You've Got Spam: AOL Blocks 1/2 Trillion Spam 472
yohaas writes "Yahoo! News is reporting that AOL blocked more than 500 billion spam messages for its users in 2003. That comes to 40 messages a day per user. The company regularly blocks 75-80% of all incoming mail as spam! The article also lists the top 10 spam phrases for the year, including such come-ons as: 'Viagra online', 'Online pharmacy', 'Get out of debt' and 'Get bigger'."
AOL's mail policies suck (Score:5, Informative)
Spam has dropped since January 1st for me (Score:5, Informative)
Some stats (Score:2, Informative)
Re:How do you people get so much spam? (Score:2, Informative)
Is there something others are doing with their email, or is the fact that the people who do get hundreds of SPAM or whatever amount it takes to be unproductive, just popular or is there something else they are doing?
Re:How do you people get so much spam? (Score:1, Informative)
Re:They should do something. (Score:3, Informative)
As much as I'd love for AOL to start kicking down spammers' doors, they can't exactly do that legally themselves.
Anybody attorneys want to comment on the feasibility of filing lawsuits on that kind of scale?
Re:You've got spam??!? (Score:5, Informative)
Re:It would be WAY too easy . . . (Score:2, Informative)
The post office places those CDs there because they make money off them [arkansasusa.com] if people sign up for service. If people take the bait...uh, I mean sign up for AOL, the USPS gets a fee.
Re:It would be WAY too easy . . . (Score:5, Informative)
Um, how did you get the idea AOL was getting to advertise "for FREE"? The United States Postal Service is being paid by AOL [arkansasusa.com] for every person who signs up with a disc distributed by the post office. In theory, it means that postal rates won't go up as often or as much.
Re:Imagine. (Score:5, Informative)
And to give AOL a little credit, even they are making fun of all the CD's they mail out in their most recent TV ads.
Though it makes my head hurt to see Jerry Stiller and Snoop Dogg in a commercial together. That's just wrong on so many diffferent levels...
Meanwhile, new Hotmail TOTALLY KICKS BUTT (Score:2, Informative)
Re:It would be WAY too easy . . . (Score:3, Informative)
Re:Short of going to war with China (Score:5, Informative)
I used to work for a large, well-known hosting company whose name is taken from a book of the Bible. They didn't have to many spammers or pr0n sites in their space when things were booming, but now they're among the worst for hosting spammers.
There are network providers all over the country that are as bad or worse. I recently ran across one that had a
A lot of spam is sent through China by contract with network providers there, and through South Korea because it's the open proxy capitol of the world, and there is a very large and well organized spam ring operating in eastern Europe as well, and it seems soundly connected to US spammers. The spam business has gone international in a big way.
In none of those places, including the US and Canada, generally, is spam illegal, so it's never necessary to bribe any government official into looking the other way. It's just easier to pay off the ISP to look the other way in some countries, but again, that's pretty easy in a lot of places in North America too. When the economy goes down, pink contracts go up. Many companies and individuals will do just about anything to survive, and network providers are certainly no exception. For every one that will cut a spammer's connection as soon as they notice, there's another that will happily sell the spammer as much bandwidth and IP space as he wants. Then they pass that space on to some other unsuspecting customer, who finds that she can't send mail to a lot of places because that netblock is in every RBL - good, bad, or ugly - in the world.
As much as we rightly despise spammers, those who sheeld them and knowingly sell them bandwidth and colo space are just as bad.
Re:How to stop SPAM at the source (Score:3, Informative)
You'd pay your upstream connections to approve you. The cost would cover verifying your ID at a court or escrow office, and doing a credit check, so people would know how to collect after winning a lawsuit if you violate the TOS for sending signed email. Since your assets would be on the line, you would take similar care verifying your downstream connections. Mailing lists would all move to web sites, where the only way to opt-in is set up your web browser to visit periodically (The way "opt-in" should be done.)
I think solutions like this likely do far more to Balkanize the Internet than to protect it.
That's the idea, to Balkanize internet connections to those mailservers most likely to properly police their outbound email. Legitimate users would all gradually move to one of these ISP's, leaving spammers 100% of SMTP bandwidth. Of course, then the major hubs will merely throttle SMTP connections to 0.001% of available bandwidth since there no longer would be any money in it.
Forget the spammers. Track down their clients, the ones paying for the ads.
Only if someone can figure out a way to weed out "Joe Jobs".
The only historically proven method to prevent a tragedy of the commons is via the use of weapons, and/or some mechanism which allows lawyers to make lots of money.
Procmamil, my friend. (Score:3, Informative)
From my ~/.procmailrc :
* ^From:
Re:You've got spam??!? (Score:4, Informative)
If I had to guess, something similar is happening over there. I'd recommend looking into it. It is very resolvable.
Re:AOL Users Will Love This (Score:2, Informative)
Regards,
Steve
P.S. I'm not sure how ironic the Linux thing was, I guess it wasn't very ironic at all. What else would you use to make a router out of an old PC?
Re:You've got spam??!? (Score:5, Informative)
Re:They also block real mail (Score:3, Informative)
This google search [google.com] gives a sample of falsely positive sites AOL has blocked with this "technology". My guess is, AOL doesn't want the email in the first place. Cutting out some legitimate email is not a concern. What possible downside is there for them? They can blame everything on the sender. Ultimately they gain because the most reliable way to send email to AOL customers (who are too naive to switch to some other ISP) is to be an AOL customer. False positives are good for AOL.
