Re: AOL scomp

[Suresh Ramasubramanian]

On Wed, 2 Mar 2005 11:15:51 -0500 (EST), Todd Vierling <[EMAIL PROTECTED]> 
wrote:
> 
> Your third option is best.  (Excuse the signature-pun.  :)
> 
> SRS does not require SPF, and provides auditability for forwarded mail:
> 
> http://spf.pobox.com/srs.html
> 

In which case dont futz about with SES (thats yet another name for SRS
i think, I prefer to think I'm the only SRS around) - use BATV
instead.  Its  specced for exactly what #3 says.

srs

-- 
Suresh Ramasubramanian ([EMAIL PROTECTED])

Re: AOL scomp

[Gary E. Miller]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yo Joe!

On Tue, 1 Mar 2005, Joe Maimon wrote:

> Apparently the ratio of valid/invalid AOL notifications is a usefull indicator
> on the cleanliness of the relevant network.

Or it just may tell you the clue level of the recipients.  I run a
mail server that only sends alerts to paying customers.  These customers
pay several hundred dollars a year for these alerts.  The subject line
and body text are clearly tagged as to the sedning source.  AOL users
STILL report it as spam!  I have tried to get AOL to whitelist our server
but no luck.

RGDS
GARY
- ---
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
[EMAIL PROTECTED]  Tel:+1(541)382-8588 Fax: +1(541)382-8676

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFCJhJR8KZibdeR3qURAkJsAKCORAdYmHPYM3rbUEaGxFuJ6KkdUACfYVZF
PIlSidJJwnYT5hoSxa1nur8=
=S6CI
-END PGP SIGNATURE-

Comcast Contact. (was: RE: AOL scomp)

[chuck goolsbee]

Pardon my interruption of the ongoing discussion of SMTP trust models 
and FUSSPs (which I think is very important BTW), but if there is 
somebody from Comcast here that can help us solve an immediate 
related issue, please contact me or one of my postmasters off list?

Normal channels have been attempted unsuccessfully, for a problem 
that has been repeating itself every few days for the past two months.

--chuck goolsbee
digital.forest inc, seattle, wa 
[EMAIL PROTECTED] - [EMAIL PROTECTED] - 206-838-1630 xt2001 - AIM:chuckgoolsbee
or
[EMAIL PROTECTED] - [EMAIL PROTECTED] - 877-720-0483 xt 2002
Thanks.
--

Re: AOL scomp

[Anne P. Mitchell, Esq.]

Otherwise, I think that it can be helpful in identifying issues.
We use it to help advise us with respect to the IADB accreditation 
database, and what we have found is that yes, there are a lot of 
complaints for legitimate opt-in mail, but a demonstrable change in 
*volume* (rather than the valid:invalid complain ratio) can often 
notify us very early on about a problem mailing by someone listed in 
IADB.  Due to the nature of the senders listed in IADB, typically a 
"what's going on with this??" inquiry will result very quickly in a 
problem customer of the sender's either getting a clue or getting the 
boot.

Anne
Anne P. Mitchell, Esq.
President/CEO
Institute for Spam and Internet Public Policy
http://www.isipp.com  http://www.isipp.com/iadb.php
Professor of Law, Lincoln Law School of SJ

Re: AOL scomp

[Gregory Hicks]

> Date: Wed, 2 Mar 2005 10:25:56 +0530
> From: Suresh Ramasubramanian <[EMAIL PROTECTED]>
> 
> 
> On Tue, 01 Mar 2005 09:28:31 -0500, Vinny Abello <[EMAIL PROTECTED]> wrote:
> > I can attest that we do not see the same here as you are seeing (1 in 100).
> > I'd agree more with the 1/3 being stupid AOL users reporting regular
> > messages that were either forwarded from their own account that we host to
> 
> Well - there's a way out, sort of.
> 
> 1. Route .forwarded email out a separate IP (besides cutting down on
> accepting and forwarding spam)
> 
> or
> 
> 2. Find some way - like an X-Forwarded-For header, that AOL can tag on.

There aready ARE such headers...  "Resent-From:",  "Resent-To:", ...

> 
> --srs
> 
> -- 
> Suresh Ramasubramanian ([EMAIL PROTECTED])

---
Gregory Hicks| Principal Systems Engineer
Cadence Design Systems   | Direct:   408.576.3609
555 River Oaks Pkwy M/S 6B1  | Fax:  408.894.3400
San Jose, CA 95134   | Internet: [EMAIL PROTECTED]

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton

Re: AOL scomp

[Todd Vierling]

On Wed, 2 Mar 2005, Suresh Ramasubramanian wrote:

> Well - there's a way out, sort of.
>
> 1. Route .forwarded email out a separate IP (besides cutting down on
> accepting and forwarding spam)
>
> or
>
> 2. Find some way - like an X-Forwarded-For header, that AOL can tag on.
>
> --srs

Your third option is best.  (Excuse the signature-pun.  :)

SRS does not require SPF, and provides auditability for forwarded mail:

http://spf.pobox.com/srs.html

-- 
-- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>

Re: AOL scomp

[Jim Segrave]

On Tue 01 Mar 2005 (22:36 -0500), Joe Maimon wrote:
> 
> 
> Barry Shein wrote:
> >
> >On March 1, 2005 at 14:17 [EMAIL PROTECTED] (Jim Segrave) wrote:
> > > I don't understand this complaint - we process AOL TOS Notifications
> > > daily and I find perhaps 1 in a hundred or so are not valid complaints.
> >
> >Here about 99% are not valid or interesting.
> >
> >Which is to say, I had one small burst once caused by an infected
> >customer machine which we got shut off fast and fixed.
> >
> >The rest are virtually all just people on mailing lists hosted here
> >sending each and every completely on-topic posting to TOS.
> >
> >I suppose I should figure out some way to track them so I can boot
> >them off those lists since AOL removes all identifying information.
> >
> 
> Apparently the ratio of valid/invalid AOL notifications is a usefull 
> indicator on the cleanliness of the relevant network.

