Subscribe to
Posts
Comments
NSLog(); Header Image

Fighting Spam, AOL Style

Posted February 25th, 2003 @ 08:34am by Erik J. Barzeski

Seems AOL's "Report a Spam" feature has failed horribly at doing even the simplest of things:

Knowing that you forward my email address right back to the spammer (as proven in the case with plaidworks) makes it easy for the spammers to verify that my email address is real. Of all the stupid things that AOL has ever done, and there have been plenty, this move is by far the winner. Now that the spammers know that I file "spam reports" (because they receive the complaint from you with my valid email address) all they need to do is send spam from a different email account each time. Which explains the growth in my daily spam.

What are they going to do next, open every attachment? This, AOL's recent bad press, and the fact that 35 million user accounts were compromised spell T-R-O-U-B-L-E for AOL.

2 Comments »

2 Responses to "Fighting Spam, AOL Style"

  1. | Reply Chris Hazard
    Posted 10 May 2003 at 5:49am #

    Seems I got spammed a while back

    by some who wants my screen name (I guess).

    The attack was such that my mailbox filled up

    in approx 2 hr.s

    By monitoring my Email I could see a posting

    arrive every 20 seconds or so...

    It took me a while to figure this scheme...

    Spamming takes place by way of 1 of 2 methods

    (via aol.com domain) means that a person

    fakes himself as an AOL screen name.

    The simpletst and surest aol domain attack is to use the same screen name as the target... there-fore it looks like you sent the spam to yourself

    (this is almost unstoppable unless you put yourself on a "block_only" list or keep your self off an "allow_only" list).

    The second type of spam attack is from a domain outside of aol (usually a popular domain such as

    yahoo.com or amazon.com)

    The simplest is to pick an important and logical

    source such as account_security@paypal.com

    or investment_info@fleet.com

    (these attacks are based on the probability that

    a large percentage of spam targets do in fact

    have accounts at Yahoo.com, Amazon.com, Ebay.com,

    Fleet.com etc.).

    The best AOL defense against both these

    (and I wager it will be > 95% effective)

    is to use Mail Controls and BLOCK ALL email.

    And instead place all known and valid "personal" email addresses in an AOL "allow_only" list.

    This will stop most if not all of the spam

    attacks mimicing coming from within and without the aol.domain (the coincidence of a spammer

    matching your personal friend's email address is very slim and the audience he will ultimately hit will be even slimmer).

    The second step will prevent spam coming in masked

    as popular domains such as Amazon.com, PayPal.com,

    Fleet.com etc.

    This step is to setup a mailforwarding service

    that forwards your email to your AOL account.

    By doing this you choose a unique forwarding email name for yourself such as my_mail@email_forwarding.com.

    Such email forwarding services are relatively cheap (I bought mine for $35 a year).

    Now place this unique forwarding address into your "allow_only" list and that completes the filter...

    Now this new email address should only be given out to secure organizations

    (official businesses that do not sell your mailing address!!!!)

    In theory this should work extremely well.

    I have tried this and found one frustrating problem...

    The problem is that any forwarded email

    does not appear as coming from your unique forwarding service

    (i.e. that address you have placed onto your "allow_only" list)...

    Apparently the FROM: information gets changed on forwarding to reflect who actually sent it,

    and to conveniently place the correct address into the REPLY: box when you click REPLY.

    As a result my forwarded email looks like it came from tom@wherever.com, dick@wherever.com or harry@wherever.com and not from

    my_mail@email_forwarding.com !!!!

    Such a procedure is technically called email

    redirecting (not forwarding) but the industry out there is set up this way...

    For this scheme to work... TRUE EMAIL FORWARDING

    where the forwarding service simply retransmits (or bounces) the email to your AOL account will work... but such services technically are not available at this time...

    It should be a simple procedure for email services

    to offer as an option TRUE FORWARDING where the

    sender's address does NOT end up in the

    FROM: or RETURN TO: information header...

    When that happens complete! AOL anti spamming would become available for another $35 made available from an outside email service...

    I have posted this lenghty article with the hopes it will get circulated to the right parties

    to offer this feature...

    I am sure a considerable number of AOL,

    MSN and COMPUSERVE customers would pay the extra

    $35/yr for secure email.

    CH (USPS Technician)

  2. | Reply Reggie Weinberg
    Posted 17 Apr 2004 at 5:38pm #

    Spam results are getting better week by week showing less than less and seems to be getting much better compared to oyhrt idp's especially especially yeahoo which I get twice less the mail than I use to get. Reggie Weinberg


Comments RSS

Leave a Reply


Warning: Undefined variable $user_ID in /var/www/vhosts/nslog.com/httpsdocs/wp-content/themes/nslog/comments.php on line 96

Please abide by the comment policy. Valid HTML includes: <blockquote><p>, <em>, <strong>, <ul>, <ol>, and <a href>. Please use the "Quote Me" functionality to quote comments.