Does AOL Actually Condone Spam?

Factual Questions
1

First of all, let me get one thing out of the way: I’m a member of AOL and I know that will make some people regard me as some kind of cybertwit. Sneer if you must, but at the time I signed up I had some good reasons.

Now, then. AOL advises people who get spam from other AOL accounts to forward them to a special email account (TOSSpam@aol.com). Well, I did that faithfully for about two months, sending along approximately 150 of the darn things. They continued to arrive at the same rate.

Clearly, people were signing up trial accounts, blasting out a torrent of spam, and then going away. So complaining about a particular instance of spamming would not yield results in the long term, because the culprit is long gone by the time his account is deleted.

So on two occasions I wrote a letter to the TOSSpam@aol.com email box, with a simple solution to the problem: put a maximum of 100 emails per day on all accounts. Also, give people a way to have that limit raised. Those who did ask would simply have their sign-up facts checked and given a higher limit, no other questions asked.

Well, AOL never even replied to my idea and they never implemented it, even though it would have instantly eliminated the entire spam problem from AOL.

I was discussing this matter with a friend of mine and he said that, in his opinion, AOL likes people to sign up for frivolous reasons. The reason? Well, it lets them honestly say that they have umpteen zillion users, which makes for really good ad copy.

I think he’s being a bit cynical, but I have to admit that I can’t think of any reason why they don’t adopt my suggestion. Is there something unworkable about my idea?

If you do think my idea is a good one, and you’re an AOLer who is also annoyed by the vast amounts of spam we get, can you think of some way we could exert pressure on AOL to implement this measure?

2

AOL certainly does not condone spam. They have spent millions of dollars on lawsuits and on filtering to try to reduce spam. Spam is tremendously costly to AOL, due to load on their servers and customer dissatisfaction.

In your idea to help control spam, were you saying that they should limit each AOL member to being able to send only 100 emails per day? That wouldn’t do squat to help, since virtually all of the spam sent to AOL members comes from outside of AOL!

3

Actually, I get my share of AOL spam. If only Hotmail, Geocities, Xoom, and everyone else offering a free mail account would do the same thing.

What a wonderful world it would be.

I have to sort of agree with the “zillions of users” thing. Didn’t Cecil say before that magazine publishers took a loss with sweepstakes subscriptions, but the additional subscribers allowed them to charge more for advertising? Likewise, I can see how AOL uses every one of those “250 Free Hours!” subscriptions when advertising amounts of users or selling banner space.

“I guess it is possible for one person to make a difference, although most of the time they probably shouldn’t.”

4

Dude, I know your credentials, and I hate to argue with you, but I gotta tell ya – I have all non-AOL mail blocked on my two younger kids’ accounts, and they get all kinds of spam. Porn spam, too. Disgusting stuff. They get more spam than I do, actually, and I am open to 'net mail.

Go figure!

-Melin

5

It’s been awhile since I’ve had an AOL account, but Melin, do those spam messages appear to come from a regular screen name, i.e. from a name like “Pooh Bear” rather than “poohbear@aol.com”? If they look like the latter, they aren’t really coming from AOL.

Like I said, it’s been awhile, but when I did have AOL, about 19 of 20 spam messages I got were not from AOL.

6

I’m getting spam from regular AOL screen names. Right now, I have 8 spam messages in my box, 7 of which are from AOL members.
-Lanna

7

Undead Dude: You said:

In fact, I get about two spams a day from AOL screen names (i.e. they show up without @aol.com in the address). I do also get spam from outside of AOL, but I appear to get one AOL-based spam for every non-AOL spam I receive.

You said that AOL spends lots of money trying to clobber spam. Can you give me a reference for that bit of info? It’s not that I’m doubting your truthfulness, but I figure that if I can find out more about their spam jihad, I can find out who I should contact with my idea.

8

I’ve gotta say that Timothy’s got a point. I work in tech support for an ISP, and my company won’t tolerate spam. You can lose your account if you get more than a couple of complaints lodged against you.

There are two ways an ISP can stop spam:

  • limit the number of emails an account can send out through the smtp server during one period of time (my ISP’s limit is 50 every three hours, and each email has a limit of 50 recipients. There are absolutely no exceptions to the rule.).

  • let only those users who are dialed up to the ISP POP servers use the SMTP server send mail out across it. This has, from what I understand, become something of an industry standard. It prevents joeblow.com from logging on to cool.com’s SMTP server and spamming out a few million emails.

Neither of these protocols is that difficult to implement, so I really have to wonder about AOL’s motivation here.

“Damn, it’d be like two days at Disneyland without the kids!” - Comment by a male friend the first time he saw a picture of me and my breasts.

9

  1. Never trust the From: address in a spam. It’s extremly simple to forge.

  2. To try to find out where the spam really came from, you first have to display the headers. (I’m not sure how to do this with AOL, but their tech support can tell you.) Then go to http://www.samspade.org . You can either download their software or use the tools on the web page to try to find the domain where the spam originated. You can then try to complain to the domain – though be careful. Some domains are home to spam and add you to their lists. However, AOL, Geocities, Tripod, Mindspring, etc. will work to shut down the spammers. You may also want to use http://spamcop.net or http://www.chooseyourmail.com/spamindex.cfm .

