AOL Bans Mail From DSL-Hosted Servers 925
kmself writes "As first reported at linux-elitists by Aaron Sherman, and with a demonstration of the denial at zIWETHEY, AOL has begun blocking mailservers identified with residential DSL lines as an anti-spam measure, apparently heedless of the huge collateral damage this move imposes (and guess who can't send mail to Mom...). This action was unannounced, and has received virtually no coverage, spare an oblique mention at News.com. It also violates SMTP RFCs, as Aaron points out, not to mention the 'good neighbor' conventions of Internet communications. Mail to AOL's postmaster is also bounced -- this is RFC-ignorant.
I strongly recommend that as a compensatory measure, non-AOL MTAs be configured to deny all incoming mail from AOL's domain."
bouncing mail to postmaster? (Score:5, Interesting)
dave
No problem (Score:5, Interesting)
I can't very well block them further than I already do, in other words.
About Time (Score:2, Interesting)
If you are dial up or home dsl you should not be talking diectly to smtp servers anyway you should be sending mail through your provider.
see: http://njabl.org/ they do exactly this.
Eathlink does this too. (Score:5, Interesting)
Both AOL and Earthlink have TONS of subscribers.
If they both decide to carry on doing this, there is nothing you can do about it.
Truth is, SMTP sucks. They are only doing this because of all the spam. Yes they are violating RFC's. Too bad...
--jeff++
AOL isn't the only one. (Score:5, Interesting)
this isn't new (Score:5, Interesting)
Only dynamically assigned IP addresses (Score:3, Interesting)
Sending mail to AOL was always a headache (Score:2, Interesting)
My advice is to get a yahoo email address, not only does it not block mail, but you won't be inundated with junkmail because they filter most of it in another folder for you. So far, they never put in anything valuable or legitimate in there so it seems to work fine. The other reason is it is ISP agnostic.... that way if you cancel AOL, you don't have to give every a new email address.
My 2 cents^.^
"Residential" DSL meaning what, exactly? (Score:5, Interesting)
I use SpeakEasy DSL via Covad. This service is technically residential, because my servers are sitting in my house. But I have a legitimate domain, and static IPs on my servers. However, reverse DNS lookups return "dslwww-xxx-yyy-zzz.phl.yadayadayada," NOT my registered domain name.
I just successfully sent myself a test message from my domain mail to my AOL account, so I'm not being blocked yet. I guess I'll start sending a test message once or twice a day to make sure it still works, until AOL clarifies their policy. And if I do get blocked, there's gonna be some hell raised about it. My servers are locked down tight and laways have been. Shutting out all DSL-hosted mailservers to keep out spam is like burning your house down to keep it from being burglarized.
~Philly
its not just DSL... (Score:2, Interesting)
I work for an electronics repair company...
we use road runner buisness class.
At work, I just recently wrote an application that interfaces with our database, and sends our customers email containing the status of their equiptment.
I just checked to see how many emails we send to that domain, and its a fair amount, I would say 15% of our customers.
this would create a problem for us communicating with potential or current customers.
im all for fighting spam, but are we collateral damage in this war?
Re:bouncing mail to postmaster? (Score:2, Interesting)
Plenty of people out there have a domain and yet use their.name@their.isp.com as their email address. Nothing wrong with that. Some RFCs *do* state that you have to make all reasonable attempts to receive mail for postmaster@yourdomain.com *if* you run a mail server for that domain, but I've never heard of someone losing a domain over it.
I dont see a problem w/ this. (Score:1, Interesting)
b) it is a known fact that a lot of spam comes from the said connections that they banned.
c) just use your isp provided smtp server you idjits. if that doesnt allow you to bcc more people than you want, then either you are spamming, or get smart enough to not have to use your smtp server.
d) this is NOT hard to work around. If I needed a smtp server, I could at this moment probably get hooked up by 6 different people off the top of my head.
e)all in all, this is not a big deal. and yes, this is coming from someone who has in the past and probably will in the future host a webserver etc off of my residential line.
