Slashdot Mirror
Dealing with False AOL Spam Reports?
aohell-guy asks: "I handle the mail servers for a business that has 20% of our members using AOL. We regularly send out email that our members have agreed to receive. In AOL 8.0, it was possible to click a single message and report it as spam. You would be prompted to confirm the spam report, although no details explaining what happens with the report are given to the user. Through AOL's Postmaster site, it is possible to get in on the spam 'Feedback Loop,' where AOL will send you the spam reports it receives for mail sent from your servers. When you receive a report, you are supposed to immediately cease the sending of email to that AOL address. The only problem is, we have found that most of the time the AOL users are reporting our email as spam on accident! These complaints can negatively impact your ability to send email to AOL members. How are you handling the false reports?"
"In version 9.0, AOL made two incredibly stupid mistakes which make false positive spam reports skyrocket. First is they now allow their users to select multiple messages at once and report them all as spam. Second, when you hit the spam report button (which is located DIRECTLY next to the delete button), it IMMEDIATELY files the spam report -- there is no confirmation required. Sure, the AOL user can see they made a mistake and move your email back out of their spam folder...but the report is still filed against your server. Rack up enough of these reports, and you will not be able to send mail to AOL. We have had plenty of complaints come in, and we delete their accounts as they do -- except with our paying members. We ask them if they really want to cancel? In ALL cases but one, we have received replies stating it was an accident.
We have spoken to people within AOL that deal with the mail. (Amazingly, it is not too hard to speak with them if you are a business sending email to AOL users.) The ones we've spoken to are not happy with these changes in AOL 9.0, and admit they result in many false positives.
If you are sending a lot of email to AOL users, you will want to get in on their feedback loop ASAP, and also look into getting on AOL's 'whitelist,' which ensures that your mail will not be silently filtered into the bit bucket, as long as you keep your mail bounces and spam reports (ahem!) at a low level."
We have spoken to people within AOL that deal with the mail. (Amazingly, it is not too hard to speak with them if you are a business sending email to AOL users.) The ones we've spoken to are not happy with these changes in AOL 9.0, and admit they result in many false positives.
If you are sending a lot of email to AOL users, you will want to get in on their feedback loop ASAP, and also look into getting on AOL's 'whitelist,' which ensures that your mail will not be silently filtered into the bit bucket, as long as you keep your mail bounces and spam reports (ahem!) at a low level."
Who would've thought that possible.
Unfortunately you're dealing with AOL, a company that has always been a few cents short of a dollar. There's probably not much you can do. Sorry this isn't helpful, but it's not your fault they placed the Junk button so close to the delete button.
Homestarrunner.net -- It's Dot Com!
I think you've done all you can. I would even go so far as to say that you've answered your own question. Call AOL, make sure they know you're legit, and wait for the next version of AOL to fix what turned out to be a bad design choice. In the meantime, maybe add a note to one of your mailings suggesting that they make sure to be careful about that. It's not like you can do anything else.
DoggJust put "Enlarge your Member" in the subject line. It NEVER gets marked as spam in my experience. I sell about 200 pounds of snake oil a day to AOL users.
Unfortunately there is not much you can do except listen to them. Even if you think someone reported you on accident, drop them from the list. If they complain later, simply supply them with a copy of the e-mail that you were sent by AOL saying that you were reported by them as SPAM. This is an annoying solution, but you don't want to get added to AOL's spam list. It is VERY difficult to get taken off once you have been put on. You can even spin it in a positive light if you get complaints from users asking why they no longer get e-mail from you. Say that you are aggressively opposed to spam, and stop sending mail at the first sign that your letters are unwanted.
The only other thing I could think of is maybe put a note in the messages of your AOL users asking them to contact AOL and fix their policy. The chances of this working are beyond slim, but it will make it appear to your users that you are trying to serve them the best that you can.
I submitted a support request to SF about it, and they said (rightfully) that it is AOL's problem.
-- http://www.swcp.com/~hudson/
I work for an independt-regional isp, and often have to serve as the conduit for users who cannot e-mail AOL. Quite simply, I have to spend 20-30min each time with customer support to have our ip addresses "removed" from their abuse list. If there IS a better solution, I have not found it yet!
Stay on hold a bit? The first time I called, I was on hold for 25 minutes. The second time was a bit less, 18 minutes. The loop of music they play sucks too.
That sucking sound you hear is my bandwidth.
