 
			
		
		
	
		
		
		
		
		
		
			
				 
			
		
		
	
    
	AOL Bans Mail From DSL-Hosted Servers 925
			
		 	
				kmself writes "As first reported at linux-elitists by Aaron Sherman, and with a demonstration of the denial at zIWETHEY, AOL has begun blocking mailservers identified with   residential DSL lines as an anti-spam measure, apparently heedless of the huge collateral damage this move imposes (and guess who can't send mail to Mom...).  This action was unannounced, and has received virtually no coverage, spare an  oblique mention at News.com.  It also violates SMTP RFCs, as Aaron points out, not to mention the 'good neighbor' conventions of Internet communications.  Mail to AOL's postmaster is also bounced -- this is RFC-ignorant.
I strongly recommend that as a compensatory measure, non-AOL MTAs be configured to deny all incoming mail from AOL's domain."
		 	
		
		
		
		
			
		
	
heh... (Score:4, Funny)
Re:heh... (Score:3, Informative)
We did this to ourselves (Score:5, Insightful)
IMO too much time is spent ranting about how Tha Man is keeping the $30/mo broadband user down by not allowing the minority who know how to run a secure server to use their residential line as a commercial line. We should be putting a hell of a lot more energy bitching about the masses of clueless users who randomly click on any email attachment they get, setup their P2P apps in slut-mode, and otherwise connect to the Internet in such a way that they become:
-  just another hop for viruses to propagate through
-  just another misconfigured AnalogX proxy [analogx.com] or Lovgate [symantec.com] infected SMTP/NNTP open relay
-  just another DDoS drone host
Its sad, but the majority of broadband users have forced this action. If people understood the concepts of due diligence and responsibility we wouldn't have David Ritz and others spending huge amounts of time battling USENET spam, ISPs getting slammed with DoS all the time (and I mean that litterally), and spam gangs doing automated scans of broadband networks for open relays so they can spread their email polution.Its a myth that spam only comes from networks in Asia that don't give a damn. It comes from Ma and Pa's Windows 98 box that got infected with one of several variants of Lovgate [symantec.com] and helps spam the planet, all from their speedy little DSL/cable connection.
Before the  /. community jumps down AOL's throat at this carpet-bomb tactic, we need to realize that it is a business response to the realities of security on broadband networks.  If users took responsibility for their connections and had good firewalls, anti-virus and intelligent email practices then this problem probably wouldn't exist.
Re:heh... (Score:4, Funny)
Funny... (Score:4, Interesting)
I would say.... (Score:3, Insightful)
Re:I would say.... (Score:5, Interesting)
<tin-foil-hat>Does any part of AOLTW compete with DSL, like umm cable modems maybe? </tin-foil-hat>
Excellent point (Score:5, Informative)
I hadn't considered that, but they've got a $1 billion interest in just that area [theregister.co.uk].
Crackpot theories debunked... (Film at 11!) (Score:3, Interesting)
Here's the message it sends back as it appears in my mail server log:
00:08:31 5 SMTP-409(cs.com) Disconnect Received
00:08:31 5 SMTP-409(cs.com
bouncing mail to postmaster? (Score:5, Interesting)
dave
Re:bouncing mail to postmaster? (Score:5, Funny)
Not in our lifetimes
Re:bouncing mail to postmaster? (Score:5, Informative)
Re:bouncing mail to postmaster? (Score:5, Insightful)
Then it's time for it to get ugly. AOL breaks the protocol by issuing at 550 (not a 554) and not leaving the session open until timeout or client issues "QUIT" (you are allowd to say "553 Get bent" to every command issued, but you're not allowed to disconnect).
Let the blacklisting of AOL begin!
RFCs aside, though, they're blacklisting folks for getting an address assigned by a protocol. This is arbitrary and foolish. It also eliminates a lot of good mail.
I'll keep running my mail server, and AOL can keep ignoring me, but I'm going to start sending my friends and familly to AOL's competition, must as I hate to because that's mostly folks like MSN and the regional phone companies.
Re:bouncing mail to postmaster? (Score:5, Informative)
1. Mail bound for postmaster@aol.com is not accepted.
2. They issue a 550 response before the client has a chance to issue a greeting. There are two allowed responses at that point: 554 and 220. 550 is right out.
3. They disconnect before the client issues a "QUIT" command or times out. Also bogus.
AOL is playing a game of chicken here to see how much of the net will blacklist them for breaking the RFCs. Once they smell blood in the water because not enough sites care, they can pretty much start writing their own book....
Re:bouncing mail to postmaster? (Score:4, Interesting)
Correct, and what's more they issue that 550 ending with "550 Goodbye" and then a connection reset (TCP-"R") packet, which is also in violation of the RFC.
If you run SpamAssassin [spamassassin.org], I highly recommend adding:to your
It's not punative so much as showing them the right way to have solved this problem. Yes, AOL gets a lot of mail; yes, filtering spam out of it is hard; but if they simply weighted blacklists based on how accurate they are (as SA does) and then combined the results of several lists from dynips to rfci to relays with those weights, then they could make an accurate assessment, inform the sites that are blacklisted appropriately (in conformance with the RFC).
Ultimately, even after issuing that 554, if someone pushes on with a "RCPT To: postmaster@aol.com", they should accept it so that the site has a usable route for delivering mail to assert that the problem has been solved, but that would be a rare occurance if the lists were public and used/maintained correctly.
Bah.
No problem (Score:5, Interesting)
I can't very well block them further than I already do, in other words.