Ramblings on a Pseudo-Internet-Network (Score:3, Interesting)
I have a fairly nasty conspiracy theory on why AOL and Comcast are cooperating on this. By shutting out the innovative do-it-yourselfers on the Internet from their network, they squelch potential competition from their "value-added" services.
The next step might be to block web servers that don't originate from big corporate server farms. After all, who knows what could be on those independent things but kiddy porn and terrorist training instructions?
The irony is that the great mass of obtrusive commercialism on the Internet originates on the corporate, big-player side. AOL was the innovator in turning the WWW into a virtual shopping mall.
You would like to think, however that this will backfire on them, as customers look to alternatives to their increasingly sanitized pseudo-Internet network.
And how does one fool their IP filters anyway? It makes one want to "spam" everyone of AOL's customers with a protected-from-legal-prohibition-because-it-is-no
Re:Good. (Score:2, Interesting)
Re:Good move (Score:5, Interesting)
Mexico (Score:3, Interesting)
So far, the option we've been using for our customers is configuring a local SMTP server which then delivers directly to destination. We use Linux for this, and configure it so that it only allows incoming SMTP from the local network.
Recently, however, customers started reporting lots of bounced messages. Further diagnostics indicate several large mail providers are now blocking SMTP connections from dynamically assigned DSL IP addresses. I personally checked this happening with yahoo, AOL and Earthlink.
It sucks that the Internet is becoming such a hostile place; I think of those quiet towns where everybody can leave their doors unlocked at night. Now it's become like any large city where doing such a thing is equivalent to giving away all your belongings. It also sucks that Prodigy (and, doubtless, other ISPs worldwide) won't let customers use their SMTP servers; this is, after all, a service I'm paying for. Fairly, we should get a discount for NOT using their servers, given that they're completely useless for our configuration.
For now, the solution we've devised is using SMTP AUTH to let the customers' email be sent using our own SMTP server, which normally won't allow SMTP relaying from addresses outside our own IP network. However this feels like a hack and puts additional configuration burden on us.
Is spam the ultimate cause for all this hostility on the net? maybe so. And if that's the case, here's another reason why perhaps the next war we see should be the one against spammers.
Re:bouncing mail to postmaster? (Score:1, Interesting)
Nobody can 'bust' you for not abiding by a Request for Comments. Perhaps some people would like to comment on this. heh
Use your upstream ISP (Score:3, Interesting)
This way, you can still send mail, and ISP's don't have to police all of their users to ensure that they aren't running open relays.
Re:Only dynamically assigned IP addresses (Score:3, Interesting)
I have a 'business' dsl package. My IPs are static to my account, but they are assigned dynamically to the router. Will AOL know the difference between my email server, and some dhcp dsl users? Doubtful.
What a Terrific Idea... (Score:5, Interesting)
Yeah...because when a big corporation does something wrong, we should exact revenge upon all of its customers.
That's very mature. Particularly in the case of AOL, which services the vast majority of under-educated internet users. You'll fuck up all of their personal email communications, and they won't have the first clue why.
Brilliant solution.
crib
Re:I would say.... (Score:5, Interesting)
<tin-foil-hat>Does any part of AOLTW compete with DSL, like umm cable modems maybe? </tin-foil-hat>
The end of open SMTP, dawn of the whitelist era (Score:3, Interesting)
When you start blocking such a significant percentage of the world in a blanket measure, wouldn't it be simpler and more effective to screw tortuous blacklists and just implement a whitelisting procedure? I mean, if over half of all the e-mails businesses get aren't legitimate, why in the world are these businesses throwing money down the drain by continuing to pay for something that doesn't work over half the time?
