Forgot your password?
typodupeerror
America Online Your Rights Online

AOL Bans Mail From DSL-Hosted Servers 925

Posted by timothy
from the because-individuals-should-not-have-them dept.
kmself writes "As first reported at linux-elitists by Aaron Sherman, and with a demonstration of the denial at zIWETHEY, AOL has begun blocking mailservers identified with residential DSL lines as an anti-spam measure, apparently heedless of the huge collateral damage this move imposes (and guess who can't send mail to Mom...). This action was unannounced, and has received virtually no coverage, spare an oblique mention at News.com. It also violates SMTP RFCs, as Aaron points out, not to mention the 'good neighbor' conventions of Internet communications. Mail to AOL's postmaster is also bounced -- this is RFC-ignorant. I strongly recommend that as a compensatory measure, non-AOL MTAs be configured to deny all incoming mail from AOL's domain."
This discussion has been archived. No new comments can be posted.

AOL Bans Mail From DSL-Hosted Servers

Comments Filter:
  • I would say.... (Score:3, Insightful)

    by Chris_Stankowitz (612232) on Sunday April 13, 2003 @06:28PM (#5723374)
    to lttile too late. However, this move doesn't even classify as "too little". There has to be some other underlying reason to move to block e-mail for this one group of internet users, because it clearly isn't going to put a dent in the spam that AOL users receive daily. There are MANY service providers that do a much better job at spam blocking than AOL, why is it about them that keeps them from getting it right? Or are they secretly selling e-mail addresses?
  • Re:No problem (Score:2, Insightful)

    by Profane Motherfucker (564659) on Sunday April 13, 2003 @06:30PM (#5723391) Journal
    I long ago includedevery mail from aol.com, yahoo.com and hotmail.com in my static spam filters.

    Is this a contest to see who is more ignorant? I'd put you as neck and neck with AOL in this respect.
  • by cperciva (102828) on Sunday April 13, 2003 @06:31PM (#5723404) Homepage
    If AOL doesn't want to accept your mail, that's their choice. It's their network, and their mail servers. Of course, when AOL customers find that they can't receive any email, AOL might lose business.

    Like all other spam blocking attempts, there will be collateral damage. They try to keep their customers happy, and the market decides if they succeeded.
  • Re:ummmm... (Score:2, Insightful)

    by opti6600 (582782) on Sunday April 13, 2003 @06:32PM (#5723410)
    wavelengths discovered this one a while ago. As an academic publication, hence receiving zero (0) dollars, we can't very well afford to go ahead and get a static IP, business DSL line, or something as out of this world as a T1.

    I think this is an egregious violation of the community's trust on part of AOL, not to mention that it's ridiculous considering that a LOT of the spam coming at them won't be from home lines, but from established spamwhores like pm0 and others.

    So that's right, a group of 10 students can't send mail to AOL accounts because we can't afford to pay the piper for $300/month. This is RIDICULOUS. It's bad enough that we were forced away from school hosting because they "didn't have enough room" and that we actually needed features for our site, but then the fact that we can't get in touch with half of the MAST Academy student body through the wavelengths Journal email server...that's sad.

    Best regards,
    Jordan
  • Re:ummmm... (Score:2, Insightful)

    by opti6600 (582782) on Sunday April 13, 2003 @06:46PM (#5723493)
    Yeah, but buddy...we use our own mail server for professional reasons. I can control what my staff sends out and gets in, and also can provide server-side address (LDAP) and other resource support.

    We're even considering moving to Exchange for the feature (we use RHEmS now), but with AOL blocking us, I try to keep a slightly tighter ship, so to speak, in an effort to show what the Avg. Joe can do with their mailserv. I dunno guys, the Net seems to be heading down the tubes faster than we can be righteous, but I hope we don't see this again. Come on! Students having their ALTERNATIVE ENERGY publication's mail serv blocked? It's a shame.
  • by Boss, Pointy Haired (537010) on Sunday April 13, 2003 @06:48PM (#5723505)
    Yes, but have they told their subscribers?

    You don't know you haven't got what you didn't get.
  • by astrashe (7452) on Sunday April 13, 2003 @06:49PM (#5723517) Journal
    If you're an admin with users (ie., not just running your own system), it would be pretty hard to ban incoming mail from AOL.

    A year or two ago, I had AOL trouble with my free colocated server. The people who gave me the server were using IP addresses from a T1 line that they bought from a cable modem company. It wasn't on a net connected via a cable modem, but it was part of the cable modem company's block.

    So AOL just silently deleted my messages. It's very frustrating, they don't tell you anything, you can't find documentation, no one will answer an email, etc.

    It would be nice, at least for the first few days after they start the policy, to bounce messages with some sort of explanation, rather than just tossing them out.

    I don't really have a problem with them trying to block spam -- I had access to a bigger, upstream SMTP server, so I could relay -- but it sucks that they don't tell anyone what's going on.