Re:No problem (Score:5, Informative)
I've had a few, but in the main, you are correct in saying not much spam comes from aol.com. However, an awful lot of spam *claims* to come from aol.com, even when it actually originates in China, Korea, or some spamhaus in the USA/EU. For this reason refusing mail from aol.com and others may give exceedingly good results with low enough colateral damage to be bearable for some home mail server operators.
No, you did not (Score:5, Informative)
What is possible to do to forge a 'from' address in an email header. Look again at the emails you have in your spam bucket and look at the recived-from: header. I'll bet you $100 they didn't come from anywhere with a '.yahoo.com' at the end.
Comment removed (Score:5, Funny)
Re:No problem (Score:3, Informative)
Re:No problem (Score:3, Insightful)
Your Mom (Score:5, Funny)
In other news (Score:5, Funny)
any mail from Florida, due to the large number of mail-order scams
originating from that state.
Privatized mail (Score:5, Insightful)
any mail from Florida, due to the large number of mail-order scams originating from that state
Don't laugh too hard on that one, there are schemes in place of trying to privatize and eliminate the whole of the US mail system including first class postage. While it might be neat to have all your mail sent by one company like UPS and while the post office does need to get its act together ASAP, my concern is that rural areas would by stuck with only one greedy private company as their only means of communication (thus making it expensive to send or recieve mail at all). Remember, the postal system in the US is a time-honored tradition that has been the envy and model for the rest of the planet. It is also in good working order, thus if AOL chooses not to accept e-mail anymore, why not just bombard them with snail mail? We could also return their bloody disks right back to them while we're at it. Maybe after they get several hundred thousand they'll get the hint.
And if you think the AOL-Time-Warner lawyers will allow their most lucrative domain to be taken from them then I have to disagree. I figure they've already got a loophole in the fine print somewhere that is as easily exploited as the pictures of children for those old Sally Struthers commercials (the ones where the kids keep starving but she kept growing). There hsa to be some reason behind this that is not yet shared, hopefully their decision has a more rational basis than some of the arguments for privatizing the US postal system.
Re:Privatized mail (Score:5, Insightful)
Re:Privatized mail (Score:5, Interesting)
I used to like the USPS, then I moved someplace that isn't served by the USPS. While I live in a somewhat rural environment, my town has over 5000 residents, but only 1 part-time mail carrier (and no plans to *ever* get another according to the local postmaster), so if you aren't on the one street that's on the route, you don't get mail. They canceled rural route service years ago. And they ran out of PO boxes back in 2000, and again, they don't plan on ever getting any more of them. And they think there is nothing wrong...
On a related note, I hate businesses that can't understand that my PO Box is my *only* USPS-servicable address, businesses that insist on sending correspondence to my shipping address instead of my billing address, and rebates that don't accept PO Boxes.
Re:Privatized mail (Score:5, Insightful)
According to the constitution, by law Congress must provide a postal system. Short of a constitutional ademendment, they are just a lawsuit away from any "reform" ideas being thrown out.
And frankly our postal system is a bargain. Try sending 2 oz letter 3500 miles for $0.36 in any other country in the world.
Now if you only had a telephone and a broadband service like that...
Re:Privatized mail (Score:3, Informative)
48 cents in Canada, which is about 31 US cents at current exchange rates.
Try again.
Re:Privatized mail (Score:3, Insightful)
I assume that joke here is that there are hardly any other countries in the world which have 3500 miles for a letter to go. Even if the mail in, say, Japan were free, you still couldn't send a letter 3500 miles. I guess nobody got it.
Re:Privatized mail (Score:3, Insightful)
Because it's losing money [usps.com]. They lost quite a bit [schooldata.com] last year.
Also, if you've ever waited in line at a post office, you know that some aspects of their service are not exactly the model of efficiency.
Eathlink does this too. (Score:5, Interesting)
Both AOL and Earthlink have TONS of subscribers.
If they both decide to carry on doing this, there is nothing you can do about it.
Truth is, SMTP sucks. They are only doing this because of all the spam. Yes they are violating RFC's. Too bad...
--jeff++
Re:Eathlink does this too. (Score:5, Insightful)
The fact is, SMTP is based on the flawed assumptions that every e-mail sent is one that the recipient wants to see because nobody would ever spam, and that there's no harm in letting the message travel unencrypted because nobody would ever snoop.
It's time for reform in the overall e-mail system, the only problem is that there's a huge installed user base that'd be forced to upgrade in order for a new e-mail protocol to work. It's gonna take something silly like this to get out of hand for that to happen.
Re:Eathlink does this too. (Score:4, Insightful)
You don't need a new protocol. The one we have will work fine.
What people need to do is stop trusting every email connection that's made, and instead insist that every email connection comes from a listed MX.
This is easy to do: check the MXes for the domain listed in the SMTP "MAIL FROM" command (not to be confused with the "From:" header in the email message itself) and reject the connection if the IP address of the connection doesn't match one of the listed MXes for the domain. If you want to send email from a system that isn't a real MX, list it as a low priority one and block incoming SMTP traffic to that box (something anyone with any brains will be doing anyway), so that all incoming email goes only to the MXes that can handle incoming email.
End result: it forces spammers to buy a domain (that won't last very long since it'll be blacklisted immediately if it starts sending spam), makes it easy to create useful blacklists that work, and ultimately significantly increases the costs of spamming. And finally provides a way of reliably ignoring open relays (because you can blacklist the domain associated with the open relay).
And all of this can be done now, with no changes to SMTP required at all.
So why are we all sitting around on our asses complaining about spam when a viable solution already exists?
Re:Eathlink does this too. (Score:5, Insightful)
Which in itself is an RFC violation.
Give me a Visa card with a $2000 limit and I can own about 200 domains inside of 24 hours. Considering SPAMmers are purchasing $750k houses with the proceeds from their efforts, I'd say that's not a huge problem.
