Reopening The Debate About Spam Blackholes

from the how-effective-are-they? dept

Earlier this year, we had a problem where an AOL user who had signed up for our daily email (which requires a clear approval process that confirms the user wants the email) started marking each daily email as spam — which generates a complaint to AOL. AOL then started sending complaints to our ISP, and threatening to block all email to AOL users. This actually started happening again last week, leading us to send an email to all the AOL users on our list, telling them we were cutting them off unless they specifically sent in an email saying they wanted to remain on the list. It’s ridiculous, indeed, but it raises some of the questions about the various spam blackhole lists that so many ISPs rely on these days. Antispam firm Postini is discovering the same thing, as they had their IP address placed on a blackhole list as well. The details of why are a bit sketchy, and some suggest that they were involved in borderline practices, mailing people who did give them contact information, but didn’t really request marketing emails. However, it has re-opened the old debate about how effective these blackhole lists are — especially with the somewhat arbitrary nature in which sites get on the lists. It’s very much a “shoot first, ask questions later” type of deal. Better spam filtering is important (and is important to all of our in-boxes), and if you read Techdirt, you should be aware of how little patience we have with anyone who does anything spam-like. However, these blackhole lists are relied upon by many ISPs who often don’t realize just how arbitrarily they’re created.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Reopening The Debate About Spam Blackholes”

Subscribe: RSS Leave a comment
Riley says:

No Subject Given

The basic issue I think is that it is usually easier for email users to hit the Spam button on their email program than to go through the unsubscribe process for a newsletter. They think, I hit the spam button a few times and these emails start to go away – they take the easiest approach and have little understanding about how that works on the backend or how that might affect spam lists.

This kind of delima really underscores the limitations of email in general. Users are basically taught that they should not be clicking anything in an email from strangers, let alone following links to other sites and putting in more information. How many spam lists use the “unsubscribe” form to actually validate that they have a live email address and then send out even more spam?

I think you are fighting an uphill battle trying to run a legit email distribution list in this type of environment.

Conrad (user link) says:

Re: Re: No Subject Given

AOL’s feedback loop is a lifesaver for keeping your IPs off their blacklist. Though they do remove the information about the AOL user who reported you, you can find out quickly enough by altering times and logs.

This by the way is the only way that blackhole lists work, IMHO. simply banning IPs is not the way to go for mail server. But temporially blocking them while contacting them to let them know about it, is a much mroe sensible solution. Make sure your abuse@ email account actually goes to a human, and setup valid contact info:

Demian says:

Re: Re: AOL info incorrect

We run a mail server for a dozen departments at a large university and were recently blacklisted by AOL. I setup their feedback-loop email address so I could see what messages users are marking as spam. Nearly all of them were legit. Some were forwarded from our system based on the user’s desire to forward the message. AOL DOESN’T give you the destination address though, so the feedback is really of no value. It took 7 days to get the blacklist to expire. We received many complaints from AOL users that could not receive email from our networks. We explain that they need to be talking to AOL.
There is a serious problem with allowing user-preferences to establish spam blocks for entire networks. It’s irresponsible.
The DOS potential of AOL’s methods should be exploited, simply to demonstrate that AOL isn’t doing a good service for it’s subscribers.


Brian says:

Re: What we need

I think Riley is right. It is often as easy to hit “spam” as it is to delete an e-mail. What is needed is a standard API for unsubscribing. That way valid e-mail lists like techdirt’s could automatically handle removing a user that has hit their spam button on them. It would take some coordination, but if all legitimate group lists had a standard, automatic way of unsubscribing, then e-mail clients could simple use the api when a user marked all of their unread e-mail as spam. It could then keep track that the user doesn’t want to hear from the sender anymore and if the sender sends another e-mail, then it black-lists them, but if the sender’s system works with the unsubscribe they wouldn’t be blacklisted.
This also would help to resolve the second issue of “unsubscribe” being used to validate an e-mail.

jayrtfm says:

Earthlink blocked itself

I have a friend who’s email was being blocked when she sent mail to her mother. Her email server was MCI, which was being handled by Earthlink, so in reality it was an Earthlink server. Her mother was a normal Earthlink account. The MCI email server was configured as an open relay, so it was on several blackhole lists.
An hour of talking to Earthlink scriptmonkeys got me nowhere.

Michael Vilain says:

sometimes you didn't subscribe to that "newsle

I’ve been getting a “health” newsletter from since May, despite repeated requests to remove the non-profit from their mailing list. Since I manage the web site and email and no one from the organization subscribed us, I started sending nastygrams to the guy who publishes the list. Then I started reporting his IP to spamcop and he threated litegation. That’s spammers for you–they get all cartoony when you slap them. In any case, I still get the email regardless of the unsubscribe link they send in everyone. I hope pulls them out of DNS, which they’ve been known to do for spammers.

Isaac Eiland-Hall says:

AOL Hell...

Tell me about it…

As a small webhost, it is my constant fear that one of my clients will accidentally get the entire server blacklisted…

It doesn’t help that I host a friend’s website, who has a mailing list. One of the subscribers keeps accidentally hitting ‘spam’ instead of ‘delete’- says the buttons are right next to each other… It’s happened three times now, and I’ve told him I’m going to have to have my friend kick his AOL account off the list if he does it again…

I will give AOL a tiny amount of credit– I’ve had to call them three times on this issue (all cases the emails were legit, btw– neither I nor my clients spams by ANY definition, thanks), and I was able to get someone on the phone who had at least half a clue, and in one of the three cases, actually had a whole clue.

