by Mike Masnick

Reopening The Debate About Spam Blackholes

from the how-effective-are-they? dept

Earlier this year, we had a problem where an AOL user who had signed up for our daily email (which requires a clear approval process that confirms the user wants the email) started marking each daily email as spam -- which generates a complaint to AOL. AOL then started sending complaints to our ISP, and threatening to block all email to AOL users. This actually started happening again last week, leading us to send an email to all the AOL users on our list, telling them we were cutting them off unless they specifically sent in an email saying they wanted to remain on the list. It's ridiculous, indeed, but it raises some of the questions about the various spam blackhole lists that so many ISPs rely on these days. Antispam firm Postini is discovering the same thing, as they had their IP address placed on a blackhole list as well. The details of why are a bit sketchy, and some suggest that they were involved in borderline practices, mailing people who did give them contact information, but didn't really request marketing emails. However, it has re-opened the old debate about how effective these blackhole lists are -- especially with the somewhat arbitrary nature in which sites get on the lists. It's very much a "shoot first, ask questions later" type of deal. Better spam filtering is important (and is important to all of our in-boxes), and if you read Techdirt, you should be aware of how little patience we have with anyone who does anything spam-like. However, these blackhole lists are relied upon by many ISPs who often don't realize just how arbitrarily they're created.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    Sissy Pants, 14 Nov 2005 @ 12:01pm

    Good Job!

    I'd sue MySpace if I were you... It's pathetic they aren't checking anti-spam lists on their offtime..

    reply to this | link to this | view in chronology ]

  • identicon
    poida, 14 Nov 2005 @ 12:12pm

    No Subject Given

    Email is not a good broadcast medium. RSS would be more suitable.

    reply to this | link to this | view in chronology ]

    • identicon
      The Other Mike, 14 Nov 2005 @ 12:33pm

      Re: No Subject Given

      Some agencies can't use RSS. When you are trying to notify someone of an upcoming deadline for example. AOL doesn't discriminate whose IP they blacklist either. They even blacklist government IP's.

      reply to this | link to this | view in chronology ]

  • identicon
    Jeff, 14 Nov 2005 @ 12:37pm

    Richly Satisfying

    I find it richly satisfying to just sit back in my chair and daydream about blacklisting AOL...

    Someone pass me my scotch...

    reply to this | link to this | view in chronology ]

  • identicon
    amanda b reconwith, 14 Nov 2005 @ 12:37pm

    AOL sucks

    Just another case in point that Aholel sucks.

    reply to this | link to this | view in chronology ]

  • identicon
    Riley, 14 Nov 2005 @ 12:43pm

    No Subject Given

    The basic issue I think is that it is usually easier for email users to hit the Spam button on their email program than to go through the unsubscribe process for a newsletter. They think, I hit the spam button a few times and these emails start to go away - they take the easiest approach and have little understanding about how that works on the backend or how that might affect spam lists.

    This kind of delima really underscores the limitations of email in general. Users are basically taught that they should not be clicking anything in an email from strangers, let alone following links to other sites and putting in more information. How many spam lists use the "unsubscribe" form to actually validate that they have a live email address and then send out even more spam?

    I think you are fighting an uphill battle trying to run a legit email distribution list in this type of environment.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Nov 2005 @ 1:15pm

      Re: No Subject Given

      I've had that happen to me as well. AOL has a form on their web site where you can sign up to receive email notification whenever an AOL user marks your email as spam. Then you can remove them from your list at the first occurrence and hopefully stay in good terms with AOL.

      reply to this | link to this | view in chronology ]

      • identicon
        Conrad, 14 Nov 2005 @ 2:39pm

        Re: No Subject Given

        AOL's feedback loop is a lifesaver for keeping your IPs off their blacklist. Though they do remove the information about the AOL user who reported you, you can find out quickly enough by altering times and logs.

        This by the way is the only way that blackhole lists work, IMHO. simply banning IPs is not the way to go for mail server. But temporially blocking them while contacting them to let them know about it, is a much mroe sensible solution. Make sure your abuse@ email account actually goes to a human, and setup valid contact info:

        reply to this | link to this | view in chronology ]

      • identicon
        Demian, 14 Nov 2005 @ 2:46pm

        Re: AOL info incorrect

        We run a mail server for a dozen departments at a large university and were recently blacklisted by AOL. I setup their feedback-loop email address so I could see what messages users are marking as spam. Nearly all of them were legit. Some were forwarded from our system based on the user's desire to forward the message. AOL DOESN'T give you the destination address though, so the feedback is really of no value. It took 7 days to get the blacklist to expire. We received many complaints from AOL users that could not receive email from our networks. We explain that they need to be talking to AOL.
        There is a serious problem with allowing user-preferences to establish spam blocks for entire networks. It's irresponsible.
        The DOS potential of AOL's methods should be exploited, simply to demonstrate that AOL isn't doing a good service for it's subscribers.