    At the very least an AOL mail admin could post something on a mail admin's email list, so that a google search would turn up the answer. What would that take, five minutes?

  • Re:Good move (Score:3, Insightful)

    by user no. 590291 (590291) on Sunday April 13, 2003 @06:53PM (#5723539)
    Bullshit. I pay for connectivity and know what I'm doing, and run my own SMTP server. If you don't want my email, you certainly don't have to accept it, but I'll run my own anyway, and the ignorant among you can just not communicate with me.
  • Re:Good move (Score:3, Insightful)

    by oblom (105) <miscalculation @ g m a i l . c om> on Sunday April 13, 2003 @07:05PM (#5723616)
    %50/month for a stable connection with static IP and I have to depend on somebody else to handle my mail? I don't think so.

    No to mention, that many ISPs don't allow FROM field to contain domain names different from their own.

    AOL's "solution" is an ugly patch that does't resolve the problem, neither does sending mail through ISP.
  • Wow, perhaps this explains the huge upsurge in the number of non-received emails. People in my Rotary club are baffled that I am not responding to their emails, and it certainly seems to be all the AOL folks. Are they rejecting emails, or blackholing them?

    I run my own mail server on a "business DSL" connection with a static IP address, but it runs to my home and I doubt there is any genuine distinction between "residential" and "business" DSL lines. I run my own server, of course, so that I can have a fairly powerful set of spam filters at the server side, in addition to a complex set of client-side spam filters -- all because I receive hundreds of spam emails per day, including dozens that I can identify as coming from AOL-owned servers.

    I assume that AOL has only disabled receipt of email from DSL lines, and continues to send its customers' spam to folks like me. It's hard to know, since my filters already reject more than 98% of incoming email delivery attempts.

    Let's at least try to be fair to AOL: they are just like the rest of us, forced to seek out triage solutions to the increasingly aggressive strategies used by spammers. Until a new structure is widely adopted for exchange of email (something that allows for true source verification and financial compensation for abuse), triage is the only solution that will work. Hence I block nearly all email from earthlink servers and customers, as well as juno.com and HUNDREDs of other domain names and IP addresses.

  • by 0x0d0a (568518) on Sunday April 13, 2003 @07:07PM (#5723634) Journal
    aol is pitiful

    But representative of the masses. Most people don't care about anything but Web access and email -- and the more this happens, the more the Internet heads in that direction, regardless of how much we dislike it.

    It may be pitiful -- but it's probably indicative of the future. Already, extensive random firewalling has made HTTP one of the few mechanisms that can be relied on to work in all environments.

    Sigh.
  • Re:Good move (Score:5, Insightful)

    by SWroclawski (95770) <{serge} {at} {wroclawski.org}> on Sunday April 13, 2003 @07:10PM (#5723651) Homepage
    I currently don't have mod points or you and others who have said the same thing would be modded up.

    There's no RFC that says you have to accept mail from *everyone*. You're free to bounce mail to whomever you like.

    As to why this is an effective technique:

    1) Most of these "home servers" don't have a PTR record at all.

    2) Those that do, almost NEVER have one pointing to the domain they claim to be recieving for.

    3) All these residential users should be using their ISP as a relay. That's what the ISP is there for.

    4) Since there's no reason for them to need to send it out *not* through the ISP as a relay host, the majority of these users are spammers or just ignorant. In the first case, it's good to block them. In the second, maybe they will get a clue.

    I'm generally against crippling services on the ISP end, but I've even thought that maybe it's high time that ISPs do what AOL does, and block outbound port 25. Incomming is another story, but as the parent and I have pointed out- the residential users should be using their ISP's mail servers as relay hosts.

    - Serge Wroclawski
  • by LostCluster (625375) on Sunday April 13, 2003 @07:11PM (#5723661)
    If this turns into the death of SMTP, I won't cry.

    The fact is, SMTP is based on the flawed assumptions that every e-mail sent is one that the recipient wants to see because nobody would ever spam, and that there's no harm in letting the message travel unencrypted because nobody would ever snoop.

    It's time for reform in the overall e-mail system, the only problem is that there's a huge installed user base that'd be forced to upgrade in order for a new e-mail protocol to work. It's gonna take something silly like this to get out of hand for that to happen.
  • by moonbender (547943) <moonbender@gmai l . com> on Sunday April 13, 2003 @07:13PM (#5723673)
    Those no-server TOS are a joke, anyway. I mean, what qualifies as a server? Apache probably does. Does an Apache modified to only allow access to a small number of people? Does a similarily restricted ftpd? Okay, so how about ICQ? It's a client to the ICQ network, but it's kind of a hybrid, as it responds to requests of other clients, as well. IRC/DCC? Most/All of the P2P programs are client/server hybrids.
    What about game servers - I can't host a match of Age Of Kings for my friends?

    So, really, those TOS are a joke. A bit OT, all of this, I guess.