To anyone that gets caught by this, sure, go ahead and call up AOL and try to get your IP address off the list. In the meantime, change to a different outgoing IP address. They only block the single IP (which is probably the only thing saving them from a major backlash), and thus it's easy to get around. A telnet to the SMTP port from the server being blocked will immediately return with the RLY:B1 error. It's easy to test if it's happening, and just as easy to see when you've worked around it.
I can't imagine this system is blocking any spammers.
--Bill
I hate aol's blocking! (Score:4, Informative)
We have a website, and about 1 million customers (not sure how many active..) have accounts on our website to download updates, patches, etc.
When they forget a password, they choose can option to have their password sent to them.
They can also request technical support via e-mail.
The forms sent out for both of those are very similar and AOL appears to 'randomly' block many of these e-mails. Sometimes they'll go through, sometimes they won't. We can trace the e-mail to aol's server, watch it be accepted but never have the customer on the phone recieve it.
They're 'spam prevention' isn't as great as it could be, especially since we've contacted them and they've promised to 'look in to it'.
False Positives (Score:4, Informative)
AOL blocks any mail that is routed direct to the Mail Exchanger (Or simply has the headers stripped to anonymize it's origin)
This excludes a whole lot of out of the box UNIX/Linux/BSD installs, as well as anonymizers and some website registration verification scripts. I'd rather not have to send your website login password through 3 different servers before it reaches your ISP. (Of course, the password shouldn't be sent through the email anyways, but a lot of sites do).
That's not what I'd call "being conservative". To me, being conservative would be tagging suspected spam as such, and letting the MUA filter it into a seperate mailbox. AOL can include a MUA (Netscape) on it's disk, so it can be pre-configured.
Re:You've got spam??!? (Score:3, Informative)
Re:Here is what I do to prevent SPAM (Score:1, Informative)
Re:AOL's mail policies suck (Score:5, Informative)
In main.cf:
Under smtpd_sender_restrictions add a line that looks like this:
check_client_access regexp:/etc/postfix/client_access
Make a file client_access:
And your head stops hurting. Been there, done that. - Love postfix.
Take a look at the snapshot rev, and the reject_unverified_sender option too. Great stuff.
PS:A OL gives you what you need to help the bounce problem on this handy page http://postmaster.info.aol.com/info/servers.html [aol.com]
-- +1 for low user id, -1 for posting good comment.
Re:including a gajillion non-spam (Score:3, Informative)
Huh? No way! I have a business level cable modem plan, and my ISP (cox) refuses to change the RDNS of my static to the domain I have it pointed to unless I register the domain through them (with a nice markup) and pay them to hold my DNS entries too. I've got to the point where I have to funnel all my outbound mail through cox's server to keep it from getting bounced. And my friends who used my SMTP server (account auth req'd to send mail) dont use it anymore to send mail. And what about webhosting? Say my friend owns abcxyz.com and wants to send mail from it, and I own foo-bar.com and want to send email from that. I'm not going to get a seperate physical computer and IP for each customer that wants to send mail, I'm going to virtualhost in apache and run a mail server that can do multiple domains. Can I have multiple RDNS names?
AOL makes headway om Spam (Score:4, Informative)
One time, when my usual ISP was down, I needed internet. Desparate, (back when I ran Winders) I threw on an AOL CD to use some of the 1045 hours of free access, planning to cancel when my regular ISP was back online. Cancelling AOL is interesting, first off, the person who answers the calls has been brainwashed to think AOL is the greatest THING ever, and will first ask you why you want to cancel, then argue with your reasoning. Once you go through all that, they will offer you two free months of service while you reconsider. DON'T FALL FOR THIS. I did, and forgot, and the bastards charged my credit card three months later. I was mad as hell and had to go through the Movementarian "You're free to leave anytime you want, but tell us why you're leaving" grilling on the phone all over again. Of course, they offered me two free months again, so apparently you can stay on AOL for free indefinitely this way (But why would you want to?).
Kaolin may be the only English word with "aol" as a substring.
good or bad not all of that is spam (Score:2, Informative)
Re:You've got spam??!? (Score:3, Informative)
So go email the antispam guy on AOL (not from YOUR email address naturally), his name's Carl, and he's a nice and reasonable guy who will tell you precisely why your server was blocked. AOL can make mistakes, but they don't sustain blocks without evidence.
You'll have to subscribe to SPAM-L (http://www.claws-and-paws.com/spam-l) to find his full name and email address since I won't share it here, but that shouldn't take too long.
Re:They're loosing more than that (Score:4, Informative)
Even the ones running on fixed IPs, which tend to be a more savvy class of user, and much easier to trace, too.
Now that you mention this, I think a reject from AOL was exactly the reason I finally got around to fixing my Sendmail config to route my outgoing mail through my ISP's server. ( define(`SMART_HOST',`mail.sbcglobal.net') ) So in that sense, I guess their plan is working.
Re:You've got spam??!? (Score:3, Informative)
SMTP AUTH has existed for ages; it allows one to authenticate themselves to the SMTP server.
In fact, my e-mail provider, gmx.net, uses it. (It's a free provider.) So does my ISP, Speedline.ca.
Re:"Report as Spam" (Score:3, Informative)
Because that's not "opt-in". Opt-in email should be separate and distinct from any business relationship you have with a customer.