Or alternatively, some networks have few users who communicate with
AOL customers - they aren't currently big-time in the Netherlands -
and the ratio of valid to invalid complaints has sweet FA to do with
anything else. We don't set up mail forwarding for residential
customers so that's another non-issue.

-- 
Jim Segrave   [EMAIL PROTECTED]

Re: AOL scomp

[Suresh Ramasubramanian]

On Tue, 01 Mar 2005 09:28:31 -0500, Vinny Abello <[EMAIL PROTECTED]> wrote:
> I can attest that we do not see the same here as you are seeing (1 in 100).
> I'd agree more with the 1/3 being stupid AOL users reporting regular
> messages that were either forwarded from their own account that we host to

Well - there's a way out, sort of.

1. Route .forwarded email out a separate IP (besides cutting down on
accepting and forwarding spam)

or

2. Find some way - like an X-Forwarded-For header, that AOL can tag on.

--srs

-- 
Suresh Ramasubramanian ([EMAIL PROTECTED])

Re: AOL scomp

[John Levine]

>It's too bad that about 1/3 of the reported mails are valid opt-in lists.

I find it's a lot more than that, but my network is small and I know
most of my users so the amount of spam we emit is tiny.

Since my list mail is all VERPed and AOL only removes the address from
the To line (they know it's silly, their lawyers made them do it), it
took me only a few minutes to write a perl script that picks the list
name, domain, and subscriber address out of the bounce address and
reformats it into an unsubscribe message to mj2.  Works great.

Now I have a new problem of AOL users asking where their list mail
went.  Sigh.  I tell them that if they want to resubscribe, they're
welcome to do so, and when they hit the spam button again they'll be
off the list again.

Regards,
John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for 
Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"I shook hands with Senators Dole and Inouye," said Tom, disarmingly.

Re: AOL scomp

[David Lesher]

Speaking on Deep Background, the Press Secretary whispered:
> 
> 
> 
> 
> The rest are virtually all just people on mailing lists hosted here
> sending each and every completely on-topic posting to TOS.


I've not gotten the AOL'ed treatment, but man how clueless
is the userbase now-a-daze? I run a few lists, and despite
the unsub address appearing in both the headers and visible
dot.sig; still get dozens of "how do I.." per week.

I miss the Good Old Daze; when men were men, and addresses
had bang paths...

..cwru!ncoast!wb8foz


-- 
A host is a host from coast to [EMAIL PROTECTED]
& no one will talk to a host that's close[v].(301) 56-LINUX
Unless the host (that isn't close).pob 1433
is busy, hung or dead20915-1433

Re: AOL scomp

[Joe Maimon]

Barry Shein wrote:
On March 1, 2005 at 14:17 [EMAIL PROTECTED] (Jim Segrave) wrote:
 > I don't understand this complaint - we process AOL TOS Notifications
 > daily and I find perhaps 1 in a hundred or so are not valid complaints.
Here about 99% are not valid or interesting.
Which is to say, I had one small burst once caused by an infected
customer machine which we got shut off fast and fixed.
The rest are virtually all just people on mailing lists hosted here
sending each and every completely on-topic posting to TOS.
I suppose I should figure out some way to track them so I can boot
them off those lists since AOL removes all identifying information.
Apparently the ratio of valid/invalid AOL notifications is a usefull 
indicator on the cleanliness of the relevant network.

Some might suggest that large amounts of untrackable inaccurate 
complaints are themselves abuse.

Re: AOL scomp

[Barry Shein]

On March 1, 2005 at 14:17 [EMAIL PROTECTED] (Jim Segrave) wrote:
 > I don't understand this complaint - we process AOL TOS Notifications
 > daily and I find perhaps 1 in a hundred or so are not valid complaints.

Here about 99% are not valid or interesting.

Which is to say, I had one small burst once caused by an infected
customer machine which we got shut off fast and fixed.

The rest are virtually all just people on mailing lists hosted here
sending each and every completely on-topic posting to TOS.

I suppose I should figure out some way to track them so I can boot
them off those lists since AOL removes all identifying information.

-- 
-Barry Shein

Software Tool & Die| [EMAIL PROTECTED]   | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202| Login: 617-739-WRLD
The World  | Public Access Internet | Since 1989 *oo*

Re: AOL scomp

[Chris Adams]

Once upon a time, Jim Segrave <[EMAIL PROTECTED]> said:
> I don't understand this complaint - we process AOL TOS Notifications
> daily and I find perhaps 1 in a hundred or so are not valid complaints.

It is almost the reverse for us; a small number of valid complaints in a
sea of false complaints.  I've seen account info, half of private
conversations (and I do mean private), hotel reservations, and more
reported as spam on a regular basis.

I also get complaints about confirmed opt-in mailing lists (majordomo
and/or mailman lists with unsubscribe info at the bottom of each
message) that the user apparently thinks the "Spam" button is the same
as unsubscribe.  That does not scale up; the whole point of using
mailing list software is that so the mail server admin doesn't have to
manually process subscribe/unsubscribe lists.  Our mailing lists are set
up to "bulk mail" (i.e. one message with multiple recipients), so since
AOL filters out the complaining address, I can't manually unsubscribe
those users.

