Dealing with False AOL Spam Reports? 371
aohell-guy asks: "I handle the mail servers for a business that has 20% of our members using AOL. We regularly send out email that our members have agreed to receive. In AOL 8.0, it was possible to click a single message and report it as spam. You would be prompted to confirm the spam report, although no details explaining what happens with the report are given to the user. Through AOL's Postmaster site, it is possible to get in on the spam 'Feedback Loop,' where AOL will send you the spam reports it receives for mail sent from your servers. When you receive a report, you are supposed to immediately cease the sending of email to that AOL address. The only problem is, we have found that most of the time the AOL users are reporting our email as spam on accident! These complaints can negatively impact your ability to send email to AOL members. How are you handling the false reports?"
"In version 9.0, AOL made two incredibly stupid mistakes which make false positive spam reports skyrocket. First is they now allow their users to select multiple messages at once and report them all as spam. Second, when you hit the spam report button (which is located DIRECTLY next to the delete button), it IMMEDIATELY files the spam report -- there is no confirmation required. Sure, the AOL user can see they made a mistake and move your email back out of their spam folder...but the report is still filed against your server. Rack up enough of these reports, and you will not be able to send mail to AOL. We have had plenty of complaints come in, and we delete their accounts as they do -- except with our paying members. We ask them if they really want to cancel? In ALL cases but one, we have received replies stating it was an accident.
We have spoken to people within AOL that deal with the mail. (Amazingly, it is not too hard to speak with them if you are a business sending email to AOL users.) The ones we've spoken to are not happy with these changes in AOL 9.0, and admit they result in many false positives.
If you are sending a lot of email to AOL users, you will want to get in on their feedback loop ASAP, and also look into getting on AOL's 'whitelist,' which ensures that your mail will not be silently filtered into the bit bucket, as long as you keep your mail bounces and spam reports (ahem!) at a low level."
You asked.... (Score:5, Informative)
I think you've done all you can. I would even go so far as to say that you've answered your own question. Call AOL, make sure they know you're legit, and wait for the next version of AOL to fix what turned out to be a bad design choice. In the meantime, maybe add a note to one of your mailings suggesting that they make sure to be careful about that. It's not like you can do anything else.
DoggRe:Whaaaat? Cluesless AOL users? (Score:4, Informative)
Re:On accident? (Score:5, Informative)
We have had plenty of complaints come in, and we delete their accounts as they do -- except with our paying members. We ask them if they really want to cancel? In ALL cases but one, we have received replies stating it was an accident.
Or are you using AOL 9.0 and accidentally clicked the submit button before reading the full text of the post?
Hey retard (Score:4, Informative)
Re:solution (Score:2, Informative)
Maybe you meant
Issues with AOL and email (Score:3, Informative)
The result: our server was blocked as a spam relay.
AOL helped correct this quickly, but when I emailed the customer to let him know what happened he flagged my emails as spam and our servers were blocked again!
Our customer wasn't returning calls so I disabled his account. After that he was very willing to contact me to speak about things
The answer is to NOT deal with AOL (Score:1, Informative)
Some key areas that AOL differs from an ISP include:
- an ISP will look up in whois a technical contact to send a SPAM report to
- AOL ignores the whois database and requires the user to subscribe to AOL's "postmaster" site
- ISPs will take reports that go to either postmaster@ISP or abuse@ISP seriously
- AOL ignores email to postmaster@aol.com and abuse@aol.com in favor of a non-standard tosemail1
- If an ISP continues to be issuing SPAM, they will usually be willing to discuss the problem by phone with the reciever of the SPAM
- AOL will only discuss issues with the reciever of SPAM if they have an AOL screen name
- ISPs consider it a problem if they are sending SPAM just as much as it is a problem if they are recieving SPAM
- AOL does not consider it their problem when they issue SPAM but do complain that recieving SPAM is costing them alot of money
- ISPs will usually require account holders to provide credit card information or some other form of information making them aware of who you are and that they haven't already had problems with you
- AOL prides itself on providing throw away accounts with lot of free hours and no longer require a credit card
The bottom line is that AOL is a safe haven for SPAM to be issued from but AOL is quick to complain when they are getting the same crap that they dish out to the Internet. If AOL 9.0 makes it easier for AOL to blackhole itself then more power to them. Just warn everyone of the blackhole that AOL has decided to put itself into rather than trying to slow down the progress of the blackhole by "supporting" an organization that considers itself above being supported.