        reply to this | link to this | view in chronology ]

    • identicon
      Brian, 14 Nov 2005 @ 2:04pm

      What we need

      I think Riley is right. It is often as easy to hit "spam" as it is to delete an e-mail. What is needed is a standard API for unsubscribing. That way valid e-mail lists like techdirt's could automatically handle removing a user that has hit their spam button on them. It would take some coordination, but if all legitimate group lists had a standard, automatic way of unsubscribing, then e-mail clients could simple use the api when a user marked all of their unread e-mail as spam. It could then keep track that the user doesn't want to hear from the sender anymore and if the sender sends another e-mail, then it black-lists them, but if the sender's system works with the unsubscribe they wouldn't be blacklisted.
      This also would help to resolve the second issue of "unsubscribe" being used to validate an e-mail.

      reply to this | link to this | view in chronology ]

  • identicon
    jayrtfm, 14 Nov 2005 @ 5:03pm

    Earthlink blocked itself

    I have a friend who's email was being blocked when she sent mail to her mother. Her email server was MCI, which was being handled by Earthlink, so in reality it was an Earthlink server. Her mother was a normal Earthlink account. The MCI email server was configured as an open relay, so it was on several blackhole lists.
    An hour of talking to Earthlink scriptmonkeys got me nowhere.

    reply to this | link to this | view in chronology ]

  • identicon
    Michael Vilain, 14 Nov 2005 @ 5:23pm

    Re: sometimes you didn't subscribe to that "newsle

    I've been getting a "health" newsletter from since May, despite repeated requests to remove the non-profit from their mailing list. Since I manage the web site and email and no one from the organization subscribed us, I started sending nastygrams to the guy who publishes the list. Then I started reporting his IP to spamcop and he threated litegation. That's spammers for you--they get all cartoony when you slap them. In any case, I still get the email regardless of the unsubscribe link they send in everyone. I hope pulls them out of DNS, which they've been known to do for spammers.

    reply to this | link to this | view in chronology ]

  • identicon
    Jeff Macdonald, 14 Nov 2005 @ 5:50pm

    add an x-header

    hey, simply add an x-header with the subbed email address encoded - say rot13.

    reply to this | link to this | view in chronology ]

  • identicon
    Isaac Eiland-Hall, 14 Nov 2005 @ 11:16pm

    AOL Hell...

    Tell me about it...

    As a small webhost, it is my constant fear that one of my clients will accidentally get the entire server blacklisted...

    It doesn't help that I host a friend's website, who has a mailing list. One of the subscribers keeps accidentally hitting 'spam' instead of 'delete'- says the buttons are right next to each other... It's happened three times now, and I've told him I'm going to have to have my friend kick his AOL account off the list if he does it again...

    I will give AOL a tiny amount of credit-- I've had to call them three times on this issue (all cases the emails were legit, btw-- neither I nor my clients spams by ANY definition, thanks), and I was able to get someone on the phone who had at least half a clue, and in one of the three cases, actually had a whole clue.

    But I detest AOL. Really.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Nov 2005 @ 12:03am

