AOL Bans Mail From DSL-Hosted Servers

kmself writes "As first reported at linux-elitists by Aaron Sherman, and with a demonstration of the denial at zIWETHEY, AOL has begun blocking mailservers identified with residential DSL lines as an anti-spam measure, apparently heedless of the huge collateral damage this move imposes (and guess who can't send mail to Mom...). This action was unannounced, and has received virtually no coverage, spare an oblique mention at News.com. It also violates SMTP RFCs, as Aaron points out, not to mention the 'good neighbor' conventions of Internet communications. Mail to AOL's postmaster is also bounced -- this is RFC-ignorant. I strongly recommend that as a compensatory measure, non-AOL MTAs be configured to deny all incoming mail from AOL's domain."

Re:ummmm...

One thing that you can do is foreward your email through your ISP. If you're using Sendmail this is done with the smarthost entry:

# "Smart" relay host (may be null)
DSmail.MyISP.net

would forward youre spam (er, email) through the box mail.myISP.net . Most ISPs have a designated server that will allow email forewarding from anybody in their network space.

heh...

You (don't) have mail!

We did this to ourselves

Thats right, its not just DSL as the article title suggests. Its broadband. You know what broadband is, its a high-speed network of misconfigured proxies, infected Windoze boxes, and Denial of Service agents.

IMO too much time is spent ranting about how Tha Man is keeping the $30/mo broadband user down by not allowing the minority who know how to run a secure server to use their residential line as a commercial line. We should be putting a hell of a lot more energy bitching about the masses of clueless users who randomly click on any email attachment they get, setup their P2P apps in slut-mode, and otherwise connect to the Internet in such a way that they become:

1. just another hop for viruses to propagate through
2. just another misconfigured AnalogX proxy [analogx.com] or Lovgate [symantec.com] infected SMTP/NNTP open relay
3. just another DDoS drone host

Its sad, but the majority of broadband users have forced this action. If people understood the concepts of due diligence and responsibility we wouldn't have David Ritz and others spending huge amounts of time battling USENET spam, ISPs getting slammed with DoS all the time (and I mean that litterally), and spam gangs doing automated scans of broadband networks for open relays so they can spread their email polution.

Its a myth that spam only comes from networks in Asia that don't give a damn. It comes from Ma and Pa's Windows 98 box that got infected with one of several variants of Lovgate [symantec.com] and helps spam the planet, all from their speedy little DSL/cable connection.

Before the /. community jumps down AOL's throat at this carpet-bomb tactic, we need to realize that it is a business response to the realities of security on broadband networks. If users took responsibility for their connections and had good firewalls, anti-virus and intelligent email practices then this problem probably wouldn't exist.

Re:heh...

At the risk of offending the grammar nazis, shouldn't that be "You've don't got mail!" or maybe "You ain't got no mail!"

Funny...

My MTAs have been set up to blackhole AOL mail (on a whitelist basis) since about 1997 or 98 :-). I had almost forgotten... At that time, I was getting a heap of spam from their domains, and as I'm in Australia and AOL doesn't have a significant coverage here it's pretty safe from false positives.

I would say....

to lttile too late. However, this move doesn't even classify as "too little". There has to be some other underlying reason to move to block e-mail for this one group of internet users, because it clearly isn't going to put a dent in the spam that AOL users receive daily. There are MANY service providers that do a much better job at spam blocking than AOL, why is it about them that keeps them from getting it right? Or are they secretly selling e-mail addresses?

Re:I would say....

There has to be some other underlying reason to move to block e-mail for this one group of internet users,

<tin-foil-hat>Does any part of AOLTW compete with DSL, like umm cable modems maybe? </tin-foil-hat>

Excellent point

I hadn't considered that, but they've got a $1 billion interest in just that area [theregister.co.uk].

bouncing mail to postmaster?

I thought that was a requirement of having a domain and you can lose the domain if mail is not accepted or read there? I'd have to check the rfc's but wouldn;t that be a thing, someone taking aol's domain from them because they don;t accept mail for postmaster?

dave

Re:bouncing mail to postmaster?

It would never happen. That would be like a multi-billion dollar technology company like, oh, say Microsoft, forgetting to renew their domain registration.

Not in our lifetimes :)

Re:bouncing mail to postmaster?

Nope. It's actually in RFC2821 section 4.5.1 - Minimum Implementation:

Any system that includes an SMTP server supporting mail relaying or delivery MUST support the reserved mailbox "postmaster" as a case-insensitive local name. This postmaster address is not strictly necessary if the server always returns 554 on connection opening (as described in section 3.1). The requirement to accept mail for postmaster implies that RCPT commands which specify a mailbox for postmaster at any of the domains for which the SMTP server provides mail service, as well as the special case of "RCPT TO:" (with no domain specification), MUST be supported.

SMTP systems are expected to make every reasonable effort to accept mail directed to Postmaster from any other system on the Internet. In extreme cases --such as to contain a denial of service attack or other breach of security-- an SMTP server may block mail directed to Postmaster. However, such arrangements SHOULD be narrowly tailored so as to avoid blocking messages which are not part of such attacks.

Note that there are no punitive measures are listed at all, in fact the worst that can happen for bending an RFC is that you will be named and shamed on a site like www.rfc-ignorant.org [rfc-ignorant.org] and maybe be blocked by some system admins. If you actually *break* the protocol on the otherhand, then things will probably get a little more ugly... ;)

Re:bouncing mail to postmaster?

If you actually *break* the protocol on the otherhand, then things will probably get a little more ugly

Then it's time for it to get ugly. AOL breaks the protocol by issuing at 550 (not a 554) and not leaving the session open until timeout or client issues "QUIT" (you are allowd to say "553 Get bent" to every command issued, but you're not allowed to disconnect).

Let the blacklisting of AOL begin!

RFCs aside, though, they're blacklisting folks for getting an address assigned by a protocol. This is arbitrary and foolish. It also eliminates a lot of good mail.

I'll keep running my mail server, and AOL can keep ignoring me, but I'm going to start sending my friends and familly to AOL's competition, must as I hate to because that's mostly folks like MSN and the regional phone companies.

Re:bouncing mail to postmaster?

It's worse. Here are the ways that I know AOL is violating RFCs for valid mail traffic:

1. Mail bound for postmaster@aol.com is not accepted.

2. They issue a 550 response before the client has a chance to issue a greeting. There are two allowed responses at that point: 554 and 220. 550 is right out.

3. They disconnect before the client issues a "QUIT" command or times out. Also bogus.

AOL is playing a game of chicken here to see how much of the net will blacklist them for breaking the RFCs. Once they smell blood in the water because not enough sites care, they can pretty much start writing their own book....

Re:bouncing mail to postmaster?

A status of 550 should only be sent in response to a command, not to connection.

Correct, and what's more they issue that 550 ending with "550 Goodbye" and then a connection reset (TCP-"R") packet, which is also in violation of the RFC.

