Dealing with False AOL Spam Reports?

aohell-guy asks: "I handle the mail servers for a business that has 20% of our members using AOL. We regularly send out email that our members have agreed to receive. In AOL 8.0, it was possible to click a single message and report it as spam. You would be prompted to confirm the spam report, although no details explaining what happens with the report are given to the user. Through AOL's Postmaster site, it is possible to get in on the spam 'Feedback Loop,' where AOL will send you the spam reports it receives for mail sent from your servers. When you receive a report, you are supposed to immediately cease the sending of email to that AOL address. The only problem is, we have found that most of the time the AOL users are reporting our email as spam on accident! These complaints can negatively impact your ability to send email to AOL members. How are you handling the false reports?"

"In version 9.0, AOL made two incredibly stupid mistakes which make false positive spam reports skyrocket. First is they now allow their users to select multiple messages at once and report them all as spam. Second, when you hit the spam report button (which is located DIRECTLY next to the delete button), it IMMEDIATELY files the spam report -- there is no confirmation required. Sure, the AOL user can see they made a mistake and move your email back out of their spam folder...but the report is still filed against your server. Rack up enough of these reports, and you will not be able to send mail to AOL. We have had plenty of complaints come in, and we delete their accounts as they do -- except with our paying members. We ask them if they really want to cancel? In ALL cases but one, we have received replies stating it was an accident.

We have spoken to people within AOL that deal with the mail. (Amazingly, it is not too hard to speak with them if you are a business sending email to AOL users.) The ones we've spoken to are not happy with these changes in AOL 9.0, and admit they result in many false positives.

If you are sending a lot of email to AOL users, you will want to get in on their feedback loop ASAP, and also look into getting on AOL's 'whitelist,' which ensures that your mail will not be silently filtered into the bit bucket, as long as you keep your mail bounces and spam reports (ahem!) at a low level."

You asked....

[Smitedogg]

I think you've done all you can. I would even go so far as to say that you've answered your own question. Call AOL, make sure they know you're legit, and wait for the next version of AOL to fix what turned out to be a bad design choice. In the meantime, maybe add a note to one of your mailings suggesting that they make sure to be careful about that. It's not like you can do anything else.

Dogg

Re:Whaaaat? Cluesless AOL users?

[Moonpie Madness]

Dont be too hard on AOL, if it weren't for that sore thumb '@aol.com' it'd be a lot harder for me to identify dummies out there. dumb people are simply a fact of life, and they deserve to get some internet access. a spoon feeding paternalistic service is great for them, and worth the money, and they give a lot of their money (more loosely than most) to a lot of internet businesses, though i have to admit they arent really much effect on the Linux community

Re:On accident?

[batkiwi]

RTFPost!!!!

We have had plenty of complaints come in, and we delete their accounts as they do -- except with our paying members. We ask them if they really want to cancel? In ALL cases but one, we have received replies stating it was an accident.

Or are you using AOL 9.0 and accidentally clicked the submit button before reading the full text of the post?

Hey retard

[autopr0n]

If you'd read the article you'd see that they know it was accidental (these were paying customers), and when they tried to confim the email, the users themselves claimed it was an accident.

Re:solution

[Green Light]

I hope you know that you are now filtering out all mail from aolacom! Not to mention aolecom, aolucom, ... oh forget it.

Maybe you meant /aol\.com/i for the RE?

Issues with AOL and email

[baddogatl]

I had a problem with a customer who wanted all of his email to be forwarded to his AOL account and then repeatedly marked it all as spam without notifying us that there was a problem.

The result: our server was blocked as a spam relay.

AOL helped correct this quickly, but when I emailed the customer to let him know what happened he flagged my emails as spam and our servers were blocked again!

Our customer wasn't returning calls so I disabled his account. After that he was very willing to contact me to speak about things :)

The answer is to NOT deal with AOL

[Anonymous Coward]

I have told several users that AOL takes actions that are unique to AOL which suggest they consider themselves to be an AOL Service Provider (ASP) and is *NOT* an ISP. As such, the user needs to subscribe to something that more closely fits the defination of an ISP.