I haven't seen the AOL interface myself, but I've read that the "Spam"
button is next to or near the "Delete" button, leading to mis-clicks.
Even if that isn't so, there are definately a significant number of
users that use the buttons interchangeably.
-- 
Chris Adams <[EMAIL PROTECTED]>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

Re: AOL scomp

[Vinny Abello]

At 08:17 AM 3/1/2005, Jim Segrave wrote:
On Thu 24 Feb 2005 (12:40 -0500), [EMAIL PROTECTED] wrote:
> On Thu, 24 Feb 2005 12:28:58 EST, Matt Taber said:
> > It's too bad that about 1/3 of the reported mails are valid opt-in lists.
>
> Proof that any network management or security or anti-spam scheme that 
implies
> end users with functional neurons is doomed from the get-go.
>

I don't understand this complaint - we process AOL TOS Notifications
daily and I find perhaps 1 in a hundred or so are not valid complaints.
I can attest that we do not see the same here as you are seeing (1 in 100). 
I'd agree more with the 1/3 being stupid AOL users reporting regular 
messages that were either forwarded from their own account that we host to 
their AOL account or mailing lists that they signed up for as spam. In 
fact, I read an interesting email last night that was from AOL scomp 
because someone with an AOL email address was tired of arguing with someone 
else they know via email so they just reported it as spam... not realizing 
that we get a copy of it and are now privy to a personal feud among family 
members or friends.  The majority of them though, are messages from 
lists that they signed up for themselves and don't understand how to get 
off the list (despite the fact it's written at the bottom of every message 
to the list with a link). If you run some high volume lists you'll start 
seeing dumb reports from AOL scomp. My impression is that many AOL users 
think that feature is for deleting mail. I've not seen AOL software in 
years, but maybe if AOL put some sort of warning when they submit these 
messages... Maybe it's just the user base @ AOL that our mail servers deal 
with. :)

Otherwise, I think that it can be helpful in identifying issues. Just my 
$0.02.

Vinny Abello
Network Engineer
Server Management
[EMAIL PROTECTED]
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN
"Courage is resistance to fear, mastery of fear - not absence of fear" -- 
Mark Twain

Re: AOL scomp

[Jim Segrave]

On Thu 24 Feb 2005 (12:40 -0500), [EMAIL PROTECTED] wrote:
> On Thu, 24 Feb 2005 12:28:58 EST, Matt Taber said:
> > It's too bad that about 1/3 of the reported mails are valid opt-in lists.
> 
> Proof that any network management or security or anti-spam scheme that implies
> end users with functional neurons is doomed from the get-go.
> 

I don't understand this complaint - we process AOL TOS Notifications
daily and I find perhaps 1 in a hundred or so are not valid complaints.

-- 
Jim Segrave   [EMAIL PROTECTED]

Re: AOL scomp

[Robert Bonomi]

> From [EMAIL PROTECTED]  Sat Feb 26 13:42:19 2005
> Date: Sat, 26 Feb 2005 10:27:40 -0500
> From: Rich Kulawiec <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: AOL scomp
>
>
> On Fri, Feb 25, 2005 at 01:34:21AM -0600, Robert Bonomi wrote:
> > Because the recipient *expressly* requested that "all mail which would reach
> > my inbox on your system be sent to me at AOL (or any other "somewhere 
> > else").
>
> I have three somewhat-overlapping responses to that -- and I'll try to
> stay focused on operational issues, since this is NANOG, not Spam-L.
> (But if you to delve further into this, I would suggest shifting the
> discussion there, as it's probably more appropriate.)
>
> 1. SMTP spam is not mail.

"Spam -- it's about _consent_, not *content*."

If I, the forwarding system operator have the _consent_ of the mailbox owner
on the destination system to forward messages to him, they are *not* spam
on _that_ system.  This *is* a separaate issue as to whether or not they
are spam _on_the_forwarding_system_.  Yes, the forwarding system should do
everything "reasonable" to suppress spam from (a) reaching the local inbox
*or* (b) being forwarded, if the customer has requested mail forwarding.

If the recipient has a problem with receiving the forwarded message, he should 
complain _to_the_FORWARDING_system_ about it.  *NOT* to the destinaiton system.

> So while the end user on some remote system may have in fact said
> "send me everything, including the spam" (although this seems very
> unlikely)

How about various 'spamtrap' mailboxes, auto-forwarded to a central location
for "further processing"?   

> > This means that every such message from the 'forwarding' system to the
> > destination system is, BY DEFINITON, "solicited". The mailbox owner has
> > expressly and explicictly requested those messages be sent to him at the
> > receiving system.
>
> This is a definition of "solicited" which is wholly at odds with that
> in common practice for the last few decades.   By your definition,
> the victim of a mailbombing attack would have somehow "solicited" that
> abuse merely because they have a forwarding alias on your system.

NOT AT ALL. It *IS* 'unsolicited' on _my_ system.  It is *not* unsolicited
at the final destination system.  Questions/complaints/help-requests should
be sent *TO*ME*, not to the destination system.  He's *MY* customer, too.
I've got an incentive to 'make things right'.

> I'm not having any.  UBE (the proper definition of SMTP spam) doesn't
> magically become not-UBE just because it gets forwarded by somebody.

Suppose my user "manually" forwards a 'spam' message to an account of his
on another system.  And then _forgets_ that *he* did it.  And reports it
to *that* provider as spam coming from my system.

Is this _my_ fault?  IS spam originating from my system?  Should I terminate
this user for 'spamming'?

> It's still spam, and anyone sending/forwarding it is personally
> responsible for their choice to do so.

"It's about *consent*, not _content_."  Want to try to deny that the 
recipient _consented_ to the forwarding from his other account?

