L.S. points out that a blog comment shows that downsizedc.org has some problems including not accepting postmaster email, a technical requirement for any mail server: http://www.downsizedc.org/blog/2007/feb/05/whipped_by_aol#comment-366 Previous Politech message: http://www.politechbot.com/2007/02/05/libertarian-group-downsize/ -Declan -------- Original Message -------- Subject: Re: [Politech] Libertarian group "Downsize DC" gets blacklisted by AOL [fs] Date: Mon, 5 Feb 2007 17:24:55 -0600 From: Al Iverson <aliversonchicago@private> To: declan@private References: <45C7B1F2.9000301@private> <54709c090702051502s2b77f0b7tc4cd10d773ecb645@private> Please post this to Politech if you feel appropriate. > ---------- Forwarded message ---------- > From: Declan McCullagh <declan@private> > Date: Feb 5, 2007 4:38 PM > Subject: [Politech] Libertarian group "Downsize DC" gets blacklisted by AOL [fs] > To: politech@private > > Jim Babka, the president of the Downsize DC Foundation, added this to > the below blog entry in email today: Declan, I'm not convinced there's some big conspiracy to prevent political groups from emailing to AOL. I, and many others, deal with AOL regularly and find that when they say our DNS is broken, it's because the DNS is broken. Also, there might be a reason that we keep seeing the "AOL is mean" press releases from the various political groups: My theory is that it's because these groups are way better at putting out press releases than managing email. I think this theory is supported by the fact that Downside DC ran into issues after relaying spam via a compromised script. Fixed "almost instantly," probably after relaying gobs of spam to innocent AOL users. He talks about how they wouldn't tell him what the compromised script was -- they don't necessarily know. They just see the output (spam) on the other end. They also gave him more information than many other ISPs give many other senders. None of the problems these groups keep raising are new. None of them are specific to their mail, none of them are specific to Goodmail, and it gets tiring to hear about the giant AOL email conspiracy, tiring of hearing about the AOL email tax, etc., etc., when thousands of senders and sending millions of legitimate mails into AOL with regular success. The only other specific point I want to reply to regarding Downsize DC is regarding feedback loops. He heard that they are "worthless." This is not true. Receiving an ISP to mailing list owner feedback loop is a vitally important step to determine who is reporting your mail as spam and getting them off your list so they stop damaging your email reputation. If you don't get the feedback loop, you don't get information about who is complaining about your mail, and spam complaints never go down, because you keep annoying those people over and over. Someone at another ISP, who is not a list manager, wouldn't understand that. ISP to ISP feedback loops may contain the same data, but what the data is used for is quite different. Dealing with AOL on issues like these is actually not as hard as it is being portrayed to be. On January 25th, I published a how-to guide on my website. I hope others find it useful. http://www.spamresource.com/2007/01/how-to-deliver-mail-to-aol.html Regards, Al Iverson -- Al Iverson on Spam and Deliverabilty, see http://www.spamresource.com -------- Original Message -------- Subject: Re: [Politech] Libertarian group "Downsize DC" gets blacklisted by AOL [fs] Date: Tue, 06 Feb 2007 08:01:10 +0530 From: Suresh Ramasubramanian <suresh@private> Organization: -ENOENT To: Declan McCullagh <declan@private> References: <45C7B1F2.9000301@private> Declan McCullagh wrote: > Note this doesn't seem the same thing as what we talked about last month > -- in this case, a legitimate organization has a temporary security > hiccup and, months later, is still blacklisted. You sure its temporary, Declan? > compromised script, but the November Tell-a-friend hack was our first > appearance on the AOL blacklist and we've had problems with that company > ever since. We've been in a kind of "off and on" situation with them -- They were blocked by AOL in november due to a compromised script. And then they've been blocked off and on .. chances are they do have another script or two that are just as insecure as whatever script they had that led to it being hacked, spam being sent out of it. Two ways to go. 1. Blog about it (which does tend to have zero effect) 2. Ask AOL what the issue is, get the issue fixed. So looks like they did #2 and have had quite a run around with AOL's staff for some reason. [reverse dns can timeout or be unavailable for some reason like dns latency at their ISP, for example] > On top of that, after this most recent blacklisting, our programmer set > up a "feedback loop" with AOL. That's a recommended procedure. However, > another ISP manager we spoke to said he has one of these for his company > as well, but has found it to be "useless." That's strange because there's broad consensus - among ISPs, large email senders of every stripe (ranging from political campaigns to marketing) etc that feedback loops are quite useful. Especially in the case of a list - if you get an email reported as spam, and its a list that you are sending out, dont dismiss it as useless, unsubscribe the user. Simple > Metaphorically speaking, somewhere along the way, someone at AOL decided > that their customers want the mail delivery person to read all of their > mail, sift out the stuff they wouldn't be interested in, and deliver the > rest. Internet Service Providers (ISP -- i.e., like AOL, Earthlink, Road This is tinfoil hattery