Now consider what happens when SPAMmers start routinely issuing "MAIL FROM: <kcbrown@sysexperts.com>"
Oh, wait, they already do that, and implementations like you suggest would only re-double their efforts. I'd rather not find myself at the wraith of people who have the capabilities to send 10 billion messages/month in my name, thanks.
Re:Eathlink does this too. (Score:3, Insightful)
The doamins aren't their only expense. Now they also have to pay for their own hosting as well, as well as for the DNS servers that will be authoritative for their domains. They won't be able to make nearly as much use of open relays because the domains associated with any open relays will b
Re:Eathlink does this too. (Score:4, Insightful)
> connection doesn't match one of the listed MXes
> for the domain
Wrong assumption: incoming SMTP server = outgoing SMTP server. Many large and small organizations use different machines to recieve and send mail via SMTP. In other words, you'll end up rejecting a huge (50-80?) percentage of legitimate mail.
Re:Eathlink does this too. (Score:3, Interesting)
The receiving side would probably be the easiest - the destinati
AOL isn't the only one. (Score:5, Interesting)
If you want to send mail... (Score:5, Funny)
Hermm....
Re:If you want to send mail... (Score:5, Insightful)
What about game servers - I can't host a match of Age Of Kings for my friends?
So, really, those TOS are a joke. A bit OT, all of this, I guess.
this isn't new (Score:5, Interesting)
It's their network. (Score:5, Insightful)
Like all other spam blocking attempts, there will be collateral damage. They try to keep their customers happy, and the market decides if they succeeded.
Re:It's their network. (Score:5, Insightful)
You don't know you haven't got what you didn't get.
Only dynamically assigned IP addresses (Score:3, Interesting)
Re:Only dynamically assigned IP addresses (Score:3, Interesting)
I have a 'business' dsl package. My IPs are static to my account, but they are assigned dynamically to the router. Will AOL know the difference between my email server, and some dhcp dsl users? Doubtful.
Good move (Score:5, Informative)
-adnans
Re:Good move (Score:3, Insightful)
Re:Good move (Score:4, Informative)
Of course, if you mean you didn't read your TOS and only THINK you are playing just for connectivity, then never mind.
Re:Good move (Score:5, Interesting)
Re:Good move (Score:5, Informative)
SoupIsGood Food
Re:Good move (Score:3, Insightful)
No to mention, that many ISPs don't allow FROM field to contain domain names different from their own.
AOL's "solution" is an ugly patch that does't resolve the problem, neither does sending mail through ISP.
Re:Good move (Score:5, Insightful)
There's no RFC that says you have to accept mail from *everyone*. You're free to bounce mail to whomever you like.
As to why this is an effective technique:
1) Most of these "home servers" don't have a PTR record at all.
2) Those that do, almost NEVER have one pointing to the domain they claim to be recieving for.
3) All these residential users should be using their ISP as a relay. That's what the ISP is there for.
4) Since there's no reason for them to need to send it out *not* through the ISP as a relay host, the majority of these users are spammers or just ignorant. In the first case, it's good to block them. In the second, maybe they will get a clue.
I'm generally against crippling services on the ISP end, but I've even thought that maybe it's high time that ISPs do what AOL does, and block outbound port 25. Incomming is another story, but as the parent and I have pointed out- the residential users should be using their ISP's mail servers as relay hosts.
- Serge Wroclawski
Re:Good move (Score:4, Interesting)
I also cannot switch providers because my provider has a local broadband monopoly.
I am neither ignorant or a spammer. I simply would like to have a server that is predictible.
Re:Good move (Score:4, Informative)
I have Verizon DSL. Their relay won't let me send mail with any return address other than @verizon.net. That's completely useless, so I don't use it. Are you honestly saying that all broadband customers should restrict their email addresses to those assigned by their bandwidth providers?
Re:Good move (Score:3, Informative)
True. In fact, Verizon requires that you both use a From address for a domain that they host (such as bellatlantic.net or verizon.net, or a domain you pay them to host) and authenticate with their outgoing relay.
However, for what it's worth, you can put whatever you want as a Reply-To.
Re:Good move (Score:4, Insightful)
I have several customers who have Verizon DSL, but have domains hosted elsewhere, with mail hosted elsewhere, without authenticated SMTP relay. I would imagine, while certianly doing this to decrease their spam problem, that there's some sort of collusion (spoken or unspoken) industry wide to try and force ISP customers to use their bandwidth provider's services, hence making them more money.
Re:Good move (Score:4, Informative)
2) Those that do, almost NEVER have one pointing to the domain they claim to be recieving for.
Maybe because that would cost me even more money, and I don't see the need to pay for that, when all I really need is a static IP. If you want to pay for it, though, drop me an email (if you can).
3) All these residential users should be using their ISP as a relay. That's what the ISP is there for.
Except I have to pay for this service too. If I want to host my own domain, I can do it with Linux and an MTA. I don't need to rely on Pacific Bell, and more importantly I don't need to pay them extra for a service I can provide on my own.
4) Since there's no reason for them to need to send it out *not* through the ISP as a relay host, the majority of these users are spammers or just ignorant. In the first case, it's good to block them. In the second, maybe they will get a clue.
Pacific Bell's mail servers have been blacklisted in the past, thanks to these spammers. My IP, however, has never been blacklisted. If I tried to relay out through my ISP's SMTP server, I would have a hard time delivering my email.
I agree with your points, but in reality it is a flawed plan. All it takes is one spammer to get an ISP's mail server blacklisted (and I think we all know how quickly the ISPs react to get themselves removed from the lists). At least with my DSL line, as long as I am (apparently now it's "was") a good citizen, I could send mail to whomever I wanted.
