Slashdot Mirror
AOL Placed on Spam Blacklist
Hacker-X writes "According to this item over at Spam Kings,
AOL has had a large swath of its IP addresses added to the Mail Abuse Prevention Systems (MAPS) Real-time Blackhole List (RBL).
The RBL is used by many corporations and large ISPs to filter spam.
MAPS evidently started blocking the AOL mail servers less than 24 hours after filing a complaint with AOL's abuse desk. The block was initiated in response to spam emanating from AOL mail servers."
Google is getting blocked to spam too:
This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
[an address forwarded to gmail.com]
Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 10): 554 Service unavailable; Client host [64.233.184.203] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?64.233.184.203
--
The address: 64.233.184.203 is wproxy.gmail.com
Well, it looks like things got turned around anyway:
[UPDATE: Looks like MAPS changed its mind. As of Tuesday afternoon ET (GMT -4:00), AOL's listing at the MAPS site is gone, and a lookup shows AOL's mail servers no longer seem to be on the MAPS RBL list. No word yet on whether AOL resolved the spam problems, or if MAPS just decided to give AOL more time.]
My name is Aaron Landry, and I approve this message.
You need to look at the facts a bit closer. AOL *has* cleaned up its act, more than anyone else on the entire internet. It's stunningly clean for an ISP of its size.
This was caused by one spam. Let me just repeat that: out of 60 million users MAPS saw one spam coming from AOL's outbound mail servers.
Now AOL does have a set of IPs out of which some spam does emanate - the rlyIPXX block (64.12.138.(7-9)). This is the IPs that they redirect direct-to-port25 mail through, and they actively encourage people to block this range. It's been publicly stated that they intend to shut this activity down real soon now, but in the meantime most people just block that range and don't see a problem.
Check the anti-spam newsgroups and mailing lists some time. AOL is hugely respected in anti-spam terms these days. And deservedly so.
Matt. Want XML + Apache + Stylesheets? Get AxKit.
AOL is listed on SpamCop too. http://www.spamcop.net/w3m?action=checkblock&ip=20 5.188.157.37
Running a small web hosting company, I use RBLs, but I would never consider using one with lunatics in charge (e.g. MAPS) just because it would generate too many compliants from my clients.
That said, I am glad there *are* people using MAPS, and I have absolutely no sympathy for AOL. They have some of the most idiotic and overzealous spamfilters on the planet, and I've been burned by them on a number of occasions. My server IPs have never been on any public blacklist, and I've never had any trouble getting email to other mass providers (Hotmail, Gmail, Yahoo). But there has been a steady stream of problems with AOL.
As far as I'm concerned, if this hurts them, good. They're getting a taste of their own medicine.
[UPDATE: Looks like MAPS changed its mind. As of Tuesday afternoon ET (GMT -4:00), AOL's listing at the MAPS site is gone, and a lookup shows AOL's mail servers no longer seem to be on the MAPS RBL list. No word yet on whether AOL resolved the spam problems, or if MAPS just decided to give AOL more time.]
I'm sorry to say this, but AOL is already "gray" to me all the time. If coming from the AOL address space, e-mails will get +1 the my local SpamAssassin parses them. Same goes for Hotmail and a couple other places.
morcego
By adding AOL to the blacklist, you might persuade AOL to clean up their act, maybe, but you also will find a lot of people dropping your blacklist because _their_ customers got angry ...
Fair or not, you really can't add AOL's main mail servers to any sort of mail blacklist without serious repercussions. Mostly bad.
I have to agree. We run some very large (1MM subscribers) mailing lists for our customers - not spam, just company announcements and such. AOL had a great process for getting whitelisted with them- they checked that you were legit, that your mail servers handled bounces correctly, and that your systems were rfc whatever compliant.
Compared to Yahoo and MSN/Hotmail, AOL is completely buttoned down and has their act together.
What a strange bird is the pelican, his beak can hold more than his belly can.
How many double opt-in e-mail lists have been blocked...
Do you mean "confirmed opt-in"? If so, you should say so. "Double opt-in" is a meaningless phrase, beloved by spammers. I have every confidence that you're not a spammer, but if you speak in the spammers' language, people will get the wrong idea about your lists.
My next sig will be ready soon, but subscribers can beat the rush
The big problem is, it's basically impossible to run a mail server without using RBL's (we tried)
Try harder, PSU provides email for 130,000+ users (generally around 6 million emails a day) without a RBL. RBLs are a bad solution looking for a problem, there are much better ways to deal with spam that are not run by clueless zealots.
Finkployd
AOL until recently had Carl Hutzler, one of the most respected names in anti-spam, who has turned AOL around and made them one of the leaders in anti-spam, from outbound port 25 blocking to SPF.
Don't credit things to people if they didn't do them. Carl wasn't responsible for outbound port 25 tagging/filtering/blocking. I know that for an absolutely certainty. And while Carl may have done a lot of anti-spam work, the outbound port 25 work is what dropped AOL from one of the top 5 spammers to not even on the list of the top 50 as soon as it was implemented (according to SpamCop, at the time).
