Dealing with False AOL Spam Reports? 371
aohell-guy asks: "I handle the mail servers for a business that has 20% of our members using AOL. We regularly send out email that our members have agreed to receive. In AOL 8.0, it was possible to click a single message and report it as spam. You would be prompted to confirm the spam report, although no details explaining what happens with the report are given to the user. Through AOL's Postmaster site, it is possible to get in on the spam 'Feedback Loop,' where AOL will send you the spam reports it receives for mail sent from your servers. When you receive a report, you are supposed to immediately cease the sending of email to that AOL address. The only problem is, we have found that most of the time the AOL users are reporting our email as spam on accident! These complaints can negatively impact your ability to send email to AOL members. How are you handling the false reports?"
"In version 9.0, AOL made two incredibly stupid mistakes which make false positive spam reports skyrocket. First is they now allow their users to select multiple messages at once and report them all as spam. Second, when you hit the spam report button (which is located DIRECTLY next to the delete button), it IMMEDIATELY files the spam report -- there is no confirmation required. Sure, the AOL user can see they made a mistake and move your email back out of their spam folder...but the report is still filed against your server. Rack up enough of these reports, and you will not be able to send mail to AOL. We have had plenty of complaints come in, and we delete their accounts as they do -- except with our paying members. We ask them if they really want to cancel? In ALL cases but one, we have received replies stating it was an accident.
We have spoken to people within AOL that deal with the mail. (Amazingly, it is not too hard to speak with them if you are a business sending email to AOL users.) The ones we've spoken to are not happy with these changes in AOL 9.0, and admit they result in many false positives.
If you are sending a lot of email to AOL users, you will want to get in on their feedback loop ASAP, and also look into getting on AOL's 'whitelist,' which ensures that your mail will not be silently filtered into the bit bucket, as long as you keep your mail bounces and spam reports (ahem!) at a low level."
Not your fault - you're dealing with AOL (Score:4, Insightful)
Lucky clients... (Score:3, Insightful)
Sure... on "accident."
Seriously - I'm not sure what business you're in, but do your clients really need to be using AOL? Could be worse, I guess. It could be Netzero. Still, I have a few clients that are AOL customers, and the host of problems that they've faced has been enough to convince them to switch.
Connections, mail problems, whatever.
On accident? (Score:-1, Insightful)
"We regularly send out email that our members have agreed to receive."
The problem:
"The only problem is, we have found that most of the time the AOL users are reporting our email as spam on accident!"
They may have agreed to recieve it, but that in no way means that they are making a mistake by marking it spam. They've answered their own question: Stop sending out e-mail on a regular basis.... The only regular mailing that I welcome is the GNOME weekly summary.
Re:it is a tough situation (Score:3, Insightful)
Re:User's don't report Spam on accident.... (Score:3, Insightful)
A lot of users subscribe to some stuff, then are too lazy or too stupid to unsubscribe again.
Since we are talking about AOL users, the benefit of doubt definitely belongs to the sender in this case.
Sheesh.
Accidental spam reports, eh? (Score:2, Insightful)
When I get newseletters that claim I signed up for them, the first things I utterly avoid are reading them and following any links or instructions in them.
So, just stop sending email to people who obviously don't want it anymore; consider the spam report as unsubscribe requests.
You're F***ed. (Score:2, Insightful)
My personal opinion is that since AOL caters to the lowest element, that's what their users tend to be. If you're in a situation where you have to send business emails to someone using an AOL address, perhaps you should try to persuade them to get a yahoo address as well.
Unless you're willing/able to hire someone to work full time on dealing with the idiots who requested your emails and them reported them as spam, I don't see an end to your problems.
LK
Just don't send email to AOL users (Score:3, Insightful)
If you have a web service, set things up so that users are notified about messages when they log on. If they are not AOL users, then also mail them.
Simple solution. Honestly I'd much prefer if all of the mail in my mailbox was from individuals who actualy wanted to say something to me personaly.
Re:My experience... (Score:0, Insightful)
Re:Lucky clients... (Score:5, Insightful)
I am not sure about what he means by clients, but we have this problem with customers. One of the sites I manage DressKids.com [dresskids.com] , sends out an email conformation for the order, a CC card conformation from the processor (not my choice) and then an email when the order is shipped. Plus we send out a newsletter about every 3-4 months. Pretty reasonable right? We don't spam, we don't sell lists. Our emails do not get through to AOL subscribers. Why? because people repost them as spam, whether it is intentional or not. We get many phone calls from cranky customers complaining they didn't get their email. But those same people are reporting those emails as spam. About 20% of our base is on AOL. Most of them are new moms/housewives on AOL. They have no clue what they are doing. Plus they don't care that they have no clue and take it out on us. AOL needs to do something about this. Having to contact AOL on a regular basis to reverse something dumb that their customers are doing is unreasonable. Spam is a problem, no argument with that. But when legit emails do not get through because of false reports, who's fault is it? Who should fix it? Who has the time?