If you run SpamAssassin [spamassassin.org], I highly recommend adding:

score RCVD_IN_RFCI 0 3 0 3

to your /etc/mail/spamassassin/local.cf. If everyone on the net does this, it won't block AOL's mail (or any other RFC-ignorant site), but it will mean that you have a much lower level of tollerance for spam-like mail from them.

It's not punative so much as showing them the right way to have solved this problem. Yes, AOL gets a lot of mail; yes, filtering spam out of it is hard; but if they simply weighted blacklists based on how accurate they are (as SA does) and then combined the results of several lists from dynips to rfci to relays with those weights, then they could make an accurate assessment, inform the sites that are blacklisted appropriately (in conformance with the RFC).

Ultimately, even after issuing that 554, if someone pushes on with a "RCPT To: postmaster@aol.com", they should accept it so that the site has a usable route for delivering mail to assert that the problem has been solved, but that would be a rare occurance if the lists were public and used/maintained correctly.

Bah.

No problem

I long ago includedevery mail from aol.com, yahoo.com and hotmail.com in my static spam filters. If anybody with such an account wants to mail me, they need to get in touch with some other account (or other means) first so I can add an excemption to them. To date I have three such excemptions total, all on yahoo.com.

I can't very well block them further than I already do, in other words.

No, you did not

There is no way to Spam from AOL/Yahoo or Hotmail. It's physically impossible for a common user to do it.

What is possible to do to forge a 'from' address in an email header. Look again at the emails you have in your spam bucket and look at the recived-from: header. I'll bet you $100 they didn't come from anywhere with a '.yahoo.com' at the end.

Re:No problem

I've experienced several cases of spammers using what appears to be my @yahoo.com address to send out spam.

Serves you right for choosing an address of slutty.coeds@yahoo.com.

Re:No problem

I've never had a single spam message from those places.

I've had a few, but in the main, you are correct in saying not much spam comes from aol.com. However, an awful lot of spam *claims* to come from aol.com, even when it actually originates in China, Korea, or some spamhaus in the USA/EU. For this reason refusing mail from aol.com and others may give exceedingly good results with low enough colateral damage to be bearable for some home mail server operators.

Your Mom

Don't worry, I am on AOL. I will send your mom a note.

Re:About Time

Never invited 15 friends to a barbeque?

Never tried to announce a new baby to more than 10 people?

Never sent out "I'm moving, my new snail mail address is..."?

I guess if you don't have more than 10 friends, you'd never need to bcc more than 10 people. But if that's the case, I feel sorry for you.

Re:About Time

30% of the spam that comes in to our mailserver is from residential dsl ip's.

50% of the spam I receives has an odd number of letters in the domain name,
but I wouldn't consider filtering based on that.
A 70% false negative rate is pretty meaningless without knowing the false positive rate as well.
What percentage of your non-spam email comes from dsl ip's?

If you are dial up or home dsl you should not be talking diectly to smtp servers anyway you should be sending mail through your provider.

Sounds like a load of claptrap to me.
Care to cite an RFC that suggests such a thing?
How about a good network reason why email should be relayed instead of sent directly?

-- this is not a .sig

Re:About Time

30% of the spam that comes in to our mailserver is from residential dsl ip's.

Yet another reason to choose Speakeasy. I have a static IP and I am not blocked by AOL (already tried).

In other news

The United States Postal Service has announced it will stop delivering
any mail from Florida, due to the large number of mail-order scams
originating from that state.

Privatized mail

The United States Postal Service has announced it will stop delivering
any mail from Florida, due to the large number of mail-order scams originating from that state

Don't laugh too hard on that one, there are schemes in place of trying to privatize and eliminate the whole of the US mail system including first class postage. While it might be neat to have all your mail sent by one company like UPS and while the post office does need to get its act together ASAP, my concern is that rural areas would by stuck with only one greedy private company as their only means of communication (thus making it expensive to send or recieve mail at all). Remember, the postal system in the US is a time-honored tradition that has been the envy and model for the rest of the planet. It is also in good working order, thus if AOL chooses not to accept e-mail anymore, why not just bombard them with snail mail? We could also return their bloody disks right back to them while we're at it. Maybe after they get several hundred thousand they'll get the hint.

And if you think the AOL-Time-Warner lawyers will allow their most lucrative domain to be taken from them then I have to disagree. I figure they've already got a loophole in the fine print somewhere that is as easily exploited as the pictures of children for those old Sally Struthers commercials (the ones where the kids keep starving but she kept growing). There hsa to be some reason behind this that is not yet shared, hopefully their decision has a more rational basis than some of the arguments for privatizing the US postal system.

Re:Privatized mail

I dont' understand why everyone is so down on the USPS. I've never seen packages arrive late. My mail, which sits out in an unlocked box on the street, never gets messed with, it always arrives at its destination, and it seems to get there pretty quick. I mean, which method do you notice EVERY company sends out bills? I've never seen anyone send bills via UPS or FedEx, even though according to many people the USPS sucks....

Re:Privatized mail

I dont' understand why everyone is so down on the USPS

I used to like the USPS, then I moved someplace that isn't served by the USPS. While I live in a somewhat rural environment, my town has over 5000 residents, but only 1 part-time mail carrier (and no plans to *ever* get another according to the local postmaster), so if you aren't on the one street that's on the route, you don't get mail. They canceled rural route service years ago. And they ran out of PO boxes back in 2000, and again, they don't plan on ever getting any more of them. And they think there is nothing wrong...

On a related note, I hate businesses that can't understand that my PO Box is my *only* USPS-servicable address, businesses that insist on sending correspondence to my shipping address instead of my billing address, and rebates that don't accept PO Boxes.

Re:Privatized mail

The can't tweak it too hard.

According to the constitution, by law Congress must provide a postal system. Short of a constitutional ademendment, they are just a lawsuit away from any "reform" ideas being thrown out.

And frankly our postal system is a bargain. Try sending 2 oz letter 3500 miles for $0.36 in any other country in the world.

Now if you only had a telephone and a broadband service like that...

Eathlink does this too.

My friend pays for a "static" Ip address on his cable modem to run some private corporate web forums. A few weeks ago, all email notifications from the forums going to anyone hosted at earthlink.net were bouncing - The message is "No email accepted from dynamic IP addresses".
Both AOL and Earthlink have TONS of subscribers.

If they both decide to carry on doing this, there is nothing you can do about it.

Truth is, SMTP sucks. They are only doing this because of all the spam. Yes they are violating RFC's. Too bad...

--jeff++

Re:Eathlink does this too.

If this turns into the death of SMTP, I won't cry.

The fact is, SMTP is based on the flawed assumptions that every e-mail sent is one that the recipient wants to see because nobody would ever spam, and that there's no harm in letting the message travel unencrypted because nobody would ever snoop.