  3. It is difficult to stop spam, even by a diligent ISP. It’s simple enough to get around various filters. I suggested that the best solution would be to do a DNS lookup on the IP address of each piece of mail to see if it matches the domain from which it was sent, but nothing came of this, since it would slow the mail handling process.

10

I almost exculusively get spam from MSN. I have opened up the complete headers, used spamcop, and can find nothing but MSN originators. But when I complain to MSN they always deny it. So either they like spam or my headers don’t open ALL the way.

Anyone else have trouble from MSN??

11

Sounds like the balance has changed a bit, or for some reason the balance is different for some people. As far as AOL’s actions go, here are a couple quick links I found from CNNs archives: http://cnn.com/US/9812/19/aol.spam.ap/index.html http://cnn.com/TECH/9712/31/aol.addresses/index.html
Although I didn’t find the followup of this second one, AOL received a court injuction to prevent that org from releasing their list of AOL names. The company backed down.

This sounds very similar to Timmy’s suggestion, which probably would cut down on internal spam.

You need to use the ISPs SMTP servers to send mail to that ISP. So if I am sending mail to joe@foo.com, I need to have access to the foo.com SMTP server, or Joe ain’t getting any mail from the outside. The same is true for AOL.

You are right that it is standard practice not to allow anyone but authorized users to use your SMTP servers for sending mail elsewhere (aka relaying). Just about everybody does that, including AOL.

12

Yes, that does seem like it would be a good filtering technique and it most certainly would slow the mail process-- astronomically.
To give an example, I do web access log analysis. On a log file that might take 10-20 seconds or so without DNS lookups, when DNS lookups are turned on, the analysis can take several hours, even when caching the lookups.

13

Just to put everyone on the same page regarding the AOL spam problem as it exists today. The bulk of my spam, since mid summer or so, has been from AOL screen names. The tactic seems to be…

1 Get a ‘throw away’ web address and set up a porn site that makes money from banners. Domains such as, www.conk.com/www.angelfire.com/www.tripod.com seem to be growing in popularity for this purpose. If you know how, change the domain name to its number eg. http://203.533.23/users/porno.html. This makes it less likely that your domain will get letters to its abuse@domain department as quickly.

2 Open an AOL account and set up all of the available screen names.

3 Do keyword searches of member profiles and gather a few dozen names for each screen name in the account.

4 Send an email with a subject like “Sorry, I got disconnected” or “Hey, I love your profile, wanna see my picture?” And a one or two line message like “Hot XXX porn Click Here.” Either CC’d or BCC’d to everyone on the list.

5 Wait an hour or two and send them all again from the next screen name in the account.

6 Repeat until the account is TOSSed.

This particular MO seems to show up in my mailbox about 5 to 10 times a day. Currently it makes up about 90% of the spam I get.

Oh yeah, Grrrrrr!

Stephen
Stephen’s Website
Satellite Hunting 1.1.0 visible satellite pass prediction
shareware available for download at
Satellite Hunting

14

I find it interesting that Markxxx gets the bulk of his spam from his own ISP (MSN, in his case), while I get the bulk of mine from the ISP I use (AOL). (In an earlier message I said that the ratio of AOL to non-AOL spam was one-to-one; I meant to type two-to-one.)

I have the feeling that this means something important, but I have no idea what it is. Maybe some of you net gurus out there can clue me in.

15

AOL is spam.

WHo hasn’t seen all the ads they have when you use their software or that huge load of CD’s everyone gets in their mailbox.

16

Well, if you count that one little banner ad in the “Read My Newsgroups” screen, I see one when I use their software.

You mean the free coasters? I keep a stack of them for parties.

Stephen
Stephen’s Website
Satellite Hunting 1.1.0 visible satellite pass prediction
shareware available for download at
Satellite Hunting

17

Okay, here are some helpful stats. I picked up the email from an AOL account I haven’t used for a month, and there were 51 spams waiting for me. Of these, 48 came directly from AOL accounts (i.e. they did not have @aol.com after the email address); only 3 came from outside of AOL.

Ten of the spams were from those guys who send out fake announcements, allegedly from the AOL staff. If you haven’t seen these, here’s how they work: they try to get you to visit a web site (to get a freebie of some kind) and type in your user name and password. (How hard can it be for AOL to track down these miscreants?)

Anyway, I’d earlier said that AOL to non-AOL spam was a 2-to-1 ratio. Obviously I wasn’t paying very close attention. The actual ratio, based on this test, is 16-to-1. (Your mileage may differ, especially if you use your email address on UseNet.)

I would like to mention that the particular account that got spammed has never (to my recollection) been used to post anything anywhere. How they got that email address is an interesting mystery.

18

Profile? Chat rooms?

19

So why in the two and a half years that I have been using AOL have I never gotten any spam?

20

And this makes it sound to me like the AOL spam problem has gotten a little bit better. I used to get about 5 a day, most of which were from the outside.

Mebbe AOL has been focusing on the outside culprits and now it’s time for them to turn there attention to the inside folks.

Given all that has been said here, it seems like it would be a good idea if AOL limited mail sent during that first month trial period.