Jim Babka, the president of the Downsize DC Foundation, added this to
the below blog entry in email today:
"The last couple of weeks have been a nightmare. Why? Because America
Online (AOL) has blacklisted us.
The result, in actual AOL addresses and related fall-out (like
through Netscape addresses, which AOL owns as well) has been a loss
of roughly 3,000 subscribers. But there's a real possibility the
actual damage is closer to 5,000, or possibly even 6,000 subscribers.
On top of that, anyone attempting to sign up with our system using an
AOL or AOL-related address couldn't confirm their registration. That
means they didn't get subscribed to our list at all.
If we can get this problem fixed, we can resubscribe those that we
lost who were already on the list. We still have their addresses. But
the ones that couldn't be confirmed last month, well, they are likely
lost forever. In fact, they probably left thinking we were
Note this doesn't seem the same thing as what we talked about last month
-- in this case, a legitimate organization has a temporary security
hiccup and, months later, is still blacklisted.
Obviously AOL has the right to set whatever policies it likes regarding
its mail servers. The question at hand is whether AOL went too far here.
NOTE: This blog entry is a supplement to our February 5
Downsizer-Dispatch message which can be found above (the Dispatch will
be posted after this entry so we can't link to it here).
In an earlier blog item in November we told you how a hacker attacked a
minor vulnerability in our "Tell-a-friend" mechanism. It was fixed
almost instantly. We won't rehash that story. You can read it for yourself.
We've been blacklisted by AOL. All we were told was that we had a
"compromised script." We don't know the specific nature of the
compromised script, but the November Tell-a-friend hack was our first
appearance on the AOL blacklist and we've had problems with that company
ever since. We've been in a kind of "off and on" situation with them --
more off than on -- but it was mostly a minor, occasional annoyance.
Each time that we would end up on the list, we'd wait 24 to 36 hours,
and the problem would go away.
That ceased to be the case, starting in about mid-January. Now we're
just plain "on" the AOL blacklist, and we're having a very hard time
To make matters worse, due to a technical mistake on AOL's part, no
"trouble ticket" was filed on our problem until Thursday. It took
considerable follow-up just to get that far. And, work order or no, the
problem still isn't corrected.
AOL has been insistent that we didn't have a reverse DNS address on our
server. Spammers frequently do not have a proper reverse DNS, and having
both a forward and reverse DNS that agree is one way ISPs can ensure
that there's no email forgery going on.
The problem was, AOL was wrong. We've had a reverse DNS all along. And
our server sits on U.S. soil. It didn't require rocket science for AOL
to find our reverse DNS, but find it they could not. So they claim.
Worse still, it took repeated attempts to actually get to the point
where we knew that AOL's supposed problem was that we supposedly didn't
have a reverse DNS. Then, our programmer had one of those conversations
that goes like this:
AOL: We can't help you because you don't have a reverse DNS.
DownsizeDC: We've got a reverse DNS.
AOL: We show that you don't have a reverse DNS.
DownsizeDC: Really, we've got one.
AOL: We can't do anything to help you until you have one.
DownsizeDC: It's been there all along.
AOL: Well, we'll try to find it. But until then, we can't do anything.
We were really in an "Alice in Wonderland" situation. It seemed like we
couldn't get a "trouble ticket" issued for an allegedly "compromised
script," because AOL said we didn't have a reverse DNS, even though we
did have a reverse DNS. It was like trying to convince someone they have
an elephant in their living room when they won't even turn around to
look where the elephant is standing.
All we could do was ask them to please notice that we really did have a
reverse DNS after all, and then wait. And wait, and wait. As follow-up
our programmer sent 2 messages to their DNS department, but got no reply.
We didn't know they had finally found our reverse DNS until our
programmer called their postmaster again this past Thursday.
But it still required that call to get our trouble ticket filed so the
appropriate staff would remove us from the blacklist. They may have
found the reverse DNS the day before, but that didn't mean our work
order was filed. We were told it would take one or two business days to
As of today (Monday) we're being told at least 24 more hours. Given the
delays up to this point, who knows if that's accurate?
It's worthwhile to note that we've applied for the AOL white list three
times and each time we were rejected. We just learned that we must have
30 days of clean mailing history. As you can tell, since November 13,
we've not qualified.
On top of that, after this most recent blacklisting, our programmer set
up a "feedback loop" with AOL. That's a recommended procedure. However,
another ISP manager we spoke to said he has one of these for his company
as well, but has found it to be "useless."
So the problem appears to be deeper. We think the reason for that is
that AOL has made a very bad institutional decision and is apparently
incompetent to correct the damage they impose on others.
Metaphorically speaking, somewhere along the way, someone at AOL decided
that their customers want the mail delivery person to read all of their
mail, sift out the stuff they wouldn't be interested in, and deliver the
rest. Internet Service Providers (ISP -- i.e., like AOL, Earthlink, Road
Runner, Comcast, and our friends at FBS.net) are really just mail
delivery pipelines -- a virtual postal delivery service of sorts, and
all ISPs have different policies about how to deal with spam. AOL's spam
policy is bad.
I can only imagine the howls of consternation if the U.S. Postal service
started going through our snail mail the same way AOL does! Imagine not
getting a lot of your mail, and sometimes none of your mail, because the
USPS decides its junk. Well, that's what AOL does a lot of the time.
Now, I hate spam as much as the next guy. I get roughly 350 spam
messages a day (no joke), and as the CEO of an upstart non-profit I
don't have any money to invest in a hot trade, a rare ground-floor
opportunity, or a precious commodity. Plus, my penis works just fine,
thank you very much. It's nice to have my ISP sorting some of this junk
out of the mix, but AOL's approach to this problem is ham-handed.
I've talked with an ISP manager who explained to me that a spam
filtering program is a must if an ISP wants to be competitive in today's
market, but how an ISP provides this service is really important.
Here's a way to think about it: Our justice system is built on the
presumption of innocence. Theoretically, we'd rather let nine guilty men
go free than unjustly convict and punish one innocent man. Not all
governments work this way, but we're all grateful that ours does (at
least in principle).
Similarly, not all ISPs work on the presumption of innocence. Some do.
The ISP manager I spoke about above says that his company grabs "obvious
spam," but if there's any question, they let it through so the customer
can decide. That way, his customers don't miss email they want or need.
His company presumes that email sent by a list owner is innocent until
it is proven guilty. This approach reduces the spam volume
significantly, but not completely. This approach also makes it more
likely that customers will get nearly all of the email they actually
want to receive.
But in AOL's world, email from a list manager is presumed guilty of
being spam for the slightest of reasons. If AOL gets so much as one
complaint, AOL assumes guilt and renders a death sentence.
AOL doesn't want the inconvenience of even a single spam complaint (like
it's their fault). And if AOL customers don't get the email they want,
frequently they don't even realize it. This policy probably keeps AOL's
call center and postmaster less busy, and AOL customers may even brag to
others about how little spam they get, which is good word-of-mouth
advertising for the company.
But I can pretty much guarantee you that AOL customers are also not
getting a lot of email they actually want, including the Downsizer-Dispatch.
Frankly, I think AOL should be fed to Darwin's machine. They need to
adapt or perish. This is a terrible and costly business decision AOL has
made. It's cost us a lot, and it should cost AOL too. I've never taken a
public position about the existence of a company before, but if AOL
cannot fix this problem, then I look forward to the day they fold. I may
even dance a jig when it happens.
The way we can make AOL bear the cost for their stupid policy to tell
OUR customers how AOL is handling their email. And that will be our next
Other action is also being considered.
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)