Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL Placed on Spam Blacklist

Posted by Zonk on from the it-wasn't-there-before? dept.

Hacker-X writes "According to this item over at Spam Kings, AOL has had a large swath of its IP addresses added to the Mail Abuse Prevention Systems (MAPS) Real-time Blackhole List (RBL). The RBL is used by many corporations and large ISPs to filter spam. MAPS evidently started blocking the AOL mail servers less than 24 hours after filing a complaint with AOL's abuse desk. The block was initiated in response to spam emanating from AOL mail servers."

10 of 364 comments (clear)

  1. Overzealous by Oculus+Habent · · Score: 5, Insightful

    Overzealous RBL admins screw everyone. If they think everyone is going to sit back and not mind that major ISPs like AOL have been blacklisted, they are (hopefully) if for a rude awakening.

    How does someone seriously justify this? Isn't this like cutting off one's nose to spite one's face?

    Maybe it's time to come up with a hybrid system? How about a combinations of black and "gray" lists, where the gray lists are subjected to greater scrutiny or harsher limits by spam filtering software?

    --
    That what was all this school was for... to teach us how to solve our own problems. -- janeowit
    1. Re:Overzealous by Dionysus · · Score: 5, Insightful

      How about people stop using RBLs if it bothers them that certain ISPs get blocked?

      --
      Je ne parle pas francais.
    2. Re:Overzealous by PDXNerd · · Score: 5, Insightful

      So it's OK to blacklist a little guy that has a misconfigured/hacked email server that is spitting out spam, but if a big fish does this, we should justify and make excuses for them??

      This should be the rude awakening to AOL - clean up your act. Stop allowing spam to be sent, or your users might start getting peeved that their emails aren't getting through. Most rookies have been through this - how embarrassing for AOL to have to go through it to! ;-)

    3. Re:Overzealous by FortKnox · · Score: 5, Insightful

      Being in a blacklisted IP-Range before, I can share your frustration. But I do believe the motives behind this isn't to keep AOL blacklisted, but to motivate AOL to fix their outgoing spam problems. Nothing says "Fix people spamming from your service" like thousands of angry customers...

      --
      Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
    4. Re:Overzealous by berzerke · · Score: 5, Insightful

      AOL is not "special" in that circumstance. The short response timeframe is a little harsh...

      Well, if you've had your entire domain blocked by AOL without warning, you might disagree. You might disagree strongly if after contacting AOL, they admitted you were wrongly blocked but they were having trouble figuring out how to unblock you (took a week).

      How many double opt-in e-mail lists have been blocked simply because some AOL luser couldn't figure out how to unsubscribe (or didn't even try to) and just hit the report as spam button? (Hint: I know of 3 just off the top of my head.) AOL blocking is automatic. Guilty until proven innocent. Is 24 hours really that harsh given what AOL does to others?

      Of course, if we could all convince the idiots that buy from spam to stop buying, this whole problem would disappear on it's own.

  2. Re:AOhell by snorklewacker · · Score: 4, Insightful

    AOL profits from these spammers and they know it.

    Bullshit. MCI profits from spammers. You're talking out of your ass. You think they care about the monthly dialup access fees from spammers? AOL until recently had Carl Hutzler, one of the most respected names in anti-spam, who has turned AOL around and made them one of the leaders in anti-spam, from outbound port 25 blocking to SPF. Ask anyone on NANAE .. hell, ask the kooks, they'll tell you AOL has a fraction of the spam problem anyone else does, and their main complaint is only bounce spam, which they've nearly eliminated this year. Carl has since moved on (got promoted I think) and left two more in his stead who hopefully will continue to be as effective as him.

    MAPS is run by some righteous little twits driving their fiefdom of an RBL into irrelevance at flank speed. Most responsible admins have moved on to some subset of SORBS, Blitzed OPM, and the Spamhaus XBL, with perhaps SPEWS turned on for advisory data only.

    You on the other hand just think you're hot shit because you don't like AOL.

    --
    I am no longer wasting my time with slashdot
  3. Re:A.O. What? by TFGeditor · · Score: 5, Insightful

    Actually, this surprises me as an exception rather than the rule as far as AOL is concerned.

    (I posted the following in an earlier discussion on a different topic, but it is 100 percent applicable here.)