It's time for reform in the overall e-mail system, the only problem is that there's a huge installed user base that'd be forced to upgrade in order for a new e-mail protocol to work. It's gonna take something silly like this to get out of hand for that to happen.

Re:Eathlink does this too.

It's time for reform in the overall e-mail system, the only problem is that there's a huge installed user base that'd be forced to upgrade in order for a new e-mail protocol to work. It's gonna take something silly like this to get out of hand for that to happen.

You don't need a new protocol. The one we have will work fine.

What people need to do is stop trusting every email connection that's made, and instead insist that every email connection comes from a listed MX.

This is easy to do: check the MXes for the domain listed in the SMTP "MAIL FROM" command (not to be confused with the "From:" header in the email message itself) and reject the connection if the IP address of the connection doesn't match one of the listed MXes for the domain. If you want to send email from a system that isn't a real MX, list it as a low priority one and block incoming SMTP traffic to that box (something anyone with any brains will be doing anyway), so that all incoming email goes only to the MXes that can handle incoming email.

End result: it forces spammers to buy a domain (that won't last very long since it'll be blacklisted immediately if it starts sending spam), makes it easy to create useful blacklists that work, and ultimately significantly increases the costs of spamming. And finally provides a way of reliably ignoring open relays (because you can blacklist the domain associated with the open relay).

And all of this can be done now, with no changes to SMTP required at all.

So why are we all sitting around on our asses complaining about spam when a viable solution already exists?

Re:Eathlink does this too.

What people need to do is stop trusting every email connection that's made, and instead insist that every email connection comes from a listed MX.

Which in itself is an RFC violation.

End result: it forces spammers to buy a domain (that won't last very long since it'll be blacklisted immediately if it starts sending spam), makes it easy to create useful blacklists that work, and ultimately significantly increases the costs of spamming. And finally provides a way of reliably ignoring open relays (because you can blacklist the domain associated with the open relay).

Give me a Visa card with a $2000 limit and I can own about 200 domains inside of 24 hours. Considering SPAMmers are purchasing $750k houses with the proceeds from their efforts, I'd say that's not a huge problem.

Now consider what happens when SPAMmers start routinely issuing "MAIL FROM: <kcbrown@sysexperts.com>"

Oh, wait, they already do that, and implementations like you suggest would only re-double their efforts. I'd rather not find myself at the wraith of people who have the capabilities to send 10 billion messages/month in my name, thanks.

Re:Eathlink does this too.

> reject the connection if the IP address of the
> connection doesn't match one of the listed MXes
> for the domain

Wrong assumption: incoming SMTP server = outgoing SMTP server. Many large and small organizations use different machines to recieve and send mail via SMTP. In other words, you'll end up rejecting a huge (50-80?) percentage of legitimate mail.

AOL isn't the only one.

I've been noticing this trend of blocking DSL/Cable originated mail for a while now. A few local ISPs block emails sent from my linux box (using Comcast cable service). Even SourceForge, that bastion of Open Source, blocks mail coming from my Postfix server--forcing me to use my Exchange server at work to send mail to my local LUG mailing list (now there's irony.).

If you want to send mail...

If you want to send mail to AOL you just need to use something different than DSL. No big deal. May I suggest AOL/Time Warner Road Runner Cable Modem Service?

Hermm....

Re:If you want to send mail...

Those no-server TOS are a joke, anyway. I mean, what qualifies as a server? Apache probably does. Does an Apache modified to only allow access to a small number of people? Does a similarily restricted ftpd? Okay, so how about ICQ? It's a client to the ICQ network, but it's kind of a hybrid, as it responds to requests of other clients, as well. IRC/DCC? Most/All of the P2P programs are client/server hybrids.
What about game servers - I can't host a match of Age Of Kings for my friends?

So, really, those TOS are a joke. A bit OT, all of this, I guess.

this isn't new

I found out about this issue few months after i got my DSL connected almost a year ago. Used to be I'd use sendmail to send email out, and worked great since I could put my email address (which was defined through a domain name email forward) in the reply-to field. then, one day i get a message from AOL claiming I'm running an open mail relay, or using a "banned" IP. Got me worried a little bit, but I found out the real reason after i got a friend to nmap my box

It's their network.

If AOL doesn't want to accept your mail, that's their choice. It's their network, and their mail servers. Of course, when AOL customers find that they can't receive any email, AOL might lose business.

Like all other spam blocking attempts, there will be collateral damage. They try to keep their customers happy, and the market decides if they succeeded.

Re:It's their network.

Yes, but have they told their subscribers?

You don't know you haven't got what you didn't get.

Only dynamically assigned IP addresses

It should be pointed out that AOL isn't blocking "All DSL" MTAs but those that have dynamically assigned IP addresses. On one hand, this is a stinky, no-good, rotten thing for them to do. On the other hand, the elitest in me says "go get a real [speakeasy.net] DSL connection if you're going to run your own MTA." :-) But really, I know it's not an option for some, and this move by AOL is pathetic.

Good move

If you have DSL you should still use your upstream SMTP server for outgoing mail. About 90% of incoming SPAM on my box originates from Windows boxes on DSL lines with open relays. I've set up exim to ignore all incoming SMTP calls from dsl hosts (*.dsl.*) and also to block hosts without proper reverse-DNS. These 2 simple steps take care in blocking a huuuge quantity of incoming SPAM at the doorstep...It's not fullproof, but it helps a great deal.

-adnans

Re:Good move

Really? You just pay for connectivity? Who is your provider? I need to switch!

Of course, if you mean you didn't read your TOS and only THINK you are playing just for connectivity, then never mind.

Re:Good move

you should still use your upstream SMTP server for outgoing mail

And what if your upstream provider is unreliable. Back when I had cablemodem with AT&T@Home, the service was so bad I swore to never rely on anyone else for email ever again. Emails sent through their servers had a habit of disappearing or taking months (yes, I said months) to finally arrive at their destination. Complaints resulted in the boilerplate response of "email service is for entertainment purposes only". For broadband in my area I can choose cablemodem or dsl. To get a static ip on dsl requires a jump in the monthly payment that I honestly can't afford at the moment (I'm an unemployed tech worker in the Bay Area, do the math). The rare contract work that I am getting requires email I can trust.

Re:Good move

Verifying reverse-DNS isn't a terribly good idea... you're blocking mail comming from sites that do virtual hosting. In the olden days of one-to-one mapping of hostname and IP, it was a smart move. Now, when a single box can host hundred domains or more, filtering out connections from domains without reverse-DNS is going to cause more problems than it solves.

SoupIsGood Food

Re:Good move

I currently don't have mod points or you and others who have said the same thing would be modded up.

There's no RFC that says you have to accept mail from *everyone*. You're free to bounce mail to whomever you like.

As to why this is an effective technique:

1) Most of these "home servers" don't have a PTR record at all.