If it comes down to me relaying through my ISP, I'll probably bounce through the server at work. Unfortunately, not everyone has that option.
Re:Good move (Score:4, Insightful)
Right, I'll bite.
Let's pretend I am an idiot who has a cable modem. And let's pretend that said cable modem issues an IP within the verboten rage. And now let's pretend that I have my own email domain completely unrelated to that of my ISP's, and that I use sendmail to send mail out.
With me so far?
Now, let's pretend that said ISP has implemented authentication requirements -- in other words, I must identify myself with a SMTP AUTH username and password before my ISP's server will accept my outbound mail.
So. How do I configure my sendmail so that it uses my ISP's server as a relay (SMARTHOST definition) but feeds it the magic username and password first?...
Any ideas?
No, it's NOT a good move, censors lists and boards (Score:5, Informative)
If I did that, I'd be accused of spamming by my ISP, since I run a VERY high volume mailing list. We have approximately 12 lists; the bigest list has 1,500 subscribers and gets about 100 emails a DAY. We have another major list that's about 500 people and similar volume.
About 90% of incoming SPAM on my box originates from Windows boxes on DSL lines with open relays.
99% of MY spam comes from chinese and eastern european ISPs that don't give a crap what people do with their internet connections. The solution is not blacklisting DSL and cable connections(because, among other things, it's not easy to switch, unlike dialup.) The solution is cutting off bad ISPs from backbones...but that's not likely to happen any time soon, because the backbone providers don't give a crap- every packet is money in their pocket, regardless of what kind of packet it is.
And guess what? If you are getting lots of spam from DSL/Cable users, it's really easy to solve. Report it. If there's a report of spam, the ISP disconnects the customer until they fix it. Imagine how fast people will learn to keep their machine clean if their internet connection goes down. ISPs will whine about the work, but, gee, that's like the gas station attendant whining about having to give directions to people all the time. Comes with the territory, bub.
It's ignorant people like you(who think "since -I- don't need to send mail directly, neither does anyone else!") that cause people like me grief.
We get next to NO money from subscribers to pay for costs- $5 donations here and there. DSL and Cable offer a nice, cheap way to host a mailing list, or a webboard; we don't use very much bandwidth at all, and occasional hiccups aren't a problem, especially given the design of SMTP; if at first you don't succeed, try, try, again. Commercial DSL is just less down bandwidth, slightly more up bandwidth, a 'real' static IP instead of a DHCP-assigned address that basically never changes...and a HELL of a lot more expensive. Oh, and instead of telling you to go screw yourself when you scream at them for your line being down, they -politely- tell you there's nothing they can do(and, by the way, -please- go screw yourself.)
Luckily, we're sucking bandwidth off a hosting company that has graciously allowed the box to sit off their network- but if they tank, we'll be screwed- commercial hosting runs about $90+ or more, and our box isn't rackmountable, so there's another $25-50/mo.
Slowly but surely, the media companies are doing their best to squeeze out other sources of competition- the little guys. Check your Terms of Service/Acceptable Use Policy. My home connection(ATTBI, now Comcast) has banned "messageboards and mailing lists" for years, along with FTP, web, mail, IRC...and specifically states it's an "entertainment service", and I am a "consumer" of that service- ie, sit down, shut up, and be a good little consumer of mass web media. How dare you produce your OWN media...
Terrible Move (Score:3, Insightful)
The only reasons you should be using some other server to transmit your mail instead of doing it yourself are
Noticed this earlier (Score:5, Informative)
This link [aol.com] is the general site for AOL's mail issues.
This link [aol.com] is the FAQ that contains some error messages.
This link [aol.com] is to their daemon section that lists error/rejection messages when connecting to their mail daemon.
For those who do not wish to risk goatse.cx links, this is the message one gets when trying to connect from a residential block:
550 - The IP address you're using to connect to AOL is either open to the free relaying of e-mail, is serving as an open proxy, or is a dynamic (residential) IP address. AOL cannot accept further e-mail transactions from your server until either your server is closed to free relaying/proxy, or your ISP removes your IP address from their list of dynamic IP addresses. For additional information, please visit http://postmaster.info.aol.com.
Me too, why this is so evil. (Score:5, Insightful)
We must fight this in order to presever open communications on the internet. It won't reduce spam, it will simply provide exclusive franchises for email to larger ISPs and they certianly will fill your box with lots of adverts. Next they will close down other services, such as web and chat sites. Service, concentrated in a few careless hands, will be very poor and all of us will suffer. Be very afraid.
Here's the chain of events:
Notice that most of this has already happened. The No Electronic Theft Act and other cable laws already make it against the law to violate your user agreement to "obtain services without authorization". The baby bells are hard at work trying to extend such laws to their own networks. Oh yeah, AOL has already cut off peerage to smaller ISPs. If that's not an effective block on email, I'm not sure what is.
Once enough power is concentrated, the internet as we know and think of it, open to all, will go down the memory hole. Even the memory of it will be erased. It will look more like TV or the Post Office. Ppeople will be taught to be thankful for all the garbage that gets pushed on them and that nothing could be better.
It's not hard to run a mail server. Reasonable software like that provided by Debian comes configured well and has easy to understand set up and configuration files. Run one today and tell your friends. Performance is awsome and this justifies the effort even if your crapy provider blocks incomming mail requests. Tell your service provider that they should change their terms to allow it.
Oh yeah, there's something else to do. I killed my 8 year old AOL account and sent the $10 a month to the free software foundation. Build a wireless node.