I run a bunch of Mailman mailing lists. One time, one of the people on this mailing list false SpamCop-ed one of the monthly mailing list reminders, which caused my ISP to complain to me. I kicked him off the mailing list and told him he couldn't come back until he'd convinced my ISP that the spam report was in error. I don't think he ever did come back on, but fortunately the ISP didn't kick me off - perhaps it's giving RoadRunner too much credit, but even *they* must realize the huge false positive rate from SpamCop.
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
RTFPost!!!!
We have had plenty of complaints come in, and we delete their accounts as they do -- except with our paying members. We ask them if they really want to cancel? In ALL cases but one, we have received replies stating it was an accident.
Or are you using AOL 9.0 and accidentally clicked the submit button before reading the full text of the post?
I run a small (~200 user) mailing list for my homeowner's association, and I've been fighting the AOL Spam filters for years. From what I can tell, the process of notifying AOL that your email is indeed something that users have signed up for and WANT is near impossible. I'm almost to the point of telling the HOA that we can't accept AOL accounts any more, as nothing gets through. I've also had the same experience with Time Warner Roadrunner, EarthLink and others as well... What I find MOST disturbing is that on AOL the user NEVER receives the email, nor a notification that something was rejected. Ignorance is bliss as far as AOL is concerned, and they like keeping their users in the dark.
As a matter of fact AOL handles this quite reasonably. The secret is reverse resolution.
I am postmaster and in the IT security department of a fortune 150 Office Supply company. We started to experience this problem, and contacted AOL. We were added to the whitelist, set up the feedback loop yet we kept getting blacklisted. Spoke with a tech who told us to call the corporate phone number and speak with the "Spam Czar" whose name I cannot recall and cannot locate via google.
After speaking with him we discovered we were still getting blacklisted after around five complaints, when we send thousands of order confirmations to AOL addresses a day. They tracked down the problem, and it was that one of our mail servers did not reverse resolve. We fixed this, and bam, we now take nearly a hundred complaints to be blacklisted.
(You wouldn't believe how many people flag an order confirmation as spam. You also wouldn't believe how many corporate employees forward there email to AOL and flag it as spam, when they forwarded the spam to themselves!)
It was quite embaressing that we were not reverse resolving the host that sends order confirmations. We do send some opt-in marketing, but it originates from a different server.
(Our marketing you opt into while ordering, don't flame me, we do not purchase lists!)
It's one thing to run aggressive spam reporting filters. It's another to have no procedure that can get you out of the doghouse. My father and I run a very very small commercial service for monitoring the rank of various books at Amazon that's sold to authors. They pay for the service. It's double opt-in. We keep records of each sign-up and each opt-in confirmation, as well as payment records.
AOL banned our URL but not our email. The error said the URL in our messages couldn't be sent to AOL addresses. We contacted our three (yes, just three) AOL subscribers and asked them to try to use AOL's tools to make sure our email went through, but they didn't have any options that helped.
I contacted AOL, spoke to a guy who believed what I had to say, and I sent email including a variety of details to a Yahoo (ironic) address that they obvious use for disposable purposes and change from time to time. No response. A week later, I email there again as a follow-up. No response.
So what are we to do? Convince AOL subscribers to switch to another ISP? Nope.
Freelance tech journalist for the Economist, MIT Technology Review, Macworld, and others
I work for a colo/hosting outfit. I also read the "abuse@*" address here. I found out about this system at AOL back in November, and spent a few weeks working my way through the postmaster group at AOL. I finally did get a really clued guy, who did a lot to help out... however, the system is so completely flawed that there isn't much that can be done to fix it.
Easily 98% of their reported "spams" are false positives. I've collected the 10,000 or so rejected mails and They break down like this:
40% are auto-mails from some website notification system
(example: one of our clients is an "aprtment finding service" that you sign up and I assume pay for. It notifies you if an apartment that meets your needs becomes available, via email.)
30% are mailing list traffic
10% are confirmation emails for ecommerce purchases!
10% are *personal correspondence!*
8% are actual spam, but being legitimately forwarded to an AOL address via a domain hosted by us, but whose user has configured it to forward to an AOL address.
2% is who knows what.
To have a system that fundamentally flawed is amazing. I don't use AOL... in fact I've never even seen what it looks like, so I don't know if this is *user* generated or auto-generated, but I do know it just doesn't work.
