Jayson Smith writes:
Is AOL known to silently discard mail they think is spam for some reason?
I hope someone with actual experience will speak up, but my take is that it's entirely possible. (Footnotes are of historical interest, but not directly relevant to solutions.)
The last time I had any insight into AOL was 2014, during the DMARC development process. The freemail providers lobbied to make their use case eligible.[1] Gmail didn't have an issue AFAIK, but both AOL and Yahoo! were groaning from a mind-boggling flood of spam. Gmail and Yahoo! techs were very competent and helpful, and contributed a lot of useful statistics and protocol ideas. OTOH, the AOL representatives clearly were dramatically under-resourced, and basically just pleading for relief.
AOL was later acquired by Yahoo, which is now 90% owned by private equity (ie, may be presumed completely unethical) and 10% by Verizon (one of the most irresponsible ISPs). I really doubt they invest in best-practice email services :-(. On the other hand, the extremely competent tech from Yahoo is still there, managing all Yahoo/AOL email services (AFAIK that means all freemail services provided by Verizon). *sigh* *I* doooon't knooow... :-(
I replied to her message from the same server and she did receive that reply, so they haven't outright blocked my IP or something. Even if I could contact someone who knows what they're doing at AOL, there are no error logs for me to show.
The big freemail providers are deliberately opaque about their operations, so the following is generic advice -- I don't have evidence that it will help. But it's good advice! ;-)
First, you should check that your DNS records for DKIM and SPF are up-to-date, and outgoing mail is being signed. If you haven't done this recently, you should do it anyway. Over the years, stuff happens, as they say. :-)
"Friends don't let friends use AOL." I understand the pain of moving your email to a new address, so I completely respect anyone's decision to stick to their current one. That's the easiest solution from your point of view, so I mention it. Gmail has historically been the easiest of the big (opaque) providers to work with because they conform to current best practices and don't negotiate anything else. :-รพ
The third suggestion is most burdensome for you: set up ARC processing. The Authenticated Received Chain protocol creates a chain of custody, where each domain that alters the message in ways that invalidate signatures testifies that in the received message the sending IP was an authorized sender for the domain and/or the DKIM signature validated. This is good enough for most recipients, so it should help with AOL if broken DKIM signatures or failed SPF authorization are the problem. I trust the OpenArc implementation https://github.com/trusteddomainproject/OpenARC because I've worked with Murray Kucherawy since the 2014 DMARC travesty. I'm pretty sure it's not so difficult on a single host, but if you're working with an email provider with a complex MX system, they may balk. (Of course you may already have ARC if you're working with a major hosting service.)
I'm not in a position to use ARC on my own host and have never needed it, but I'll help as much as I can if you have problems with setup. Mark will be back online in mid-September, I think he has some experience.
HTH
Regards, Steve
Footnotes: [1] The original idea of DMARC was to protect "transactional mail flows", ie, sensitive direct business mail such as conversations between a bank and an account holder. Freemail providers were out of scope, because of mailing lists and other such usage. Then in 2013-2014 there was a huge increase in spam flows of the particularly pernicious "referred by a friend" kind based on theft of huge numbers of contact lists from Yahoo and AOL. The big 3 freemail providers (with Gmail) got references to transactional flows purged from the drafts, and in April 2014, Yahoo and AOL proceeded to protect their "From" domain with p=reject. Yahoo's representative claimed that several tests showed that this would stop literally millions of spam mails per *minute* during spam campaigns. This is not inconceivable, given that there were already botnets with millions of bots at that time: multicast a spam to 100,000 waiting bots each with a list of 10 victims, there's your million in well under 1 minute.