Some key areas that AOL differs from an ISP include:

- an ISP will look up in whois a technical contact to send a SPAM report to
- AOL ignores the whois database and requires the user to subscribe to AOL's "postmaster" site
- ISPs will take reports that go to either postmaster@ISP or abuse@ISP seriously
- AOL ignores email to postmaster@aol.com and abuse@aol.com in favor of a non-standard tosemail1
- If an ISP continues to be issuing SPAM, they will usually be willing to discuss the problem by phone with the reciever of the SPAM
- AOL will only discuss issues with the reciever of SPAM if they have an AOL screen name
- ISPs consider it a problem if they are sending SPAM just as much as it is a problem if they are recieving SPAM
- AOL does not consider it their problem when they issue SPAM but do complain that recieving SPAM is costing them alot of money
- ISPs will usually require account holders to provide credit card information or some other form of information making them aware of who you are and that they haven't already had problems with you
- AOL prides itself on providing throw away accounts with lot of free hours and no longer require a credit card

The bottom line is that AOL is a safe haven for SPAM to be issued from but AOL is quick to complain when they are getting the same crap that they dish out to the Internet. If AOL 9.0 makes it easier for AOL to blackhole itself then more power to them. Just warn everyone of the blackhole that AOL has decided to put itself into rather than trying to slow down the progress of the blackhole by "supporting" an organization that considers itself above being supported.

AOL is quite reasonable

[arglesnaf]

As a matter of fact AOL handles this quite reasonably. The secret is reverse resolution.

I am postmaster and in the IT security department of a fortune 150 Office Supply company. We started to experience this problem, and contacted AOL. We were added to the whitelist, set up the feedback loop yet we kept getting blacklisted. Spoke with a tech who told us to call the corporate phone number and speak with the "Spam Czar" whose name I cannot recall and cannot locate via google.

After speaking with him we discovered we were still getting blacklisted after around five complaints, when we send thousands of order confirmations to AOL addresses a day. They tracked down the problem, and it was that one of our mail servers did not reverse resolve. We fixed this, and bam, we now take nearly a hundred complaints to be blacklisted.

(You wouldn't believe how many people flag an order confirmation as spam. You also wouldn't believe how many corporate employees forward there email to AOL and flag it as spam, when they forwarded the spam to themselves!)

It was quite embaressing that we were not reverse resolving the host that sends order confirmations. We do send some opt-in marketing, but it originates from a different server.

(Our marketing you opt into while ordering, don't flame me, we do not purchase lists!)

Re:no chance for us...

[techno-vampire]

A few years ago, AOL was known to block all mail from random domains to lower its server load when things got overloaded. I see no reason to think they've stopped.

Re:AOL is quite reasonable

[LordWoody]

Reverse DNS, eg: 192.168.1.1 -> mail.yourdomain.com
forward DNS: mail.yourdomain.com -> 192.168.1.1

Woody

Re:AOL is quite reasonable

[Surazal]

I had to deal with this issue a lot while working as a system administrator at the last company I worked at.

I don't know about other domain name servers (like Microsoft's offerings, for instance), but I know in BIND, it's not only necessary to set up the forward resolution of a hostname, for instance:

www.slashdot.org => 66.35.250.151

It's also necessary to explicitly set this up too:

66.35.250.151 => www.slashdot.org

The reason it's necessary to define the reverse hostname resolution is because a hostname may resolve to the same IP address as several, or even hundreds of other hostnames. Rob Malda could have www.shashdot.org, my.slashdot.org, woohoo.slashdot.org all to the same IP address. But the IP address can only reverse-resolve to one hostname by definition. So, you define both the forward lookups and reverse lookups explicitly so that your company network can run smoothly without anyone knoiwing the major hack you just pulled to *get* the thing running. :^)

Sometimes, though, even seasoned admins forget to put in the reverse-lookup rules in there as a matter of oversight. For this reason you see a lot of automated scripts at ISP's that handle hostname maintanance for you.

And, unfortunately, they didn't have this set up at my last job.

(story, boss wants a new server set up, I have to make a phone call to set up the new IP address and hostname to our system adminsitrators at the data center)

Me: "Can you get hostname blah.blah.blah pointing to 10.0.0.123?"
Other Guy: "Sure! Will be going in a few hours or so"
Me: "No problem"

Three hours later...

Me: "Um, I wanted the reverse-lookup tables set up, too."
Other Guy: "What? Why do you need reverse lookup tables?"
Me: "Because half the network applications ever written since the inception of the internet require that be done *every time*. Just like the last 7 times I asked you to do this."