AOL is quite reasonable (Score:5, Informative)
I am postmaster and in the IT security department of a fortune 150 Office Supply company. We started to experience this problem, and contacted AOL. We were added to the whitelist, set up the feedback loop yet we kept getting blacklisted. Spoke with a tech who told us to call the corporate phone number and speak with the "Spam Czar" whose name I cannot recall and cannot locate via google.
After speaking with him we discovered we were still getting blacklisted after around five complaints, when we send thousands of order confirmations to AOL addresses a day. They tracked down the problem, and it was that one of our mail servers did not reverse resolve. We fixed this, and bam, we now take nearly a hundred complaints to be blacklisted.
(You wouldn't believe how many people flag an order confirmation as spam. You also wouldn't believe how many corporate employees forward there email to AOL and flag it as spam, when they forwarded the spam to themselves!)
It was quite embaressing that we were not reverse resolving the host that sends order confirmations. We do send some opt-in marketing, but it originates from a different server.
(Our marketing you opt into while ordering, don't flame me, we do not purchase lists!)
Re:no chance for us... (Score:5, Informative)
Re:AOL is quite reasonable (Score:5, Informative)
forward DNS: mail.yourdomain.com -> 192.168.1.1
Woody
Re:AOL is quite reasonable (Score:5, Informative)
I don't know about other domain name servers (like Microsoft's offerings, for instance), but I know in BIND, it's not only necessary to set up the forward resolution of a hostname, for instance:
www.slashdot.org => 66.35.250.151
It's also necessary to explicitly set this up too:
66.35.250.151 => www.slashdot.org
The reason it's necessary to define the reverse hostname resolution is because a hostname may resolve to the same IP address as several, or even hundreds of other hostnames. Rob Malda could have www.shashdot.org, my.slashdot.org, woohoo.slashdot.org all to the same IP address. But the IP address can only reverse-resolve to one hostname by definition. So, you define both the forward lookups and reverse lookups explicitly so that your company network can run smoothly without anyone knoiwing the major hack you just pulled to *get* the thing running.
Sometimes, though, even seasoned admins forget to put in the reverse-lookup rules in there as a matter of oversight. For this reason you see a lot of automated scripts at ISP's that handle hostname maintanance for you.
And, unfortunately, they didn't have this set up at my last job.
(story, boss wants a new server set up, I have to make a phone call to set up the new IP address and hostname to our system adminsitrators at the data center)
Me: "Can you get hostname blah.blah.blah pointing to 10.0.0.123?"
Other Guy: "Sure! Will be going in a few hours or so"
Me: "No problem"
Three hours later...
Me: "Um, I wanted the reverse-lookup tables set up, too."
Other Guy: "What? Why do you need reverse lookup tables?"
Me: "Because half the network applications ever written since the inception of the internet require that be done *every time*. Just like the last 7 times I asked you to do this."
Yeah, I hated my last job.
Oh man don't get me started on this... (Score:5, Informative)
I host a little over 13,000 web sites, on over 60 servers. We allow people to run CGI and PHP (I mean people wouldn't like it much if we didn't) and as a result we do get the occasional open formmail.cgi or formmail.php being used to spam. We usually catch them pretty fast and it doesn't happen "that" often. But it happens, and before we can stop it there might be several thousand emails sent. Which is enough to get us on AOL's block, we've been silently placed on their block roughly 7 times now. The thing is EACH TIME I signup for this "in the loop" mailing so I am SUPPOSED to get a warning as soon as spam is reported from one of my servers, ok fine, know what? Not one warning, not a single one, and we were still blocked 6 more times after that.
