anti-spam advocates said CAN-SPAM will allow millions of U.S. businesses to flood the Internet with even more email marketing. If that is the case, I am, at last, ready to funnel it all to my spam archive for convenient perusal and deletion thanks to the program I wrote and use for just this purpose (see sig).
Use the email Subject: line to remind the customer of their previous order ie:
Subject: From example.com -- Invoice #123 for your order placed March 20, 2004
That way, unless their short-term memory is shot or they are incompetent/dishonest, they won't misconstrue your email as spam.
(Our marketing you opt into while ordering, don't flame me, we do not purchase lists!)
Do they consciously have to opt out (ie. check the 'do not bother me unless I order something from you and only then only send order related information only' box) to avoid unwanted, non-order related email from your company? You should change it to an 'opt in' approach. People who consciously opt in want to be marketed to and would be on the lookout for your email ads. Unless they were incompetent/dishonest or had bad short-term memory, they would only report your email ads as spam by genuine mistake (ie. a 'mouseslip' caused them to hit 'report as spam' rather than 'delete').
What I am driving at is that the average person doesn't want to expend any more effort than is necessary in order to get something accomplished. If you run your email system with that in mind, the number of problems you are having now should drop to almost zero (if not zero).
However, thanks to the passage of CAN-SPAM at the 'behest' of the Direct Marketers Association, everybody in America with an email address (with some exceptions no doubt--.gov and
Well, I don't know if you can pursue this tactic, but you could block outbound SMTP from user subnets, I know of at least 2 public and two private universities that do just that. (I worked on university networks in a previous career)
Actually I meant literal September. It's a real phenomenon, not just a funny phrase. In early September of both 2000 & 2001 we were listed by ORBL et al due to open proxies in the freshmen dorms. In 2002 we blocked SMTP from the dorms, and we lived happily ever after.