2) Those that do, almost NEVER have one pointing to the domain they claim to be recieving for.

3) All these residential users should be using their ISP as a relay. That's what the ISP is there for.

4) Since there's no reason for them to need to send it out *not* through the ISP as a relay host, the majority of these users are spammers or just ignorant. In the first case, it's good to block them. In the second, maybe they will get a clue.

I'm generally against crippling services on the ISP end, but I've even thought that maybe it's high time that ISPs do what AOL does, and block outbound port 25. Incomming is another story, but as the parent and I have pointed out- the residential users should be using their ISP's mail servers as relay hosts.

- Serge Wroclawski

Re:Good move

My ISP is not sufficiently reliable to use their mail servers. This is why I run my own. They have a lousy uptime and are vulnerable to the email worm of the week.

I also cannot switch providers because my provider has a local broadband monopoly.

I am neither ignorant or a spammer. I simply would like to have a server that is predictible.

Re:Good move

All these residential users should be using their ISP as a relay. That's what the ISP is there for.

I have Verizon DSL. Their relay won't let me send mail with any return address other than @verizon.net. That's completely useless, so I don't use it. Are you honestly saying that all broadband customers should restrict their email addresses to those assigned by their bandwidth providers?

Re:Good move

It isn't worth a whole hell of a lot.

I have several customers who have Verizon DSL, but have domains hosted elsewhere, with mail hosted elsewhere, without authenticated SMTP relay. I would imagine, while certianly doing this to decrease their spam problem, that there's some sort of collusion (spoken or unspoken) industry wide to try and force ISP customers to use their bandwidth provider's services, hence making them more money.

Re:Good move

1) Most of these "home servers" don't have a PTR record at all.
2) Those that do, almost NEVER have one pointing to the domain they claim to be recieving for.

Maybe because that would cost me even more money, and I don't see the need to pay for that, when all I really need is a static IP. If you want to pay for it, though, drop me an email (if you can).

3) All these residential users should be using their ISP as a relay. That's what the ISP is there for.

Except I have to pay for this service too. If I want to host my own domain, I can do it with Linux and an MTA. I don't need to rely on Pacific Bell, and more importantly I don't need to pay them extra for a service I can provide on my own.

4) Since there's no reason for them to need to send it out *not* through the ISP as a relay host, the majority of these users are spammers or just ignorant. In the first case, it's good to block them. In the second, maybe they will get a clue.

Pacific Bell's mail servers have been blacklisted in the past, thanks to these spammers. My IP, however, has never been blacklisted. If I tried to relay out through my ISP's SMTP server, I would have a hard time delivering my email.

I agree with your points, but in reality it is a flawed plan. All it takes is one spammer to get an ISP's mail server blacklisted (and I think we all know how quickly the ISPs react to get themselves removed from the lists). At least with my DSL line, as long as I am (apparently now it's "was") a good citizen, I could send mail to whomever I wanted.

If it comes down to me relaying through my ISP, I'll probably bounce through the server at work. Unfortunately, not everyone has that option.

Re:Good move

Since there's no reason for them to need to send it out *not* through the ISP as a relay host, the majority of these users are spammers or just ignorant. In the first case, it's good to block them. In the second, maybe they will get a clue.

Right, I'll bite.

Let's pretend I am an idiot who has a cable modem. And let's pretend that said cable modem issues an IP within the verboten rage. And now let's pretend that I have my own email domain completely unrelated to that of my ISP's, and that I use sendmail to send mail out.

With me so far?

Now, let's pretend that said ISP has implemented authentication requirements -- in other words, I must identify myself with a SMTP AUTH username and password before my ISP's server will accept my outbound mail.

So. How do I configure my sendmail so that it uses my ISP's server as a relay (SMARTHOST definition) but feeds it the magic username and password first?...

Any ideas?

No, it's NOT a good move, censors lists and boards

If you have DSL you should still use your upstream SMTP server for outgoing mail.

If I did that, I'd be accused of spamming by my ISP, since I run a VERY high volume mailing list. We have approximately 12 lists; the bigest list has 1,500 subscribers and gets about 100 emails a DAY. We have another major list that's about 500 people and similar volume.

About 90% of incoming SPAM on my box originates from Windows boxes on DSL lines with open relays.

99% of MY spam comes from chinese and eastern european ISPs that don't give a crap what people do with their internet connections. The solution is not blacklisting DSL and cable connections(because, among other things, it's not easy to switch, unlike dialup.) The solution is cutting off bad ISPs from backbones...but that's not likely to happen any time soon, because the backbone providers don't give a crap- every packet is money in their pocket, regardless of what kind of packet it is.

And guess what? If you are getting lots of spam from DSL/Cable users, it's really easy to solve. Report it. If there's a report of spam, the ISP disconnects the customer until they fix it. Imagine how fast people will learn to keep their machine clean if their internet connection goes down. ISPs will whine about the work, but, gee, that's like the gas station attendant whining about having to give directions to people all the time. Comes with the territory, bub.

It's ignorant people like you(who think "since -I- don't need to send mail directly, neither does anyone else!") that cause people like me grief.

We get next to NO money from subscribers to pay for costs- $5 donations here and there. DSL and Cable offer a nice, cheap way to host a mailing list, or a webboard; we don't use very much bandwidth at all, and occasional hiccups aren't a problem, especially given the design of SMTP; if at first you don't succeed, try, try, again. Commercial DSL is just less down bandwidth, slightly more up bandwidth, a 'real' static IP instead of a DHCP-assigned address that basically never changes...and a HELL of a lot more expensive. Oh, and instead of telling you to go screw yourself when you scream at them for your line being down, they -politely- tell you there's nothing they can do(and, by the way, -please- go screw yourself.)

Luckily, we're sucking bandwidth off a hosting company that has graciously allowed the box to sit off their network- but if they tank, we'll be screwed- commercial hosting runs about $90+ or more, and our box isn't rackmountable, so there's another $25-50/mo.

Slowly but surely, the media companies are doing their best to squeeze out other sources of competition- the little guys. Check your Terms of Service/Acceptable Use Policy. My home connection(ATTBI, now Comcast) has banned "messageboards and mailing lists" for years, along with FTP, web, mail, IRC...and specifically states it's an "entertainment service", and I am a "consumer" of that service- ie, sit down, shut up, and be a good little consumer of mass web media. How dare you produce your OWN media...

Noticed this earlier

My linux mail server can no longer connect to any of AOL's mail servers for outgoing mail.

This link [aol.com] is the general site for AOL's mail issues.

This link [aol.com] is the FAQ that contains some error messages.

This link [aol.com] is to their daemon section that lists error/rejection messages when connecting to their mail daemon.

