Reopening The Debate About Spam Blackholes
from the how-effective-are-they? dept
Earlier this year, we had a problem where an AOL user who had signed up for our daily email (which requires a clear approval process that confirms the user wants the email) started marking each daily email as spam -- which generates a complaint to AOL. AOL then started sending complaints to our ISP, and threatening to block all email to AOL users. This actually started happening again last week, leading us to send an email to all the AOL users on our list, telling them we were cutting them off unless they specifically sent in an email saying they wanted to remain on the list. It's ridiculous, indeed, but it raises some of the questions about the various spam blackhole lists that so many ISPs rely on these days. Antispam firm Postini is discovering the same thing, as they had their IP address placed on a blackhole list as well. The details of why are a bit sketchy, and some suggest that they were involved in borderline practices, mailing people who did give them contact information, but didn't really request marketing emails. However, it has re-opened the old debate about how effective these blackhole lists are -- especially with the somewhat arbitrary nature in which sites get on the lists. It's very much a "shoot first, ask questions later" type of deal. Better spam filtering is important (and is important to all of our in-boxes), and if you read Techdirt, you should be aware of how little patience we have with anyone who does anything spam-like. However, these blackhole lists are relied upon by many ISPs who often don't realize just how arbitrarily they're created.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Good Job!
[ link to this | view in thread ]
No Subject Given
[ link to this | view in thread ]
Re: No Subject Given
[ link to this | view in thread ]
Richly Satisfying
Someone pass me my scotch...
[ link to this | view in thread ]
AOL sucks
[ link to this | view in thread ]
No Subject Given
This kind of delima really underscores the limitations of email in general. Users are basically taught that they should not be clicking anything in an email from strangers, let alone following links to other sites and putting in more information. How many spam lists use the "unsubscribe" form to actually validate that they have a live email address and then send out even more spam?
I think you are fighting an uphill battle trying to run a legit email distribution list in this type of environment.
[ link to this | view in thread ]
Re: No Subject Given
[ link to this | view in thread ]
What we need
This also would help to resolve the second issue of "unsubscribe" being used to validate an e-mail.
[ link to this | view in thread ]
Re: No Subject Given
AOL's feedback loop is a lifesaver for keeping your IPs off their blacklist. Though they do remove the information about the AOL user who reported you, you can find out quickly enough by altering times and logs.
This by the way is the only way that blackhole lists work, IMHO. simply banning IPs is not the way to go for mail server. But temporially blocking them while contacting them to let them know about it, is a much mroe sensible solution. Make sure your abuse@ email account actually goes to a human, and setup valid contact info:
http://www.abuse.net/
[ link to this | view in thread ]
Re: AOL info incorrect
There is a serious problem with allowing user-preferences to establish spam blocks for entire networks. It's irresponsible.
The DOS potential of AOL's methods should be exploited, simply to demonstrate that AOL isn't doing a good service for it's subscribers.
Fools.
[ link to this | view in thread ]
Earthlink blocked itself
An hour of talking to Earthlink scriptmonkeys got me nowhere.
[ link to this | view in thread ]
Re: sometimes you didn't subscribe to that "newsle
[ link to this | view in thread ]
add an x-header
[ link to this | view in thread ]
AOL Hell...
As a small webhost, it is my constant fear that one of my clients will accidentally get the entire server blacklisted...
It doesn't help that I host a friend's website, who has a mailing list. One of the subscribers keeps accidentally hitting 'spam' instead of 'delete'- says the buttons are right next to each other... It's happened three times now, and I've told him I'm going to have to have my friend kick his AOL account off the list if he does it again...
I will give AOL a tiny amount of credit-- I've had to call them three times on this issue (all cases the emails were legit, btw-- neither I nor my clients spams by ANY definition, thanks), and I was able to get someone on the phone who had at least half a clue, and in one of the three cases, actually had a whole clue.
But I detest AOL. Really.
[ link to this | view in thread ]
Postini's long spamming history; AOL's issues, DNS
their service emits outscatter spam by design, and they've refuse to fix (or even discuss with their
professional peers) this long-standing problem.
They've EARNED their way onto any number of private
blacklists via this spamming behavior, so it's not
at all surprising to see that they have other problems.