But I detest AOL. Really.

Anonymous Coward says:

Postini's long spamming history; AOL's issues, DNS

First, Postini has a long and problematic history —
their service emits outscatter spam by design, and they’ve refuse to fix (or even discuss with their
professional peers) this long-standing problem.
They’ve EARNED their way onto any number of private
blacklists via this spamming behavior, so it’s not
at all surprising to see that they have other problems.
Second, AOL has done an incredible job of stopping
outbound spam from their service. The amount
which we see from them is a mere trickle —
and they’ve been responsive about reducing that
even further. Their abuse staff are highly
clueful and regularly interact with their peers
in profesional anti-spam forums. It wasn’t
always this way — a lot of the credit goes to
Carl Hutzler, who convinced management there that
they needed to devote resources to the problem,
and then made it happen. So while I’m most
certainly no AOL fan (having endured the
September that never ended) I have to give them
credit for doing industry “leaders” almost never
do: leading. Contrast with the spam-infested
sewers that are Yahoo, MSN, Hotmail, Comcast,
Verizon, Charter, SBC, Adelphia, Wanadoo, Versatel, etc.
Third, if AOL is blacklisting your mail server,
then one possible reason is that the your own
users are reporting mail traffic as spam. This
certainly isn’t AOL’s fault (modulo any UI
issues in re the placement of the “spam” button);
it’s the fault of users who do not understand
how to properly use mail, including unsubscribing
from mailing lists. I’d recommend signing up
for AOL’s feedback loop (which has other uses
as well) and using techniques like VERP to
identify which users are responsible.
Fourth, DNSBLs are far and away THE most effective
weapon against spam — and I speak as someone who
was fighting spam even before the slang term
“spam” was adopted to describe unsolicited bulk
email. Oh, they’re not perfect — but they
make no claim to being so; they merely claim to
meet the criteria that they’re outlined for
themselves, and need only be evaluated on their
success (or failure) in doing so. I often find
it interesting how many people whining about
DNSBL listings have failed to properly educate
themselves about just _why_ those listings
exist and _why_ remedial action may be required
before they’re removed.
To put it another way: a DNSBL listing is not
a problem. It’s a symptom of a problem. Blaming
the DNSBL is pointless and merely a way to evade
responsibility — it solves nothing. A far
better approach is to conduct a careful, detailed
analysis in order to find (and fix) the real
underlying issue(s). Sadly, this is not what
we see some of the time: intead, we’re treated
to diatribes by listees who fail to grasp that
_their own ISP_ sold them out and is really to
blame for their current difficulties. (Classic
example: ISPs who move non-spamming customers
into a heavily spammer-infested network block
that they KNOW is widely listed by DNSBLs…
and then engage in plaintive whining about
how terribly unfair this is.)

Dana Blankenhorn (user link) says:

spam blacklist

I get this thing all the time. Sometimes it’s just that someone didn’t whitelist my newsletter through their corporate system.

But it’s also possible that a spammer has gotten a copy of your e-mail newsletter and has decided to deliberately get you on blacklists.

The idea is to eliminate the blacklists and thus enable more spam to get through.

Since you write articles against spammers, it may also be a personal thing.

MailGuy says:

There is no debate

Sorry Mike,
But there is no debate left to be had on this issue. The relationship between a DNSBL and a mailer (such as myself, or AOL) is a private one.
I trust them to tell me who is spamming and to slam those people. VICIOIUSLY. I want them to be too aggressive.
I know they will sometimes get it wrong, but you know what? That’s OK. I don’t NEED them to be 100% correct.
They help me isolate millions of crap emails every year. Small price to be paid is that sometimes, mistakes happen. I would RATHER mistakes happen than for spam to get through. Sort of puts the onus on the mailer.
Just because you want to run your company using such an outdated technology as “marketing email” is no reason for me to abandon my relationship with the partner who is actually providing me with an excellent service.
Push marketing doesn’t work as is soooo 1999. If you have something compelling to offer, people will find you.
My advice: ditch your email program.

Mike (profile) says:

Re: There is no debate

First of all, it’s not “marketing email.” It’s the email update of the site. And, I’d love to ditch it if we could. I’d love it if everyone used RSS, but they don’t.

People ask us for email subscriptions all the time, and I’m supposed to say no?

However, the collateral damage of such efforts is tremendous. So don’t tell me that it’s fine and I shouldn’t worry about it. We have readers demanding it, and AOL is cutting us off without even looking at the email in question.

That’s my fault?

Sorry, I don’t think so.

xuser says:

AOL - pay-to-spam

AOL spends alot of money each year to keep unwanted spam off of their networks. Conversely they recieve even more money each year from marketing firms to send spam to users on their network without fear of retribution from AOL.

To make this simple for everyone to understand.

When you logon to AOL you sometimes get a set of pop-ups. Is it coincidence that these pop-ups sometimes have indentical marketing content as the spam in your inbox ? Trust me, it is not.

Those pop-ups are million dollar marketing tools, and they are paid for by the same people that pay-to-spam.

Spending money is a license to spam. Sending marketing emails without spending protection money to AOL is a crime.

Seem fair ?

Welcome to the wonderful AOL world of spam pimping.

They should be paying you back for wasting the little 56k bandwidth you’ve been overcharged for in the first place.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...