It is _not_ 'unsolicited' (the first word of UBE / UCE) on the destination
system.  It *may*well* be 'unsolicited' at the system where the customer
has the forwarding mailbox.  Complaints should be directed to *THAT* system
operator, *not* the operator of the destination system.

Note: I *agree* that "anyone sending/forwarding it is personally responsible
fortheri choice to do so."  The person that *made* that choice -- to forward 
that message -- however, is _the_customer_; the 'owner' of mailbox on the 
'forwarding' system, *and* the 'owner' of the mailbox on the destination 
system.

If "my customer" (in his identity on the receiving system) reports "my 
customer" (in his identity on _my_ system) as sending spam, should I 
terminate him from my system?  After all, he's identified _himself_ as
the spammer. 

> (Yes, I realize that it's not possible to achieve perfection, but that
> isn't an excuse for failure to keep trying, continuously.  It's not
> difficult to block 90% of spam using simple, free measures that rely
> entirely on open-source software and freely-accessible data.  There's
> thus no valid excuse for not doing at least that much -- today.)

Yup. Keep it from getting to the point it 'would' get to his inbox, and it
won't get forwarded, either. 

But, if it _does_ get through, the recipient should be complaining about it
_to_me_, not to the operator of the destination system.

Re: AOL scomp

[Rich Kulawiec]

On Fri, Feb 25, 2005 at 01:34:21AM -0600, Robert Bonomi wrote:
> Because the recipient *expressly* requested that "all mail which would reach
> my inbox on your system be sent to me at AOL (or any other "somewhere else").

I have three somewhat-overlapping responses to that -- and I'll try to
stay focused on operational issues, since this is NANOG, not Spam-L.
(But if you to delve further into this, I would suggest shifting the
discussion there, as it's probably more appropriate.)

1. SMTP spam is not mail.

Oh, it may *look* like mail, it may arrive on the same port, and it
may use the same protocol, but it's not mail.  It's abuse.  There's no
reason to forward it to anybody.  There's no reason to even accept it
in the first place.

Heck, there's no reason to even _emit_ it in the first place.

Which (not emitting it) is what everyone should be trying to do, but
few are.  It seems to have somehow escaped the notice of many that
spam/abuse doesn't fall out of the sky: it comes from systems.  Those
systems are on networks.  Those networks are run by people.  Those people
are personally responsible for the spam/abuse that their networks emit.
It's thus their responsibility to make it stop.  But their failure to
properly discharge that responsibility is why we have a major problem,
or actually, several major problems, instead of a minor annoyance.

[ Let's have a moment of nostalgia for the time when allowing this
to happen day after day would not happened because the plug would
have been unceremoniously pulled after the first 24 hours.  It's
illuminating how quickly "unsolvable" problems are at least patched
to an acceptable degree when connectivity is at stake. ]

2. Mail delivery requires permission of all of:

- the network operator
- the system operator
- the mail subsystem operator
- the end user

(who of course are sometimes all the same person/people).  For instance,
the end user may grant permission for someone to send 500M video clips
attached to mail messages, but if the mail subsystem operator has
limited mail message sizes to 10M, then permission is denied and the
mail message is turned away.  As another example, if the end user has
granted permission for 5000 messages/second, but the network operator
has capped bandwidth at a level below that required to transmit those
messages, permission will be denied.

What I'm trying to say is that merely having the permission of the end
user to send something isn't enough: one also has to have permission
from the authorities involved in providing the service, and their
permission may be conditional on certain requirements enforced
by automated agents, e.g., "you will only be given permission if your
message is <= 10M" or "you will only be given permission if your message
does not contain a live virus".

Or "you will only be given permission if your message isn't spam", or 
"you will only be given permission if your message isn't coming from
a domain/system/network known to emit prodigious quantities of spam".

I see no reason for any of those four people to grant permission to
receive or forward spam *except* for those very few conducting research
in the area (similarly for viruses), and those people aren't going
to want it via a forwarder anyway.

So while the end user on some remote system may have in fact said
"send me everything, including the spam" (although this seems very
unlikely) this does not constitute permission to do so, because that
user isn't the only party involved, and their permission alone is
insufficient.  (logical AND required, not logical OR)  And I doubt very
much that the others will give their consent.

3. Dealing properly with forwarded spam which is rejected by the destination
is tough: generating bounces will make the generator a spammer-by-proxy,
and that's obviously unacceptable.  A much better course of action
is to try to reject as much spam as possible -- rather than accepting it,
trying to forward it, and then bouncing it (thereby spamming innocent
third parties, and self-nominating for inclusion in various blacklists).


Bottom line: deliberately forwarding spam makes you a spammer.  Don't do it.
If a user, for some bizarre reason, insists: don't do it.  Tell them 
to find an irresponsible, spam-supporting ISP to do it for them -- there
are certainly plenty of those around to choose from.

> This means that every such message from the 'forwarding' system to the
> destination system is, BY DEFINITON, "solicited". The mailbox owner has
> expressly and explicictly requested those messages be sent to him at the
> receiving system.

This is a definition of "solicited" which is wholly at odds with that
in common practice for the last few decades.   By your definition,
the victim of a mailbombing attack would have somehow "solicited" that
abuse merely because they have a forwarding alias on your system.

I'm not having any.  UBE (the proper definition of SMTP spam) doesn't
magically become not-UB

Re: AOL scomp

[Suresh Ramasubramanian]

On Thu, 24 Feb 2005 17:02:23 -0500, Vinny Abello <[EMAIL PROTECTED]> wrote:
> Forwarded mail shouldn't be rejected as a result of SPF if your mail server
> is using SRS to rewrite the from addresses in the "mail from" part of the
> SMTP transaction of the forwarded emails... as long as your SPF record
> isn't messed up of course. :)

No point in implementing SRS

There is however a point in asking people who persist in publishing
-all records to consider changing those to ~all or ?all, and then
telling people who treat spf hard failures as 100% sign of spam not
to.

