Home page logo

interesting-people logo Interesting People mailing list archives

Chuq Von Rospach on the AOL email imbroglio
From: David Farber <dave () farber net>
Date: Sat, 15 Apr 2006 08:20:46 -0400

Begin forwarded message:

From: Kevin Marks <kevinmarks () mac com>
Date: April 15, 2006 2:06:47 AM EDT
To: dave () farber net
Subject: Chuq Von Rospach on the AOL email imbroglio

Chuq runs lots of mailing lists.

He's OK'd forwarding this to IP.

Begin forwarded message:

From: Chuq Von Rospach <chuqui () plaidworks com>
Date: April 14, 2006 9:35:44 PM PDT
To: Kevin Marks <kevinmarks () mac com>
Subject: Re: [IP] Why was Moveon.org blocked by AOL? Did recipients want the email messages? [sp]

FWIW, I deal with the AOL folks some. That was the other scenario I wondered about (but I decided to keep it simple....)

We have about 122 coalition members on the list, which is enough to trip AOL's volume filters, which I understand are set at about 100 mails from a single IP address. I sent out a mailout to our coalition around noon yesterday. I found out that AOL was bouncing any mail with our URL in it at around 4.45pm - one of our coalition had mailed a friend at AOL with a note about our site, and
received a bounce.

that's one of their automated systems. FWIW, they use a ratio of about 2000 per million emails from a site as the boundary for spam. For a small mailing from a previously unknown site with a common URL that generates a few spam complaints... It's not that hard to trigger it.

received yesterday's mail (carefully avoiding the D*arA*L.com word). A few had; the majority had not, which leads me to believe that the ban occurred
somewhere in the middle of the mailing run.

and anything in process of being delivered gets flushed. blackholed. you don't get a bounce, the user doesn't get a chance to accept it.

Ploughing through the error logs, I have found one person on the list whose error message indicates that he does not want to receive mail from my address. Whether he is simply set to only receive mail from friends or whether this is a specific ban is unclear: but he's the only indication I have that anyone
complained about the mail.

But it's unlikely to be the only complaint. You're seeing the AOL's whitelist/blacklist setting. You won't see anything back from the "I call this spam" button, unless you set up a special relationship with them to receive them (which I have. I get all of those for apple; used to get them for my personal domain. it's -- eye opening)

Many AOL users treat the AOL client's "spam" button, rather sensibly, as a "I don't want to receive any more of this mail". I suspect this person was
unsubscribing by hitting this button.

Unfortunately, AOL's semantics are rather different: they take it as meaning
"treat this mail as suspect for everyone else".

one has to be VERY careful generalizing AOL users. About all I can say is a user didn't want to see the message. Many of them don't understand (or care about) the concept of unsubscribing. You can't assume they understand these concepts at all; many don't. Or that they're paying attention. They don't.

(This is one of the practical
problems of having intermediaries attempt to make decisions about end-user email delivery without adequate feedback or transparency. Fixing this semantic gap is one of the ongoing challenges of fighting spam: a consistent standard
for confirm and unsubscribes may well go some way to fixing it.)

Probably not. but that's a different discussion.

Anyway, AOL clearly doesn't view the mail as spam in a strong sense, because they haven't banned my email address or IP. What they did, it appears, is
check out the mentioned URL.

no, they just used the URL as a signature check. Doubtful any human ever saw anything. Given the propensity of spam to come from zombied relays, a common URL is a more effective block than an IP block (it's also a common attack by Brightmail, etc...)

Somehow - and this is what AOL's tech support folk told me when I called them this morning - they identified www.dearaol.com as a "morpher". This is a site
that redirects user clicks to many different sites.

It's true: www.dearaol.com has round-robin DNS.  I plead guilty to
load-balancing of the most heinous kind.

Far be it that I defend AOL's anti-spam system. It's pretty broken. Here's a great example of how. They have a really tough job, to be sure; Many of their choices are, in my mind, sub-optimal.