For those who do not wish to risk goatse.cx links, this is the message one gets when trying to connect from a residential block:

550 - The IP address you're using to connect to AOL is either open to the free relaying of e-mail, is serving as an open proxy, or is a dynamic (residential) IP address. AOL cannot accept further e-mail transactions from your server until either your server is closed to free relaying/proxy, or your ISP removes your IP address from their list of dynamic IP addresses. For additional information, please visit http://postmaster.info.aol.com.

Me too, why this is so evil.

When I was using dial up, AOL and Hotmail bounced mail sent directly from my computers, even when I used my correct email address as the reply to. I was unable to send mail to my mother and my wife. "Just use the upstream provider" many wise asses told me. It did not work very well and that is an evil way to go.

We must fight this in order to presever open communications on the internet. It won't reduce spam, it will simply provide exclusive franchises for email to larger ISPs and they certianly will fill your box with lots of adverts. Next they will close down other services, such as web and chat sites. Service, concentrated in a few careless hands, will be very poor and all of us will suffer. Be very afraid.

Here's the chain of events:

1. Block dial up mail
2. Block cable/dsl mail
3. Block smaller ISPs
4. Change what's left of laws that prevent this kind of predatory behavior

Notice that most of this has already happened. The No Electronic Theft Act and other cable laws already make it against the law to violate your user agreement to "obtain services without authorization". The baby bells are hard at work trying to extend such laws to their own networks. Oh yeah, AOL has already cut off peerage to smaller ISPs. If that's not an effective block on email, I'm not sure what is.

Once enough power is concentrated, the internet as we know and think of it, open to all, will go down the memory hole. Even the memory of it will be erased. It will look more like TV or the Post Office. Ppeople will be taught to be thankful for all the garbage that gets pushed on them and that nothing could be better.

It's not hard to run a mail server. Reasonable software like that provided by Debian comes configured well and has easy to understand set up and configuration files. Run one today and tell your friends. Performance is awsome and this justifies the effort even if your crapy provider blocks incomming mail requests. Tell your service provider that they should change their terms to allow it.

Oh yeah, there's something else to do. I killed my 8 year old AOL account and sent the $10 a month to the free software foundation. Build a wireless node.

"Residential" DSL meaning what, exactly?

Services like Verizon, that use DHCP and/or PPPoE and already have a "no servers" policy? What's the criteria, here??? It will be interesting to see how AOL differentiates "residential" DSL from other types of DSL.

I use SpeakEasy DSL via Covad. This service is technically residential, because my servers are sitting in my house. But I have a legitimate domain, and static IPs on my servers. However, reverse DNS lookups return "dslwww-xxx-yyy-zzz.phl.yadayadayada," NOT my registered domain name.

I just successfully sent myself a test message from my domain mail to my AOL account, so I'm not being blocked yet. I guess I'll start sending a test message once or twice a day to make sure it still works, until AOL clarifies their policy. And if I do get blocked, there's gonna be some hell raised about it. My servers are locked down tight and laways have been. Shutting out all DSL-hosted mailservers to keep out spam is like burning your house down to keep it from being burglarized.

~Philly

This didn't start April 10th ...

The first I noticed it was March 27th (and I don't email my dad @ AOL that often, so it probably happened even before that ...)

The original message was received at Thu, 27 Mar 2003 13:35:36 -0600
from dougmc@localhost

----- Transcript of session follows ----- ... while talking to mailin-03.mx.aol.com.:
550-The IP address you're using to connect to AOL is either open to the
550-free relaying of e-mail, is serving as an open proxy, or is a dynamic
550-(residential) IP address. AOL cannot accept further e-mail
550-transactions from your server until either your server is closed to free
550-relaying/proxy, or your ISP removes your IP address from their list of
550-dynamic IP addresses. For additional information, please visit
550 http://postmaster.info.aol.com. ... while talking to mailin-04.mx.aol.com.:

I have a great idea for AOL!

How about if AOL bans all of the e-mail traffic - in and out of their domain? Wouldn't that be great? They could even actually ban telnet, http, and ftp, too. And later all possible ports. In the end, they can even earn some money by selling their edge routers ;-)

Ramblings on a Pseudo-Internet-Network

I guess this is sort of like the New York branch post offices not delivering mail from Florida, because that's where a lot of junk mail originates from.

I have a fairly nasty conspiracy theory on why AOL and Comcast are cooperating on this. By shutting out the innovative do-it-yourselfers on the Internet from their network, they squelch potential competition from their "value-added" services.

The next step might be to block web servers that don't originate from big corporate server farms. After all, who knows what could be on those independent things but kiddy porn and terrorist training instructions?

The irony is that the great mass of obtrusive commercialism on the Internet originates on the corporate, big-player side. AOL was the innovator in turning the WWW into a virtual shopping mall.

You would like to think, however that this will backfire on them, as customers look to alternatives to their increasingly sanitized pseudo-Internet network.

And how does one fool their IP filters anyway? It makes one want to "spam" everyone of AOL's customers with a protected-from-legal-prohibition-because-it-is-not -commercial-speech protest email.

Open Proxy Madness

As a network engineer of a DSL and T1 only ISP (we have dialup but only for traveling DSL/T1 customers) I can let you know that this will probably stop oodles of spam.

The latest spammer tactic is not to seek out open relays, but open windows proxies, and from there they can initial outbound SMTP connections to legit SMTP servers and send spam.

Already a large number of dialup providers will only allow you to send through their mail server, and a larger number of ISPs user the DUN RBL to block email directly from dialup pools.

This is just more of the same. Your ISP should provide you with SMTP service, use them as a smart host even if you're running your own SMTP server, so it'll offload the requeing/etc from your box to theirs.

DSL and Cable are the new dialup, and should be treated as such, a place where the majority of the customers are clueless idiots who ruin the party for the smart people.

Several ISPs are starting to scan mail servers sending them mail for open proxy/open relay before accepting the mails, expect to see this practive and AOL's solution spread to most ISPs in the near future.

If you want to run a real mail server, perhaps you should get a real internet conenction, like Colocation or T1.

Trivial fix

In /etc/mail/sendmail.mc:

define(`SMART_HOST',`smtp.server.of.you.isp')

Admins with users can't ban AOL

If you're an admin with users (ie., not just running your own system), it would be pretty hard to ban incoming mail from AOL.

A year or two ago, I had AOL trouble with my free colocated server. The people who gave me the server were using IP addresses from a T1 line that they bought from a cable modem company. It wasn't on a net connected via a cable modem, but it was part of the cable modem company's block.

So AOL just silently deleted my messages. It's very frustrating, they don't tell you anything, you can't find documentation, no one will answer an email, etc.

It would be nice, at least for the first few days after they start the policy, to bounce messages with some sort of explanation, rather than just tossing them out.

I don't really have a problem with them trying to block spam -- I had access to a bigger, upstream SMTP server, so I could relay -- but it sucks that they don't tell anyone what's going on.

At the very least an AOL mail admin could post something on a mail admin's email list, so that a google search would turn up the answer. What would that take, five minutes?

