At 9:57 AM -0800 3/20/01, Eric A. Hall wrote:
Actually it appears to be a problem with earthlink (nee mindspring). I've been gettting a lot of spam from their server lately, and judging from the headers it appears the mindspring servers are configured to relay mail from any system that puts [mail.]mindspring.com in the HELO banner.
For example:
| Received: from mail.mindspring.com (pool-63.49.172.115.troy.grid.net | [63.49.172.115]) by smtp10.atl.mindspring.net (8.9.3/8.8.5) with SMTP | id VAA09132; Mon, 19 Mar 2001 21:24:44 -0500 (EST)
I've probably gotten a couple of dozen such spams over the past week, sourced from all over, with the common flag being [mail.]mindspring.com in the source spammer's HELO banner.
Of course I've tried to tell earthlink/mindspring about it but all I get back is a stupid form letter and no action.
AOL's servers did the right thing if this is what they reacted to.
There's been talk on SPAM-L that AOL has been forming its own "ORBS-like list" of open relays, and reacting/rejecting/dropping according to some internal criteria. Seems that if you send mail to AOL, then (according to Lorin), they "will feel free to test your server for relayability" (paraphrased)... Considering how poorly lots of Earthlink servers have historically been configured, it doesn't surprise me at all that a bunch of them were listed and had their mail dropped as probable spam. Now, if only AOL would make the list available for public use, we could all block Earthlink. ;-) D -- +---------------------+-----------------------------------------+ | dredd@megacity.org | "Conan! What is best in life?" | | Derek J. Balling | "To crush your enemies, see them | | | driven before you, and to hear the | | | lamentation of their women!" | +---------------------+-----------------------------------------+