IP+address whitelisting is really the only way to go if you want a useful messaging system based on SMTP anymore. That, or completely revert to instant messaging/private web boards. I'm sure some kind of system could be worked out to allow for simple temporary whitelisting which would let a user allow mail to himself from a certain address for 2 hours, or whatever the local admin defined as the maximum allowable time. Then, at the end of the day, if a user checked the box asking for this addresss/mail server IP combination to be put on the permanent whitelist, it gets sent with all the other such requests to an administrator who vets the list, then adds whatever addresses pass muster onto the permanent whitelist. You could add functionality that has tripwires if you start getting spam from that person...so many peices allowed before a warning, so many before removal from the whitelist for a week, then forever, etc... Yes, it places a demand on the mail administrator, but certainly no more of a demand than the running battle currently takes up.
Personally I have very little use for regular Internet e-mail. I use it occasionally, because you still need an official e-mail address for various registrations, and for reciepts for buying stuff online. For actually talking to people, I use AIM of whatever instant messaging system they may use. I've considered creating a new AIM identity just for clients to get in touch with me through, but there isn't much nuance in logging and most don't deliver messages recieved when you're not logged on.
I wish there was a way I could relegate Internet e-mail to the same status my mailbox has. Namely, flip through to see if there are any bills and dump everything else directly into the trash without bothering any further with it.
How about a new mail protocol? (Score:3, Interesting)
What's the feasibility of coming up with and implementing a brand new mail protocol -- one which somehow prevents (or at least extremely complicates) the transmission of bulk, unsolicited mail? On the server level, you could build in source address verification (so spammers couldn't disguise the source of the mail) and bandwidth limitations -- so for example, someone sending out 1000 emails could do so, but with a geometric lag for each mail they send. (Isn't this called a "tar pit"?)
In other words, since e-mail was invented in a time when spam didn't exist, it seems like we could improve upon the protocol considerably and make it harder for spammers to do their dirty work. Not being an SMTP expert, I don't know what this would require -- perhaps someone could fill me in?
Re:Good move (Score:4, Interesting)
I also cannot switch providers because my provider has a local broadband monopoly.
I am neither ignorant or a spammer. I simply would like to have a server that is predictible.
Re:Admins with users can't ban AOL (Score:2, Interesting)
Truthfully while blocking @hotmail and @yahoo and @aol has a certain appeal as a admin of a site. If we were to do that, I can't think of any user which would not be irate with us rather than their own ISP. Regardless of how explaintory we were, today's joe average user (and almost every user who's not joe average) doesn't care how they get it, they want their e-mail and all hell breaks loose if they don't get it.
Secondly when your a site that does business with customers, mention of today's economy assumed, you just can't say "screw this set of customers they use XYZ, since XYZ doesn't play nice we won't do business with you."
So how can we, "punish the wicked" but "spare the innocent?"
Until there is a universal or at the very least "good" way of getting small and large internet users to understand why they aren't just a island unto themselves the internet will continue to have problems like this.
I don't blame AOL for what they are doing, at our site we've seen an uptic in spam of more than 100 percent in the last 8 months and at least 20 percent just this month alone. What AOL will ultimately have to discover though, is that in the end their goal is not acheivable, since spammers don't care and have never cared that a recipient does or does not get their e-mail. For that reason I'd rather see them and others work together to develope a solution which we all can support.
Several problems with this... (Score:2, Interesting)
Re:Privatized mail (Score:5, Interesting)
I used to like the USPS, then I moved someplace that isn't served by the USPS. While I live in a somewhat rural environment, my town has over 5000 residents, but only 1 part-time mail carrier (and no plans to *ever* get another according to the local postmaster), so if you aren't on the one street that's on the route, you don't get mail. They canceled rural route service years ago. And they ran out of PO boxes back in 2000, and again, they don't plan on ever getting any more of them. And they think there is nothing wrong...
On a related note, I hate businesses that can't understand that my PO Box is my *only* USPS-servicable address, businesses that insist on sending correspondence to my shipping address instead of my billing address, and rebates that don't accept PO Boxes.
Re:Trivial fix (Score:2, Interesting)
That's a good idea except:
1. The spammers are relaying through you, AOL blocked your mail server, now you forward your mail to your ISP. Spammers are still relaying through you and you're happily forwarding it through your ISP's relay.
2. Some ISPs do stupid shit like check the From address in the header and only let you relay if it's in one of their approved domains. I think Verizon does (or did) this.
