AOL's "Client TOS Notification"
I have recently been getting some of these from one of my mailing lists. There is nothing in it (that I've been able to see) that would tell me who the user is that is rejecting the email. There are several AOL addresses subscribed but only one rejection each time a mailing goes out.
Have I overlooked something that would identify the user?
Why would AOL send such a useless email?
-- "The true bureaucrat is a man of really remarkable talents. He writes a kind of English that is unknown elsewhere in the world, and an almost infinite capacity for forming complicated and unworkable rules." --- H. L. Mencken Rick Pasotto rick@niof.net http://www.niof.net
- Rick Pasotto rick@niof.net:
I have recently been getting some of these from one of my mailing lists.
Welcome to the wonderful world of AOL retards.
There is nothing in it (that I've been able to see) that would tell me who the user is that is rejecting the email. There are several AOL addresses subscribed but only one rejection each time a mailing goes out.
Do you use VERP to send out the mails? If you do that you can see who the culprit is.
- Have I overlooked something that would identify the user?
MAYBE the headers of the attached mail.
- Why would AOL send such a useless email?
It's quite useful :)
-- Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to plonk@charite.de
Hello,
On Sat, 14 Jul 2007 17:00:56 +0200, Ralf Hildebrandt Ralf.Hildebrandt@charite.de wrote:
- Rick Pasotto rick@niof.net:
I have recently been getting some of these from one of my mailing lists.
Welcome to the wonderful world of AOL retards.
There is nothing in it (that I've been able to see) that would tell me who the user is that is rejecting the email. There are several AOL addresses subscribed but only one rejection each time a mailing goes out.
Do you use VERP to send out the mails? If you do that you can see who the culprit is. What I do is I open the email headers and look for message ID. Then, based on the email date, I grep the appropriate log and find out the .... ok never mind, let's behave... ;)
But beware... I recently wrote to two subscribers that we have been sending free content to, and as kindly as possible, I wrote that clicking spam makes it very difficult for us and other AOL users to send/receive the content. I also notified them that I unsubscribed them. As you can imagine, I got spam complaint one more time and actually got blocked by that! I had to file an AOL whitelist petition again.
Warm regards, Zbigniew Szalbot
On 7/14/07, Zbigniew Szalbot wrote:
But beware... I recently wrote to two subscribers that we have been sending free content to, and as kindly as possible, I wrote that clicking spam makes it very difficult for us and other AOL users to send/receive the content. I also notified them that I unsubscribed them. As you can imagine, I got spam complaint one more time and actually got blocked by that! I had to file an AOL whitelist petition again.
As Larry Stone mentioned, just put something in the headers and footers of every message, which tells AOL users that they will have their entire domain permanently banned from the list, if you get too many spam complaints.
Then carry through on that threat when it happens.
Simple.
And I say this as the former Sr. Internet Mail Systems Administrator for AOL.
The people working there may or may not be clueless, but 99.999999999% of the users on the system most definitely are clueless, and there's only so much you can do to accommodate them.
-- Brad Knowles brad@shub-internet.org, Consultant & Author LinkedIn Profile: http://tinyurl.com/y8kpxu Slides from Invited Talks: http://tinyurl.com/tj6q4
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Hello,
As Larry Stone mentioned, just put something in the headers and footers of every message, which tells AOL users that they will have their entire domain permanently banned from the list, if you get too many spam complaints.
Then carry through on that threat when it happens.
Simple.
Simple - yes. Effective? Depends on what you are after. By doing it this way you are not really different from AOL, are you? You punish many users just because some other are thoughtless and lazy. When I offer something, I want people to use it, not ban it.
Warm regards,
zbigniew szalbot
On 7/14/07 12:42 PM, Zbigniew Szalbot at zbigniew@szalbot.homedns.org wrote:
Hello,
As Larry Stone mentioned, just put something in the headers and footers of every message, which tells AOL users that they will have their entire domain permanently banned from the list, if you get too many spam complaints.
Then carry through on that threat when it happens.
Simple.
Simple - yes. Effective? Depends on what you are after. By doing it this way you are not really different from AOL, are you? You punish many users just because some other are thoughtless and lazy. When I offer something, I want people to use it, not ban it.
Brad misunderstood or misstated what I do. I don't ban the domain (aol.com), I ban the user (AOLoser@aol.com).
I know this next gets a little away from Mailman and I can't say for other MTAs but it's simple to do in Postfix:
In main.cf: smtpd_recipient_restrictions= ... check_sender_access hash:/etc/postfix/sender_checks, ...