  • Privatized mail (Score:5, Insightful)

    by Dukeofshadows (607689) on Sunday April 13, 2003 @07:14PM (#5723676) Journal
    The United States Postal Service has announced it will stop delivering
    any mail from Florida, due to the large number of mail-order scams originating from that state


    Don't laugh too hard on that one, there are schemes in place of trying to privatize and eliminate the whole of the US mail system including first class postage. While it might be neat to have all your mail sent by one company like UPS and while the post office does need to get its act together ASAP, my concern is that rural areas would by stuck with only one greedy private company as their only means of communication (thus making it expensive to send or recieve mail at all). Remember, the postal system in the US is a time-honored tradition that has been the envy and model for the rest of the planet. It is also in good working order, thus if AOL chooses not to accept e-mail anymore, why not just bombard them with snail mail? We could also return their bloody disks right back to them while we're at it. Maybe after they get several hundred thousand they'll get the hint.

    And if you think the AOL-Time-Warner lawyers will allow their most lucrative domain to be taken from them then I have to disagree. I figure they've already got a loophole in the fine print somewhere that is as easily exploited as the pictures of children for those old Sally Struthers commercials (the ones where the kids keep starving but she kept growing). There hsa to be some reason behind this that is not yet shared, hopefully their decision has a more rational basis than some of the arguments for privatizing the US postal system.
  • Re:No problem (Score:2, Insightful)

    by Shardis (198372) on Sunday April 13, 2003 @07:17PM (#5723693)
    Wow, I'm impressed. I just did a count on my junkmail/spam list and fully 100+ of the past 150 unsolicited email messages have come from Yahoo accounts alone. Most of the rest are hotmail or aol, with a few wierd ones thrown in from the "sophisticated" that are forged. I've given up on re-spamming "abuse at yahoo.com" and similar with them all even...
  • Re:About Time (Score:5, Insightful)

    by AnotherBlackHat (265897) on Sunday April 13, 2003 @07:17PM (#5723694) Homepage

    30% of the spam that comes in to our mailserver is from residential dsl ip's.

    50% of the spam I receives has an odd number of letters in the domain name,
    but I wouldn't consider filtering based on that.
    A 70% false negative rate is pretty meaningless without knowing the false positive rate as well.
    What percentage of your non-spam email comes from dsl ip's?


    If you are dial up or home dsl you should not be talking diectly to smtp servers anyway you should be sending mail through your provider.


    Sounds like a load of claptrap to me.
    Care to cite an RFC that suggests such a thing?
    How about a good network reason why email should be relayed instead of sent directly?

    -- this is not a .sig
  • by sa3 (628661) on Sunday April 13, 2003 @07:18PM (#5723702)
    It's all very well saying "residential users should use their isp's mailserver", but what about when that mailserver doesn't appear to know what an RFC is:

    Connected to mail.bellsouth.net.
    Escape character is '^]'.
    220 mail.bellsouth.net ESMTP server (InterMail vM.5.01.04.25 201-253-122-122-125-20020815) ready Sun, 13 Apr 2003 19:17:26 -0400
    MAIL FROM:<>
    250 Sender <> Ok
    RCPT TO:<slashdot@slashdot.org>
    550 .net 022: Your current IP address is not allowed to relay to slashdot.org Solution: Connect using BellSouth Internet Service.
    QUIT
    221 imf35bis.bellsouth.net ESMTP server closing connection

    <> is an important from address - it's used by the mailserver when it bounces a message, so that the bounce can't be bounced back and forth in a loop

    For that particular server I used to test that, I had to arrange to send email via someone else's mailserver using smtp auth >:|
  • Re:No problem (Score:3, Insightful)

    by Glytch (4881) on Sunday April 13, 2003 @07:21PM (#5723715)
    The difference is that the previous poster implemented this voluntarily for themself. AOL forced this on their customers.
  • by lanner (107308) on Sunday April 13, 2003 @07:23PM (#5723726)
    Blocking Mail Servers that don't have Reverse DNS

    This issue is somewhat related, and is just another part of the big issue of preventing users from setting up their own services upon their Internet connections. If you can't send an receive any data that you want, it's not true Internet access. Now, I am not talking about setting up a mail server at work behind the corporate firewall, or on the college LAN. I am talking about the DSL line that I pay $55 to $150 a month for.

    Recently I put up a personal mail server off of my DSL line. It uses Courier for the MTA. I am able to send and receive mail to most hosts on the internet, but a few will not accept messages from my mail server. I was curious as to why, so I did an investigation.

    It turns out that these mail servers check reverse DNS for the IP address that I am using for a mail server. Doing a forward DNS check would be just fine, but a reverse DNS check? It does not stop spam, and worse, it blocks legitimate mail servers.

    My ISP is pretty stupid on the technical wise. They use EIGRP as their IGP and they leave their customers on a live EIGRP enabled interface. I could inject routes into their IGP if I wanted to. Most of their Cisco routers also have HTTP and finger enabled. They definitely don't do anything about reverse DNS. There is no way that I can register my mail server (mail.opendreams.net) with the IP that I use (66.192.31.140).