I applaud AOL's efforts at stopping spam, but they've got to get it to be a little less troublesome.
I will say, we haven't been blocked in a couple months now, so MAYBE we're finally on the white list "for real" so here's hoping things ARE improving.
I like earthlink's challenge response better, I'll get a couple of these per day, some are from spam with my domain forged, most are from things like invoices/reciepts/other business, I click the link and jump through the hoops and from then on things seem to flow to that email account from our billing or forum system.
nobody ever marked an rss feed as spam (Score:2, Informative)
The best opt-in I've ever seen is an RSS [socialtext.net] feed.
Mass-mailers/mail-mergers/automated-mailers (including my-cowardly-self) can deal with the fact that people are simply friggin' overwhelmed with inbox influx. I'm not an AOL user, but I've dealt with lousy unsubscribe procedures [useit.com] by crying "spam" to CloudMark etc... Go cry to mommy that they accidentally marked your carefully crafted newsletter as spam. Get over it.
Spread the word, RSS doesn't suck. Overload of inbox crap, opted-in or not, in the inbox does suck.
Thank you MS for making Outlook 2003 not download e-mail images by default! Thank you SpamCop and SpamHaus! Thank you Netscape engineers [yahoo.com] and Dave Winer [userland.com] for RSS!
While I'm on a roll. What the F is up with the national do-not-call list? Shouldn't it be a national call-me-i'm-an-idiot list instead?
RSS OPML [w3os.nl]Re:I have this same problem (Score:2, Informative)
Is it really so hard for *your* ISP to filter these before they pollute someone else's network? You ISP's mail server should be filtering for these, and they should be blocking outbound port 25 from clients unless specifically requested by the client.
I have no problem with folks sending their own mail out if they know what they're doing, and they specifically request it. But I have a HUGE problem with ISPs leaving port 25 open for every jughead on their system. If all of the ISPs followed this rule, the spam problem would decrease by 75% or more.
Re:AOL is quite reasonable (Score:5, Informative)
ISP Standpoint (Score:3, Informative)
Re:My experience... (Score:2, Informative)
Re:Playing nicely with AOL (Re:Take the hint) (Score:1, Informative)
Agreed. The place I used to work was given a "used-to-be-dynamic-but-isn't-anymore-honest-we-m
Re:A human is a lousy spam filter (Score:3, Informative)
Re:AOL is completely UNREASONABLE. (Score:4, Informative)
Block port 25, period. There, you just fixed the problem.
Why any ISP of any kind that lets port 25 traffic go outboung is beyound me. There is no legit use for it and all outbound mail should be handled by the ISP's mail server. No one should be sending mail from client to mailserver. It should be Client -> ISP mailserver -> Other ISP mailserver -> Other Client.
Unsubscribing Much Better Now (Score:3, Informative)
You can't trust "unsubscribe" links, as all they do is confirm that you read your email. :P
I know this reply is too late to bed modded anything, but I'll say it anyway.
Last August, I had been getting way too much spam in my main mailbox. I had heard that unsubscribing just backfired and gives you even more mail, so I never did it. Then, after deleting 15-30 spam messages per day-- every day-- I decided that the spam couldn't get too much worse than this (yes, I know it can, but the point is I was sick of it). I had also read a few months prior to this in Maximum PC's article on spam that the spammers "swear the unsubscribe links work" even though they also recommended to not use them. I decided to give unsubscriptions a try.
I opened every spam mail, going straight to the unsubscribe link every time, and typing in my e-mail address, etc...
I noticed that after opening the unsubscribe links, many of them are sent by the same company and use the same unsubscribe page (whether legitimately or not, is something else altogether).
I did this process religiously for about 4-5 weeks straight. By the second week, I noticed a considerable decrease in my spam. By the fourth week, I had no unwanted e-mail, and it was refreshing. I'm sure there are some people out there who have a story about getting screwed ove by the unsubscribe links, but this is my story, and it's true.
Re:Opt-in spam? (Score:3, Informative)