3. Internet traffic is easy enough to sniff, but do you want to make it simple for your ISP to log and catalog what messages you send to who? I'm sure only terrorists care about this, but why should my ISP need to know who I send e-mail to? Just another reason I don't use their stupid pop or imap. Do I trust some fat lazy admin at the ISP not to sit there and read my email for his jollies? It's less likely he's going to SPAN a port off a switch and sniff all my traffic than it is for some faggot lazy bitch to read my mail spool. (Yes this happened to me).
Re:I would say.... (Score:2, Interesting)
Re:Privatized mail (Score:2, Interesting)
Re:About Time (Score:4, Interesting)
Yet another reason to choose Speakeasy. I have a static IP and I am not blocked by AOL (already tried).
Re:Eathlink does this too. (Score:3, Interesting)
The receiving side would probably be the easiest - the destination server that receives email for you (probably at your ISP) would have to be provided with a private key to decrypt your incoming email. This could be done automatically by your ISP. Naive users and their email clients would just see the unencrypted messages via POP3.
The outbound side might require modifications to insert special headers in the SMTP message to authenticate yourself to the system (e.g. you could send a digital signature, which the SMTP server would verify against your stored private key).
This system wouldn't be as secure as end-to-end encryption (anyone with access to your mail server could subvert the private keys), but it would be a heck of a lot better than what we do today, and virtually 100% backwards-compatible with existing mail clients.
A web interface might be another good way to deliver the next generation of email. Yahoo or MSN could incorporate encryption and authentication without changing anything in their existing web interfaces.
Funny... (Score:4, Interesting)
good step, now proceed to next... (Score:2, Interesting)
Those things serve the same purpose as Spam: "If you spam them, they will come"
Crackpot theories debunked... (Film at 11!) (Score:3, Interesting)
Here's the message it sends back as it appears in my mail server log:
00:08:31 5 SMTP-409(cs.com) Disconnect Received
00:08:31 5 SMTP-409(cs.com) Disconnect Confirmed
00:08:31 4 SMTP-409(cs.com) Input Line: 550-The IP address you're using to connect to AOL is either open to the\r
00:08:31 4 SMTP-409(cs.com) Input Line: 550-free relaying of e-mail, is serving as an open proxy, or is a dynamic\r
00:08:31 4 SMTP-409(cs.com) Input Line: 550-(residential) IP address. AOL cannot accept further e-mail\r
00:08:31 4 SMTP-409(cs.com) Input Line: 550-transactions from your server until either your server is closed to free\r
00:08:31 4 SMTP-409(cs.com) Input Line: 550-relaying/proxy, or your ISP removes your IP address from their list of\r
00:08:31 4 SMTP-409(cs.com) Input Line: 550-dynamic IP addresses. For additional information, please visit\r
00:08:31 4 SMTP-409(cs.com) Input Line: 550 http://postmaster.info.aol.com.\r
Re:I would say.... (Score:2, Interesting)
sue 'em (Score:2, Interesting)
Re:I would say.... (Score:2, Interesting)
Re:About Time (Score:3, Interesting)
What percentage of your non-spam email comes from dsl ip's?
It's actually a pretty high rate of ham (as the SpamAssassin project folks call it) that comes from such addresses. My mail all originates from such an address, and I know several others for whom this is true. The flawed logic of "source x produces much spam, thus eliminating source x will make my life better" has many logical holes in it, as you point out, but that's not stopping AOL
If you are dial up or home dsl you should not be talking diectly to smtp servers anyway you should be sending mail through your provider.
Sounds like a load of claptrap to me.
Care to cite an RFC that suggests such a thing?
How about a good network reason why email should be relayed instead of sent directly?
It's not just (as you rightly point out) not in the RFCs, it's about as far as you can get from the intent of them.
The idea behind SMTP is to make every node on the Net the master of its own communications. You can create a relay and go through it, but that's not required because such a requirement would mean that you're going to have to create a beauracracy around the designation of valid and invalid relays.