    The mail servers that I have so far discovered block mail from me include;
    The University of Central Florida, @pegasus.cc.ucf.edu, pegasus.cc.ucf.edu
    Datanomix Inc, @datanomix.com, mail.datanomix.com

    How did I find out? Here is an example of a telnet to port 25 that I did...

    user@sorrows-->telnet pegasus.cc.ucf.edu 25
    Trying 132.170.240.30...
    Connected to Pegasus.cc.ucf.edu.
    Escape character is '^]'.
    EHLO mail.opendreams.net
    450 Client host rejected: cannot find your hostname, [66.192.31.140]
    QUIT
    221 Bye
    Connection closed by foreign host.

    The mail server won't even talk to me.

    Issues like this will make mail on the Internet no longer a sure thing. There will be mail routing and blocking issues all over, and you can't be sure that one mail server will talk to another. This is not acceptable.

    I personally think that there needs to be U.S. Federal laws made to protect the rights of Internet users. The reason that I think that law is necessary is that there is no competition in many areas for internet access. If there was, I could just switch carriers, but I have no options.

  • Re:Privatized mail (Score:5, Insightful)

    by LamerX (164968) on Sunday April 13, 2003 @07:28PM (#5723746) Journal
    I dont' understand why everyone is so down on the USPS. I've never seen packages arrive late. My mail, which sits out in an unlocked box on the street, never gets messed with, it always arrives at its destination, and it seems to get there pretty quick. I mean, which method do you notice EVERY company sends out bills? I've never seen anyone send bills via UPS or FedEx, even though according to many people the USPS sucks....
  • Err.... (Score:2, Insightful)

    by Wakko Warner (324) on Sunday April 13, 2003 @07:29PM (#5723750) Homepage Journal
    Or you could just use your ISP's SMTP server like you're supposed to.

    Running domains on dynamic IP addresses is 3 types of lame.

    - A.P.
  • by juuri (7678) on Sunday April 13, 2003 @07:35PM (#5723780) Homepage
    Blocking reverse is fine; make your ignorant ISP fix your service.
  • by Squidgee (565373) <squidgeeOO1&hotmail,com> on Sunday April 13, 2003 @07:37PM (#5723783)
    Yeah...because when a big corporation does something wrong, we should exact revenge upon all of its customers.

    Actually, we should; it's called putting pressure on the corporation. If we were to pressure the corp, then they'll give in if enough users are f-ed up.

  • Re:Privatized mail (Score:5, Insightful)

    by EvilTwinSkippy (112490) <yoda AT etoyoc DOT com> on Sunday April 13, 2003 @07:45PM (#5723824) Homepage Journal
    The can't tweak it too hard.

    According to the constitution, by law Congress must provide a postal system. Short of a constitutional ademendment, they are just a lawsuit away from any "reform" ideas being thrown out.

    And frankly our postal system is a bargain. Try sending 2 oz letter 3500 miles for $0.36 in any other country in the world.

    Now if you only had a telephone and a broadband service like that...

  • by kcbrown (7426) <slashdot@sysexperts.com> on Sunday April 13, 2003 @08:17PM (#5724027)
    It's time for reform in the overall e-mail system, the only problem is that there's a huge installed user base that'd be forced to upgrade in order for a new e-mail protocol to work. It's gonna take something silly like this to get out of hand for that to happen.

    You don't need a new protocol. The one we have will work fine.

    What people need to do is stop trusting every email connection that's made, and instead insist that every email connection comes from a listed MX.

    This is easy to do: check the MXes for the domain listed in the SMTP "MAIL FROM" command (not to be confused with the "From:" header in the email message itself) and reject the connection if the IP address of the connection doesn't match one of the listed MXes for the domain. If you want to send email from a system that isn't a real MX, list it as a low priority one and block incoming SMTP traffic to that box (something anyone with any brains will be doing anyway), so that all incoming email goes only to the MXes that can handle incoming email.

    End result: it forces spammers to buy a domain (that won't last very long since it'll be blacklisted immediately if it starts sending spam), makes it easy to create useful blacklists that work, and ultimately significantly increases the costs of spamming. And finally provides a way of reliably ignoring open relays (because you can blacklist the domain associated with the open relay).

    And all of this can be done now, with no changes to SMTP required at all.

    So why are we all sitting around on our asses complaining about spam when a viable solution already exists?

  • Terrible Move (Score:3, Insightful)

    by billstewart (78916) on Sunday April 13, 2003 @08:22PM (#5724049) Journal
    No, that's a terrible move. (Begin Rant: It's the kind of thing advocated by Enemies of Unix who think that everybody on the net should be a Couch Potato Infotainment Consumer instead of a first-class citizen. End Rant.)

