I run mailinglists.org a non-profitable mailing list server. Several people have complained to me over the last few days about people on various lists not getting mail. The only common thread was that the users were on AOL. Contacting AOL did no good, as it was always a "problem with the list server". Well, it turns out that it is a problem with AOL that NANOG folks might be interested in: http://www.msnbc.com/news/546689.asp?0nm=C14R&cp1=1 Now, since AOL told everyone that *MY* service was faulty, what can I do? *SIGH* AlanC -- perl -le '$_="6110>374086;2064208213:90<307;55";tr[0->][ LEOR\!AUBGNSTY];print' abc@bsdi.com
Well, it turns out that it is a problem with AOL that NANOG folks might be interested in:
Actually it appears to be a problem with earthlink (nee mindspring). I've been gettting a lot of spam from their server lately, and judging from the headers it appears the mindspring servers are configured to relay mail from any system that puts [mail.]mindspring.com in the HELO banner. For example: | Received: from mail.mindspring.com (pool-63.49.172.115.troy.grid.net | [63.49.172.115]) by smtp10.atl.mindspring.net (8.9.3/8.8.5) with SMTP | id VAA09132; Mon, 19 Mar 2001 21:24:44 -0500 (EST) I've probably gotten a couple of dozen such spams over the past week, sourced from all over, with the common flag being [mail.]mindspring.com in the source spammer's HELO banner. Of course I've tried to tell earthlink/mindspring about it but all I get back is a stupid form letter and no action. AOL's servers did the right thing if this is what they reacted to. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
At 9:57 AM -0800 3/20/01, Eric A. Hall wrote:
Actually it appears to be a problem with earthlink (nee mindspring). I've been gettting a lot of spam from their server lately, and judging from the headers it appears the mindspring servers are configured to relay mail from any system that puts [mail.]mindspring.com in the HELO banner.
For example:
| Received: from mail.mindspring.com (pool-63.49.172.115.troy.grid.net | [63.49.172.115]) by smtp10.atl.mindspring.net (8.9.3/8.8.5) with SMTP | id VAA09132; Mon, 19 Mar 2001 21:24:44 -0500 (EST)
I've probably gotten a couple of dozen such spams over the past week, sourced from all over, with the common flag being [mail.]mindspring.com in the source spammer's HELO banner.
Of course I've tried to tell earthlink/mindspring about it but all I get back is a stupid form letter and no action.
AOL's servers did the right thing if this is what they reacted to.
There's been talk on SPAM-L that AOL has been forming its own "ORBS-like list" of open relays, and reacting/rejecting/dropping according to some internal criteria. Seems that if you send mail to AOL, then (according to Lorin), they "will feel free to test your server for relayability" (paraphrased)... Considering how poorly lots of Earthlink servers have historically been configured, it doesn't surprise me at all that a bunch of them were listed and had their mail dropped as probable spam. Now, if only AOL would make the list available for public use, we could all block Earthlink. ;-) D -- +---------------------+-----------------------------------------+ | dredd@megacity.org | "Conan! What is best in life?" | | Derek J. Balling | "To crush your enemies, see them | | | driven before you, and to hear the | | | lamentation of their women!" | +---------------------+-----------------------------------------+
Unless the network is lying to me again, Eric A. Hall said:
Actually it appears to be a problem with earthlink (nee mindspring). I've been gettting a lot of spam from their server lately, and judging from the headers it appears the mindspring servers are configured to relay mail from any system that puts [mail.]mindspring.com in the HELO banner.
That may be the case, but the fix is not to put any server that generates "lots of mail" into the bitbucket. I've been getting complaints from a number of list members (no spam or relaying from mailinglists.org, I promise) that folks on AOL suddenly stopped getting the majority of their list mail. If the MSNBC article is anywhere near correct (yeah, a big assumption) then what AOL was doing was black-holing any "high-volume" source. While that is a noble goal, the fact that any mailing list would fall into that category is pretty lame. It seems to me that if you were an AOL client and suddenly all your nanog@merit.edu mail vanished, you might consider that what they did was NOT the right thing. I decided to contact AOL and called their "press relations" number. I talked to "Keith" and he basically admitted to what the article said. Of-course they were unable to connect me with anyone with real clue, but they did take my number and I'm awaiting a call back. "I talked to someone in that group earlier today and there are about 70 calls they are working on, so it may be a while" This seems to have NOT been targeted against Earthlink/Mindspring, but against anyone generating a high-volume e-mail stream. AlanC -- perl -le '$_="6110>374086;2064208213:90<307;55";tr[0->][ LEOR\!AUBGNSTY];print' abc@bsdi.com
If the MSNBC article is anywhere near correct (yeah, a big assumption) then what AOL was doing was black-holing any "high-volume" source. While that is a noble goal, the fact that any mailing list would fall into that category is pretty lame.
