The other 1/3rd are actual spam, but legitimately forwarded as the user requested from a personal or business domain to an AOL account. Any server in the path gets tagged as a spam source.
Actually only the server that connected to AOL and relayed the mail into them. I have this same kind of gripe/complaint. Only for me about 2/3rds of my scomp reports are this.
I see the same thing. At least 2/3rds are spam forwarded along as described above. I have to give some credit to AOL WRT handling that type of situation -- they're much better than MSN/Hotmail who do not have a whitelist or feedback loop and simply stop accepting mail for 12+ hours from any server that reaches a particular spam threshhold. They refuse to do anything about it, even after trying to explain the situation because "It's the Symantec software that does it." Of course that fact they're causing affected servers to get their mail queues backed up with mail awaiting delivery to MSN/Hotmail isn't their problem either. Grrr... Andrew