Some Practical Advice (Score:3, Insightful)
The best thing you can do is to call the postmaster number, remain calm, and be patient with the person on the other end. Also, send out reminders to your members or whatever that if they report your legit mailings as spam, they will be missing out on important announcements etc.
It is important to remember that you are dealing with AOL and AOL members, so it is necessary to use 1-2 syllable words and speak slowly, often repeating complex concepts like 'Delete' vs. 'Report Spam'. Given time, the problem eases up a bit, but will never go away as long as AOL has this system in place.
Affecting my university (Score:3, Insightful)
Now some people don't like this weekly thing (which is somewhat important so students get needed information, but whatever. When you're a student here, you get the email.), and so they mark it as spam when they get it, or else they do the accidental spam report thing. AOL then sees all these "spam" mail coming from ufl.edu addresses, and promptly blocks ALL email from any ufl.edu address. This has happened 3 times now, and each time the university system adminstrator has had to go through a ton of hoops to get it back in the clear. Meanwhile everyone using an AOL account doesn't get teacher emails, club announcements that they signed up for, and any sort of personal mail that someone sends from their ufl.edu account.
Hopefully AOL will get it's act together. In the meantime they're trying to get people to stop having their mail forwarded to AOL accounts, but of course even college educated people want to use AOL, for whatever god forsaken reason.
Re:SourceForge mailing lists are blocked by AOL (Score:3, Insightful)
Playing nicely with AOL (Re:Take the hint) (Score:5, Insightful)
Preach on, brutha.
I've had a good experience with the people at AOL. They have full-time staff dedicated to serving their customers and outside mail administrators alike. You can actually call them and get yourself taken off a blacklist within hours (if you're polite). They tell you the thresholds their spam filters use. Once you know how the game is played, you can decide how you continue to play. AOL is enforcing rules that they enforce on behalf of their customers.
Some suggestions for postmasters with lots of AOL customers....
1. Make sure you have forward/reverse DNS for each of your mail servers. Your odds of getting blacklisted go down sharply if you properly list your mail servers in DNS.
2. Call them and schedule a phone appointment to get your servers onto their whitelist. You tell them the business you're in and what IP addresses are servers that belong to you. You also give them a contact address (eg: aolspamcomplaints@yourdomain.com) to where they can forward spam complaints. Once you sign/fax a document that says you understand their policies, you get put on the whitelist. It's not a guarantee that you'll never get dropped, but you at least see it coming before it happens.
2a. Register an additional address on your network from which you don't send mail. If at any time one of your other addresses does get blacklisted, you have another address through which you can relay AOL mail after you address the problem.
3. Something you must do is include a user's e-mail address as part of the mail message itself (not just in the headers). If any of the users' spam reports come back to you, AOL anonymizes the headers. You'll need the address information in the body to determine which idiot hit the "this is spam" button. You might send them a warning after you recieve two messages saying that if they claim any more of your messages are spam, they get removed from your list automatically. You need to protect your mail service for all of the other AOL users you have subscribed. Something else you might do is make sure your list or company name is part of the subject line. It'll make it easy for them to know it's your content. They do want to recieve your content, yes? Make it easy for them to read or delete your message by looking at the subject line (instead of mistaking it for spam). Good mailing lists include the list name in the subject line.
I run domain-based mail forwarding service for some of my web hosting clients. My customers' domain-based e-mail is forwarded through my servers (spam and all) to their AOL account at their request. When they say "this is spam" to their inbound mail, my servers get the bad reputation, not the spammers becasue I'm the one delivering the messages to AOL's servers. It sucks, but now that I've done steps 1/2/2a after my first blacklist experience, things seem to have been going pretty well. I need to do step 3 and help educate my customers about inadvertent spam tagging, but I've been too busy to implement it.
Aside: Compared to AOL, AT&T WorldNet sucks. I got wrongfully blacklisted by them recently. Their system is not as transparent as AOL. I had to use ARIN Whois network information to find a phone number for someone who could find me a phone number of someone who could give me the e-mail address of the people to whom I can request to be taken off their blacklist (aka runaround). Getting off their list takes several days and repeated e-mails instead of a single phone call. Boo! If one is going to blacklist mail servers and reject mail, make sure the mail server puts a URL in the rejection message so that white-hat mail administrators can find policies and contact info that can help them quickly resolve errant blacklisting. To do less is poor customer service.
-ez
Re:Whaaaat? Cluesless AOL users? (Score:3, Insightful)
Re:Whaaaat? Cluesless AOL users? (Score:3, Insightful)
Sure, at one point they might have opted in, but people forget or get tired of getting your newsletters or even the occasional guilty-by-association of simply looking like a professional email (as in, from a company) instead of a personal email.