http://members.aol.com/adamkb/aol/mailfaq/dropped-mail.html#lists
AlanC
On Tue, Mar 20, 2001 at 01:36:02PM -0500, ken harris. wrote:
If the MSNBC article is anywhere near correct (yeah, a big assumption) then what AOL was doing was black-holing any "high-volume" source. While that is a noble goal, the fact that any mailing list would fall into that category is pretty lame.
http://members.aol.com/adamkb/aol/mailfaq/dropped-mail.html#lists
This basically means AOL is violating the very spirit of SMTP - you say '250 message accepted', and you deliver it to all recipients you specified acceptance for, or produce bounces. Greetz, Peter.
Peter- This is nothing new - AOL was silently discarding e-mail a year ago. What's worse, when I contacted them I was told that they have an automated system *which does NOT generate reports for the human postmasters* so the staff does not know what domains are being blackholed without grepping through the logs on scores of SMTP servers. I find it difficult to believe that anyone could run a business like that but, hey, they seem to have a lot of customers who either don't care if e-mail gets through or don't know how much AOL loses for them. David Leonard ShaysNet On Tue, 20 Mar 2001, Peter van Dijk wrote:
On Tue, Mar 20, 2001 at 01:36:02PM -0500, ken harris. wrote:
If the MSNBC article is anywhere near correct (yeah, a big assumption) then what AOL was doing was black-holing any "high-volume" source. While that is a noble goal, the fact that any mailing list would fall into that category is pretty lame.
http://members.aol.com/adamkb/aol/mailfaq/dropped-mail.html#lists
This basically means AOL is violating the very spirit of SMTP - you say '250 message accepted', and you deliver it to all recipients you specified acceptance for, or produce bounces.
Greetz, Peter.
Alan Clegg wrote:
I decided to contact AOL and called their "press relations" number. I talked to "Keith" and he basically admitted to what the article said. Of-course they were unable to connect me with anyone with real clue, but they did take my number and I'm awaiting a call back. "I talked to someone in that group earlier today and there are about 70 calls they are working on, so it may be a while"
This seems to have NOT been targeted against Earthlink/Mindspring, but against anyone generating a high-volume e-mail stream.
I've got two contacts at AOL. One is a mail server system architect, the other one heads the abuse desk. I'm going to see what they say about this. -- Steven J. Sobol/CTO/JustThe.net LLC | sjsobol@NorthShoreTechnologies.net SAY IT LOUD: I'M GEEK AND I'M PROUD! | 888.480.4NET (4638) 216.619.2NET (2638) http://NorthShoreTechnologies.net | http://ClevelandProductions.com http://JustThe.net | Powered by Linux, pizza, Coke, Cuervo, and cheap beer.
On Tue, Mar 20, 2001 at 09:57:34AM -0800, Eric A. Hall wrote:
Of course I've tried to tell earthlink/mindspring about it but all I get back is a stupid form letter and no action.
This is not surprising. I'm an Earthlink DSL customer, and when I alert them to misconfigurations that stop hundreds of their own IPs from sending mail, they respond several days later with a form letter and the problem doesn't go away. If you get an IP in a certain range, you just have to drop and reconnect if you want to send email through their server. And, of course, their dialup ranges (including DSL ranges) are all in ORBS, so you have to use their mail server.
participants (8)
-
Alan Clegg
-
Derek J. Balling
-
Eric A. Hall
-
ken harris.
-
M. David Leonard
-
Peter van Dijk
-
Shawn McMahon
-
Steve Sobol