Yeah, I hated my last job. :^)

Oh man don't get me started on this...

[Grimster]

As a web host, we have a BIG problem with AOL just blocking us on a whim, and when you don't get any sort of bounce or refusal from their end your email server THINKS it delivered email properly. Meaning we don't know it's happening until the complaints start.

I host a little over 13,000 web sites, on over 60 servers. We allow people to run CGI and PHP (I mean people wouldn't like it much if we didn't) and as a result we do get the occasional open formmail.cgi or formmail.php being used to spam. We usually catch them pretty fast and it doesn't happen "that" often. But it happens, and before we can stop it there might be several thousand emails sent. Which is enough to get us on AOL's block, we've been silently placed on their block roughly 7 times now. The thing is EACH TIME I signup for this "in the loop" mailing so I am SUPPOSED to get a warning as soon as spam is reported from one of my servers, ok fine, know what? Not one warning, not a single one, and we were still blocked 6 more times after that.

I applaud AOL's efforts at stopping spam, but they've got to get it to be a little less troublesome.

I will say, we haven't been blocked in a couple months now, so MAYBE we're finally on the white list "for real" so here's hoping things ARE improving.

I like earthlink's challenge response better, I'll get a couple of these per day, some are from spam with my domain forged, most are from things like invoices/reciepts/other business, I click the link and jump through the hoops and from then on things seem to flow to that email account from our billing or forum system.

nobody ever marked an rss feed as spam

[Anonymous Coward]

The best opt-in I've ever seen is an RSS [socialtext.net] feed.

• If you put it in your aggregator [harvard.edu], you want it.
• If you remove it from your aggregator, you don't want it.

Mass-mailers/mail-mergers/automated-mailers (including my-cowardly-self) can deal with the fact that people are simply friggin' overwhelmed with inbox influx. I'm not an AOL user, but I've dealt with lousy unsubscribe procedures [useit.com] by crying "spam" to CloudMark etc... Go cry to mommy that they accidentally marked your carefully crafted newsletter as spam. Get over it.

Spread the word, RSS doesn't suck. Overload of inbox crap, opted-in or not, in the inbox does suck.

Thank you MS for making Outlook 2003 not download e-mail images by default! Thank you SpamCop and SpamHaus! Thank you Netscape engineers [yahoo.com] and Dave Winer [userland.com] for RSS!

While I'm on a roll. What the F is up with the national do-not-call list? Shouldn't it be a national call-me-i'm-an-idiot list instead?

RSS OPML [w3os.nl]

Re:I have this same problem

[Desert Raven]

I'm pretty sure it's email worms from infected users setting off their alarms, is it really so hard to filter these

Is it really so hard for *your* ISP to filter these before they pollute someone else's network? You ISP's mail server should be filtering for these, and they should be blocking outbound port 25 from clients unless specifically requested by the client.

I have no problem with folks sending their own mail out if they know what they're doing, and they specifically request it. But I have a HUGE problem with ISPs leaving port 25 open for every jughead on their system. If all of the ISPs followed this rule, the spam problem would decrease by 75% or more.

Re:AOL is quite reasonable

[Lost Race]

But the IP address can only reverse-resolve to one hostname by definition.

No, one IP address can resolve to many hostnames.

$ORIGIN 0.168.192.in-addr.arpa.
1 ptr hosta.example.com.
1 ptr hostb.example.com.
1 ptr hostc.example.com.

% host 192.168.0.1
1.0.168.192.in-addr.arpa domain name pointer hosta.example.com.
1.0.168.192.in-addr.arpa domain name pointer hostb.example.com.
1.0.168.192.in-addr.arpa domain name pointer hostc.example.com.

Similarly one hostname can resolve to multiple IP addresses.

% host mx1.mail.yahoo.com.
mx1.mail.yahoo.com has address 64.156.215.7
mx1.mail.yahoo.com has address 64.157.4.78
mx1.mail.yahoo.com has address 64.157.4.79
mx1.mail.yahoo.com has address 67.28.114.33
mx1.mail.yahoo.com has address 64.156.215.5
mx1.mail.yahoo.com has address 64.156.215.6

ISP Standpoint

[The_Systech]

The ISP where I work is currently participating in AOL's "Feedback Loop" It actually works out pretty well for us. I've got a script that downloads all of the "complaints" on a nightly basis and parses them for the IP address in our block that they come from. Then I total up the number of complaints per IP. From this I can look at IP's with more than 2 or 3 complaints and look at the actual emails sent. This has been a great tool for us to help find those users whose PC's have become infected with one of the many viruses that turns their computer into a spam relay.