So don't bash AOL users ... for this reason anyway. ;)
Re:AOL is quite reasonable (Score:5, Insightful)
Not a flame, just letting you know: If I place an order with a company, I never check any boxes that opt me in to receive advertising. If I get "defaulted" to receiving ads and do receive some later, then I report the spam to the company's upstream and, obviously, I never buy anything from that company again. You might check to see whether your order forms try to "default" people into receiving spam or not - it is possible that the opt-in list that your marketing department thinks it has accumulated is not an opt-in list at all, and that people are reporting your company's email as spam because your company is in fact sending them unsolicited bulk email.
Re:remember kids (Score:3, Insightful)
You're buying from the wrong places. Reputable, decent vendors give you the opportunity to opt out of any third-party or even first-party non-transaction-related emails. Ever since I bought something online from Macy's, I get mail from them every time they have a sale, but I don't get mail from anyone else who is their "partner." I'm careful what I click, and read the messages (sometimes it's "check here if you want us to send you tons of email" and sometimes it's "check here if you DON'T want us to send you tons of email"). If they're not giving you that option, don't buy from them, for pete's sake.
Oh, and, how can I tell whether my spam is from "partners" or from scum-sucking bottom dwellers? Whether they call me "pixel" or "Monica." The companies I actually do business with know my name.
Ignore AOL users as subhuman. (Score:2, Insightful)
And with any luck all this banning will lead AOL users to goto some non-coddling ISP, and AOL will whither and die.
Charge as much as I pay for broadband... YOU WILL GET YOUR COMEUPINS! I hear the grand canyon is void of AOL CD's... Fill that sucker to the brim.
20% of the people, are 80% of the problem... Guess what? They are all located at one ISP.
You need your own AOL account for QA (Score:3, Insightful)
Give users what they want (Score:3, Insightful)
Better yet, let customers login to your website and read whatever information you are providing. Write an optional tray icon that will change when there is something to read and open the browser when clicked.
Spam is out of control, and if AOL didn't provide an easy way to mass-report it, e-mail would be unusable for its intended purpose. I am not going to click on each of 200 spams individually and confirm reporting. It's up to you and AOL to figure out how to correct user mistakes.
Re:Oh man don't get me started on this... (Score:1, Insightful)
Let me explain my "SMTP Proxy" comment a bit more. You're an ISP, providing web hosting. You allow people to run CGI and PHP. That's fine, as far as it goes. The problem is that some of that PHP or CGI is going to be woefully insecure, and easily exploited by spammers. You can reduce the risk to yourself and other customers by (1) blocking outbound port 25 (SMTP), and (2) setting up a controlled mail relay, (i.e. an SMTP proxy) where you can monitor and limit the amount of outbound email a customer can send over a specified period of time. You can, of course, provide a higher or unlimited cap for trusted users and users with demonstrable needs. But you've at least kept too much water from spilling over the dam when someone puts up a hackable web form.
Believe me, its much better not to rely on other ISPs to notify you of when one of your sites has become spamfood.
You might have a few customers who resent this sort of policy, but if you explain it well most of them will realize that it helps protect them from being blocked through the actions of others.
Re:Oh man don't get me started on this... (Score:3, Insightful)
A simple cron job to parse all user website directories for formail.cgi and formail.php scripts which then rm -f'd the offending script, and logged which web site contained the script.
We would then send an email to all the customers caught by the script, tell them that we had removed formail.cgi (or the php scrip), pointed them to the TOS, and to the policy page that very clearly stated that we will allow cgi's and scripts on customer sites, BUT formail and related scripts are strictly forbidden and will be immediately deleted on discovery.
That all came about because I got tired of tracking down rogue scripts and removing them. At first we caught about 20 a month, and eventually it got down to about 1 or 2 a month once people realized they could not do that.
If customers really needed some way to send mail directly from their site, they were pointed to our web developer who would help them in putting up a secure mail script that would not be easily taken over by a spammer scanning for formail.cgi.
Re:Double Opt-In is a meaningful term (Score:4, Insightful)
No, that's confirmed opt-in. "Double opt-in" is a term made up by spammers to make the confirmation step sound difficult and unnecessary.
The purpose of the email isn't to double-check that you still want to be on a mailing list, but to verify that the person that submitted your email address was, indeed, you.
username/password isn't a "double login"
AOL forwarders bear responsibility (Score:1, Insightful)
If you don't, and AOL (or your hosting ISP) hassles you, you have no ligitimate argument.
If you're going to pretend you're an ISP and forward mail to AOL'ers and charge them, you should be providing something for the service besides a matador-like full forward with no filters.
Re:AOL is completely UNREASONABLE. (Score:3, Insightful)
-David
Re:AOL is completely UNREASONABLE. (Score:3, Insightful)
Having said that, as long as ISPs provide a simple method of "registering" access to other mail servers (e.g. a web page where you enter your user ID and the names of mail servers you need port 25 access to) and make this information available with their bounce messages, then a block of port 25 would be reasonable. Spam zombies are a problem that is going to get a lot worse...