taken to the extreme. "Read all their email"? For over a 100 million users? We've just got 40 million ++ users and we're about a third of AOL's size, or so. There ain't enough staff in the world to "read all AOL users' mail and forward it on", trust me. srs -------- Original Message -------- Subject: Re: [Politech] Libertarian group "Downsize DC" gets blacklisted by AOL [fs] Date: Mon, 5 Feb 2007 15:10:32 -0800 From: Tom Collins <tom@private> To: Declan McCullagh <declan@private> References: <45C7B1F2.9000301@private> On Feb 5, 2007, at 2:38 PM, Declan McCullagh wrote: > On top of that, after this most recent blacklisting, our programmer > set up a "feedback loop" with AOL. That's a recommended procedure. > However, another ISP manager we spoke to said he has one of these > for his company as well, but has found it to be "useless." Declan, I've been running a small hosting server for 8+ years now, and I have to disagree with AOL's feedback loop being "useless". It's perhaps one of the best ways to learn that a user has installed an insecure formmail script which is now being abused by spammers. If any of your customers run mailing lists and are adding AOL users without your permission, you'll know about it. On the down side, I have to deal with AOL spam complaints for legitimate lists that I know the users have requested. In the end though, it's better to know when AOL users are complaining that mail from your IP is spam. -Tom -------- Original Message -------- Subject: Re: [Politech] Libertarian group "Downsize DC" gets blacklisted by AOL [fs] Date: Mon, 5 Feb 2007 19:39:56 -0500 From: Rich Kulawiec <rsk@private> To: Jim Babka <jimbabka@private> CC: Declan McCullagh <declan@private> References: <45C7B1F2.9000301@private> > "The last couple of weeks have been a nightmare. Why? Because America > Online (AOL) has blacklisted us. And you don't have an AOL feedback loop set up. The AOL feedback loop is invaluable. Don't believe whoever told you it wasn't. I've set them up not just for myself, but for every client running mailing lists and/or *forwarding* mail (note, not delivering, forwarding) to AOL. Let me tell you why you want one, and why your problem may very well NOT be AOL -- but your own subscribers. (And possibly some lesser procedural errors that you've made, but I'll get to that.) I run quite a few mailing lists, and have for many years. Like everyone else who does so, and who has an AOL feedback loop in place, I see a constant low-level stream of reports from AOL about perfectly ordinary mailing list traffic marked as spam *BY THE USERS*, that is, by the people who are on the mailing list and are reading it via their AOL accounts. This is because AOL presents it to them using an interface that has various message operations on it -- "save", "delete", whatever -- and "report as spam". And users being users, they are not always as careful as we might hope. And some of them will hit that button -- in fact, some of them will hit that button repeatedly on sequential list messages. Thus reporting them to AOL as spam. They will do this even after you repeatedly ask them not to. They will do this even after you point out things like, oh, that if they want to unsubscribe, the instructions are in the footer of every list message. They will do this even after you threaten to remove every AOL user from the list for a while. They will do this. Which is why you need a feedback loop. AOL has been (and correctly so) tight-lipped about just how they combine this information with other information (such as: overall message volume from the source, which could be used to compute a percentage-marked-as-spam) but it appears that if enough recipients hit that button often enough, then eventually something will happen -- closer scrutiny, graylisting, blocking, something. Your users are hitting that button. I guarantee it. I can say this because your stated number of AOL subscribers is large enough that I can apply experience gleaned from similar populations. Even on mailing lists with just ~25 AOL users, some have hit that button. (You say you have ~3000 users at AOL -- so I have no problem telling that your users are hitting that button. Probably fairly often.) If you had a feedback loop set up, you'd know how often they were doing so. And you could use any of several techniques to identify which ones, and then decide what to do about them. (unsubscribe them, warn them, unsubscribe them and ban them, whatever you like, including "nothing") Now...I'm not a major fan of this tactic on AOL's part. And like others, I've asked them to take some steps to mitigate the false positives that are being generated by their users. And I have reason to believe that they have been continuously working to improve it. But the bottom line is that it's their choice to offer this feature, and their customers' choice to use it -- including "to use it capriciously and without really thinking about what they're doing". So the first thing you need to do once you're off their blacklist this time, is set up that feedback loop and *pay attention* to what it tells you. (Keep in mind: AOL is not the only place where your messages are being scrutinized. They're just one of the few are generous enough to share some of that process with you *for free*. You should take advantage of the offer, because it will, if used properly, also enable you to avoid similar problems elsewhere. It's possible you already have some of those, by the way. They just may not be as obvious yet.) So be prepared for the possible unpleasant reality that your own subscribers may be the underlying cause of your problems. I've seen it, multiple