Umm..

Slashdot's RFC-ignorant [rfc-ignorant.org] too.. Bounces abuse@ emails.

Mexico

Mexico's only DSL provider, Telmex/Prodigy, has been disallowing use of their SMTP servers to relay any mail not having a local @prodigy.net.mx part. The problem comes for a lot of people who connect via Prodigy DSL, but have other domains, hosted elsewhere, and want to have addresses @mycompany.com or similar. Whether Prodigy did this as a measure to coerce customers into getting "integral" solutions from them and kicking other ISPs and consultants out of the game is open to debate.

So far, the option we've been using for our customers is configuring a local SMTP server which then delivers directly to destination. We use Linux for this, and configure it so that it only allows incoming SMTP from the local network.

Recently, however, customers started reporting lots of bounced messages. Further diagnostics indicate several large mail providers are now blocking SMTP connections from dynamically assigned DSL IP addresses. I personally checked this happening with yahoo, AOL and Earthlink.

It sucks that the Internet is becoming such a hostile place; I think of those quiet towns where everybody can leave their doors unlocked at night. Now it's become like any large city where doing such a thing is equivalent to giving away all your belongings. It also sucks that Prodigy (and, doubtless, other ISPs worldwide) won't let customers use their SMTP servers; this is, after all, a service I'm paying for. Fairly, we should get a discount for NOT using their servers, given that they're completely useless for our configuration.

For now, the solution we've devised is using SMTP AUTH to let the customers' email be sent using our own SMTP server, which normally won't allow SMTP relaying from addresses outside our own IP network. However this feels like a hack and puts additional configuration burden on us.

Is spam the ultimate cause for all this hostility on the net? maybe so. And if that's the case, here's another reason why perhaps the next war we see should be the one against spammers.

You want these rights for *YOUR* MTA, right?

I'd expect users of RBLs (see http://www.spews.org) and certainly the denizens of NANAE to argue that they have the right to refuse to receive email from anyone, for any reason, since that mailserver is private property.

It can be used in ways you like (refusing emails from Verizon's corporate HQ because they refuse to kick their spammers) or in ways you don't like (making it more difficult to send outgoing mail), but I don't see how you can reasonably kick and scream against one and not the other.

Actually, several providers have been refusing email from dial-up pools for a year or more, which is what caused me to decide that I would need to send outbound email through my ISP. IIRC, attbi refused email from my server on my ISDN line over a year ago.

The solution isn't difficult - go dig around on your ISP's website (or call them) and figure out the mailserver that you'd be using if you WEREN'T running your own MTA. Set your mail server to relay outbound emails through them. (See your man pages - it isn't difficult.) There's NO way your ISP's mailserver is going to refuse to accept your email, since if they did, no one not running an MTA could get email out. Sure, you'll have an extra line of headers in your outbound email, but it doesn't seem like such a big deal. Was the location of your mail server a secret anyway?

Of course, if your ISP is a notorious hoster of spammers, you're going to need to find a new ISP. You didn't really want to support those spammers anyway, did you?

Re:This is a good thing

But having your own SMTP server doesn't provide any functionality that you can't get from Comcast at base price anyway.

Actually, it provides three bits of functionality:

• Performance (less stupid delays)
• Reliability (less insanely stupid delays)
• Intelligent anti-spam, based on more complex thinking than "Hell, let's just block a /8."

This move by AOL is a good thing.

No, actually, it's a fucking bad thing. But you won't realize it until the day that you want to send your friend on MSN email but can't, and neither of you can talk to your parents who are on AOLMail, both of which are playing games to close their protocols to make sure that GnuMail can't play.

Providing an open replacement for SMTP that has the authentication and accountability that SMTP is sorely lacking would be a good thing. Segregating the Internet address space into ghettoes is not.

AOL's triage spam solution: block email from DSL

Wow, perhaps this explains the huge upsurge in the number of non-received emails. People in my Rotary club are baffled that I am not responding to their emails, and it certainly seems to be all the AOL folks. Are they rejecting emails, or blackholing them?

I run my own mail server on a "business DSL" connection with a static IP address, but it runs to my home and I doubt there is any genuine distinction between "residential" and "business" DSL lines. I run my own server, of course, so that I can have a fairly powerful set of spam filters at the server side, in addition to a complex set of client-side spam filters -- all because I receive hundreds of spam emails per day, including dozens that I can identify as coming from AOL-owned servers.

I assume that AOL has only disabled receipt of email from DSL lines, and continues to send its customers' spam to folks like me. It's hard to know, since my filters already reject more than 98% of incoming email delivery attempts.

Let's at least try to be fair to AOL: they are just like the rest of us, forced to seek out triage solutions to the increasingly aggressive strategies used by spammers. Until a new structure is widely adopted for exchange of email (something that allows for true source verification and financial compensation for abuse), triage is the only solution that will work. Hence I block nearly all email from earthlink servers and customers, as well as juno.com and HUNDREDs of other domain names and IP addresses.

Use your upstream ISP

I personally think this is a good thing. I know a lot of ISP's who've voluntarilly added all of their dialup and DSL IP addresses to various RBL's. They insist that you use their upstream SMTP server.

This way, you can still send mail, and ISP's don't have to police all of their users to ensure that they aren't running open relays.

Doesn't bother me

I'm sick of all the spam, and all the spam comes from DSL SPAM faggots. So what's the problem?
If you have to send mail from a DSL account, use your ISP SMTP server. That's what it's there for. Having said that, I am a DSL user who uses his own SMTP server (mainly for spam filtering which I think I can do better than my ISP)- but if I am forced to use my ISP's smtp server to help lessen the burden of SPAM, I don't have a problem with that.

For another way to fight spam, which I read on the Mimedefang mailing list, how about setting up a way for domain admins to specify valid smtp servers for a domain. Then when mail comes in from, for example, yahoo.com, your mail server can query yahoo.com for the list, and if the originating server isn't on it, then the mail isn't accepted.

Average /. AOL reply

How to post a negative AOL reply on Slashdot.org just like a veteran /.er.

1. Start off by naming the previous number of times AOL has done something you dislike, noting that this particular incident is "the worst yet."

2. State your greivances about the topic. Explain, in near-irrevelant detail, how this will negatively effect you and others.

3. Throw random arguments in about how non-AOL services are far superior to AOL services.

4. Also imply that anyone who still uses AOL must be of inferior intellect that yourself.

5. Notate the sudden revelation that you don't use the services of AOL (in fact, can't recall any time at which you did use AOL) and, if you did, you and anyone else using AOL probably deserves the a forehand mentioned greviance and whatever similar issues they get.

6. Close with witty remark about poor service and/or "AOHell" reference and offer cliche signature of either "Step 1. AOL reference, Step 2. (blank), 3. Profit!" or "All your base..." adaption.