  --srs (fresh from watching a Meng Wong / Dave Crocker / Jim Fenton
panel at apricot 2005)

-- 
Suresh Ramasubramanian ([EMAIL PROTECTED])

Re: AOL scomp

[Joe Maimon]

Robert Bonomi wrote:

In actuality, *I* am not QUITE as draconian as suggested a couple of 
paragraphs previously.  If I forward somebody's mail and get a complaint
from the reciveing system about spam to that user, "originating" from my 
system, that user *permanently* loses any forwarding privileges/capabilities.
No appeal, no _notice_ no 'second chance', no nothing -- forwarding just 
"stops working" for them. They _were_ told of this "down-side risk", with 
regard to such an error, *before* the forwarding was enabled. They get to 
live with the consequences.

 

I suspect that sooner or later you will be amending your proccess to 
include a stated notice of understanding/whitelisting/no abuse 
complaints from both this users and this users forwarded-to system's 
administrators, before considering turninng on the forwarding hose.


 

Re: AOL scomp

[Robert Bonomi]

> From [EMAIL PROTECTED]  Thu Feb 24 23:19:15 2005
> Date: Thu, 24 Feb 2005 22:46:13 -0500
> From: Rich Kulawiec <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: AOL scomp
>
>
> On Thu, Feb 24, 2005 at 02:53:14PM -0500, Mark Radabaugh wrote:
> > Now here I would disagree.   These are specific requests by
> > individuals to forward mail to from one of their own accounts to
> > another one of their own accounts.
>
> But a request to forward mail is not a request to facilitate
> abuse by forwarding spam.
>
> > I do not think AOL (or anyone) should consider mail forwarded
> > at the customers request as indicating that our mail servers are sending 
> > spam.
>
> Why not?

Because the recipient *expressly* requested that "all mail which would reach
my inbox on your system be sent to me at AOL (or any other "somewhere else").

This means that every such message from the 'forwarding' system to the
destination system is, BY DEFINITON, "solicited".  The mailbox owner has
expressly and explicictly requested those messages be sent to him at the
receiving system.

If that person then reports such messages -- that they have EXPRESSLY requested
be sent to the receiving system -- as spam, to the operator of the receiving
system, then that person is *indisputably* IN THE WRONG for doing so.

The _person_ who issued the directive causing that message to end up in the
recipient's inbox is the *recipient*himself*.  If he reports the message as
spam, then it can be logically held that *he* is the spammer.  And his 
access on *both* systems (forwarding and receiving) should be terminated 
for AUP violation.

Now, if the recipient wants to report it to the forwarding system -- so
that they can block any further inbound attempts -- that's a whole nother
story.

Of course, this requires that the person involved be "smart enough" to 
read and understand the headers on the message.

In actuality, *I* am not QUITE as draconian as suggested a couple of 
paragraphs previously.  If I forward somebody's mail and get a complaint
from the reciveing system about spam to that user, "originating" from my 
system, that user *permanently* loses any forwarding privileges/capabilities.
No appeal, no _notice_ no 'second chance', no nothing -- forwarding just 
"stops working" for them. They _were_ told of this "down-side risk", with 
regard to such an error, *before* the forwarding was enabled. They get to 
live with the consequences.

Re: AOL scomp

[Rich Kulawiec]

On Thu, Feb 24, 2005 at 02:53:14PM -0500, Mark Radabaugh wrote:
> Now here I would disagree.   These are specific requests by
> individuals to forward mail to from one of their own accounts to
> another one of their own accounts.

But a request to forward mail is not a request to facilitate
abuse by forwarding spam.

> I do not think AOL (or anyone) should consider mail forwarded
> at the customers request as indicating that our mail servers are sending spam.

Why not?

Did it come from your servers?  On your network?

If "yes", then it's YOUR spam, and you should expect to held fully
accountable for it.  If that's an unpleasant notion, and I'll stipulate
that it sure is for me, then you need to do whatever you need to do
in order to put a sock in it.

We are long past the time when excuses for relaying/forwarding/bouncing
spam were acceptable. The techniques for mitigating these -- at least
to cut down a torrent to a trickle -- are well-known, well-understood,
well-documented and readily available in a variety of implementations.


More generally, the best place to stop spam is as near its source as
possible.  So if you're the forwarder, you're at least one hop closer to
the source than the place you're forwarding to -- thus you should have
a better chance than they do of stopping it.  And you should at least
make a credible try: nobody expects perfection (though we certainly hope
for it) but doing _nothing_ isn't acceptable, either.


So, for instance: take advantage of the AOL feedback loop.  Anything
that they're catching -- that you're not -- indicates an area where
you can improve what you're doing.  Find it, figure it out, and do it.
Everyone benefits -- including all your users who aren't having their
mail forwarded.

---Rsk

Re: AOL scomp

[Matthew Crocker]

Forwarded mail shouldn't be rejected as a result of SPF if your mail 
server is using SRS to rewrite the from addresses in the "mail from" 
part of the SMTP transaction of the forwarded emails... as long as 
your SPF record isn't messed up of course. :)

I know but that just wreaks of a hack which I'm not currently willing 
to do.  It works better for us to terminate the forwarding and sell the 
customer full mail service.  My SPF record isn't messed up as far as I 
know.

-Matt

Re: AOL scomp

[james edwards]

- Original Message - 
From: "Matt Taber" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 24, 2005 2:15 PM
Subject: Re: AOL scomp


>
> Postini is my friend too.
>
> But the more we can do to get rid of spam on our own, the less we have
> to pay Postini each month.
>

Postini's admin. interface is always slow (we have been a customer for 3
years) and as of 20 mins. ago quit working altogether.
Users cannot log into their message centers.

