Dealing with False AOL Spam Reports?

aohell-guy asks: "I handle the mail servers for a business that has 20% of our members using AOL. We regularly send out email that our members have agreed to receive. In AOL 8.0, it was possible to click a single message and report it as spam. You would be prompted to confirm the spam report, although no details explaining what happens with the report are given to the user. Through AOL's Postmaster site, it is possible to get in on the spam 'Feedback Loop,' where AOL will send you the spam reports it receives for mail sent from your servers. When you receive a report, you are supposed to immediately cease the sending of email to that AOL address. The only problem is, we have found that most of the time the AOL users are reporting our email as spam on accident! These complaints can negatively impact your ability to send email to AOL members. How are you handling the false reports?" "In version 9.0, AOL made two incredibly stupid mistakes which make false positive spam reports skyrocket. First is they now allow their users to select multiple messages at once and report them all as spam. Second, when you hit the spam report button (which is located DIRECTLY next to the delete button), it IMMEDIATELY files the spam report -- there is no confirmation required. Sure, the AOL user can see they made a mistake and move your email back out of their spam folder...but the report is still filed against your server. Rack up enough of these reports, and you will not be able to send mail to AOL. We have had plenty of complaints come in, and we delete their accounts as they do -- except with our paying members. We ask them if they really want to cancel? In ALL cases but one, we have received replies stating it was an accident.

We have spoken to people within AOL that deal with the mail. (Amazingly, it is not too hard to speak with them if you are a business sending email to AOL users.) The ones we've spoken to are not happy with these changes in AOL 9.0, and admit they result in many false positives.

If you are sending a lot of email to AOL users, you will want to get in on their feedback loop ASAP, and also look into getting on AOL's 'whitelist,' which ensures that your mail will not be silently filtered into the bit bucket, as long as you keep your mail bounces and spam reports (ahem!) at a low level."

Whaaaat? Cluesless AOL users?

Who would've thought that possible.

My email never gets blocked by AOL

[Grey+Ninja]

Just put "Enlarge your Member" in the subject line. It NEVER gets marked as spam in my experience. I sell about 200 pounds of snake oil a day to AOL users.

SourceForge mailing lists are blocked by AOL

[tramm]

I run several projects on SourceForge, including autopilot, that have had all of the AOL subscribers removed from the mailing lists due to spam bounces. Since so many AOL users receive mail from SourceForge hosted mailing lists, it does not take many accidentally clicking the spam button to blacklist the SF servers.

I submitted a support request to SF about it, and they said (rightfully) that it is AOL's problem.

AOL almost knows me by name....

[m0rb0]

I work for an independt-regional isp, and often have to serve as the conduit for users who cannot e-mail AOL. Quite simply, I have to spend 20-30min each time with customer support to have our ip addresses "removed" from their abuse list. If there IS a better solution, I have not found it yet!

Re:On accident?

[batkiwi]

RTFPost!!!!

We have had plenty of complaints come in, and we delete their accounts as they do -- except with our paying members. We ask them if they really want to cancel? In ALL cases but one, we have received replies stating it was an accident.

Or are you using AOL 9.0 and accidentally clicked the submit button before reading the full text of the post?

Small lists too...

[dcigary]

I run a small (~200 user) mailing list for my homeowner's association, and I've been fighting the AOL Spam filters for years. From what I can tell, the process of notifying AOL that your email is indeed something that users have signed up for and WANT is near impossible. I'm almost to the point of telling the HOA that we can't accept AOL accounts any more, as nothing gets through. I've also had the same experience with Time Warner Roadrunner, EarthLink and others as well... What I find MOST disturbing is that on AOL the user NEVER receives the email, nor a notification that something was rejected. Ignorance is bliss as far as AOL is concerned, and they like keeping their users in the dark.

Re:it is a tough situation

[circusnews]

The only other thing I could think of is maybe put a note in the messages of your AOL users asking them to contact AOL and fix their policy. The chances of this working are beyond slim, but it will make it appear to your users that you are trying to serve them the best that you can.

I have found having 20 or 30 AOL users call AOL's tech support screaming about AOL bouncing importiant mail as spam gets you off the list fairly quickly.

AOL is quite reasonable

[arglesnaf]

As a matter of fact AOL handles this quite reasonably. The secret is reverse resolution.

I am postmaster and in the IT security department of a fortune 150 Office Supply company. We started to experience this problem, and contacted AOL. We were added to the whitelist, set up the feedback loop yet we kept getting blacklisted. Spoke with a tech who told us to call the corporate phone number and speak with the "Spam Czar" whose name I cannot recall and cannot locate via google.

