Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL Placed on Spam Blacklist

Posted by Zonk on from the it-wasn't-there-before? dept.

Hacker-X writes "According to this item over at Spam Kings, AOL has had a large swath of its IP addresses added to the Mail Abuse Prevention Systems (MAPS) Real-time Blackhole List (RBL). The RBL is used by many corporations and large ISPs to filter spam. MAPS evidently started blocking the AOL mail servers less than 24 hours after filing a complaint with AOL's abuse desk. The block was initiated in response to spam emanating from AOL mail servers."

7 of 364 comments (clear)

  1. Re:Overzealous by Saxton · · Score: 5, Informative

    Well, it looks like things got turned around anyway:

    [UPDATE: Looks like MAPS changed its mind. As of Tuesday afternoon ET (GMT -4:00), AOL's listing at the MAPS site is gone, and a lookup shows AOL's mail servers no longer seem to be on the MAPS RBL list. No word yet on whether AOL resolved the spam problems, or if MAPS just decided to give AOL more time.]

    --
    My name is Aaron Landry, and I approve this message.
  2. Re:Overzealous by Matts · · Score: 5, Informative

    You need to look at the facts a bit closer. AOL *has* cleaned up its act, more than anyone else on the entire internet. It's stunningly clean for an ISP of its size.

    This was caused by one spam. Let me just repeat that: out of 60 million users MAPS saw one spam coming from AOL's outbound mail servers.

    Now AOL does have a set of IPs out of which some spam does emanate - the rlyIPXX block (64.12.138.(7-9)). This is the IPs that they redirect direct-to-port25 mail through, and they actively encourage people to block this range. It's been publicly stated that they intend to shut this activity down real soon now, but in the meantime most people just block that range and don't see a problem.

    Check the anti-spam newsgroups and mailing lists some time. AOL is hugely respected in anti-spam terms these days. And deservedly so.

    --

    Matt. Want XML + Apache + Stylesheets? Get AxKit.
  3. On SpamCop too by goDzi7la · · Score: 4, Informative

    AOL is listed on SpamCop too. http://www.spamcop.net/w3m?action=checkblock&ip=20 5.188.157.37

  4. Re:Overzealous by jenkin+sear · · Score: 5, Informative

    I have to agree. We run some very large (1MM subscribers) mailing lists for our customers - not spam, just company announcements and such. AOL had a great process for getting whitelisted with them- they checked that you were legit, that your mail servers handled bounces correctly, and that your systems were rfc whatever compliant.

    Compared to Yahoo and MSN/Hotmail, AOL is completely buttoned down and has their act together.

    --
    What a strange bird is the pelican, his beak can hold more than his belly can.
  5. Re:Overzealous by Vainglorious+Coward · · Score: 3, Informative

    How many double opt-in e-mail lists have been blocked...

    Do you mean "confirmed opt-in"? If so, you should say so. "Double opt-in" is a meaningless phrase, beloved by spammers. I have every confidence that you're not a spammer, but if you speak in the spammers' language, people will get the wrong idea about your lists.

    --
    My next sig will be ready soon, but subscribers can beat the rush
  6. Re:Overzealous by finkployd · · Score: 4, Informative

    The big problem is, it's basically impossible to run a mail server without using RBL's (we tried)

    Try harder, PSU provides email for 130,000+ users (generally around 6 million emails a day) without a RBL. RBLs are a bad solution looking for a problem, there are much better ways to deal with spam that are not run by clueless zealots.

    Finkployd

  7. Re:AOL deserved it by JWSmythe · · Score: 3, Informative

    AOL and Earthlink's method of blocking anyone who may have potentially offended, is very bad. With their methodology, I should need to call every ISP to ask not to be blocked, because one of my customers may want to send one of their customers a message.

    I just pulled a report from one of our membership databases. Of 370,918 users, there were 39,692 distinct domain names. In the top 50 of that list are a few I can't call. wanadoo.fr . t-online.de, libero.it, bluewin.ch, tin.it, planet.nl. You get the idea.

    If everyone took up AOL's anti-spam scheme, I would need a staff of people who's sole job was to call all the ISP's, and make sure we weren't blocked.

    The *BETTER* method is not to block based on any one rule. It's what you see with hotmail, mail.yahoo.com, gmail, etc.. Bad mail is received, and filtered into a spam box.

    With our mail servers, we do the same thing. We use mailscanner (mailscanner.info), with spamassassin, 5 blacklists, and two virus scanners. If the score is high enough, it simply adds a bit to the subject line.

    [UBE/UCE/SPAM] original subject

    My users have the option of deleting those automatically, or filtering them off to another box.

    Right now, I have 6,634 messages in my spam box, and 1052 in my inbox. You could say 15.8% of my mail is real, but that's not completely accurate. A lot of the "real" messages in my inbox are automated messages, such as server notifications.

    The ***HUGE*** difference between what I do and what AOL does is this.. When I get a message, even though the mail server suspects it is spam, it still gets delivered into my spam box. **I** have the option of choosing what **I** want done with it. If **I** want to delete it, I can. If **I** want to have the mail server delete it before it even gets to my box, I can. If **I** want to keep them all, so I can make statistics about how many spams I get, I can. And if someone says "I sent you an Email, but never got a reply", I can check my spam box. The last time that happened was over 6 months ago. It's very rare that a legitimate message gets flagged as spam.

    Since I know for a fact that AOL blocks legitimate messages, that means that they are completely in the wrong with their methodology.

    I've spent several conference calls on with AOL. They believe that they are the Internet. They are the only mail server, and anyone who isn't using AOL is some sort of evil hacker. It was really frustrating, when every reference they made indicated there was only AOL. They said that their blacklist protects all mail servers. Even mine? Yes. So I asked how I got that protection. They don't know. It's just there. Like divine intervention, or eye boogers. I tried to explain that I'm a SysAdmin, and I may know a little bit about the magic of the Internet. He refered me to their standard page, http://postmaster.info.aol.com

    Yes, we are already in the "feedback loop". They know all our networks. They have the email and phone number of a contact who's always available. The contact watches the abuse mail for the occasional misguided soul who hits "Abuse" instead of "Reply". Every month or two, we get some part of the network blacklisted. We call up, and they promise to 'whitelist' us. We dance around this with a few dozen calls, and then everything is fine for a month or two. Lather, rinse, repeat.

    It's *REALLY* annoying to **NEED** to call another company to ask for their permission to play on their Internet with them.. Like I said at the beginning of this message, almost 40,000 domains. If everyone played this way, that would mean 40,000 calls so people could send out EMail. That *ALSO* means I would need to have phone support people ready to answer 40,000 calls. I don't really want that. My budget for staff is better used for staff who do a job which is helpful to the company.

    I guess if 40,000 providers did hire say 8 employees to handle calls (4 outbound, 4 inb

    --
    Serious? Seriousness is well above my pay grade.