-Todd
"The details of my life are quite inconsequential..."
Roman numbers. It's weird, but advertisers like to use them. CPM is the "cost per thousand impressions", for example. It get's weirder: MM is actually just two thousand in roman numbers, but advertisers understand it as 1000*1000. Is that enough proof that too much involvement with marketing guys screws with your head?
Try harder. We have 41 million users, with over a million SMTP sessions a minute handled (90% rejection at the edge, and 80% of what gets through is still spam). We *need* DNSBLs.
I can throw myself at the ground, and miss.
AOL and Earthlink's method of blocking anyone who may have potentially offended, is very bad. With their methodology, I should need to call every ISP to ask not to be blocked, because one of my customers may want to send one of their customers a message.
I just pulled a report from one of our membership databases. Of 370,918 users, there were 39,692 distinct domain names. In the top 50 of that list are a few I can't call. wanadoo.fr . t-online.de, libero.it, bluewin.ch, tin.it, planet.nl. You get the idea.
If everyone took up AOL's anti-spam scheme, I would need a staff of people who's sole job was to call all the ISP's, and make sure we weren't blocked.
The *BETTER* method is not to block based on any one rule. It's what you see with hotmail, mail.yahoo.com, gmail, etc.. Bad mail is received, and filtered into a spam box.
With our mail servers, we do the same thing. We use mailscanner (mailscanner.info), with spamassassin, 5 blacklists, and two virus scanners. If the score is high enough, it simply adds a bit to the subject line.
[UBE/UCE/SPAM] original subject
My users have the option of deleting those automatically, or filtering them off to another box.
Right now, I have 6,634 messages in my spam box, and 1052 in my inbox. You could say 15.8% of my mail is real, but that's not completely accurate. A lot of the "real" messages in my inbox are automated messages, such as server notifications.
The ***HUGE*** difference between what I do and what AOL does is this.. When I get a message, even though the mail server suspects it is spam, it still gets delivered into my spam box. **I** have the option of choosing what **I** want done with it. If **I** want to delete it, I can. If **I** want to have the mail server delete it before it even gets to my box, I can. If **I** want to keep them all, so I can make statistics about how many spams I get, I can. And if someone says "I sent you an Email, but never got a reply", I can check my spam box. The last time that happened was over 6 months ago. It's very rare that a legitimate message gets flagged as spam.
Since I know for a fact that AOL blocks legitimate messages, that means that they are completely in the wrong with their methodology.
I've spent several conference calls on with AOL. They believe that they are the Internet. They are the only mail server, and anyone who isn't using AOL is some sort of evil hacker. It was really frustrating, when every reference they made indicated there was only AOL. They said that their blacklist protects all mail servers. Even mine? Yes. So I asked how I got that protection. They don't know. It's just there. Like divine intervention, or eye boogers. I tried to explain that I'm a SysAdmin, and I may know a little bit about the magic of the Internet. He refered me to their standard page, http://postmaster.info.aol.com
Yes, we are already in the "feedback loop". They know all our networks. They have the email and phone number of a contact who's always available. The contact watches the abuse mail for the occasional misguided soul who hits "Abuse" instead of "Reply". Every month or two, we get some part of the network blacklisted. We call up, and they promise to 'whitelist' us. We dance around this with a few dozen calls, and then everything is fine for a month or two. Lather, rinse, repeat.
It's *REALLY* annoying to **NEED** to call another company to ask for their permission to play on their Internet with them.. Like I said at the beginning of this message, almost 40,000 domains. If everyone played this way, that would mean 40,000 calls so people could send out EMail. That *ALSO* means I would need to have phone support people ready to answer 40,000 calls. I don't really want that. My budget for staff is better used for staff who do a job which is helpful to the company.
I guess if 40,000 providers did hire say 8 employees to handle calls (4 outbound, 4 inb
Serious? Seriousness is well above my pay grade.
Most spam engines don't use a mail queue, which is why greylisting works so well.
If you don't have a firewall that can block that class C entirely, you can do the same crudely at your mail host with:
route add -net 64.163.43.0 255.255.255.0 127.0.0.1
[may need some slight tweaks for various OSen]
Duh.
Carl hasn't left AOL... He's no longer their postmaster god, but he's moved sideways into a role known as 'Director, Host Mail Development.'
I'd assume he's still doing good things at AOL as far as anti-spam goes, given his new title.
You're doing it wrong.
One of the big necessities we had when picking our current system was that it had to be able to validate an address during the SMTP exchange; it does this by having access to the same database the mail storage back-end uses for deciding where to stuff the message after it is accepted. If it isn't in the database, the message gets rejected before it enters the hard-working parts of the system.
That's just one of the gauntlets it passes through on our system, but it stops 20% of the traffic. Our internal block lists get another 50%, all with the speed of a few SQL queries. The 30% that's left do not impose much load on the other tests, and our whitelists jump over the later tests for recognized senders.
But, if you are like some universities and businesses, and can't reject ANYTHING due to policy, it's a moot point, anyway...