>AOL/Microsoft-Hotmail Preventing Delivery of Truthout Communications >http://www.truthout.org/docs_2006/091307Z.shtml >___
This has been much discussed on Farber's list. I attach three recent responses: ----------------------------------------------------------------------- Several points in no particular order. 1. If two large ISPs independently begin blocking mail from a given domain/IP address/network block/etc., then it's usually a pretty good sign that there is an issue with the mail source. 2. AOL has a responsive and clueful postmaster team, and provides pointers to contact information for it in reject notices issued to refused SMTP traffic. Has anyone from Truthout used those contacts to find out what their view of the issue is? 3. Truthout's listed contacts for its domain don't work: one apparently goes directly to Truthout's own mail server(s) and is refused with a "user unknown" error; a message to the other has been enqueued for several days awaiting receipt by the destination mail server. A message to the Truthout postmaster address (mandatory per RFC 2821 for all domains that send or receive mail) was rejected when sent from my own account, and *possibly* accepted when sent from my own postmaster address -- but no response yet. The point being that domains which make it hard for people to tell them early on that they may have problems may find that those problems escalate considerably before they finally become aware of them. 4. The socially-engineered DoS attack suggested by Adam would probably work in some circumstances. But it shouldn't work with a sufficiently-clued ISP and a sufficently-clued mailer: the ISP should be able to detect a flood of fabricated abuse reports, and the mailer should be able to produce proof-of-subscription...which in turn can be correlated against the ISP's own outgoing mail logs. That is, if [EMAIL PROTECTED] signed up for the [EMAIL PROTECTED], then example.com should have at some point emitted a confirmation request (noted in aol.com's logs) and [EMAIL PROTECTED] should have responded to it (also noted in aol.com's logs). This won't work perfectly of course -- log retention is one question, and confirmation-via-individual-URL is another. But the abuse staff at any ISP should long since be aware of the existence of "joe jobs" (as variants on this are called) and should be suspicious of any abuse case where the evidence is entirely too neatly arranged. Doubly so if example.com seems to have been doing everything "right" in the past. 5. Brett's right about MoveOn (which has been blocked here for several years, not because of political agenda, but because of spamming issues). But the same could be said of organizations all over the political spectrum: a cursory check of the configuration here shows domains belonging to both major US parties, as well as some religious-oriented domains, lobbying groups, individual politicians, etc., all blocked for spamming. I don't wish to speak for anyone else in this thread, but I think most of us find ourselves far too busy blocking spammers to even begin to think about the onerous and never-ending task of blocking every organization whose political/social/economic views we personally happen to disagree with. (Heh...I'll leave that to the censorware vendors, whose affiliations and funding have already been explored at great length by others.) ---Rsk ---------------------------- While I don't work at AOL anymore, I did run the anti-spam team for many years and worked on the email platform for almost a decade. I can tell you that from time to time we had a group complain that we were blocking their mail without proper cause. In most cases we would provide the data to show the organization why they were having issues. Most of the time it was a combination of complaints about their mail (REPORT SPAM from members) along with an abnormally high rate of bounced mail (non-deliverable addresses). And in most cases the organization would fix the issue once we got them signed up for a feedback loop which would allow them to see their complaints and address the cause. In all of my years at AOL, I can tell you that AOL never intentionally blocked an organization for their political views. I would not have allowed it. But we did block some of these political groups along the way... I remember AOL automatically blocked the DNC and RNC repeatedly in election years for bad complaint rates and high bounce rates. Eventually these groups even told us that they bought "lists of likely voters" and emailed them. And as such, complaint rates and bounces were off the charts. And I remember having blocking issues with Moveon.org as well, at least once. These were not issues with the organization and what they stood for. The issues were due to mailing practices and the resulting poor statistics that the organizations had in our spam control systems. Over the years we heard lots of excuses for why an inherently political organization should never be blocked and should always have their mail delivered, but we always felt that our