    The only reasons you should be using some other server to transmit your mail instead of doing it yourself are

    • Your connection isn't reliable enough - That's a problem for dial, not DSL.
    • Your machine or mail delivery software isn't connected reliably enough to handle reattempts on messages that didn't get delivered successfully the first time - Laptops have this problem, and it _is_ easier to write mail client software that hands everything to a proxy server than software that tries direct delivery first and then falls back to using the proxy.
    • Your mail software isn't smart enough to handle complex deliveries - That was a real problem back when we had UUCP and Bitnet and other non-SMTP mailers in common use and the Internet was only for universities and defense contractors, but we've fixed that problem, though some mail client software isn't smart enough.
    • They're providing a service you don't want to do yourself - Maybe some kind of timestamping or notary service or encryption gateway or anonymizer or tunnel into your corporate Intranet.
    But that's about it.
  • by bourne (539955) on Sunday April 13, 2003 @08:45PM (#5724160)

    But having your own SMTP server doesn't provide any functionality that you can't get from Comcast at base price anyway.

    Actually, it provides three bits of functionality:

    • Performance (less stupid delays)
    • Reliability (less insanely stupid delays)
    • Intelligent anti-spam, based on more complex thinking than "Hell, let's just block a /8."

    This move by AOL is a good thing.

    No, actually, it's a fucking bad thing. But you won't realize it until the day that you want to send your friend on MSN email but can't, and neither of you can talk to your parents who are on AOLMail, both of which are playing games to close their protocols to make sure that GnuMail can't play.

    Providing an open replacement for SMTP that has the authentication and accountability that SMTP is sorely lacking would be a good thing. Segregating the Internet address space into ghettoes is not.

  • by nrozema (317031) on Sunday April 13, 2003 @08:46PM (#5724167)
    Why again would one have a mail server on a dynamic IP? If you want to host your own mail, do it the right way and get a static IP address and an ISP that will host reverse DNS for you.

    This is what I'm doing, and haven't had any problems being blocked by the big boys. I would assume their filters are pretty basic... probably finding a dhcp-* or the likes during a reverse lookup is how they're doing their filtering.

    In CA at least, there's just no reason to give your broadband money to one of the 800lb gorillas with so many third party providers willing to give you a static IP and things like reverse DNS hosting for a tiny premium over the *Bell services. If your chosen broadband provider won't allow you to relay mail to addresses other than their own, then why again are you paying them so much money every month?
  • Re:Good move (Score:4, Insightful)

    by xdroop (4039) on Sunday April 13, 2003 @08:51PM (#5724192) Homepage Journal
    Since there's no reason for them to need to send it out *not* through the ISP as a relay host, the majority of these users are spammers or just ignorant. In the first case, it's good to block them. In the second, maybe they will get a clue.

    Right, I'll bite.

    Let's pretend I am an idiot who has a cable modem. And let's pretend that said cable modem issues an IP within the verboten rage. And now let's pretend that I have my own email domain completely unrelated to that of my ISP's, and that I use sendmail to send mail out.

    With me so far?

    Now, let's pretend that said ISP has implemented authentication requirements -- in other words, I must identify myself with a SMTP AUTH username and password before my ISP's server will accept my outbound mail.

    So. How do I configure my sendmail so that it uses my ISP's server as a relay (SMARTHOST definition) but feeds it the magic username and password first?...

    Any ideas?

  • Re:Privatized mail (Score:3, Insightful)

    by Some Dumbass... (192298) on Sunday April 13, 2003 @09:04PM (#5724270)
    Try sending 2 oz letter 3500 miles for $0.36 in any other country in the world.

    I assume that joke here is that there are hardly any other countries in the world which have 3500 miles for a letter to go. Even if the mail in, say, Japan were free, you still couldn't send a letter 3500 miles. I guess nobody got it. :)
  • Re:Privatized mail (Score:3, Insightful)

    by Some Dumbass... (192298) on Sunday April 13, 2003 @09:19PM (#5724363)
    Why does the USPS need to get it's act together? you cite that our already privatzed postal service is the envy of the world, but why say it needs to get its act together? They are efficient, statistically reliable (anecdotes about US mail getting lost are mere, well, anecdotes) and very cheap.

    Because it's losing money [usps.com]. They lost quite a bit [schooldata.com] last year.

    Also, if you've ever waited in line at a post office, you know that some aspects of their service are not exactly the model of efficiency. :)
  • Re:Good move (Score:4, Insightful)

    by analog_line (465182) on Sunday April 13, 2003 @09:36PM (#5724462)
    It isn't worth a whole hell of a lot.

    I have several customers who have Verizon DSL, but have domains hosted elsewhere, with mail hosted elsewhere, without authenticated SMTP relay. I would imagine, while certianly doing this to decrease their spam problem, that there's some sort of collusion (spoken or unspoken) industry wide to try and force ISP customers to use their bandwidth provider's services, hence making them more money.
  • Re:About Time (Score:4, Insightful)

    by valdis (160799) on Sunday April 13, 2003 @09:42PM (#5724481)
    Never invited 15 friends to a barbeque?