In sender_checks: # This file has to be "compiled" with "postmap" - # $ postmap hash:sender_checks # Sender is SMTP FROM argument
# AOLoser@aol.com banned for AOL TOS notice - 10/20/05 AOLoser@aol.com 554 You have previously reported requested mail from here as SPAM - you are banned from this server (see http://www.stonejongleux.com/spamban.html - 10/20/05)
(note that the above needs to be one line in the actual sender_checks file)
-- Larry Stone lstone19@stonejongleux.com http://www.stonejongleux.com/
On 7/14/07, Larry Stone wrote:
# AOLoser@aol.com banned for AOL TOS notice - 10/20/05 AOLoser@aol.com 554 You have previously reported requested mail from here as SPAM - you are banned from this server (see http://www.stonejongleux.com/spamban.html - 10/20/05)
That's cool too, but is not scalable -- larger lists simply can't afford to put in that kind of separately work maintaining the list of users who are rejected for reasons like this.
-- Brad Knowles brad@shub-internet.org, Consultant & Author LinkedIn Profile: http://tinyurl.com/y8kpxu Slides from Invited Talks: http://tinyurl.com/tj6q4
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
On 7/14/07 8:26 PM, Brad Knowles at brad@shub-internet.org wrote:
On 7/14/07, Larry Stone wrote:
# AOLoser@aol.com banned for AOL TOS notice - 10/20/05 AOLoser@aol.com 554 You have previously reported requested mail from here as SPAM - you are banned from this server (see http://www.stonejongleux.com/spamban.html - 10/20/05)
That's cool too, but is not scalable -- larger lists simply can't afford to put in that kind of separately work maintaining the list of users who are rejected for reasons like this.
No disagreement there, Brad. I've only had four or five over the last couple of years. That's why I said at a certain point, you just say "no" to AOL subscribers.
-- Larry Stone lstone19@stonejongleux.com http://www.stonejongleux.com/
On 7/14/07, Zbigniew Szalbot wrote:
Simple - yes. Effective? Depends on what you are after. By doing it this way you are not really different from AOL, are you? You punish many users just because some other are thoughtless and lazy. When I offer something, I want people to use it, not ban it.
You're not punishing these other users -- AOL and the other clueless users are. If AOL didn't shoot first and ask questions later, then these problems wouldn't exist.
There's not much you can do in this case. All you can hope to reasonably do is to protect all your other users from what may happen with any AOL-related addresses.
By the way, these measures were enacted *after* I left. If I had still been there, I assure you that things would be different.
-- Brad Knowles brad@shub-internet.org, Consultant & Author LinkedIn Profile: http://tinyurl.com/y8kpxu Slides from Invited Talks: http://tinyurl.com/tj6q4
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
- Brad Knowles brad@shub-internet.org:
On 7/14/07, Zbigniew Szalbot wrote:
Simple - yes. Effective? Depends on what you are after. By doing it this way you are not really different from AOL, are you? You punish many users just because some other are thoughtless and lazy. When I offer something, I want people to use it, not ban it.
You're not punishing these other users -- AOL and the other clueless users are. If AOL didn't shoot first and ask questions later, then these problems wouldn't exist.
What this system is lacking is a "I dispute this"-method. That way the reports by stupid users wouldn't be sent out by AOL.
-- Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to plonk@charite.de
- Zbigniew Szalbot zbigniew@szalbot.homedns.org:
Do you use VERP to send out the mails? If you do that you can see who the culprit is.
What I do is I open the email headers and look for message ID. Then, based on the email date, I grep the appropriate log and find out the .... ok never mind, let's behave... ;)
That doesn't help since a message can have multiple recipients in the AOL.com domain...
But beware... I recently wrote to two subscribers that we have been sending free content to, and as kindly as possible, I wrote that clicking spam makes it very difficult for us and other AOL users to send/receive the content. I also notified them that I unsubscribed them. As you can imagine, I got spam complaint one more time and actually got blocked by that! I had to file an AOL whitelist petition again.
Never overestimate the cluefulness of AOL.com users.
-- Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to plonk@charite.de
Ralf Hildebrandt wrote:
Never overestimate the cluefulness of AOL.com users.
It doesn't help that AOL put the "Report SPAM" button right next to the "Delete" button.
I've had a number of people report mail from my lists as spam when they thought they were simply deleting a message they had finished reading.
david
Quoting Ralf Hildebrandt (Ralf.Hildebrandt@charite.de):
- Rick Pasotto rick@niof.net:
I have recently been getting some of these from one of my mailing lists.
Welcome to the wonderful world of AOL retards.
There is nothing in it (that I've been able to see) that would tell me who the user is that is rejecting the email. There are several AOL addresses subscribed but only one rejection each time a mailing goes out.
Do you use VERP to send out the mails? If you do that you can see who the culprit is.