"Residential" DSL meaning what, exactly? (Score:5, Interesting)
I use SpeakEasy DSL via Covad. This service is technically residential, because my servers are sitting in my house. But I have a legitimate domain, and static IPs on my servers. However, reverse DNS lookups return "dslwww-xxx-yyy-zzz.phl.yadayadayada," NOT my registered domain name.
I just successfully sent myself a test message from my domain mail to my AOL account, so I'm not being blocked yet. I guess I'll start sending a test message once or twice a day to make sure it still works, until AOL clarifies their policy. And if I do get blocked, there's gonna be some hell raised about it. My servers are locked down tight and laways have been. Shutting out all DSL-hosted mailservers to keep out spam is like burning your house down to keep it from being burglarized.
~Philly
Re:"Residential" DSL meaning what, exactly? (Score:3, Informative)
Now as to why people with dynamic IP's are responcible for a VAST ammount of spam (per my spamfilters and thats for over a quarter million domains and no I dont have pr
This didn't start April 10th ... (Score:4, Informative)
The original message was received at Thu, 27 Mar 2003 13:35:36 -0600
from dougmc@localhost
----- Transcript of session follows -----
550-The IP address you're using to connect to AOL is either open to the
550-free relaying of e-mail, is serving as an open proxy, or is a dynamic
550-(residential) IP address. AOL cannot accept further e-mail
550-transactions from your server until either your server is closed to free
550-relaying/proxy, or your ISP removes your IP address from their list of
550-dynamic IP addresses. For additional information, please visit
550 http://postmaster.info.aol.com.
I have a great idea for AOL! (Score:3, Funny)
Re:I have a great idea for AOL! (Score:3, Informative)
Read about The September that never ended [astrian.net] !
Ramblings on a Pseudo-Internet-Network (Score:3, Interesting)
I have a fairly nasty conspiracy theory on why AOL and Comcast are cooperating on this. By shutting out the innovative do-it-yourselfers on the Internet from their network, they squelch potential competition from their "value-added" services.
The next step might be to block web servers that don't originate from big corporate server farms. After all, who knows what could be on those independent things but kiddy porn and terrorist training instructions?
The irony is that the great mass of obtrusive commercialism on the Internet originates on the corporate, big-player side. AOL was the innovator in turning the WWW into a virtual shopping mall.
You would like to think, however that this will backfire on them, as customers look to alternatives to their increasingly sanitized pseudo-Internet network.
And how does one fool their IP filters anyway? It makes one want to "spam" everyone of AOL's customers with a protected-from-legal-prohibition-because-it-is-no
Open Proxy Madness (Score:4, Informative)
The latest spammer tactic is not to seek out open relays, but open windows proxies, and from there they can initial outbound SMTP connections to legit SMTP servers and send spam.
Already a large number of dialup providers will only allow you to send through their mail server, and a larger number of ISPs user the DUN RBL to block email directly from dialup pools.
This is just more of the same. Your ISP should provide you with SMTP service, use them as a smart host even if you're running your own SMTP server, so it'll offload the requeing/etc from your box to theirs.
DSL and Cable are the new dialup, and should be treated as such, a place where the majority of the customers are clueless idiots who ruin the party for the smart people.
Several ISPs are starting to scan mail servers sending them mail for open proxy/open relay before accepting the mails, expect to see this practive and AOL's solution spread to most ISPs in the near future.
If you want to run a real mail server, perhaps you should get a real internet conenction, like Colocation or T1.
Trivial fix (Score:5, Informative)
Re:Trivial fix (Score:3, Informative)
http://www.sendmail.org/~ca/email/sm-812.html#812A   UTH [sendmail.org]
you put this in your access map: "AuthInfo:smtp.server.of.your.isp "U:foo" "I:foo" "P:bar"" although you might need to know realms and/or mechanisms, too.
next time, at least check to see if it's an easy answer before you get belligerent and sarcastic.
Admins with users can't ban AOL (Score:3, Insightful)
A year or two ago, I had AOL trouble with my free colocated server. The people who gave me the server were using IP addresses from a T1 line that they bought from a cable modem company. It wasn't on a net connected via a cable modem, but it was part of the cable modem company's block.
So AOL just silently deleted my messages. It's very frustrating, they don't tell you anything, you can't find documentation, no one will answer an email, etc.
It would be nice, at least for the first few days after they start the policy, to bounce messages with some sort of explanation, rather than just tossing them out.
I don't really have a problem with them trying to block spam -- I had access to a bigger, upstream SMTP server, so I could relay -- but it sucks that they don't tell anyone what's going on.
At the very least an AOL mail admin could post something on a mail admin's email list, so that a google search would turn up the answer. What would that take, five minutes?
Umm.. (Score:4, Funny)
Mexico (Score:3, Interesting)
So far, the option we've been using for our customers is configuring a local SMTP server which then delivers directly to destination. We use Linux for this, and configure it so that it only allows incoming SMTP from the local network.
Recently, however, customers started reporting lots of bounced messages. Further diagnostics indicate several large mail providers are now blocking SMTP connections from dynamically assigned DSL IP addresses. I personally checked this happening with yahoo, AOL and Earthlink.
It sucks that the Internet is becoming such a hostile place; I think of those quiet towns where everybody can leave their doors unlocked at night. Now it's become like any large city where doing such a thing is equivalent to giving away all your belongings. It also sucks that Prodigy (and, doubtless, other ISPs worldwide) won't let customers use their SMTP servers; this is, after all, a service I'm paying for. Fairly, we should get a discount for NOT using their servers, given that they're completely useless for our configuration.
For now, the solution we've devised is using SMTP AUTH to let the customers' email be sent using our own SMTP server, which normally won't allow SMTP relaying from addresses outside our own IP network. However this feels like a hack and puts additional configuration burden on us.