After speaking with him we discovered we were still getting blacklisted after around five complaints, when we send thousands of order confirmations to AOL addresses a day. They tracked down the problem, and it was that one of our mail servers did not reverse resolve. We fixed this, and bam, we now take nearly a hundred complaints to be blacklisted.

(You wouldn't believe how many people flag an order confirmation as spam. You also wouldn't believe how many corporate employees forward there email to AOL and flag it as spam, when they forwarded the spam to themselves!)

It was quite embaressing that we were not reverse resolving the host that sends order confirmations. We do send some opt-in marketing, but it originates from a different server.

(Our marketing you opt into while ordering, don't flame me, we do not purchase lists!)

Re:AOL is quite reasonable

[LordWoody]

Reverse DNS, eg: 192.168.1.1 -> mail.yourdomain.com
forward DNS: mail.yourdomain.com -> 192.168.1.1

Woody

Re:AOL is quite reasonable

[Surazal]

I had to deal with this issue a lot while working as a system administrator at the last company I worked at.

I don't know about other domain name servers (like Microsoft's offerings, for instance), but I know in BIND, it's not only necessary to set up the forward resolution of a hostname, for instance:

www.slashdot.org => 66.35.250.151

It's also necessary to explicitly set this up too:

66.35.250.151 => www.slashdot.org

The reason it's necessary to define the reverse hostname resolution is because a hostname may resolve to the same IP address as several, or even hundreds of other hostnames. Rob Malda could have www.shashdot.org, my.slashdot.org, woohoo.slashdot.org all to the same IP address. But the IP address can only reverse-resolve to one hostname by definition. So, you define both the forward lookups and reverse lookups explicitly so that your company network can run smoothly without anyone knoiwing the major hack you just pulled to *get* the thing running. :^)

Sometimes, though, even seasoned admins forget to put in the reverse-lookup rules in there as a matter of oversight. For this reason you see a lot of automated scripts at ISP's that handle hostname maintanance for you.

And, unfortunately, they didn't have this set up at my last job.

(story, boss wants a new server set up, I have to make a phone call to set up the new IP address and hostname to our system adminsitrators at the data center)

Me: "Can you get hostname blah.blah.blah pointing to 10.0.0.123?"
Other Guy: "Sure! Will be going in a few hours or so"
Me: "No problem"

Three hours later...

Me: "Um, I wanted the reverse-lookup tables set up, too."
Other Guy: "What? Why do you need reverse lookup tables?"
Me: "Because half the network applications ever written since the inception of the internet require that be done *every time*. Just like the last 7 times I asked you to do this."

Yeah, I hated my last job. :^)

Re:AOL is quite reasonable

[Glug]

(Our marketing you opt into while ordering, don't flame me, we do not purchase lists!)

Not a flame, just letting you know: If I place an order with a company, I never check any boxes that opt me in to receive advertising. If I get "defaulted" to receiving ads and do receive some later, then I report the spam to the company's upstream and, obviously, I never buy anything from that company again. You might check to see whether your order forms try to "default" people into receiving spam or not - it is possible that the opt-in list that your marketing department thinks it has accumulated is not an opt-in list at all, and that people are reporting your company's email as spam because your company is in fact sending them unsolicited bulk email.

Re:AOL is quite reasonable

[Lost+Race]

But the IP address can only reverse-resolve to one hostname by definition.

No, one IP address can resolve to many hostnames.

$ORIGIN 0.168.192.in-addr.arpa.
1 ptr hosta.example.com.
1 ptr hostb.example.com.
1 ptr hostc.example.com.

% host 192.168.0.1
1.0.168.192.in-addr.arpa domain name pointer hosta.example.com.
1.0.168.192.in-addr.arpa domain name pointer hostb.example.com.
1.0.168.192.in-addr.arpa domain name pointer hostc.example.com.

Similarly one hostname can resolve to multiple IP addresses.

% host mx1.mail.yahoo.com.
mx1.mail.yahoo.com has address 64.156.215.7
mx1.mail.yahoo.com has address 64.157.4.78
mx1.mail.yahoo.com has address 64.157.4.79
mx1.mail.yahoo.com has address 67.28.114.33
mx1.mail.yahoo.com has address 64.156.215.5
mx1.mail.yahoo.com has address 64.156.215.6

This drives me, and my customers nuts

[Bug-Y2K]

I work for a colo/hosting outfit. I also read the "abuse@*" address here. I found out about this system at AOL back in November, and spent a few weeks working my way through the postmaster group at AOL. I finally did get a really clued guy, who did a lot to help out... however, the system is so completely flawed that there isn't much that can be done to fix it.