    Never tried to announce a new baby to more than 10 people?

    Never sent out "I'm moving, my new snail mail address is..."?

    I guess if you don't have more than 10 friends, you'd never need to bcc more than 10 people. But if that's the case, I feel sorry for you.
  • by twitter (104583) on Sunday April 13, 2003 @10:04PM (#5724656) Homepage Journal
    When I was using dial up, AOL and Hotmail bounced mail sent directly from my computers, even when I used my correct email address as the reply to. I was unable to send mail to my mother and my wife. "Just use the upstream provider" many wise asses told me. It did not work very well and that is an evil way to go.

    We must fight this in order to presever open communications on the internet. It won't reduce spam, it will simply provide exclusive franchises for email to larger ISPs and they certianly will fill your box with lots of adverts. Next they will close down other services, such as web and chat sites. Service, concentrated in a few careless hands, will be very poor and all of us will suffer. Be very afraid.

    Here's the chain of events:

    1. Block dial up mail
    2. Block cable/dsl mail
    3. Block smaller ISPs
    4. Change what's left of laws that prevent this kind of predatory behavior

    Notice that most of this has already happened. The No Electronic Theft Act and other cable laws already make it against the law to violate your user agreement to "obtain services without authorization". The baby bells are hard at work trying to extend such laws to their own networks. Oh yeah, AOL has already cut off peerage to smaller ISPs. If that's not an effective block on email, I'm not sure what is.

    Once enough power is concentrated, the internet as we know and think of it, open to all, will go down the memory hole. Even the memory of it will be erased. It will look more like TV or the Post Office. Ppeople will be taught to be thankful for all the garbage that gets pushed on them and that nothing could be better.

    It's not hard to run a mail server. Reasonable software like that provided by Debian comes configured well and has easy to understand set up and configuration files. Run one today and tell your friends. Performance is awsome and this justifies the effort even if your crapy provider blocks incomming mail requests. Tell your service provider that they should change their terms to allow it.

    Oh yeah, there's something else to do. I killed my 8 year old AOL account and sent the $10 a month to the free software foundation. Build a wireless node.

  • by Blkdeath (530393) on Sunday April 13, 2003 @10:09PM (#5724675) Homepage
    What people need to do is stop trusting every email connection that's made, and instead insist that every email connection comes from a listed MX.

    Which in itself is an RFC violation.

    End result: it forces spammers to buy a domain (that won't last very long since it'll be blacklisted immediately if it starts sending spam), makes it easy to create useful blacklists that work, and ultimately significantly increases the costs of spamming. And finally provides a way of reliably ignoring open relays (because you can blacklist the domain associated with the open relay).

    Give me a Visa card with a $2000 limit and I can own about 200 domains inside of 24 hours. Considering SPAMmers are purchasing $750k houses with the proceeds from their efforts, I'd say that's not a huge problem.

    Now consider what happens when SPAMmers start routinely issuing "MAIL FROM: <kcbrown@sysexperts.com>"

    Oh, wait, they already do that, and implementations like you suggest would only re-double their efforts. I'd rather not find myself at the wraith of people who have the capabilities to send 10 billion messages/month in my name, thanks.

  • Terms of service (Score:2, Insightful)

    by xihr (556141) on Sunday April 13, 2003 @10:10PM (#5724676) Homepage
    And what's AOL's terms of service for servers hosted from their residential customers? Most broadband ISPs have limits. If they're just enforcing parts of the TOS that were already present when you signed on, you've got nothing to complain about.
  • Re:Good move (Score:2, Insightful)

    by Dossy (130026) on Sunday April 13, 2003 @10:12PM (#5724692) Homepage Journal

    Umm ... if you're running your own mailserver on your residential DSL ... aren't you violating the Terms of Service of most residential DSL agreements which says "thou shalt not run servers that are accessible via the DSL connection"?

    If you need email you can trust, what's wrong with Hotmail or Yahoo! or any other free mail service?

    -- Dossy
  • Re:Say what? (Score:3, Insightful)

    by BrainInAJar (584756) on Sunday April 13, 2003 @10:47PM (#5724890)
    You can't sue someone for not complying with an RFC, or any other kind of standard (unless there's a patent of some sorts on it, a la CD's).

    If you could, MS would've been out of business a long time ago.

    And blocking AOL is a way to get them to realize that they're being dumb about it. Their customers will soon realize "hey, I can't get mail from or to anywhere... wtf?" and switch to an ISP (AOL is *NOT* an ISP.)
  • by benb (100570) on Sunday April 13, 2003 @11:44PM (#5725186) Homepage Journal
    > reject the connection if the IP address of the
    > connection doesn't match one of the listed MXes
    > for the domain

    Wrong assumption: incoming SMTP server = outgoing SMTP server. Many large and small organizations use different machines to recieve and send mail via SMTP. In other words, you'll end up rejecting a huge (50-80?) percentage of legitimate mail.
  • by kcbrown (7426) <slashdot@sysexperts.com> on Sunday April 13, 2003 @11:46PM (#5725190)
    Give me a Visa card with a $2000 limit and I can own about 200 domains inside of 24 hours. Considering SPAMmers are purchasing $750k houses with the proceeds from their efforts, I'd say that's not a huge problem.