Is spam the ultimate cause for all this hostility on the net? maybe so. And if that's the case, here's another reason why perhaps the next war we see should be the one against spammers.
You want these rights for *YOUR* MTA, right? (Score:5, Informative)
It can be used in ways you like (refusing emails from Verizon's corporate HQ because they refuse to kick their spammers) or in ways you don't like (making it more difficult to send outgoing mail), but I don't see how you can reasonably kick and scream against one and not the other.
Actually, several providers have been refusing email from dial-up pools for a year or more, which is what caused me to decide that I would need to send outbound email through my ISP. IIRC, attbi refused email from my server on my ISDN line over a year ago.
The solution isn't difficult - go dig around on your ISP's website (or call them) and figure out the mailserver that you'd be using if you WEREN'T running your own MTA. Set your mail server to relay outbound emails through them. (See your man pages - it isn't difficult.) There's NO way your ISP's mailserver is going to refuse to accept your email, since if they did, no one not running an MTA could get email out. Sure, you'll have an extra line of headers in your outbound email, but it doesn't seem like such a big deal. Was the location of your mail server a secret anyway?
Of course, if your ISP is a notorious hoster of spammers, you're going to need to find a new ISP. You didn't really want to support those spammers anyway, did you?
AOL's triage spam solution: block email from DSL (Score:5, Insightful)
I run my own mail server on a "business DSL" connection with a static IP address, but it runs to my home and I doubt there is any genuine distinction between "residential" and "business" DSL lines. I run my own server, of course, so that I can have a fairly powerful set of spam filters at the server side, in addition to a complex set of client-side spam filters -- all because I receive hundreds of spam emails per day, including dozens that I can identify as coming from AOL-owned servers.
I assume that AOL has only disabled receipt of email from DSL lines, and continues to send its customers' spam to folks like me. It's hard to know, since my filters already reject more than 98% of incoming email delivery attempts.
Let's at least try to be fair to AOL: they are just like the rest of us, forced to seek out triage solutions to the increasingly aggressive strategies used by spammers. Until a new structure is widely adopted for exchange of email (something that allows for true source verification and financial compensation for abuse), triage is the only solution that will work. Hence I block nearly all email from earthlink servers and customers, as well as juno.com and HUNDREDs of other domain names and IP addresses.
Use your upstream ISP (Score:3, Interesting)
This way, you can still send mail, and ISP's don't have to police all of their users to ensure that they aren't running open relays.
Doesn't bother me (Score:3, Flamebait)
If you have to send mail from a DSL account, use your ISP SMTP server. That's what it's there for. Having said that, I am a DSL user who uses his own SMTP server (mainly for spam filtering which I think I can do better than my ISP)- but if I am forced to use my ISP's smtp server to help lessen the burden of SPAM, I don't have a problem with that.
For another way to fight spam, which I read on the Mimedefang mailing list, how about setting up a way for domain admins to specify valid smtp servers for a domain. Then when mail comes in from, for example, yahoo.com, your mail server can query yahoo.com for the list, and if the originating server isn't on it, then the mail isn't accepted.
Average /. AOL reply (Score:3, Funny)
1. Start off by naming the previous number of times AOL has done something you dislike, noting that this particular incident is "the worst yet."
2. State your greivances about the topic. Explain, in near-irrevelant detail, how this will negatively effect you and others.
3. Throw random arguments in about how non-AOL services are far superior to AOL services.
4. Also imply that anyone who still uses AOL must be of inferior intellect that yourself.
5. Notate the sudden revelation that you don't use the services of AOL (in fact, can't recall any time at which you did use AOL) and, if you did, you and anyone else using AOL probably deserves the a forehand mentioned greviance and whatever similar issues they get.
6. Close with witty remark about poor service and/or "AOHell" reference and offer cliche signature of either "Step 1. AOL reference, Step 2. (blank), 3. Profit!" or "All your base..." adaption.
IN RUSSIA, AVERAGE AOL REPLY WRITES YOU!
What a Terrific Idea... (Score:5, Interesting)
Yeah...because when a big corporation does something wrong, we should exact revenge upon all of its customers.
That's very mature. Particularly in the case of AOL, which services the vast majority of under-educated internet users. You'll fuck up all of their personal email communications, and they won't have the first clue why.
Brilliant solution.
crib
Re:What a Terrific Idea... (Score:5, Insightful)
Actually, we should; it's called putting pressure on the corporation. If we were to pressure the corp, then they'll give in if enough users are f-ed up.
Blocking Mail Servers that don't have Reverse DNS (Score:3, Insightful)
This issue is somewhat related, and is just another part of the big issue of preventing users from setting up their own services upon their Internet connections. If you can't send an receive any data that you want, it's not true Internet access. Now, I am not talking about setting up a mail server at work behind the corporate firewall, or on the college LAN. I am talking about the DSL line that I pay $55 to $150 a month for.
Recently I put up a personal mail server off of my DSL line. It uses Courier for the MTA. I am able to send and receive mail to most hosts on the internet, but a few will not accept messages from my mail server. I was curious as to why, so I did an investigation.
It turns out that these mail servers check reverse DNS for the IP address that I am using for a mail server. Doing a forward DNS check would be just fine, but a reverse DNS check? It does not stop spam, and worse, it blocks legitimate mail servers.
My ISP is pretty stupid on the technical wise. They use EIGRP as their IGP and they leave their customers on a live EIGRP enabled interface. I could inject routes into their IGP if I wanted to. Most of their Cisco routers also have HTTP and finger enabled. They definitely don't do anything about reverse DNS. There is no way that I can register my mail server (mail.opendreams.net) with the IP that I use (66.192.31.140).