Easily 98% of their reported "spams" are false positives. I've collected the 10,000 or so rejected mails and They break down like this:

40% are auto-mails from some website notification system
(example: one of our clients is an "aprtment finding service" that you sign up and I assume pay for. It notifies you if an apartment that meets your needs becomes available, via email.)
30% are mailing list traffic
10% are confirmation emails for ecommerce purchases!
10% are *personal correspondence!*
8% are actual spam, but being legitimately forwarded to an AOL address via a domain hosted by us, but whose user has configured it to forward to an AOL address.
2% is who knows what.

To have a system that fundamentally flawed is amazing. I don't use AOL... in fact I've never even seen what it looks like, so I don't know if this is *user* generated or auto-generated, but I do know it just doesn't work.

Re:Lucky clients...

[Unholy_Kingfish]

Seriously - I'm not sure what business you're in, but do your clients really need to be using AOL?

I am not sure about what he means by clients, but we have this problem with customers. One of the sites I manage DressKids.com , sends out an email conformation for the order, a CC card conformation from the processor (not my choice) and then an email when the order is shipped. Plus we send out a newsletter about every 3-4 months. Pretty reasonable right? We don't spam, we don't sell lists. Our emails do not get through to AOL subscribers. Why? because people repost them as spam, whether it is intentional or not. We get many phone calls from cranky customers complaining they didn't get their email. But those same people are reporting those emails as spam. About 20% of our base is on AOL. Most of them are new moms/housewives on AOL. They have no clue what they are doing. Plus they don't care that they have no clue and take it out on us. AOL needs to do something about this. Having to contact AOL on a regular basis to reverse something dumb that their customers are doing is unreasonable. Spam is a problem, no argument with that. But when legit emails do not get through because of false reports, who's fault is it? Who should fix it? Who has the time?

Playing nicely with AOL (Re:Take the hint)

[ziegast]

Take the hint and unsubscribe them from the newsletter/mailing that they "opted" to receive.

Preach on, brutha.

I've had a good experience with the people at AOL. They have full-time staff dedicated to serving their customers and outside mail administrators alike. You can actually call them and get yourself taken off a blacklist within hours (if you're polite). They tell you the thresholds their spam filters use. Once you know how the game is played, you can decide how you continue to play. AOL is enforcing rules that they enforce on behalf of their customers.

Some suggestions for postmasters with lots of AOL customers....

1. Make sure you have forward/reverse DNS for each of your mail servers. Your odds of getting blacklisted go down sharply if you properly list your mail servers in DNS.

2. Call them and schedule a phone appointment to get your servers onto their whitelist. You tell them the business you're in and what IP addresses are servers that belong to you. You also give them a contact address (eg: aolspamcomplaints@yourdomain.com) to where they can forward spam complaints. Once you sign/fax a document that says you understand their policies, you get put on the whitelist. It's not a guarantee that you'll never get dropped, but you at least see it coming before it happens.

2a. Register an additional address on your network from which you don't send mail. If at any time one of your other addresses does get blacklisted, you have another address through which you can relay AOL mail after you address the problem.

3. Something you must do is include a user's e-mail address as part of the mail message itself (not just in the headers). If any of the users' spam reports come back to you, AOL anonymizes the headers. You'll need the address information in the body to determine which idiot hit the "this is spam" button. You might send them a warning after you recieve two messages saying that if they claim any more of your messages are spam, they get removed from your list automatically. You need to protect your mail service for all of the other AOL users you have subscribed. Something else you might do is make sure your list or company name is part of the subject line. It'll make it easy for them to know it's your content. They do want to recieve your content, yes? Make it easy for them to read or delete your message by looking at the subject line (instead of mistaking it for spam). Good mailing lists include the list name in the subject line.

I run domain-based mail forwarding service for some of my web hosting clients. My customers' domain-based e-mail is forwarded through my servers (spam and all) to their AOL account at their request. When they say "this is spam" to their inbound mail, my servers get the bad reputation, not the spammers becasue I'm the one delivering the messages to AOL's servers. It sucks, but now that I've done steps 1/2/2a after my first blacklist experience, things seem to have been going pretty well. I need to do step 3 and help educate my customers about inadvertent spam tagging, but I've been too busy to implement it.

Aside: Compared to AOL, AT&T WorldNet sucks. I got wrongfully blacklisted by them recently. Their system is not as transparent as AOL. I had to use ARIN Whois network information to find a phone number for someone who could find me a phone number of someone who could give me the e-mail address of the people to whom I can request to be taken off their blacklist (aka runaround). Getting off their list takes several days and repeated e-mails instead of a single phone call. Boo! If one is going to blacklist mail servers and reject mail, make sure the mail server puts a URL in the rejection message so that white-hat mail administrators can find policies and contact info that can help them quickly resolve errant blacklisting. To do less is poor customer service.

-ez