The new contract we just got, with increase, does not sit well at present.

James H. Edwards
Routing and Security Administrator
At the Santa Fe Office: Internet at Cyber Mesa
[EMAIL PROTECTED]  [EMAIL PROTECTED]
http://www.cybermesa.com/ContactCM
(505) 795-7101

Re: AOL scomp

[Vinny Abello]

At 03:08 PM 2/24/2005, Matthew Crocker wrote:

Due to AOL scomp and SPF we have stopped forwarding all together.
Existing accounts are grandfathered and we are working on migrating them 
all to IMAP-SSL.  ALL new accounts have to IMAP their mail from our 
servers.  I get  WAY too much junk from forwarded mail going to AOL.  I 
also get way too many tech support calls about forwarded mail being 
rejected because of SPF

-Matt
Forwarded mail shouldn't be rejected as a result of SPF if your mail server 
is using SRS to rewrite the from addresses in the "mail from" part of the 
SMTP transaction of the forwarded emails... as long as your SPF record 
isn't messed up of course. :)

Vinny Abello
Network Engineer
Server Management
[EMAIL PROTECTED]
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN
"Courage is resistance to fear, mastery of fear - not absence of fear" -- 
Mark Twain

Forwarding spam (was Re: AOL scomp)

[J.D. Falk]

On 02/24/05, "Edward B. Dreger" <[EMAIL PROTECTED]> wrote: 

> > I see the same thing.  At least 2/3rds are spam forwarded along as
> > described above.  I have to give some credit to AOL WRT handling that
> > type of situation -- they're much better than MSN/Hotmail who do not
> > have a whitelist or feedback loop and simply stop accepting mail for
> > 12+ hours from any server that reaches a particular spam threshhold.
> 
> We now refuse to forward mail that's almost certainly spam.  Users may
> POP it, but forwarding is out.

Very good idea, given the lack of any standard way for a receiving 
ISP to know that the mail was forwarded.

-- 
J.D. Falk  uncertainty is only a virtue
<[EMAIL PROTECTED]>when you don't know the answer yet

Re: AOL scomp

[Matt Taber]

Postini is my friend too.
But the more we can do to get rid of spam on our own, the less we have 
to pay Postini each month.

What we pay to Postini a year could pay a persons salary!
--
"If you really want something in this life, you have to work for it. 
Now, quiet! They're about to announce the lottery numbers..."
- Homer Simpson


Drew Weaver wrote:
Postini is my friend :-)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
chuck goolsbee
Sent: Thursday, February 24, 2005 1:19 PM
To: [EMAIL PROTECTED]
Subject: Re: AOL scomp

It's too bad that about 1/3 of the reported mails are valid opt-in
lists.
The other 1/3rd are actual spam, but legitimately forwarded as the 
user requested from a personal or business domain to an AOL account. 
Any server in the path gets tagged as a spam source.

And the remaining third seems to be just plain old normal personal 
correspondence ... which I find weird.


Ahh well -- this is a nice mechanism that AOL provides, IMO.

Agreed, though maybe they should look at SpamAssasin or Postini. Take 
their end-users out of the filtering mechanism somehow.

--chuck

Re: AOL scomp

[John Osmon]

On Thu, Feb 24, 2005 at 07:08:07PM +, Edward B. Dreger wrote:
[...]

> On the cynical side:  Has anyone considered an "inverted" blacklist --
> i.e., a _destination_-based mail blocking mechanism?  Rejecting mail to
> parties with excessive bogus complaint rates certainly might simplify
> life for those tasked with handling "abuse" incidents. ;-)

It's interesting that you should ask that today.  A few days ago
we started throwing around an idea along these lines:
  - N = # of bogus abuse/spam reports for a given destination
  - X = # of reports where we stop delivering mail to 
a given destination
  - for 0 < N < X -- deliver the mail, but also inform the sender
that the destination address has reported spam/abuse coming from
our network, and that if it continues, we won't deliver mail
to that destination anymore.
  - for N > X -- tell the sender that we aren't delivering the mail
because it is likely to get us put on a blacklist.  

We haven't fleshed things out completely, because we're not sure
the cure is better than the disease yet...
 
-- 
John Osmon

Re: AOL scomp

[Matthew Crocker]

Due to AOL scomp and SPF we have stopped forwarding all together.  
Existing accounts are grandfathered and we are working on migrating 
them all to IMAP-SSL.  ALL new accounts have to IMAP their mail from 
our servers.  I get  WAY too much junk from forwarded mail going to 
AOL.  I also get way too many tech support calls about forwarded mail 
being rejected because of SPF

-Matt

Re: AOL scomp

[Edward B. Dreger]

MR> Date: Thu, 24 Feb 2005 14:53:14 -0500
MR> From: Mark Radabaugh

MR> As that is apparently not the case I have seriously considered as a
MR> matter of policy refusing to install mail forwards to AOL customers.

Or give users a choice between filtered forward and no forward.


Eddy
--
Everquick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita

DO NOT send mail to the following addresses:
[EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED]
Sending mail to spambait addresses is a great way to get blocked.
Ditto for broken OOO autoresponders and foolish AV software backscatter.