times. (And yes, in situations where the proximate cause appeared to be something else. Sound familiar?) > On top of that, anyone attempting to sign up with our system using an > AOL or AOL-related address couldn't confirm their registration. It's good that you have a registration confirmation process -- I just tested it, and appears to correctly implement a confirmed opt-in procedure (good) But it's bad that it requires confirmation via the web. You *should* be offering confirmation (as well as subscribe/unsubscribe functionality) via email, for a number of reasons. (Briefly: because it's a *mailing list*, because of RFC 2142, because it's been a best practice for decades, because all sane mailing list management s/w already has this built in, and because it avoids forcing users to use a second piece of software to do what is easily accomplished with one.) So my advice is to set up RFC 2142 addresses for any/all lists you operate, and to incorporate headers that comply with RFC 2369 and RFC 2919. One easy way to do this is to use a mailing list manager like Mailman (www.list.org) which has all of this built into it. (In fact, I highly recommend that you dump what you're using now and use Mailman.) Ah, and I referred to procedural errors above: if you're not doing all these things, then users *may* resort to thumping on the "report as spam" button because you're not providing them with the standard mechanisms for doing things like unsubscribing. There's no way to know that for certain, but since it's easy to avoid this problem entirely and alleviate the risk (and do it using free software), it'd be silly not to. ---Rsk -------- Original Message -------- Subject: Re: [Politech] Libertarian group "Downsize DC" gets blacklisted by AOL[fs] Date: Mon, 05 Feb 2007 18:29:31 -0500 From: rafonda <rafonda@private> To: Declan McCullagh <declan@private> References: <45C7B1F2.9000301@private> The question that occurs to me is, WHY would anyone use AOL in the first place? RAF Date: Mon, 5 Feb 2007 21:13:39 -0800 From: Scott Jordan <scott_c_jordan@private> To: 'Declan McCullagh' <declan@private> References: <45C7B1F2.9000301@private> Declan, Having one's political opponents blacklisted by anti-spam filters became quite the sport in the 2002 election cycle here in the U.S. People would sign up for a group's or pundit's emails, then gleefully hit the "abuse" button once they arrived. The obedient spam filter would soon block delivery of any email from that source, sometimes (as in the case of AOL) rejecting emails that even contained a URL pointing to a source on its blacklist. I tested this extensively a couple years ago and found that, impressively, AOL's filter seemed to even parse tinyurl.com and shorl.com redirects, detecting the Verbotensource and blocking delivery. AOL was by far the worst, but all spam filters (even client-based ones) have similar problems. Many share blacklists, so once a source has been deemed offensive by a threshhold number of "complaints" for one spam filter, users of other spam filters would see the content blocked, too. Compounding the problem is that the vast majority of email users have no idea what's going on or what to do about it. Spam folders go uninspected, in part because they're cumbersome and daunting. Whitelists go unused, mostly because they're limited and inaccessible. It's a serious problem. I'm no fan of the death penalty but make an exception for spammers... and those who abuse spam filtering to censor the opinions of those they oppose. My sympathies go out to the Downsize DC Foundation. I wish them well, but AOL is a tough nut to crack, as they're finding. And while there are other ways to get on a spam filter's radar-screen, the possibility that a political opponent has purposely blacklisted them should not be rejected today. Best, --Scott Jordan San Jose [Contrary to Karl's suggestion, I don't believe that Downsize DC has in any way called for regulatory action. I expect they'd oppose it on principle. It's possible to complain about a corporation's actions without calling for government regulation... --Declan] -------- Original Message -------- Subject: Re: [Politech] Libertarian group "Downsize DC" gets blacklisted by AOL [fs] Date: Mon, 05 Feb 2007 15:40:27 -0800 From: Karl Auerbach <karl@private> To: Declan McCullagh <declan@private> References: <45C7B1F2.9000301@private> Declan McCullagh wrote: > Jim Babka, the president of the Downsize DC Foundation, added this to > the below blog entry in email today: > > "The last couple of weeks have been a nightmare. Why? Because America > Online (AOL) has blacklisted us. > The result ... One might find it ironic that a group that advocates small government is emitting what could be construed as a cry for some form of regulatory action over the internet in order to protect itself from the choices made by other, larger businesses. One of the reasons we have such a huge administrative apparatus, not to mention a protected civil service, is because of the problems that occurred in the late 1800's and early 1900s. I think we all can agree that we overshot the mark and that we have too much apparatus today. However, there still is a legitimate need for some such mechanisms - we can debate the amount. What I see as a more corrosive development is the transfer of governmental powers from agencies that are clearly governmental and arguably under the control of elected officials that react to public pressure to agencies that are private and responsive only to a very limited constituency. ICANN being one such example. --karl-- _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Mon Feb 05 2007 - 23:37:53 PST