VERP doesn't work any longer for these, as of a couple months ago. They now redact ALL information that can be used to identify the user, including verp'd addresses.
Messageid still works, for whatever reason it's the one piece of header info that isn't redacted at this point.
On 7/14/07 3:53 PM, Dave Dewey at ddewey@cyberthugs.com wrote:
Quoting Ralf Hildebrandt (Ralf.Hildebrandt@charite.de):
- Rick Pasotto rick@niof.net:
I have recently been getting some of these from one of my mailing lists.
Welcome to the wonderful world of AOL retards.
There is nothing in it (that I've been able to see) that would tell me who the user is that is rejecting the email. There are several AOL addresses subscribed but only one rejection each time a mailing goes out.
Do you use VERP to send out the mails? If you do that you can see who the culprit is.
VERP doesn't work any longer for these, as of a couple months ago. They now redact ALL information that can be used to identify the user, including verp'd addresses.
That's unfortunate. At this point, what's the point of getting them if they won't give you any useful information as to who doesn't want the list mail they requested.
But it's always been clear that AOL assumes everyone outside is a spammer. They probably can't get their minds around the idea that some of their own customers subscribe to lists and then mark them as spam when they no longer want them rather than properly unsubscribing. And that we, as responsible list owners, want to get them off our lists.
I know some will disagree but if it comes to it, then I just make it clear that I don't accept AOL users as subscribers. If they want to subscribe, they will have to do so from a "real" ISP.
Messageid still works, for whatever reason it's the one piece of header info that isn't redacted at this point.
-- Larry Stone lstone19@stonejongleux.com http://www.stonejongleux.com/
On Sat, 14 Jul 2007, Larry Stone wrote:
That's unfortunate. At this point, what's the point of getting them if they won't give you any useful information as to who doesn't want the list mail they requested.
It's not really supposed to be usefull on a per-mail basis, rather as a way of spotting trends -- a new bad-apple customer, a comrpromised script, virus-infected user, etc.
I have one client with a list that has one person on it who, without fail, reports every message as spam, yet claims he isn't and that he wants the messages. I've given up -- The server is on AOL's whitelist, they've never blocked it, and I have it on authority from the former heard of AOL's anti-spam group that they won't.
========================================================== Chris Candreva -- chris@westnet.com -- (914) 948-3162 WestNet Internet Services of Westchester http://www.westnet.com/
On 7/14/07, Larry Stone wrote:
But it's always been clear that AOL assumes everyone outside is a spammer.
The scary thing was that, when I was working there, every few months we'd get a whole new raft of VPs in the company, they'd all get sick and tired of the spam they were getting, and they'd all pressure us to implement all sorts of damn stupid ideas that had been reviewed and rejected years ago. We got to the point where we had a very long multi-page FAQ that we'd send to every single VP who ever broached the subject with us, and that would usually shut them up.
When the VPs of the company can't be bothered to even try to understand the problem well enough to know what additional viable measures can be applied, and pressure you to do all sorts of damn stupid stuff, there's only so long that the people with any clue can survive.
They probably can't get their minds around the idea that some of their own customers subscribe to lists and then mark them as spam when they no longer want them rather than properly unsubscribing. And that we, as responsible list owners, want to get them off our lists.
Most of their decisions are made by the marketing department, and have no grounding whatsoever in anything remotely resembling reality.
Besides, Goodmail pays them money for every Goodmail-signed message that they accept, so it's in their financial best interests to ensure that only Goodmail can send e-mail to them. So far as they're concerned, it's perfectly fine for them to pimp out their customers to Goodmail senders.
I know some will disagree but if it comes to it, then I just make it clear that I don't accept AOL users as subscribers. If they want to subscribe, they will have to do so from a "real" ISP.
For as long as I worked at AOL, and ever since, I always tried to encourage people with half a brain to go somewhere else.
I even finally got my Mom off AOL.
-- Brad Knowles brad@shub-internet.org, Consultant & Author LinkedIn Profile: http://tinyurl.com/y8kpxu Slides from Invited Talks: http://tinyurl.com/tj6q4
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
VERP doesn't work any longer for these, as of a couple months ago. They now redact ALL information that can be used to identify the user, including verp'd addresses.
As of June ( the last one I received) they only removed the list name part, so you get a line like this Return-Path: redacted-bounces+user=aol.com@mailman.westnet.com
Where user is the actually user name at AOL. It's usually fairly easy to figure out what list it was.
========================================================== Chris Candreva -- chris@westnet.com -- (914) 948-3162 WestNet Internet Services of Westchester http://www.westnet.com/
Quoting Christopher X. Candreva (chris@westnet.com):
VERP doesn't work any longer for these, as of a couple months ago. They now redact ALL information that can be used to identify the user, including verp'd addresses.