The correct way to deal with the problem is to have an identity that earns or loses respect in the global community. By default your identity is your IP address. Clearly if you have an IP that used to belong to someone else (because you got it via DHCP, your ISP handed you a CIDR block that just freed up because a spammer went out of business, or any other reason) you are going to inherit their rep, so little weight can be put on that. You can then add new layers of identity. For example, digital key verification in the SMTP protocol via TLS (I do this now).
Once your site has an identity, you can begin to earn or lose the trust of those in the community. Blacklists become trust databases were your IP or key map to 127.0.0.1-255 (a trust value) or 0 for no-match.
This would be an easy enough thing to develop, and could really help make filtering mail much easier and yet everyone who wants to can maintain a trust database, and anyone who wants to use your trust database can.
What could be better!
Re:bouncing mail to postmaster? (Score:3, Interesting)
Actually, after much hemming and hawing, Microsoft sent him a cheque (check for you Americans) for US$500. He sold it on eBay... for, IIRC, a little over US$1,000.
Bad for Business Customers (Score:2, Interesting)
There are two problems that I have begun to notice. One, that the DSL and Cable providers are not doing a good job with PTR records and consequently the reverse DNS usually is something like xxx.xxx.xxx.atl.bellsouth.net instead of mail.companyname.com. Secondly, Bellsouth and others are now blocking ALL relaying through their servers that do not end in @bellsouth.net.
This means that for some of my clients they are being blocked from sending email to AOL. Why? Because for Bellsouth (and many others) having a Static IP means that they simply set a reservation on their DHCP server. This means that they are "dynamic" IP's even though the companies are paying $10 to $20 more per month to have "static" IP's. Also, these "Business Accounts" are drawing IPs from the same blocks as residential IPs. In one case the IP address for my client at home (down the street from his office) is usually only a few numbers off from his mail servers "static" IP.
While I can understand why AOL is doing this, I do not see how this solution is going to fix things. AOL is assuming that the problem is ignorant users and malicious spamers and that ALL ISP's are doing things like they should. We all know this is not true. Many T1 providers do not even setup proper Zones and PTR's for the IP's. On smaller ISP providers there is often no differentiation from Dynamic IP blocks and Static blocks, as they also use "reservation" based systems.
The flaw in AOL's thinking is that they can fix a broken protocal by filtering messages based on RFC's being followed by ISP's. I dont see this working well for long.
IMHO
Re:bouncing mail to postmaster? (Score:3, Interesting)
I'll keep running my mail server, and AOL can keep ignoring me, but I'm going to start sending my friends and familly to AOL's competition, must as I hate to because that's mostly folks like MSN and the regional phone companies.
---ENDQUOTE---
I actually had a couple of friends on AOL and when I noticed this a couple of weeks ago, I just told them to stop using their AOL accounts and offered them accounts on my home mailserver, which they both accepted, it being much cooler.
I reccomend that you offer the same to anyone you can no longer e-mail because of this, and then have them send an e-mail to AOL indicating this policy as the reason they have opted to stop using the service.
Re:No problem (Score:3, Interesting)
Re:bouncing mail to postmaster? (Score:4, Interesting)
Correct, and what's more they issue that 550 ending with "550 Goodbye" and then a connection reset (TCP-"R") packet, which is also in violation of the RFC.
If you run SpamAssassin [spamassassin.org], I highly recommend adding: to your
It's not punative so much as showing them the right way to have solved this problem. Yes, AOL gets a lot of mail; yes, filtering spam out of it is hard; but if they simply weighted blacklists based on how accurate they are (as SA does) and then combined the results of several lists from dynips to rfci to relays with those weights, then they could make an accurate assessment, inform the sites that are blacklisted appropriately (in conformance with the RFC).
Ultimately, even after issuing that 554, if someone pushes on with a "RCPT To: postmaster@aol.com", they should accept it so that the site has a usable route for delivering mail to assert that the problem has been solved, but that would be a rare occurance if the lists were public and used/maintained correctly.
Bah.