thresholds should apply equally to everyone. Unlike some ISPs, AOL always used objective statistics to block or filter mail. We found we could not reliably do it any other way. And unlike other ISPs, AOL is fairly easy to get on the phone and we were always willing to investigate the possibility of special circumstances affecting our stats - like people trying to game the system, etc. And we did investigations into these claims many times a year. For example, I remember being told by a number of political organizations that their spam complaint numbers were up because people were intentionally signing up for the newsletters and then complaining to make a political statement against the organization and hopefully get their mail blocked. But we found that this was not the case and in fact that the list management policies and poorly run unconfirmed optin forms were to blame in many cases. In other cases, we found that the "sign up your friend" system was not working to their benefit. After suggesting to these organizations that there may be reasons (within their control) for their poor stats and high bounce rates, many times they would publish nasty "call to arms" to get their community up in arms and put pressure on AOL. Sometimes this worked. Sometimes it didn't. I am not sure what the story is with the TruthOut.org story as I don't work at AOL anymore. But seeing that not one, but two ISPs are blocking them makes me consider that something else may be at play other than the ultra-conservative corporate thieves at AOL and MSFT working together late into the night, sharing IP block lists for Truthout.org's outbound servers. (For my part, I did pass along the original post on this list to the appropriate people at AOL and I can only assume they are aware of the issue and working it...business as usual) Carl Hutzler http://carlhutzler.com/blog/ [EMAIL PROTECTED] ----------------------------- I probably fall pretty squarely into truthout's target group from whatever political, social, or economic perspective one chooses to take; after this thread started I signed up for their mailing list out of curiousity. Here's the communication history thus far: 2007-09-17 2:20 PM: Received confirmation request email (active confirmation required, good for them) and clicked link. 2007-09-17 2:20 PM: Received "you're on the list now" email. Not strictly necessary, but fine. 2007-09-17 6:45 PM: Received "don't forget to donate" email, noting their delivery problems as added incentive for those who are receiving the emails to contribute. Okay...reasonable enough, lemons and lemonade and what-have-you. 2007-09-17 10:06 PM: Received topical update email. Read it, interesting, probably wouldn't have been aware of the issue otherwise. Good. 2007-09-18 9:10 AM: Received topical update email. Read it, less interesting...eh, still happy enough to have read it. 2007-09-18 2:10 PM: Received topical update email. Scanned it, getting a little tired of the emails now. 2007-09-18 5:39 PM: Received "urgent donations appeal" email, noting their delivery problems as added incentive for those who are receiving the emails to contribute. Yes, I know, I read yesterday's email, thanks. 2007-09-18 9:18 PM: Received topical update email. Looked at subject line, went to watch Red Dwarf season three instead of reading. So in less than 48 hours I've received six emails from truthout, including two donation requests. Is there a problem with that? Yes and no. I signed up for the list, so I personally wouldn't say that truthout is spamming me, but they did violate one of the basic rules of email communication: SET EXPECTATIONS. When I subscribed, I had--right or wrong--visions of some sort of newsletter dancing in my head, weekly or perhaps (at most) daily emails. It never occurred to me that I might get three or four emails per day from truthout, and they did nothing to manage my expectations. If their signup page had said "you'll receive update emails throughout the day," I would have known what I was getting myself into up front. Again, whether it's right or wrong, I can very easily see someone clicking that "mark as spam" button somewhere around email four or five, rather than scrolling all the way to the bottom of the message and clicking the mailto link to unsubscribe. As a side issue, truthout doesn't even offer any sort of daily digest option for email, so my choices are drinking from the firehose or unsubscribing, and I know which way I'm leaning right now. For an organization that seems to depend so heavily on email, it seems to me like truthout is taking a surprisingly crude approach to working with email. - Whit ** W.B. McNamara [EMAIL PROTECTED] http://absono.us ------------------------------------------- --------------------------------------------------------------- WWWhatsup NYC http://pinstand.com - http://punkcast.com --------------------------------------------------------------- _______________________________________________ Discuss mailing list Discuss@isoc-ny.org http://lists.isoc-ny.org/mailman/listinfo/discuss