Second, AOL has done an incredible job of stopping
outbound spam from their service. The amount
which we see from them is a mere trickle --
and they've been responsive about reducing that
even further. Their abuse staff are highly
clueful and regularly interact with their peers
in profesional anti-spam forums. It wasn't
always this way -- a lot of the credit goes to
Carl Hutzler, who convinced management there that
they needed to devote resources to the problem,
and then made it happen. So while I'm most
certainly no AOL fan (having endured the
September that never ended) I have to give them
credit for doing industry "leaders" almost never
do: leading. Contrast with the spam-infested
sewers that are Yahoo, MSN, Hotmail, Comcast,
Verizon, Charter, SBC, Adelphia, Wanadoo, Versatel, etc.
Third, if AOL is blacklisting your mail server,
then one possible reason is that the your own
users are reporting mail traffic as spam. This
certainly isn't AOL's fault (modulo any UI
issues in re the placement of the "spam" button);
it's the fault of users who do not understand
how to properly use mail, including unsubscribing
from mailing lists. I'd recommend signing up
for AOL's feedback loop (which has other uses
as well) and using techniques like VERP to
identify which users are responsible.
Fourth, DNSBLs are far and away THE most effective
weapon against spam -- and I speak as someone who
was fighting spam even before the slang term
"spam" was adopted to describe unsolicited bulk
email. Oh, they're not perfect -- but they
make no claim to being so; they merely claim to
meet the criteria that they're outlined for
themselves, and need only be evaluated on their
success (or failure) in doing so. I often find
it interesting how many people whining about
DNSBL listings have failed to properly educate
themselves about just _why_ those listings
exist and _why_ remedial action may be required
before they're removed.
To put it another way: a DNSBL listing is not
a problem. It's a symptom of a problem. Blaming
the DNSBL is pointless and merely a way to evade
responsibility -- it solves nothing. A far
better approach is to conduct a careful, detailed
analysis in order to find (and fix) the real
underlying issue(s). Sadly, this is not what
we see some of the time: intead, we're treated
to diatribes by listees who fail to grasp that
_their own ISP_ sold them out and is really to
blame for their current difficulties. (Classic
example: ISPs who move non-spamming customers
into a heavily spammer-infested network block
that they KNOW is widely listed by DNSBLs...
and then engage in plaintive whining about
how terribly unfair this is.)
[ link to this | view in thread ]
spam blacklist
But it's also possible that a spammer has gotten a copy of your e-mail newsletter and has decided to deliberately get you on blacklists.
The idea is to eliminate the blacklists and thus enable more spam to get through.
Since you write articles against spammers, it may also be a personal thing.
[ link to this | view in thread ]
There is no debate
But there is no debate left to be had on this issue. The relationship between a DNSBL and a mailer (such as myself, or AOL) is a private one.
I trust them to tell me who is spamming and to slam those people. VICIOIUSLY. I want them to be too aggressive.
I know they will sometimes get it wrong, but you know what? That's OK. I don't NEED them to be 100% correct.
They help me isolate millions of crap emails every year. Small price to be paid is that sometimes, mistakes happen. I would RATHER mistakes happen than for spam to get through. Sort of puts the onus on the mailer.
Just because you want to run your company using such an outdated technology as "marketing email" is no reason for me to abandon my relationship with the partner who is actually providing me with an excellent service.
Push marketing doesn't work as is soooo 1999. If you have something compelling to offer, people will find you.
My advice: ditch your email program.
[ link to this | view in thread ]
Re: There is no debate
People ask us for email subscriptions all the time, and I'm supposed to say no?
However, the collateral damage of such efforts is tremendous. So don't tell me that it's fine and I shouldn't worry about it. We have readers demanding it, and AOL is cutting us off without even looking at the email in question.
That's my fault?
Sorry, I don't think so.
[ link to this | view in thread ]
AOL - pay-to-spam
To make this simple for everyone to understand.
When you logon to AOL you sometimes get a set of pop-ups. Is it coincidence that these pop-ups sometimes have indentical marketing content as the spam in your inbox ? Trust me, it is not.
Those pop-ups are million dollar marketing tools, and they are paid for by the same people that pay-to-spam.
Spending money is a license to spam. Sending marketing emails without spending protection money to AOL is a crime.
Seem fair ?
Welcome to the wonderful AOL world of spam pimping.
They should be paying you back for wasting the little 56k bandwidth you've been overcharged for in the first place.
[ link to this | view in thread ]