Re: AOL scomp

[Mark Radabaugh]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe Maimon wrote:
| I believe one has an extra duty to be as strict as possible about
| accepting email to be forwarded to external parties:
|
| Read: Setup for every usuable blocklist, including you own, which
| rejects email outright. And spamassassin setup to reject any
| reasonable low FP score threshold. And none of that  "tag em all
| and let the user sort it out" business.
|
| Its not legitimate to cover your eyes and forward probable garbage
|  to someone else. You want it on your system, thats your decision.
|  AOL blocklisting high percentage garbage senders, including those
|  merely forwarding, is perfectly valid in my book.
|
| To blocklist all servers in the path or just the most recent one is
|  a local decision
Now here I would disagree.   These are specific requests by
individuals to forward mail to from one of their own accounts to
another one of their own accounts.   I do not think AOL (or anyone)
should consider mail forwarded at the customers request as indicating
that our mail servers are sending spam.
As that is apparently not the case I have seriously considered as a
matter of policy refusing to install mail forwards to AOL customers.
Mark Radabaugh
Amplex
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCHjCqg0PQSWMG2wsRAnnfAJ9IE+GIuYnBrDKrE3OlpAvZIuuXbQCfSEAS
GSSlg8c0AHPh044rMDauHyI=
=OjDT
-END PGP SIGNATURE-

Re: AOL scomp

[Edward B. Dreger]

JM> Date: Thu, 24 Feb 2005 14:17:24 -0500
JM> From: Joe Maimon

JM> To blocklist all servers in the path or just the most recent one is
JM> a local decision

Want to DoS someone?  Have fun with bogus "Received:" headers in actual
junk mail.  Developing heuristics to try detecting this is interesting.
It's not impossible, but it's hardly an exact science.


Eddy
--
Everquick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita

DO NOT send mail to the following addresses:
[EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED]
Sending mail to spambait addresses is a great way to get blocked.
Ditto for broken OOO autoresponders and foolish AV software backscatter.

RE: AOL scomp

[Edward B. Dreger]

> Date: Thu, 24 Feb 2005 13:46:20 -0500
> From: [EMAIL PROTECTED]

> I see the same thing.  At least 2/3rds are spam forwarded along as
> described above.  I have to give some credit to AOL WRT handling that
> type of situation -- they're much better than MSN/Hotmail who do not
> have a whitelist or feedback loop and simply stop accepting mail for
> 12+ hours from any server that reaches a particular spam threshhold.

We now refuse to forward mail that's almost certainly spam.  Users may
POP it, but forwarding is out.

Jared [if you're listening], care to provide an "scomp POC"-type
database on puck?


Eddy
--
Everquick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita

DO NOT send mail to the following addresses:
[EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED]
Sending mail to spambait addresses is a great way to get blocked.
Ditto for broken OOO autoresponders and foolish AV software backscatter.

Re: AOL scomp

[Joe Maimon]

chuck goolsbee wrote:

It's too bad that about 1/3 of the reported mails are valid opt-in 
lists.

The other 1/3rd are actual spam, but legitimately forwarded as the 
user requested from a personal or business domain to an AOL account. 
Any server in the path gets tagged as a spam source.
I believe one has an extra duty to be as strict as possible about 
accepting email to be forwarded to external parties:

Read: Setup for every usuable blocklist, including you own, which 
rejects email outright. And spamassassin setup to reject any reasonable 
low FP score threshold. And none of that  "tag em all and let the user 
sort it out" business.

Its not legitimate to cover your eyes and forward probable garbage to 
someone else. You want it on your system, thats your decision. AOL 
blocklisting high percentage garbage senders, including those merely 
forwarding, is perfectly valid in my book.

To blocklist all servers in the path or just the most recent one is a 
local decision

Re: AOL scomp

[Edward B. Dreger]

All,


Thanks for the many on- and off-list replies.  Things begin to make a
bit more sense.

We recently began hosting a list with several AOL subscribers, and this
week's complaint volume is five times what it was last week.  With one
complaint per ~4 AOL subscribers (who are but 4.6% of the total list)
this time around, and _zero_ complaints from anywhere else, I thought
something was amiss.  'tis a pity AOLers can't tell "delete" from
"unsubscribe" from spam.

Time to VERPify the list and unsubscribe people mercilessly. *grumble*

On the cynical side:  Has anyone considered an "inverted" blacklist --
i.e., a _destination_-based mail blocking mechanism?  Rejecting mail to
parties with excessive bogus complaint rates certainly might simplify
life for those tasked with handling "abuse" incidents. ;-)

On a more positive note:  One AOL user unsubscribed correctly.  I don't
mean to bash all AOLers... just the ones who are a bit... confused.


Thanks to all,
Eddy
--
Everquick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita

DO NOT send mail to the following addresses:
[EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED]
Sending mail to spambait addresses is a great way to get blocked.
Ditto for broken OOO autoresponders and foolish AV software backscatter.

RE: AOL scomp

[Drew Weaver]

Postini is my friend :-)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
chuck goolsbee
Sent: Thursday, February 24, 2005 1:19 PM
To: [EMAIL PROTECTED]
Subject: Re: AOL scomp


>It's too bad that about 1/3 of the reported mails are valid opt-in
lists.

The other 1/3rd are actual spam, but legitimately forwarded as the 
user requested from a personal or business domain to an AOL account. 
Any server in the path gets tagged as a spam source.

And the remaining third seems to be just plain old normal personal 
correspondence ... which I find weird.

>Ahh well -- this is a nice mechanism that AOL provides, IMO.

Agreed, though maybe they should look at SpamAssasin or Postini. Take 
their end-users out of the filtering mechanism somehow.

--chuck


-- 

__
There's only so much stupidity you can compensate for;
there comes a point where you compensate for so much
stupidity that it starts to cause problems for the
people who actually think in a normal way.