That includes, incidentally, people mailing themselves the URL.

that includes mailing a piece of mail to your postmaster contact at AOL askign "why are you banning this?" -- that makes for fun mornings trying to unwind a mistake, their postmasters are behind the walls, too.

AOL's spokesman told reporters variously that that there was a software glitch, a technical glitch, and finally a hardware glitch that affected dozens
of web addresses.

I find all of these hard to believe.

when all else fails, blame the computer. not the people who programmed it or run it. of course.

working days. EFF has received reports of these kind of URL bans before. Bennett Hasselton, of the free speech group PeaceFire, has documented many innocent groups who find all mails discussing their URLs removed from

Never attribute to conspiracy what is better defined by stupidly- built systems. UNless. of course, paranoia feeds your cause.

This appears to be a private AOL ban list. Goodness knows how many URLs or how long they are held. I suspect if I hadn't received that mail from a friend, or put out a press release, www.dearaol.com would still be banned from 20 million user's private communications, and would remain so until I made that call.


This is exactly the kind of overreaching, black-and-white anti- spam filtering that goes on all the time among ISPs and is largely unnoticed by their customers - for the simple reason that nobody notices a mail that never

well, depends on the ISP. the major problem I have with AOL -- it doesn't block, it doesn't use a junk folder, it blackholes. And the user has no ability to whitelist around an AOL blacklist.

on the other hand -- so do I. But I choose my data sources carefully. AOL uses its users as a primary data source, and as Spamcop long ago showed, the larger the population, the less reliable the data.

And that's why we're concerned about Goodmail: it rewards ISPs for such bad filtering, because with such large problems, large companies will pay a great deal to avoid those filters. And no market forces can come into play to fix this failure to deliver when the symptoms themselves are so hard to detect.

nah. people have just misunderstood goodmail from day one.

And frankly, few companies will pay very much for goodmail's services. It impacts the profit margin. The people who are running around screaming about this don't understand the business at all. they're too busy being paranoid. I took one look at goodmail's revenue setup, and it makes no sense for a typical marketing organization. the margins are too tight.

To say market forces can't come into play only proves they don't undersatnd the situation. For one: goodmail feeds are still required to stay under that 2000/million spam complaint rate. If it goes over that, it can lose its goodmail certification. It's not carte blanche, that argument's a factless strawman.

(I could go on. maybe at some point, I will on my blog. it's a witchburning. even more, it's a waste of energy, since goodmail will likely fail on its own merits, without all this help; it's really a very limited-use system, the only mail streams likely to take advantage of it are transactional ones, not marketing ones. There IS more to the world than marketing email and mailing lists, you know....)

I'm more disturbed that Suresh had a similiar block, which he finally deigned to remove because he believed us to have "legitimate" popularity. Suresh's
company manages filters for over 40 million users.

um... Who will watch the watchers?

Which is a fight I had with Dave Rand many years ago over MAPS, back when MAPS kept blacklisting my personal domain because I happened to have a subscriber to one of my mailing lists that lived on his personal server, which decided to arbitrarily start declaring mail spam when it had keywords he didn't feel appropriate for mailing lists.

What all this comes down to is an absolute lack of transparency among the spam police. Which is even worse than the fact that we can't even define what spam is in terms more specific than the nation's war on porn (I know it when I see it, and local community standards). That, frankly, is even more important than "what is spam?" standards, and woefully missing in all of these discussions. AOL is just worse at blackholing stuff without any response or appeal than many.

(and yes, if you feel it's worth passing back up the reply chain, you may...)

Chuq Von Rospach, Architech
chuqui () plaidworks com -- http://chuqui.typepad.com/

He doesn't have ulcers, but he's a carrier.

You are subscribed as lists-ip () insecure org
To manage your subscription, go to

Archives at: http://www.interesting-people.org/archives/interesting-people/

  By Date           By Thread  

Current thread:
  • Chuq Von Rospach on the AOL email imbroglio David Farber (Apr 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]