I am not sure about what he means by clients, but we have this problem with customers. One of the sites I manage DressKids.com , sends out an email conformation for the order, a CC card conformation from the processor (not my choice) and then an email when the order is shipped. Plus we send out a newsletter about every 3-4 months. Pretty reasonable right? We don't spam, we don't sell lists. Our emails do not get through to AOL subscribers. Why? because people repost them as spam, whether it is intentional or not. We get many phone calls from cranky customers complaining they didn't get their email. But those same people are reporting those emails as spam. About 20% of our base is on AOL. Most of them are new moms/housewives on AOL. They have no clue what they are doing. Plus they don't care that they have no clue and take it out on us. AOL needs to do something about this. Having to contact AOL on a regular basis to reverse something dumb that their customers are doing is unreasonable. Spam is a problem, no argument with that. But when legit emails do not get through because of false reports, who's fault is it? Who should fix it? Who has the time?
Fear Is the Only God
My project Slashster, being a Friendster clone per se, sends out email recommendations from people on the site to others inviting them to join the site.
I found with Yahoo and Hotmail, that typically altering the email message not to include any sort of links (other than possibly slashster.com without the http://), typically allows the message to go through the filter. After all, most spam messages include some kind of tracking url in order to show where they came from. Right?
Not so with AOL. Pretty much any sort of attempt I do of sending an email through it have it flag up as spam. I suppose what happened was that someone hit the spam button for my site, and it was blacklisted.
It is possible to get whitelisted though. But you have to contact AOL in order to be part of the whitelist. You also need to fill out an application saying how many emails you plan on sending out a day, whatnot.
What kind of crap is this? I mean, they don't actually expect us to fill out an application for EVERY ISP out there that wants to lower spam. Ugh. Do I have to honestly write Hotmail, Yahoo, Earthlink, AOL, Adelphia, Comcast, and every other ISP / email provider out there to say "Hey, I'm not spam. Don't block me." or is there a better way? I doubt there's anything better.
It gets on my nerves, especially considering that I've started receiving mass emails from people who have invited me to Orkut. I haven't even joined that site yet, and of course, any sort of message from them does *NOT* show up as spam... Figures.
Note: I know some of you saying that sending Social Networking emails would be considered spam. I'm not sure if it could, after all, it's not the same email sent out to thousands of people. It's rather, one person sending another person a message, through my server. I know some of you will disagree, but eh.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
A few years ago, AOL was known to block all mail from random domains to lower its server load when things got overloaded. I see no reason to think they've stopped.
Good, inexpensive web hosting
Take the hint and unsubscribe them from the newsletter/mailing that they "opted" to receive.
Preach on, brutha.
I've had a good experience with the people at AOL. They have full-time staff dedicated to serving their customers and outside mail administrators alike. You can actually call them and get yourself taken off a blacklist within hours (if you're polite). They tell you the thresholds their spam filters use. Once you know how the game is played, you can decide how you continue to play. AOL is enforcing rules that they enforce on behalf of their customers.
Some suggestions for postmasters with lots of AOL customers....
1. Make sure you have forward/reverse DNS for each of your mail servers. Your odds of getting blacklisted go down sharply if you properly list your mail servers in DNS.
2. Call them and schedule a phone appointment to get your servers onto their whitelist. You tell them the business you're in and what IP addresses are servers that belong to you. You also give them a contact address (eg: aolspamcomplaints@yourdomain.com) to where they can forward spam complaints. Once you sign/fax a document that says you understand their policies, you get put on the whitelist. It's not a guarantee that you'll never get dropped, but you at least see it coming before it happens.
2a. Register an additional address on your network from which you don't send mail. If at any time one of your other addresses does get blacklisted, you have another address through which you can relay AOL mail after you address the problem.
3. Something you must do is include a user's e-mail address as part of the mail message itself (not just in the headers). If any of the users' spam reports come back to you, AOL anonymizes the headers. You'll need the address information in the body to determine which idiot hit the "this is spam" button. You might send them a warning after you recieve two messages saying that if they claim any more of your messages are spam, they get removed from your list automatically. You need to protect your mail service for all of the other AOL users you have subscribed. Something else you might do is make sure your list or company name is part of the subject line. It'll make it easy for them to know it's your content. They do want to recieve your content, yes? Make it easy for them to read or delete your message by looking at the subject line (instead of mistaking it for spam). Good mailing lists include the list name in the subject line.
