Joe covered all the bases. I'll just chime in to say you've got some
company. IU was blocked by AOL (and several other ISPs) during the last
round of 'spam cannon' infections. My guess is that today's outburst of
Netsky may result in this being a topic again. We're getting to the point
where we have AOL on speeddial.
On Wed, 25 Feb 2004, Joe St Sauver wrote:
> Hi Robert,
> #Through relatively benign actions that were not centrally controlled,
> #email containing the Simmons College URL (www.simmons.edu) has gotten on
> #the AOL list to reject as spam. This means even individuals sending
> #emails with their personal URLs in their signatures can have their
> #emails rejected. This happened before the CAN-SPAM ACT, and we have
> #serious central policies on sending email to prospects. We cannot
> #always control the actions of eager individuals.
> #Has anyone else had to deal with this sort of problem? Any suggestions
> #how to get out of the doghouse? And since we can't guarantee that a unit
> #within Simmons won't send an email solicitation to a bunch of people,
> #one of whom thinks it is spam, how do we stay off the list?
> I should note right up front that I am not affiliated with AOL, and I do
> not speak for them, however you may find the following information to be
> of interest:
> -- AOL has a postmaster information web site at
> http://postmaster.info.aol.com/ which can be quite helpful if you're
> traffic is getting blocked
> -- If you're not already requesting AOL scomp spam reports, you may want to
> do so for your netblocks; you may be surprised to see the messages that
> are being associated with your address space. (see the presentation at
> http://www.nanog.org/mtg-0310/spam.html for information on how to
> request them). scomps appear to get generated when AOL centrally filters
> messages, OR when users push the big red "this is spam" button.
> -- Based on what you see in the scomps, you may find that one or more of
> the following is occuring:
> -- You may have infested machines that are being used to spam AOL
> addresses (only); if you don't get scomp reports (or do network
> traffic analysis) you probably won't even know those infested hosts
> exist (it is rare to get AOL spam complaints directly from an AOL
> or from a spam reporting service such as Spam Cop). Obviously you'll
> want to get those hosts cleaned up; if you're forensically inclined,
> you may find it fascinating to see what hosts are pumping spam through
> those compromised systems.
> -- If you permit users to forward their campus mail to an AOL account,
> and that forwarded mail includes spam (from whatever source), you
> may see the finger pointed at *your forwarding host* rather than
> the true source of the spam (it can be hard to know how far to
> backtrack when assessing the source of a spam -- all AOL knows for
> sure is the address of the mail transfer agent that handed their
> box the spam, and in a forwarding scenario, that would be YOUR
> host, unfortunately)
> -- You may have AOL recipients who push the "this is spam" button on
> legitimate stuff they've requested (but which they've forgotten
> about); in some cases they may even become so exhuberant that they
> push the "this is spam" button on personal mail from family members.
> If you can identify the source of those mis-markings, you may want
> to see if you can encourage them not to push the "this is spam"
> button randomly. :-) [Identifying the source of the mis-reports can
> be tricky since AOL munges the reporting AOL user's address out of
> the scomps]
> -- You may have message content characteristics which, in combination with
> other factors, trigger filtering heuristics.
> -- You may genuinely have local folks sending what is/looks like spam
> You may want to visit with those folks to explain why having AOL block
> your university's stuff is, um, not a good thing. If your AUP/terms of
> service do NOT provide a mechanism whereby you can take positive
> steps to control locally originated spam (in the event that an appeal
> for voluntary cooperation doesn't succeed), then I think you will
> likely have a serious problem. There's absolutely no doubt in my
> mind that AOL *will* block spam sources, period.
> Bottom line, (1) check out the AOL postmaster info site, (2) get scomp
> reports, (3) based on the scomps clean up any issues that exist, then
> contact AOL to arrange to get unblocked...
> Joe St Sauver ([log in to unmask])
> University of Oregon Computing Center
> Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.