AOL's reaction to spam

Last updated 4 January 1999

To make it clear: I do believe that AOL attempts to stop spam originating from their domain, but lately enterprising spammers have abused this fact and the accompanying credibility that AOL has, and have forged mail which appears to come from AOL. I have repeatedly reported this fact to AOL and received nothing but an automated reply. Here is a typical sequence:

Date: Sun, 27 Dec 1998 12:56:53 +1030
To: abuse@aol.com
X-Mailer: Mutt 0.91.1i
WWW-Home-Page: http://www.lemis.com/~grog
Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-41-739-7062

This forged spam is abusing AOL's domain name.  I've seen a lot of
this recently, and it makes it very difficult to filter.  Please
indicate what you are doing to protect your domain name, otherwise I
will have no recourse but to block AOL.

Greg Lehey

----- Forwarded message from ei2succeed@aol.com -----

> From ei2succeed@aol.com Sun Dec 27 08:50:45 1998
> Received: from server1.incom.net (mail.incom.net [206.13.99.129])
>        by allegro.lemis.com (8.9.1/8.9.0) with ESMTP id IAA21681
>        for ; Sun, 27 Dec 1998 08:50:42 +1030 (CST)
> From: ei2succeed@aol.com
> Received: from rustyo (pm4a36.incom.net [206.171.123.52])
>        by server1.incom.net (8.8.8/8.8.8) with SMTP id OAA21832;
>        Sat, 26 Dec 1998 14:15:50 -0800

This header shows that the message in fact comes from incom.net.

> To: Recent@server1.incom.net, Visitors@server1.incom.net
> Subject: Thanks for stopping by
> Date: Sat, 26 Dec 1998 14:12:52 -0800
> Message-Id: <36155.592278587961600.257804@localhost>
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 8bit
> Content-Length: 461
> Lines: 18

> To: Recent@server1.incom.net, Visitors@server1.incom.net
> Date: Sat, 26 Dec 1998 14:12:52 -0800

> Thanks for your recent visit to our web site.  If you did not have time to check out
> our
>
> Newest software offerings or our latest Herbal Energy Products, Please stop by again:
>
> our address is: (in case you forgot to book-mark our site)
> http://www.endeavorsnet.com
>
> We are sending this e-mail to everyone that has visited us.
>
> Our customer list WILL NOT EVER BE SOLD, RENTED OR OTHERWISE DISTRIBUTED.
>
> It is our private list!
>
> Thanks,
>
> Endeavors International
>

----- End forwarded message -----

--
See complete headers for address, home page and phone numbers
finger grog@lemis.com for PGP public key

This is the only receipt I got. AOL did not indicate that they are doing anything about this problem; after receiving further forged mail, I have therefore decided to block AOL. If you are an AOL customer trying to contact lemis.com, I'm sorry. I'd suggest that you find a service provider who cares about abuse of his domain name.

Date: Sat, 26 Dec 1998 21:27:12 -0500 (EST)
To: grog@freebie.lemis.com
Old-Subject: Re: Abuse of AOL domain name (was: Thanks for stopping by)
Precendence: junk
X-Loop: abuse@aol.net
Reply-To: abuse@aol.net (AOL Net Abuse Handler)

           *** THIS IS AN AUTOMATED RECEIPT NOTIFICATION ***

Thank you for writing with your comments and concerns.  You are receiving
this automatically generated message to acknowledge that your mail has been
received.

All reports of abuse will be fully investigated by our staff. Please note
that due to the volume of mail we receive, you may not receive a personal
acknowledgment or indication of action.

In the event that you are reporting USENET abuse, please check the daily
summary of USENET actions posted to news.admin.net-abuse.bulletins. All
accounts reported for more than 5 inappropriate or otherwise abusive
USENET articles are listed in this report.

Also, please carefully check the headers of USENET articles to ensure they
are not, in fact, forgeries--it is becoming fashionable for Internet users
to do this. Headers which will quickly point out forgeries include
NNTP-Posting-Host and Message-ID. If you come across a forged article,
please report it to the postmaster or abuse account on the site from which
it originated.

Incidents of mass-mail spams originating from AOL addresses are regularly
posted to SPAM-L on LISTSERV@PEACH.EASE.LSOFT.COM and
list-managers@greatcircle.com. If you are a list owner, subscribing to
those lists may be of great value in combatting Internet abuse from all
sites.

Being informed after the event sounds to me like a good way to get even more mail. I can't see much use in it.


Internet e-mail violations are presently handled by our internal Terms of
Service staff. If you continue to see abuses of Internet mail more than 72
hours after your original report, please note this and we will take
special action on the account.

If you do not wish to receive copies of this notice in the future, please
send mail to abuse@aol.net with the subject "No autoreply".

Thank you for writing,

Internet Abuse Team
America Online, Inc.


v.19980910