The mail servers that I have so far discovered block mail from me include;
The University of Central Florida, @pegasus.cc.ucf.edu, pegasus.cc.ucf.edu
Datanomix Inc, @datanomix.com, mail.datanomix.com
How did I find out? Here is an example of a telnet to port 25 that I did...
user@sorrows-->telnet pegasus.cc.ucf.edu 25
Trying 132.170.240.30...
Connected to Pegasus.cc.ucf.edu.
Escape character is '^]'.
EHLO mail.opendreams.net
450 Client host rejected: cannot find your hostname, [66.192.31.140]
QUIT
221 Bye
Connection closed by foreign host.
The mail server won't even talk to me.
Issues like this will make mail on the Internet no longer a sure thing. There will be mail routing and blocking issues all over, and you can't be sure that one mail server will talk to another. This is not acceptable.
I personally think that there needs to be U.S. Federal laws made to protect the rights of Internet users. The reason that I think that law is necessary is that there is no competition in many areas for internet access. If there was, I could just switch carriers, but I have no options.
Re:Blocking Mail Servers that don't have Reverse D (Score:3, Insightful)
The end of open SMTP, dawn of the whitelist era (Score:3, Interesting)
When you start blocking such a significant percentage of the world in a blanket measure, wouldn't it be simpler and more effective to screw tortuous blacklists and just implement a whitelisting procedure? I mean, if over half of all the e-mails businesses get aren't legitimate, why in the world are these businesses throwing money down the drain by continuing to pay for something that doesn't work over half the time?
IP+address whitelisting is really the only way to go if you want a useful messaging system based on SMTP anymore. That, or completely revert to instant messaging/private web boards. I'm sure some kind of system could be worked out to allow for simple temporary whitelisting which would let a user allow mail to himself from a certain address for 2 hours, or whatever the local admin defined as the maximum allowable time. Then, at the end of the day, if a user checked the box asking for this addresss/mail server IP combination to be put on the permanent whitelist, it gets sent with all the other such requests to an administrator who vets the list, then adds whatever addresses pass muster onto the permanent whitelist. You could add functionality that has tripwires if you start getting spam from that person...so many peices allowed before a warning, so many before removal from the whitelist for a week, then forever, etc... Yes, it places a demand on the mail administrator, but certainly no more of a demand than the running battle currently takes up.
Personally I have very little use for regular Internet e-mail. I use it occasionally, because you still need an official e-mail address for various registrations, and for reciepts for buying stuff online. For actually talking to people, I use AIM of whatever instant messaging system they may use. I've considered creating a new AIM identity just for clients to get in touch with me through, but there isn't much nuance in logging and most don't deliver messages recieved when you're not logged on.
I wish there was a way I could relegate Internet e-mail to the same status my mailbox has. Namely, flip through to see if there are any bills and dump everything else directly into the trash without bothering any further with it.
How about a new mail protocol? (Score:3, Interesting)
What's the feasibility of coming up with and implementing a brand new mail protocol -- one which somehow prevents (or at least extremely complicates) the transmission of bulk, unsolicited mail? On the server level, you could build in source address verification (so spammers couldn't disguise the source of the mail) and bandwidth limitations -- so for example, someone sending out 1000 emails could do so, but with a geometric lag for each mail they send. (Isn't this called a "tar pit"?)
In other words, since e-mail was invented in a time when spam didn't exist, it seems like we could improve upon the protocol considerably and make it harder for spammers to do their dirty work. Not being an SMTP expert, I don't know what this would require -- perhaps someone could fill me in?
I AM MAD AS HELL ABOUT THIS (Score:4, Funny)
This Explains (Score:3, Funny)
Spam Wars, Part III (Score:3, Funny)
Spam Wars, Part III
The AOL Empire is nearing completion on the Death CD. In alliance with the
other local Empires, they have conceived of a plan to end the mechanical menace
of millions of spambots spread thruout the galaxy, by cutting off transmission
between the bots, they hope to cut their communications and cripple them.
In other news, the Rebel Alliance commanders are furious."We use the same
channels! We must strike back!" Does this spell doom for the galaxy, or finally
freedom from the menace of the spambots? Tune in later for our special report.
Selective relaying with sendmail (Score:5, Informative)
My ISP has not shown that its servers are reliable. I like to be able to use mailq to see what's backed up. I'd also like to be able to use my own mailer's parameters for bounces. There's lots of reasons to prefer to use your own mailer instead of your ISP's, even if you technically could use your ISP's. But now, you'll want to relay through your ISP for all the mail that AOL won't accept, while sticking to your own SMTP services for everything else. That's what this document is for.
I encourage people to write corresponding documents for other MTAs. Also, some people can only send mail through their ISP with their ISP-assigned username. It's possible to configure sendmail to adapt AOL-bound mail to have the ISP-assigned sender. That is not discussed in this document; email me if you need it, and I'll write a followup post.
HOWTO: Configuring Sendmail to use your ISP's relay for AOL
This uses the sendmail mailertable feature. The mailertable feature allows you to specify the mailer and relay parameters for individual domains. That's exactly what we need here.
Remember that some ISPs may require you to use your ISP-assigned email address to relay through them. This won't help with that, but there's easy solutions for it. (This sort of thing is where Sendmail rocks.) Email me if you need it, and I'll post a followup.
For those of you who think this is okay . . (Score:3, Informative)
1) Although I've never used my ISP's mailservers for outgoing mail, my friends have -- and mail is constantly lost, or delivered hours late.
2) Likewise, my ISP's incoming mail servers are frequently down, losing mail, and full of spam (the address was either harvested or sold, I don't know which. I have evidence of it, but that's another thread). A couple of my own local accounts suffer from spam as well, but I managed to install Spamassassin, which must be too difficult for my ISP.