IN RUSSIA, AVERAGE AOL REPLY WRITES YOU!

What a Terrific Idea...

I strongly recommend that as a compensatory measure, non-AOL MTAs be configured to deny all incoming mail from AOL's domain."

Yeah...because when a big corporation does something wrong, we should exact revenge upon all of its customers.

That's very mature. Particularly in the case of AOL, which services the vast majority of under-educated internet users. You'll fuck up all of their personal email communications, and they won't have the first clue why.

Brilliant solution.

crib

Re:What a Terrific Idea...

Yeah...because when a big corporation does something wrong, we should exact revenge upon all of its customers.

Actually, we should; it's called putting pressure on the corporation. If we were to pressure the corp, then they'll give in if enough users are f-ed up.

Blocking Mail Servers that don't have Reverse DNS

Blocking Mail Servers that don't have Reverse DNS

This issue is somewhat related, and is just another part of the big issue of preventing users from setting up their own services upon their Internet connections. If you can't send an receive any data that you want, it's not true Internet access. Now, I am not talking about setting up a mail server at work behind the corporate firewall, or on the college LAN. I am talking about the DSL line that I pay $55 to $150 a month for.

Recently I put up a personal mail server off of my DSL line. It uses Courier for the MTA. I am able to send and receive mail to most hosts on the internet, but a few will not accept messages from my mail server. I was curious as to why, so I did an investigation.

It turns out that these mail servers check reverse DNS for the IP address that I am using for a mail server. Doing a forward DNS check would be just fine, but a reverse DNS check? It does not stop spam, and worse, it blocks legitimate mail servers.

My ISP is pretty stupid on the technical wise. They use EIGRP as their IGP and they leave their customers on a live EIGRP enabled interface. I could inject routes into their IGP if I wanted to. Most of their Cisco routers also have HTTP and finger enabled. They definitely don't do anything about reverse DNS. There is no way that I can register my mail server (mail.opendreams.net) with the IP that I use (66.192.31.140).

The mail servers that I have so far discovered block mail from me include;
The University of Central Florida, @pegasus.cc.ucf.edu, pegasus.cc.ucf.edu
Datanomix Inc, @datanomix.com, mail.datanomix.com

How did I find out? Here is an example of a telnet to port 25 that I did...

user@sorrows-->telnet pegasus.cc.ucf.edu 25
Trying 132.170.240.30...
Connected to Pegasus.cc.ucf.edu.
Escape character is '^]'.
EHLO mail.opendreams.net
450 Client host rejected: cannot find your hostname, [66.192.31.140]
QUIT
221 Bye
Connection closed by foreign host.

The mail server won't even talk to me.

Issues like this will make mail on the Internet no longer a sure thing. There will be mail routing and blocking issues all over, and you can't be sure that one mail server will talk to another. This is not acceptable.

I personally think that there needs to be U.S. Federal laws made to protect the rights of Internet users. The reason that I think that law is necessary is that there is no competition in many areas for internet access. If there was, I could just switch carriers, but I have no options.

The end of open SMTP, dawn of the whitelist era

For a long while I've seen several stories in the ongoing war against the spammers, and the more draconian the measures get (blocking all of East Asia as many in these discussions proudly claim to have done) the Internet e-mail system appears to be in it's death throes already.

When you start blocking such a significant percentage of the world in a blanket measure, wouldn't it be simpler and more effective to screw tortuous blacklists and just implement a whitelisting procedure? I mean, if over half of all the e-mails businesses get aren't legitimate, why in the world are these businesses throwing money down the drain by continuing to pay for something that doesn't work over half the time?

IP+address whitelisting is really the only way to go if you want a useful messaging system based on SMTP anymore. That, or completely revert to instant messaging/private web boards. I'm sure some kind of system could be worked out to allow for simple temporary whitelisting which would let a user allow mail to himself from a certain address for 2 hours, or whatever the local admin defined as the maximum allowable time. Then, at the end of the day, if a user checked the box asking for this addresss/mail server IP combination to be put on the permanent whitelist, it gets sent with all the other such requests to an administrator who vets the list, then adds whatever addresses pass muster onto the permanent whitelist. You could add functionality that has tripwires if you start getting spam from that person...so many peices allowed before a warning, so many before removal from the whitelist for a week, then forever, etc... Yes, it places a demand on the mail administrator, but certainly no more of a demand than the running battle currently takes up.

Personally I have very little use for regular Internet e-mail. I use it occasionally, because you still need an official e-mail address for various registrations, and for reciepts for buying stuff online. For actually talking to people, I use AIM of whatever instant messaging system they may use. I've considered creating a new AIM identity just for clients to get in touch with me through, but there isn't much nuance in logging and most don't deliver messages recieved when you're not logged on.

I wish there was a way I could relegate Internet e-mail to the same status my mailbox has. Namely, flip through to see if there are any bills and dump everything else directly into the trash without bothering any further with it.

How about a new mail protocol?

As one of the nameless multitudes who receives thousands of "Get Rich Quick," "Gallons of Cheap Viagra" and "Teen Sluts With Shaved *****" spams, I have been wondering something for a while:

What's the feasibility of coming up with and implementing a brand new mail protocol -- one which somehow prevents (or at least extremely complicates) the transmission of bulk, unsolicited mail? On the server level, you could build in source address verification (so spammers couldn't disguise the source of the mail) and bandwidth limitations -- so for example, someone sending out 1000 emails could do so, but with a geometric lag for each mail they send. (Isn't this called a "tar pit"?)

In other words, since e-mail was invented in a time when spam didn't exist, it seems like we could improve upon the protocol considerably and make it harder for spammers to do their dirty work. Not being an SMTP expert, I don't know what this would require -- perhaps someone could fill me in?

I AM MAD AS HELL ABOUT THIS

Having zero background information on this topic, I am prepared to make an indignant response to AOL's clear violation of YOUR RIGHTS ONLINE! AOL has blatantly violated YOUR RIGHTS ONLINE by deciding not to accept mail from dial-up and residential DSL IP addresses! Dammit, I am sick and tired of providers who think they have the right to do what they want with servers and pipes that they pay for! They are obviously violating my right to free speech by censoring me with their heavyhanded spam-fighting measures! They are probably going to use the DMCA to defend this decision! My guess is the RIAA is behind all this! If we don't all get up in arms about this blatant violation of YOUR RIGHTS ONLINE, next thing you know there will be an AOL camera in your TOASTER OVEN! You will have to ask AOL permission to GO TO THE BATHROOM!

This Explains

Today I started getting about a dozen bounced emails per hour that I didn't send. Some spammer promoting a penal enlargement scheme was using my return address. This has happened before, so, ho hum for now. Funny thing, all the bounces were coming from AOL. I figured that somehow the spammer was just targetting aol patrons with his mass mail. Maybe not. IDK.