I run domain-based mail forwarding service for some of my web hosting clients. My customers' domain-based e-mail is forwarded through my servers (spam and all) to their AOL account at their request. When they say "this is spam" to their inbound mail, my servers get the bad reputation, not the spammers becasue I'm the one delivering the messages to AOL's servers. It sucks, but now that I've done steps 1/2/2a after my first blacklist experience, things seem to have been going pretty well. I need to do step 3 and help educate my customers about inadvertent spam tagging, but I've been too busy to implement it.
Aside: Compared to AOL, AT&T WorldNet sucks. I got wrongfully blacklisted by them recently. Their system is not as transparent as AOL. I had to use ARIN Whois network information to find a phone number for someone who could find me a phone number of someone who could give me the e-mail address of the people to whom I can request to be taken off their blacklist (aka runaround). Getting off their list takes several days and repeated e-mails instead of a single phone call. Boo! If one is going to blacklist mail servers and reject mail, make sure the mail server puts a URL in the rejection message so that white-hat mail administrators can find policies and contact info that can help them quickly resolve errant blacklisting. To do less is poor customer service.
-ez
As a web host, we have a BIG problem with AOL just blocking us on a whim, and when you don't get any sort of bounce or refusal from their end your email server THINKS it delivered email properly. Meaning we don't know it's happening until the complaints start.
I host a little over 13,000 web sites, on over 60 servers. We allow people to run CGI and PHP (I mean people wouldn't like it much if we didn't) and as a result we do get the occasional open formmail.cgi or formmail.php being used to spam. We usually catch them pretty fast and it doesn't happen "that" often. But it happens, and before we can stop it there might be several thousand emails sent. Which is enough to get us on AOL's block, we've been silently placed on their block roughly 7 times now. The thing is EACH TIME I signup for this "in the loop" mailing so I am SUPPOSED to get a warning as soon as spam is reported from one of my servers, ok fine, know what? Not one warning, not a single one, and we were still blocked 6 more times after that.
I applaud AOL's efforts at stopping spam, but they've got to get it to be a little less troublesome.
I will say, we haven't been blocked in a couple months now, so MAYBE we're finally on the white list "for real" so here's hoping things ARE improving.
I like earthlink's challenge response better, I'll get a couple of these per day, some are from spam with my domain forged, most are from things like invoices/reciepts/other business, I click the link and jump through the hoops and from then on things seem to flow to that email account from our billing or forum system.
--- www.f-theocean.com
Well, here's the awful truth. Frequently, I'll buy something from a site, and as part of that purchase they'll make the completely unrealistic demand that I agree to receive emails from anyone they deem fit to sell the address to, or maybe even just from themselves whenever they like.
But, I don't want these emails. Just the product, thanks. I know where to find them should I need more. But this sentiment is not respected. They want to maximize their sales at any cost, and damn my peace of mind.
Now, I do realize, fully, that I agreed to this condition as part of the purchase.
And, well, that's too bad. I'm sure I'll spend some time in hell roasting for it, but I have absolutely no intention of honoring that commitment. It's unrealistic to assume that anyone would want to do so. Be realistic, not idealistic, I say.
So, I report the unwanted mails as spam. Every time. And, in all seriousness, I hope it causes them a tremendous amount of expense and hassle to resolve it. If they have to do this enough times, perhaps they'll think of a new method of doing business that doesn't piss off their customers so much.
Remember, for this is what business still lives and dies by: The customer is really always right.
If your customers report your "newsletters", "reminders", etc., as spam, they're not stupid, they're not doing it because of an "AOL design flaw" and they're not doing it by accident. They consider them as spam. You should respect the obvious message you're being sent, their clear message that you're to leave them alone, and take the proper and decent course of action. Stop sending these folks mail. If they want it, they'll tell you loud and clear.
Good luck. Business is not easy. Don't make it harder on yourself than you have to.
Boycott everything - they're all trying to fuck you one way or another
If that's true, and you work for Staples, can you get me off of your spam lists? I've done everything including calling by phone and all I get is "yes, you will be removed...in a few weeks" -- even after I said that I'd start reporting the spam as spam! (Very much bending over backward here as this is not my normal tactic for UCE.)
After about 6 months of that I gave up and just report the Staples spam along with the rest.
If you work for Office Depot or Office MAX or ... no problems! Keep up the good work!
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.