    The doamins aren't their only expense. Now they also have to pay for their own hosting as well, as well as for the DNS servers that will be authoritative for their domains. They won't be able to make nearly as much use of open relays because the domains associated with any open relays will be blacklisted as quickly as theirs (and the definition of an "open relay" becomes more complicated under my scheme anyway, because an open relay has to either claim that it's sending your email under its domain or it has to be listed as an MX for your domain).

    Those 200 domains aren't going to last you very long...perhaps a couple of weeks once the blacklisting mechanisms become good (and note that blacklisting can happen on a local level now, too). So that $2000 you talk about grows to $50,000 over the course of a year. That's going to eliminate a lot of spammers.

    Now consider what happens when SPAMmers start routinely issuing "MAIL FROM: <kcbrown@sysexperts.com>"

    What happens when they do that is that the system they're connecting to looks up the MXes for sysexperts.com and -- surprise -- finds out that the IP address the connection is coming from doesn't match any of the MX records for sysexperts.com...and drops the connection right then and there. It doesn't register the sysexperts.com domain in the blacklist because there's no need: it's obvious that the connection was a forgery! The purpose of the blacklist is to eliminate domains that are successfully sending spam, i.e. the ones for which the connection address matches the MX lookup but for which the payload is still spam -- the domains that either belong to the spammers or which are open relays, in other words.

    Spammers will be able to send email in your name just as they can right now, but only because the enforcement mechanism I describe operates on information from the "MAIL FROM" SMTP command and not the "From:" header. It would be possible to enforce it on the "From:" header, too, but that will cause a lot more inconvenience, since some people legitimately rely on the ability to define the "From:" header to be whatever they want.

    Now, you may be right about the economic argument, but the technique I describe will simultaneously cost spammers more money (which is always a good thing) and more time and make it easier to fight spam at the same time, because blacklists will become a lot more effective (since now you can target domains instead of dynamically-assigned IP addresses) and a lot fairer (since you won't be targeting netblocks that could contain legitimate users). To relate back to the original article, because it'll completely eliminate the need to block IP addresses and will thus drastically reduce the need for ISPs to block SMTP (inbound or outbound).

    By the way, I think it's ridiculous for ISPs to be blocking SMTP when they could easily limit the number of outbound SMTP connections originating from any of their IP addresses to something low enough to make spam impractical but high enough for legitimate use.

  • by ajs (35943) <<moc.sja> <ta> <sja>> on Monday April 14, 2003 @12:03AM (#5725283) Homepage Journal
    If you actually *break* the protocol on the otherhand, then things will probably get a little more ugly

    Then it's time for it to get ugly. AOL breaks the protocol by issuing at 550 (not a 554) and not leaving the session open until timeout or client issues "QUIT" (you are allowd to say "553 Get bent" to every command issued, but you're not allowed to disconnect).

    Let the blacklisting of AOL begin!

    RFCs aside, though, they're blacklisting folks for getting an address assigned by a protocol. This is arbitrary and foolish. It also eliminates a lot of good mail.

    I'll keep running my mail server, and AOL can keep ignoring me, but I'm going to start sending my friends and familly to AOL's competition, must as I hate to because that's mostly folks like MSN and the regional phone companies.
  • Re:Privatized mail (Score:2, Insightful)

    by kingramon0 (411815) on Monday April 14, 2003 @02:01AM (#5725935) Homepage
    The Constitution authorizes Congress to establish a postal service, but it doesn't mandate it. So it could be changed or done away with completely, but it wousdn't be a good idea.

    Article 1, Section 8

    Clause 1: The Congress shall have Power To...

    Clause 7: To establish Post Offices and post Roads;

  • by MrWorf (216691) on Monday April 14, 2003 @03:47AM (#5726253) Homepage
    A better solution would be to modify the mails coming from AOL and add a footer that states that AOL is activly blocking mail for no good reason and that you as the recipient should be aware and contact their postmaster and complain.

    Much better than this idea of "kids play" with doing to them what they are doing to us.
  • by EvilAlien (133134) on Monday April 14, 2003 @09:10AM (#5727190) Journal
    Thats right, its not just DSL as the article title suggests. Its broadband. You know what broadband is, its a high-speed network of misconfigured proxies, infected Windoze boxes, and Denial of Service agents.