Spam Wars, Part III

Spam Wars, Part III

The AOL Empire is nearing completion on the Death CD. In alliance with the
other local Empires, they have conceived of a plan to end the mechanical menace
of millions of spambots spread thruout the galaxy, by cutting off transmission
between the bots, they hope to cut their communications and cripple them.

In other news, the Rebel Alliance commanders are furious."We use the same
channels! We must strike back!" Does this spell doom for the galaxy, or finally
freedom from the menace of the spambots? Tune in later for our special report.

Selective relaying with sendmail

My ISP has not shown that its servers are reliable. I like to be able to use mailq to see what's backed up. I'd also like to be able to use my own mailer's parameters for bounces. There's lots of reasons to prefer to use your own mailer instead of your ISP's, even if you technically could use your ISP's. But now, you'll want to relay through your ISP for all the mail that AOL won't accept, while sticking to your own SMTP services for everything else. That's what this document is for.

I encourage people to write corresponding documents for other MTAs. Also, some people can only send mail through their ISP with their ISP-assigned username. It's possible to configure sendmail to adapt AOL-bound mail to have the ISP-assigned sender. That is not discussed in this document; email me if you need it, and I'll write a followup post.

HOWTO: Configuring Sendmail to use your ISP's relay for AOL

This uses the sendmail mailertable feature. The mailertable feature allows you to specify the mailer and relay parameters for individual domains. That's exactly what we need here.

1. First, you'll need mailertable support in your sendmail config. Grep your sendmail.cf for the string "Id: mailertable.m4". If it's in there, you've got it and can skip the next step.
2. Since you don't have mailertable support, you'll need to add the following line to your .mc file:

   FEATURE(mailertable, `hash -o /etc/mail/mailertable')

   Note that the first quote is a backquote! After you do this, you'll need to rebuild your sendmail.cf file. (On FreeBSD, you can just run 'make' in /etc/mail to do this. You can also use the following command (it's on one line):

   m4 -D_CF_DIR_=/path/to/sendmail/cf/ /path/to/sendmail/cf/m4/cf.m4 sendmail.mc > sendmail.cf

   You'll need to put sendmail.cf in its proper place, usually /etc/mail but sometimes /etc or elsewhere.
3. Create a file /etc/mail/mailertable. In it, add lines like the following:

   aol.com esmtp:relay.my-isp.net
   earthlink.net esmtp:relay.my-isp.net

   Fill in relay.my-isp.net with your ISP's relay hostname.
4. Rebuild the mailertable file. On FreeBSD, you can just run 'make' in /etc/mail to do this. You can also use the following command:

   makemap hash mailertable.db < mailertable

5. Restart sendmail. On FreeBSD, you can just run 'make restart' in /etc/mail. Other OS's may vary.

Remember that some ISPs may require you to use your ISP-assigned email address to relay through them. This won't help with that, but there's easy solutions for it. (This sort of thing is where Sendmail rocks.) Email me if you need it, and I'll post a followup.

For those of you who think this is okay . .

Let me just point out a few things:

1) Although I've never used my ISP's mailservers for outgoing mail, my friends have -- and mail is constantly lost, or delivered hours late.

2) Likewise, my ISP's incoming mail servers are frequently down, losing mail, and full of spam (the address was either harvested or sold, I don't know which. I have evidence of it, but that's another thread). A couple of my own local accounts suffer from spam as well, but I managed to install Spamassassin, which must be too difficult for my ISP.

3) Privacy is a concern with me, and I'd prefer to handle mail transactions myself.

4) I like the reassurance of looking through my Sendmail logs, knowing that an important message was delivered, and if it wasn't, the reason why.

5) Although this is unrelated, my friends often complain of outages when my service is fine. The reason? My ISP's DNS servers are constantly screwed up, yet I run my own.

6) I run majodomo to host a small mailing list of 20 of so members (that moves perhaps 500 messages a month); that's not enough traffic to justify having it hosted somewhere else, and Yahoogroups butchers messages with advertisements. Luckily none of its members use AOL.

7) I check my mail logs often (to make sure nothing unordinary is going on), and do not allow relaying.

Many of us run mail servers simply because our ISPs are unreliable. Many ISPs can't even host a measly 5mb of web space adequately, so I feel weary letting them handle important E-Mails. I wish Speakeasy was available in my area, it would be a no-brainer switch.

You've probably heard the saying, "tolerating excesses in order to preserve freedoms." Well, Spam is an excess -- a very horrible excess. At the same time, enough people use home mail servers for justifiable reasons that outlawing them, or blocking mail from them isn't a logical decision.

And besides, there's other [apple.com] ways to prevent spam [spamassassin.org] without making anyone unhappy. Spamassassin, once configured correctly, nails just about all spam. My university filters spam on my POP account, and I receive maybe one (if that) a month; couple that with Mail App's built in filtering and I haven't actually seen a Spam message in months. The best way to get rid of spammers is to implement solutions that make their efforts ineffective on ANY level, not just by killing off one of their hundreds of other options (AOL's method).

More reasons why this is necessary:

Let me preface this with a disclaimer. I worked in AOL's mail and anti-spam groups for 5 years, ending back about a 2 years ago. I still keep in touch with the people back there, and I have a good idea what's up, as I still work in the anti-spam 'industry'.

Not that anyone will see this, as it's on the second page of comments...

A massive percentage of spam (well over 50%) comes from compromised windows boxes running either trojan software to open ports for spammers to proxy through, software like AnalogX that does the same, or just users who somehow manage to set up a proxy that's open to the world. There's also a big problem with a LOT of the DSL hardware on the market, that allows people to proxy through it transparently, via use of a security hole. Check Bugtraq if you want to find details.

These broadband connections are where the spammers are headed for anonymity. Yeah, sure, there's still a bunch of big-time professional spammers out there who spam away from their often-moving netblocks. That bunch isn't so hard to keep up with.

There's also the problem of Klez and other SMTP aware worms that busily want to send you lots of infected mail. Sure, *nix users don't really care about that, but companies like AOL, with a crapload of less-than-savvy users have to.

It's been this way for 56k dialups for about 3 years or so... but the noise about that only lasted a few weeks, much like this will. If your DSL company can't support your needs, vote with your feet! Switch your service to one that can. If Verizon can offer you service, you can pretty much bet that Covad can too.

(shameless plug: Check out lmi.net for that stuff.. small companies make for better service, and if you need the medium-sized company feel, go with Speakeasy.)

So what if you have a contract... if they can't get your mail to AOL with the right domain, it sounds like grounds to break it to me. =)

Re:what a buncha crap

aol is pitiful

But representative of the masses. Most people don't care about anything but Web access and email -- and the more this happens, the more the Internet heads in that direction, regardless of how much we dislike it.

It may be pitiful -- but it's probably indicative of the future. Already, extensive random firewalling has made HTTP one of the few mechanisms that can be relied on to work in all environments.

Sigh.