-Bill, digital.forest tech support

RE: AOL scomp

[andrew2]

>> The other 1/3rd are actual spam, but legitimately forwarded as the
>> user requested from a personal or business domain to an AOL account.
>> Any server in the path gets tagged as a spam source.
> 
> Actually only the server that connected to AOL and relayed
> the mail into them.  I have this same kind of
> gripe/complaint.  Only for me about 2/3rds of my scomp
> reports are this.  

I see the same thing.  At least 2/3rds are spam forwarded along as
described above.  I have to give some credit to AOL WRT handling that
type of situation -- they're much better than MSN/Hotmail who do not
have a whitelist or feedback loop and simply stop accepting mail for 12+
hours from any server that reaches a particular spam threshhold.  They
refuse to do anything about it, even after trying to explain the
situation because "It's the Symantec software that does it."  Of course
that fact they're causing affected servers to get their mail queues
backed up with mail awaiting delivery to MSN/Hotmail isn't their problem
either.  Grrr...

Andrew

Re: AOL scomp

[Michael Loftis]

--On Thursday, February 24, 2005 10:18 AM -0800 chuck goolsbee 
<[EMAIL PROTECTED]> wrote:


It's too bad that about 1/3 of the reported mails are valid opt-in lists.
The other 1/3rd are actual spam, but legitimately forwarded as the user
requested from a personal or business domain to an AOL account. Any
server in the path gets tagged as a spam source.
Actually only the server that connected to AOL and relayed the mail into 
them.  I have this same kind of gripe/complaint.  Only for me about 2/3rds 
of my scomp reports are this.  The other third are the below...only vry 
rarely is an actual spam reported from our system, except in the case of 
where we occasionally have a fraudulent signup come through and then start 
spamming.

And the remaining third seems to be just plain old normal personal
correspondence ... which I find weird.
This happens because, atleast in many versions I don't know about 
currently, DELETE and SPAM buttons were right next to eachother, causing 
mis-clicks.

Re: AOL scomp

[chuck goolsbee]

It's too bad that about 1/3 of the reported mails are valid opt-in lists.
The other 1/3rd are actual spam, but legitimately forwarded as the 
user requested from a personal or business domain to an AOL account. 
Any server in the path gets tagged as a spam source.

And the remaining third seems to be just plain old normal personal 
correspondence ... which I find weird.

Ahh well -- this is a nice mechanism that AOL provides, IMO.
Agreed, though maybe they should look at SpamAssasin or Postini. Take 
their end-users out of the filtering mechanism somehow.

--chuck
--
__
There's only so much stupidity you can compensate for;
there comes a point where you compensate for so much
stupidity that it starts to cause problems for the
people who actually think in a normal way.
-Bill, digital.forest tech support

RE: AOL scomp

[Drew Weaver]

The whole thing is functionally inept. Our abuse department
constantly has to chase down users and half the time it turns out they
were sending email to their friends and the people at AOL reported the
mail as spam because half of the Internet population believes that any
email that they don't find interesting is spam, and that if you aunt
sends you a funny forward that isn't considered spam, and my abuse
department doesn't need to track down a 75 year old woman from
Zanesville, OH to tell her to knock it off.

But that's just my honest opinion.

-Drew

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, February 24, 2005 12:40 PM
To: Matt Taber
Cc: nanog@merit.edu
Subject: Re: AOL scomp 

On Thu, 24 Feb 2005 12:28:58 EST, Matt Taber said:
> It's too bad that about 1/3 of the reported mails are valid opt-in
lists.

Proof that any network management or security or anti-spam scheme that
implies
end users with functional neurons is doomed from the get-go.

Re: AOL scomp

[Valdis . Kletnieks]

On Thu, 24 Feb 2005 12:28:58 EST, Matt Taber said:
> It's too bad that about 1/3 of the reported mails are valid opt-in lists.

Proof that any network management or security or anti-spam scheme that implies
end users with functional neurons is doomed from the get-go.



pgpLOEVtdkX3M.pgp
Description: PGP signature

Re: AOL scomp

[Matt Taber]

It's too bad that about 1/3 of the reported mails are valid opt-in lists.
Ahh well -- this is a nice mechanism that AOL provides, IMO.
Matt Taber
Network Admin
WMIS Internet - www.wmis.net
--
"If you really want something in this life, you have to work for it. 
Now, quiet! They're about to announce the lottery numbers..."
- Homer Simpson


Jeff Wheeler wrote:
On Feb 24, 2005, at 11:52 AM, Edward B. Dreger wrote:
Can AOL's "this is spam" feedback loop be abused with a single person
responding to a single message many, many times?  Inquiring minds want
to know.

No it can't be abused [by the average AOL user] - when you click the 
"Report Spam" button the message disappears from your mailbox.  I tested 
this from within AOL version 10.3 for Mac OS X.

--
Jeff Wheeler
Postmaster, Network Admin
US Institute of Peace

Re: AOL scomp

[Jeff Wheeler]

On Feb 24, 2005, at 11:52 AM, Edward B. Dreger wrote:
Can AOL's "this is spam" feedback loop be abused with a single person
responding to a single message many, many times?  Inquiring minds want
to know.
No it can't be abused [by the average AOL user] - when you click the 
"Report Spam" button the message disappears from your mailbox.  I 
tested this from within AOL version 10.3 for Mac OS X.

--
Jeff Wheeler
Postmaster, Network Admin
US Institute of Peace

AOL scomp

[Edward B. Dreger]

Can AOL's "this is spam" feedback loop be abused with a single person
responding to a single message many, many times?  Inquiring minds want
to know.


Eddy
--
Everquick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita

DO NOT send mail to the following addresses:
[EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED]
Sending mail to spambait addresses is a great way to get blocked.
Ditto for broken OOO autoresponders and foolish AV software backscatter.