3) Privacy is a concern with me, and I'd prefer to handle mail transactions myself.
4) I like the reassurance of looking through my Sendmail logs, knowing that an important message was delivered, and if it wasn't, the reason why.
5) Although this is unrelated, my friends often complain of outages when my service is fine. The reason? My ISP's DNS servers are constantly screwed up, yet I run my own.
6) I run majodomo to host a small mailing list of 20 of so members (that moves perhaps 500 messages a month); that's not enough traffic to justify having it hosted somewhere else, and Yahoogroups butchers messages with advertisements. Luckily none of its members use AOL.
7) I check my mail logs often (to make sure nothing unordinary is going on), and do not allow relaying.
Many of us run mail servers simply because our ISPs are unreliable. Many ISPs can't even host a measly 5mb of web space adequately, so I feel weary letting them handle important E-Mails. I wish Speakeasy was available in my area, it would be a no-brainer switch.
You've probably heard the saying, "tolerating excesses in order to preserve freedoms." Well, Spam is an excess -- a very horrible excess. At the same time, enough people use home mail servers for justifiable reasons that outlawing them, or blocking mail from them isn't a logical decision.
And besides, there's other [apple.com] ways to prevent spam [spamassassin.org] without making anyone unhappy. Spamassassin, once configured correctly, nails just about all spam. My university filters spam on my POP account, and I receive maybe one (if that) a month; couple that with Mail App's built in filtering and I haven't actually seen a Spam message in months. The best way to get rid of spammers is to implement solutions that make their efforts ineffective on ANY level, not just by killing off one of their hundreds of other options (AOL's method).
More reasons why this is necessary: (Score:4, Informative)
Not that anyone will see this, as it's on the second page of comments...
A massive percentage of spam (well over 50%) comes from compromised windows boxes running either trojan software to open ports for spammers to proxy through, software like AnalogX that does the same, or just users who somehow manage to set up a proxy that's open to the world. There's also a big problem with a LOT of the DSL hardware on the market, that allows people to proxy through it transparently, via use of a security hole. Check Bugtraq if you want to find details.
These broadband connections are where the spammers are headed for anonymity. Yeah, sure, there's still a bunch of big-time professional spammers out there who spam away from their often-moving netblocks. That bunch isn't so hard to keep up with.
There's also the problem of Klez and other SMTP aware worms that busily want to send you lots of infected mail. Sure, *nix users don't really care about that, but companies like AOL, with a crapload of less-than-savvy users have to.
It's been this way for 56k dialups for about 3 years or so... but the noise about that only lasted a few weeks, much like this will. If your DSL company can't support your needs, vote with your feet! Switch your service to one that can. If Verizon can offer you service, you can pretty much bet that Covad can too.
(shameless plug: Check out lmi.net for that stuff.. small companies make for better service, and if you need the medium-sized company feel, go with Speakeasy.)
So what if you have a contract... if they can't get your mail to AOL with the right domain, it sounds like grounds to break it to me. =)
Re:what a buncha crap (Score:3, Insightful)
But representative of the masses. Most people don't care about anything but Web access and email -- and the more this happens, the more the Internet heads in that direction, regardless of how much we dislike it.
It may be pitiful -- but it's probably indicative of the future. Already, extensive random firewalling has made HTTP one of the few mechanisms that can be relied on to work in all environments.
Sigh.
Re:About Time (Score:5, Insightful)
50% of the spam I receives has an odd number of letters in the domain name,
but I wouldn't consider filtering based on that.
A 70% false negative rate is pretty meaningless without knowing the false positive rate as well.
What percentage of your non-spam email comes from dsl ip's?
Sounds like a load of claptrap to me.
Care to cite an RFC that suggests such a thing?
How about a good network reason why email should be relayed instead of sent directly?
-- this is not a
Re:About Time (Score:3, Interesting)
What percentage of your non-spam email comes from dsl ip's?
It's actually a pretty high rate of ham (as the SpamAssassin project folks call it) that comes from such addresses. My mail all originates from such an address, and I know several others for whom this is true. The flawed logic of "source x produces much spam, thus eliminating source x will make my life better" has many logical holes in it, as you point
Re:About Time (Score:4, Interesting)
Yet another reason to choose Speakeasy. I have a static IP and I am not blocked by AOL (already tried).
Re:About Time (Score:3, Informative)
Well, now you do, anyway.
- A.P.
Re:About Time (Score:4, Insightful)
Never tried to announce a new baby to more than 10 people?
Never sent out "I'm moving, my new snail mail address is..."?
I guess if you don't have more than 10 friends, you'd never need to bcc more than 10 people. But if that's the case, I feel sorry for you.
Re:ummmm... (Score:5, Informative)
Re:This is a good thing (Score:5, Insightful)
But having your own SMTP server doesn't provide any functionality that you can't get from Comcast at base price anyway.
Actually, it provides three bits of functionality:
This move by AOL is a good thing.
No, actually, it's a fucking bad thing. But you won't realize it until the day that you want to send your friend on MSN email but can't, and neither of you can talk to your parents who are on AOLMail, both of which are playing games to close their protocols to make sure that GnuMail can't play.
Providing an open replacement for SMTP that has the authentication and accountability that SMTP is sorely lacking would be a good thing. Segregating the Internet address space into ghettoes is not.
Re:Say what? (Score:3, Insightful)
If you could, MS would've been out of business a long time ago.
And blocking AOL is a way to get them to realize that they're being dumb about it. Their customers will soon realize "hey, I can't get mail from or to anywhere... wtf?" and switch to an ISP (AOL is *NOT* an ISP.)