Great Circle Associates List-Managers
(November 1999)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: AOL
From: Nick Simicich <njs @ scifi . squawk . com>
Date: Tue, 16 Nov 1999 12:08:48 -0500
To: <list-managers @ GreatCircle . COM>
In-reply-to: <199911160315.VAA06389@mail.xnet.com>

At 09:16 PM 11/15/99 -0600, Adam Bailey wrote:
>On 11/15/99 6:40 PM, James Lick <jlick@drivel.com> wrote...
>>On Mon, 15 Nov 1999, Nick Simicich wrote:
>>> Also, AOL is basically in complete violation of RFCs by not bouncing the
>>> mail to the RFC821 MAIL FROM address.  They can get away with it, because
>>> they are big. 
>>
>>Ironically, in the past AOL was screamed at for doing just what you
>>suggest.  When they got a mass spam from a forged address, all the bounces
>>end up mailbombing some poor sap who happens to own the domain in
>>question.  Because AOL is very big and is considered a target rich
>>environment by spammers, this means that AOL ends up bouncing a lot of
>>mail in a very short time.
>
>You're right, I had forgotten about that. Didn't CyberPromo try to sue 
>AOL claiming the massive bounces were a Denial of Service attack?

Somone told me last night that the person who designed the mail system for
AOL was not an idiot studying to be a moron, but a real smart fellow.  I
would think that a smart fellow would have added something to bounce
handling looking for bounce rates and only inhibiting bounces to sites or
addresses when the bounce rate exceeded some reasonable threshold, such
that there were obvious problems rather than dumping one-off bounces on the
floor.

The CyberPromo case was AOL holding all of the bounces sent from forged
RFC8221 addresses and correctly (IMHO) vectoring them back to CyberPromo
(the actual origin), not bouncing to the RFC821 MAIL FROM address.  This
was an intentional act under AOL's control and not them simply following
standard procedures, and I believe that a reasonable person would not find
that one related to the other.

The reality is that AOL is the only big mail sink following these
procedures (or at least the only one I know of and the only one that anyone
complains about on this list).  Everyone has occasional glitches. AOL has a
mail system designed to use secret criteria to throw mail on the floor,
maybe, or maybe their mail system is just badly broken.  No one knows for
sure, and frankly, I don't put much credibility in any public announcement
that AOL makes either formally or informally.  Because this stuff is all
secret, the list owners are the ones who take the heat.

Yes, I think this is AOL bashing.  But I think it is for cause.  They have
some serious problems that affect their customer's service, and they show
no interest in fixing them.
--
We will fight for bovine freedom, And hold our large heads high.
We will run free, with the buffalo or die! Cows with Guns. - Dana Lyons,
Cows With Guns
Nick Simicich mailto:njs@scifi.squawk.com or (last choice)
mailto:njs@us.ibm.com
http://scifi.squawk.com/njs.html -- Stop by and Light Up The World!


Follow-Ups:
  • Re: AOL
    From: Chuq Von Rospach <chuqui@plaidworks.com>

References:
  • Re: AOL
    From: Adam Bailey <adamb@lull.org>
Indexed By Date Previous: Re: Blocking bad attack out of mpx.com.au
From: Jeremy Blackman <loki@maison-otaku.net>
Next: Re: Blocking bad attack out of mpx.com.au
From: Info-LabVIEW List Maintainer <info-labview-request@fsm-1.pica.army.mil>
Indexed By Thread Previous: Re: AOL
From: "Ronald F. Guilmette" <rfg@monkeys.com>
Next: Re: AOL
From: Chuq Von Rospach <chuqui@plaidworks.com>

Google
 
Search Internet Search www.greatcircle.com