As of June ( the last one I received) they only removed the list name part, so you get a line like this Return-Path: redacted-bounces+user=aol.com@mailman.westnet.com
Where user is the actually user name at AOL. It's usually fairly easy to figure out what list it was.
This is the last one I got, from June. See if you can figure the username out. :-) They even redacted part of my domain name (postcardfromhell.com), probably because the redacted piece is the same as the list name (postcard). Regexes gone wild!
Return-Path: redacted-bounces+redacted=aol.com@redactedfromhell.com
On Sat, 14 Jul 2007, Dave Dewey wrote:
Return-Path: redacted-bounces+redacted=aol.com@redactedfromhell.com
Wow, maybe I'm just lucky.
Is your server on the AOL whitelist ?
========================================================== Chris Candreva -- chris@westnet.com -- (914) 948-3162 WestNet Internet Services of Westchester http://www.westnet.com/
Quoting Christopher X. Candreva (chris@westnet.com):
On Sat, 14 Jul 2007, Dave Dewey wrote:
Return-Path: redacted-bounces+redacted=aol.com@redactedfromhell.com
Wow, maybe I'm just lucky.
Is your server on the AOL whitelist ?
Yep. I get very few complaints, 99% of them accidental, so for me it's just a way to contact my subscribers and tell them to stay away from that damn spam button.
- Dave Dewey ddewey@cyberthugs.com:
Do you use VERP to send out the mails? If you do that you can see who the culprit is.
VERP doesn't work any longer for these, as of a couple months ago.
Damn! My last TOS notification dates back quite some time...
They now redact ALL information that can be used to identify the user, including verp'd addresses.
Great.
Messageid still works, for whatever reason it's the one piece of header info that isn't redacted at this point.
OK, so VERP is still the way to go, since the message-id is always different
-- Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to plonk@charite.de
Ralf Hildebrandt wrote:
OK, so VERP is still the way to go, since the message-id is always different
Do you mean the SMTP id in the first Received: (from Mailman) header?
You can get the recipient from your MTA log using this, but the Message-ID: header is normally unchanged from the incoming post and is not different for different recipients.
-- Mark Sapiro msapiro@value.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Sat, Jul 14, 2007 at 05:00:56PM +0200, Ralf Hildebrandt wrote:
- Rick Pasotto rick@niof.net:
I have recently been getting some of these from one of my mailing lists.
Welcome to the wonderful world of AOL retards.
There is nothing in it (that I've been able to see) that would tell me who the user is that is rejecting the email. There are several AOL addresses subscribed but only one rejection each time a mailing goes out.
Do you use VERP to send out the mails? If you do that you can see who the culprit is.
I wasn't but I turned it on and the latest TOS Notification included the user's email so I have now deleted them.
Thanks for the suggestion.
-- "But the individual has no right to use force for any other end. I cannot legitimately force my fellow men to be industrious, sober, thrift, generous, learned, or pious; but I can force them to be just." -- Frédéric Bastiat (1801-1850) Rick Pasotto rick@niof.net http://www.niof.net
On 7/14/07 9:38 AM, Rick Pasotto at rick@niof.net wrote:
I have recently been getting some of these from one of my mailing lists. There is nothing in it (that I've been able to see) that would tell me who the user is that is rejecting the email. There are several AOL addresses subscribed but only one rejection each time a mailing goes out.
- Have I overlooked something that would identify the user?
Unfortunately, AOL, for "privacy reasons", does not tell you who flagged it as SPAM. Which of course makes it completely useless for identifying who to remove from a mailing list.
As Ralf indicated, VERP your mail. Yes it increases your outgoing load but at least you know who is doing it.
My policy is, given these are recipient requested and confirmed subscriptions, first time, removal from the list and immediate mail server ban for mail from their address. If they try sending something to me, they'll get an SMTP reject that directs them to an information web page. After one year, they can request reinstatement (by sending to my Postmaster address which bypasses the ban) but no such AOLoser has ever done so. Second time, permanent and irrevocable mail server ban. All these lists have "Attention AOL users: You have voluntarily subscribed to this list. If you report this message as spam, you will be unsubscribed and banned from this server" in the footer (right below the unsubscribe information).
- Why would AOL send such a useless email?
Because it's AOL? :-)
-- Larry Stone lstone19@stonejongleux.com http://www.stonejongleux.com/
participants (9)
-
Brad Knowles -
Christopher X. Candreva -
Dave Dewey -
David Gibbs -
Larry Stone -
Mark Sapiro -
Ralf Hildebrandt -
Rick Pasotto -
Zbigniew Szalbot