    Postini's long spamming history; AOL's issues, DNS

    First, Postini has a long and problematic history --
    their service emits outscatter spam by design, and they've refuse to fix (or even discuss with their
    professional peers) this long-standing problem.
    They've EARNED their way onto any number of private
    blacklists via this spamming behavior, so it's not
    at all surprising to see that they have other problems.
    Second, AOL has done an incredible job of stopping
    outbound spam from their service. The amount
    which we see from them is a mere trickle --
    and they've been responsive about reducing that
    even further. Their abuse staff are highly
    clueful and regularly interact with their peers
    in profesional anti-spam forums. It wasn't
    always this way -- a lot of the credit goes to
    Carl Hutzler, who convinced management there that
    they needed to devote resources to the problem,
    and then made it happen. So while I'm most
    certainly no AOL fan (having endured the
    September that never ended) I have to give them
    credit for doing industry "leaders" almost never
    do: leading. Contrast with the spam-infested
    sewers that are Yahoo, MSN, Hotmail, Comcast,
    Verizon, Charter, SBC, Adelphia, Wanadoo, Versatel, etc.
    Third, if AOL is blacklisting your mail server,
    then one possible reason is that the your own
    users are reporting mail traffic as spam. This
    certainly isn't AOL's fault (modulo any UI
    issues in re the placement of the "spam" button);
    it's the fault of users who do not understand
    how to properly use mail, including unsubscribing
    from mailing lists. I'd recommend signing up
    for AOL's feedback loop (which has other uses
    as well) and using techniques like VERP to
    identify which users are responsible.
    Fourth, DNSBLs are far and away THE most effective
    weapon against spam -- and I speak as someone who
    was fighting spam even before the slang term
    "spam" was adopted to describe unsolicited bulk
    email. Oh, they're not perfect -- but they
    make no claim to being so; they merely claim to
    meet the criteria that they're outlined for
    themselves, and need only be evaluated on their
    success (or failure) in doing so. I often find
    it interesting how many people whining about
    DNSBL listings have failed to properly educate
    themselves about just _why_ those listings
    exist and _why_ remedial action may be required
    before they're removed.
    To put it another way: a DNSBL listing is not
    a problem. It's a symptom of a problem. Blaming
    the DNSBL is pointless and merely a way to evade
    responsibility -- it solves nothing. A far
    better approach is to conduct a careful, detailed
    analysis in order to find (and fix) the real
    underlying issue(s). Sadly, this is not what
    we see some of the time: intead, we're treated
    to diatribes by listees who fail to grasp that
    _their own ISP_ sold them out and is really to
    blame for their current difficulties. (Classic
    example: ISPs who move non-spamming customers
    into a heavily spammer-infested network block
    that they KNOW is widely listed by DNSBLs...
    and then engage in plaintive whining about
    how terribly unfair this is.)

    reply to this | link to this | view in chronology ]

  • identicon
    Dana Blankenhorn, 15 Nov 2005 @ 6:11am

    spam blacklist

    I get this thing all the time. Sometimes it's just that someone didn't whitelist my newsletter through their corporate system.

    But it's also possible that a spammer has gotten a copy of your e-mail newsletter and has decided to deliberately get you on blacklists.

    The idea is to eliminate the blacklists and thus enable more spam to get through.

    Since you write articles against spammers, it may also be a personal thing.

    reply to this | link to this | view in chronology ]

  • identicon
    MailGuy, 15 Nov 2005 @ 6:44am

    There is no debate

    Sorry Mike,
    But there is no debate left to be had on this issue. The relationship between a DNSBL and a mailer (such as myself, or AOL) is a private one.
    I trust them to tell me who is spamming and to slam those people. VICIOIUSLY. I want them to be too aggressive.
    I know they will sometimes get it wrong, but you know what? That's OK. I don't NEED them to be 100% correct.
    They help me isolate millions of crap emails every year. Small price to be paid is that sometimes, mistakes happen. I would RATHER mistakes happen than for spam to get through. Sort of puts the onus on the mailer.
    Just because you want to run your company using such an outdated technology as "marketing email" is no reason for me to abandon my relationship with the partner who is actually providing me with an excellent service.
    Push marketing doesn't work as is soooo 1999. If you have something compelling to offer, people will find you.
    My advice: ditch your email program.

    reply to this | link to this | view in chronology ]

    • icon
      Mike (profile), 15 Nov 2005 @ 8:53am

      Re: There is no debate

      First of all, it's not "marketing email." It's the email update of the site. And, I'd love to ditch it if we could. I'd love it if everyone used RSS, but they don't.

      People ask us for email subscriptions all the time, and I'm supposed to say no?

      However, the collateral damage of such efforts is tremendous. So don't tell me that it's fine and I shouldn't worry about it. We have readers demanding it, and AOL is cutting us off without even looking at the email in question.

      That's my fault?

      Sorry, I don't think so.

      reply to this | link to this | view in chronology ]

  • identicon
    xuser, 15 Nov 2005 @ 2:28pm

    AOL - pay-to-spam

    AOL spends alot of money each year to keep unwanted spam off of their networks. Conversely they recieve even more money each year from marketing firms to send spam to users on their network without fear of retribution from AOL.

    To make this simple for everyone to understand.

    When you logon to AOL you sometimes get a set of pop-ups. Is it coincidence that these pop-ups sometimes have indentical marketing content as the spam in your inbox ? Trust me, it is not.

    Those pop-ups are million dollar marketing tools, and they are paid for by the same people that pay-to-spam.

    Spending money is a license to spam. Sending marketing emails without spending protection money to AOL is a crime.

    Seem fair ?

    Welcome to the wonderful AOL world of spam pimping.

    They should be paying you back for wasting the little 56k bandwidth you've been overcharged for in the first place.

    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.