    IMO too much time is spent ranting about how Tha Man is keeping the $30/mo broadband user down by not allowing the minority who know how to run a secure server to use their residential line as a commercial line. We should be putting a hell of a lot more energy bitching about the masses of clueless users who randomly click on any email attachment they get, setup their P2P apps in slut-mode, and otherwise connect to the Internet in such a way that they become:

    1. just another hop for viruses to propagate through
    2. just another misconfigured AnalogX proxy [analogx.com] or Lovgate [symantec.com] infected SMTP/NNTP open relay
    3. just another DDoS drone host
    Its sad, but the majority of broadband users have forced this action. If people understood the concepts of due diligence and responsibility we wouldn't have David Ritz and others spending huge amounts of time battling USENET spam, ISPs getting slammed with DoS all the time (and I mean that litterally), and spam gangs doing automated scans of broadband networks for open relays so they can spread their email polution.

    Its a myth that spam only comes from networks in Asia that don't give a damn. It comes from Ma and Pa's Windows 98 box that got infected with one of several variants of Lovgate [symantec.com] and helps spam the planet, all from their speedy little DSL/cable connection.

    Before the /. community jumps down AOL's throat at this carpet-bomb tactic, we need to realize that it is a business response to the realities of security on broadband networks. If users took responsibility for their connections and had good firewalls, anti-virus and intelligent email practices then this problem probably wouldn't exist.

  • by ajs (35943) <<moc.sja> <ta> <sja>> on Monday April 14, 2003 @10:57AM (#5728004) Homepage Journal
    They are in a position to trump any "standards" because of their saturation.

    No they're not. But if you think that way they are.

    Imagine if you will that AOL had tens of thousands of support calls asking why friends and loved ones were getting bounces. I have a friend at work whose wife was asking why she couldn't send mail to their priest on AOL. Another friend can't get my mail, and I told him to just call AOL until they fix it. I've suggested to other friends and familiy that they switch.

    My hunch is that most of the people that AOL is blocking this way are the technically savvy folks who their friends and familly go to for help. If we all start telling ten or so of our friends to call up AOL and ask why they can't get mail from us.... AOL's spam problems will begin to seem less important.

    Understand this: I'm not suggesting spamming their phones. I'm not suggesting that anyone "get revenge". It's simply a matter that the service, as advertized, is broken. They don't actually accept mail from large chunks of the net, and that needs to get to all of their customers.

    The customers will decide....
  • Re:No problem (Score:2, Insightful)

    by Profane Motherfucker (564659) on Monday April 14, 2003 @12:07PM (#5728610) Journal
    AOL forced this on their customers.

    Forced? Who the fuck is forced? Did AOL suddenly become a state-run organization? If you're going to talk about choice, how about look at the whole issue. People CHOOSE to be customers of AOL. Their continued use of AOL suggests agreement, whether verbal or not, of the policies of AOL. So nobody is forced.
  • by Tackhead (54550) on Monday April 14, 2003 @01:10PM (#5729114)
    > Its sad, but the majority of broadband users have forced this action.

    *applause*

    It's partially the fault of the residential lusers, but it's largely the fault of their ISPs' negligence/

    If ISPs had blocked outbound port 25 from residential broadband from Day One -- the same way they were already blocking outbound port 25 for residential dialup cusomters -- we wouldn't have this problem.

    By default, port 25 should have been blocked on residential DSL and cable modems.

    That would rid the world of spam bounced off open proxies from the 99.9% of residential broadband (l)users who have neither the desire nor the intention to talk SMTP through anything other than their ISP's central mail server.

    You're a user, not a (l)user? You wanna run an SMTP server on your own? Call your ISP and ask for the block to be removed, and voila, it's removed.

    The ISPs had a choice: Block port 25 and hire 100 call center serfs to unblock on request, or not block port 25 and hire 10000 abuse desk serfs to deal with the deluge of spam. (Result: ISP pays to hire 100 people, and you do get to run your own mail server, because traffic from your netblocks is still worth listening to.)

    The ISPs choose poorly - With a budget to hire 100, they hired a woefully inadequate number of abuse desk serfs, and ignored the rest of the complaints.

    The result - your ISP is still out the costs of hiring 100 drones, but I'm deluged with spam, and 4.0.0.0/8, 200.0.0.0/6, 12.0.0.0/8, and 24.0.0.0/8, along with others, are netblocka-non-grata. You wanna talk to my port 25? Talk to the 550, man, because your ISPs negligence (in protecting my inbox from the predictable cluelessness of your neighbors) ensured that my MTA ain't gonna be listening.

  • by alder (31602) on Monday April 14, 2003 @03:16PM (#5730081)
    ...Comcast cable service... ...blocks mail coming from my Postfix server...
    Define [postfix.org] relayhost in main.cf and make it point to smtp.comcast.com. You shoudl be able to send mail from home now.
  • by cpmte (537490) <matt@[ ]stman.org ['mea' in gap]> on Tuesday April 15, 2003 @02:21AM (#5733999) Homepage
    Sounds like you work for Microsoft.
    because it's convention, it does not mean that it has to be followed

I cannot conceive that anybody will require multiplications at the rate of 40,000 or even 4,000 per hour ... -- F. H. Wales (1936)

Working...