Re:My experience...

[ArseneLuppin]

Moreover, with mailman, each user has the option to turn them off.

Re:Playing nicely with AOL (Re:Take the hint)

[Anonymous Coward]

If one is going to blacklist mail servers and reject mail, make sure the mail server puts a URL in the rejection message so that white-hat mail administrators can find policies and contact info that can help them quickly resolve errant blacklisting. To do less is poor customer service

Agreed. The place I used to work was given a "used-to-be-dynamic-but-isn't-anymore-honest-we-me an-it" IP range by our ISP and subsequently got blacklisted by the lovely Joe Jared at dialups.relays.osirusoft.com. He wasn't contactable and we couldn't remove ourselves because the self-removal procedures didn't apply to dial-up equivalent ranges he listed. Result: a long stressful weekend altering our static IPs to a new range just to accomodate his whimiscal blacklisting. Sure, as his site stated, it was other admin's decisions to use his blacklist, but he could at least have provided a decent, well documented proceedure which we could use to remove ourselves. When I found out relays.osirusoft.com had gone offline last year, I was overjoyed. The guy's a grade A tosspot. Rant ends.

Re:A human is a lousy spam filter

[titaniam]

I know no-one will see this response because the parent poster will not be modded up, but your second point deserves some explanation. A Bayesian spam filter would never work if it were not able to overcome the trainer's frequent and unavoidable mistakes. Take a simple and impossible situation as an example: My friend sends me 20 emails I deem to be important, consisting solely of the word "BayesianRules". As an infallible human, I save 19 in the good folder and one in the spam folder. Now I train my filter. Since no-one else used that made up word, it is assigned the probability 19/20=95% as being good. Since my filter is conservative, it only calls an email bad if its' probability of being good is less than 1%. Lo and behold, my misclassified email has a 95% chance of being classified as good by the filter if it only looked at the message content. The filter can easily identify its training flaws. Now consider all of the information in the email header, my friend's signature, the actual content, etc. With one piece of information the filter is great, with many it is nearly infallible. In practice, my filter reverts to a flip-flop -- the content of real and spam mail is so different it is childs play to tell them apart.

Re:AOL is completely UNREASONABLE.

[Mullen]

I work at a public university. One of the problems a public university has to deal with is the phenomenon of clueless users in dorms/offices/wireless connections, who may or may not become spam zombies.

Block port 25, period. There, you just fixed the problem.

Why any ISP of any kind that lets port 25 traffic go outboung is beyound me. There is no legit use for it and all outbound mail should be handled by the ISP's mail server. No one should be sending mail from client to mailserver. It should be Client -> ISP mailserver -> Other ISP mailserver -> Other Client.

Unsubscribing Much Better Now

[SeinJunkie]

You can't trust "unsubscribe" links, as all they do is confirm that you read your email. :P

I know this reply is too late to bed modded anything, but I'll say it anyway.

Last August, I had been getting way too much spam in my main mailbox. I had heard that unsubscribing just backfired and gives you even more mail, so I never did it. Then, after deleting 15-30 spam messages per day-- every day-- I decided that the spam couldn't get too much worse than this (yes, I know it can, but the point is I was sick of it). I had also read a few months prior to this in Maximum PC's article on spam that the spammers "swear the unsubscribe links work" even though they also recommended to not use them. I decided to give unsubscriptions a try.

I opened every spam mail, going straight to the unsubscribe link every time, and typing in my e-mail address, etc...

I noticed that after opening the unsubscribe links, many of them are sent by the same company and use the same unsubscribe page (whether legitimately or not, is something else altogether).

I did this process religiously for about 4-5 weeks straight. By the second week, I noticed a considerable decrease in my spam. By the fourth week, I had no unwanted e-mail, and it was refreshing. I'm sure there are some people out there who have a story about getting screwed ove by the unsubscribe links, but this is my story, and it's true.

Re:Opt-in spam?

[Analysis Paralysis]

Those who do not own their own domain can accomplish the same thing using disposable addresses available from services like SpamGourmet [spamgourmet.com] or Sneakemail [sneakemail.com].