    I am not an AOL customer, have never been, never will be (at least, not by choice), but I am glad AOL is there to serve the unwashed masses. Because a huge portion of their customer base is, shall we say, "uninformed," AOL has taken a number of measures to protect them (and their network) from malicious traffic. Based on anecdotal observation, it seems to be working.

    Because hundreds of people have my "public" email address in their address books, I recive dozens (sometimes hundreds) of virues per week whenever there is an outbreak. However, I cannot recall the last time I received one from an AOL user.

    I receive hundreds of (filtered) spam messages daily, but again, cannot recall receiving any from an AOL machine. (This based on source IP address, not the forged FROM line.)

    On the flip side, 30-40 percent of spam comes from zombied Comcast and RoadRunner accounts (most from Comcast). The rest come from non-North American IP addresses.

    Like I said, limited anecdotal observation, but it appears to me AOL is doing something right, and is the perfect ISP for the "uninformed" user.

    Considering the size of their customer base, imagine how much more junk/malicious 'net traffic there would be without AOL.

    --
    Ignorance is curable, stupid is forever.
  4. Re:Accountability by fm6 · · Score: 4, Insightful
    Get real. MAPS is a holy crusade, and all ISPs are presumed guilty until proven innocent. And proof ain't easy to come by.

    The assumption of anti-spam activists seems to be that spam wouldn't be possible without the knowing collusion of evil ISPs. Obviously, evil, greedy people will only respond to threats to their income. So never mind negotiations -- blacklist 'em until they repent.

    Which ignores the difficultly of enforcing a spam policy. You can't just terminate somebody's account the first time somebody accuses them of spamming -- it's not fair, and will probably get you sued. Having worked at an ISP, I can tell you they get lot of bogus spam complaints, mostly from people who don't know how to figure out who owns an IP block, or who misread mail logs. And in some cases, the owner of the IP block just rents rack space to the SMTP provider. Which may well do a poor job of policing spammers -- but you have to make some attempt to get them to improve before you ditch a customer who's paying you tens of thousands of dollars a month.

    MAPS and their ilk also seem totally ignorant of Hanlon's Razor. Very often ISPs assign their abuse issues to unsocial geeks whose communication skills and capacity for objective thought is quite limited. So of course they return MAPS's arrogant ignorant anger with more of the same. The resulting interaction is not conducive to solving the problem.

    So yeah, ISPs are not blameless. But they're not the greedy bastards the stupid bastards at MAPS like to get mad at.

  5. Re:Receivers *choose* to use RBLs by zakezuke · · Score: 5, Insightful

    Is MAPS forcing you to use their lists? No. So what's your problem?

    So in the end no one is accountable. The ISP doesn't make the list MAPS does, so it's not their fault. MAPS says no one has to use their lists so it's not their fault they just make the list. Any collateral damage is just a figment of your imagination. Nobody's fault, nobody's problem.

    This is the major issue I have with many spam lists. You are fed this circular logic and the only way to break the circle is to change ISPs and hope you don't have a problem again.

    --
    There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
  6. I am. by khasim · · Score: 4, Insightful
    Who is an RBL's "user?"
    I am. And I am also the email administrator for the company I work for.
    Most of the senders whose legitimate mail gets blocked are in no way connected to the RBL.
    The RBL's don't block anyone's email.

    It is people like me who use the RBL's and have my email server setup to reject (with proper attribution) email from sites on the RBL's.
    On the receiving side, how are you to know you should complain to your ISP about their crappy RBL (assuming you somehow know what they are) when the problem is you didn't get the message in the first place?
    The person sending you the message will get their message kicked back to them with a very clear "We rejected your message because your domain/IP address is on a blacklist at www.xxx.xxx".

    How much easier does it get then that?
    Even if you're an ISP mail administrator, who do you know the RBL did something stupid like this until the angry phone calls start coming in?
    Simple. I read the logs and the discussions. I've only had one problem since I put in the blacklists. And that was from a company with BellSouth who had had other problems with blacklists because BellSouth didn't handle the IP addresses correctly.

    Now, balance that against the thousands of rejected spams EVERY SINGLE DAY and the course is clear.

    With less than .000001% problems, I'm sticking with the blacklists. People who get on those blacklists do have other communication channels open to them and they can easily contact me if there is ever a problem.