Politech mailing list archives
Details on how DearAOL.com works, and AOL's junk mail filtering [sp]
From: Declan McCullagh <declan () well com>
Date: Fri, 14 Apr 2006 23:33:03 -0700
Apologies to Danny for taking so long to send this out -- it would have been a good discussion have during the day on Friday. The Well was completely offline until about an hour ago, and email is only now trickling in: http://www.salon.com/wellstatus/
Previous Politech messages: http://www.politechbot.com/2006/04/13/why-was-moveonorg/ http://www.politechbot.com/2006/04/13/aol-blocks-e/ -Declan -------- Original Message --------Subject: Re: [Politech] Why was Moveon.org blocked by AOL? Did recipients want the email messages? [sp]
Date: Fri, 14 Apr 2006 01:26:00 -0700 From: Danny O'Brien <danny () spesh com> Reply-To: danny () spesh com To: Declan McCullagh <declan () well com>CC: Politech <politech () politechbot com>, David Farber <dave () farber net>, Suresh Ramasubramanian <suresh () hserus net>
References: <443F210A.9040701 () well com> On 4/13/06, Declan McCullagh <declan () well com> wrote:
I'm sympathetic with many of EFF's positions on spam. But it is reasonable to ask: (a) Is each and every address receiving alerts from dearaol.com confirmed double-opt in? (b) Did dearaol.com borrow lists from some of its member organizations like moveon.org that may have less-than pristine list management practices? (c) Did a human at AOL intentionally block dearaol.com messages because of the content of the mailings or was it entirely automatic because so many AOLers were marking the alerts as spam?
I think I can answer these questions. No-one receives any mail from any dearaol.com address. I run a Mailman list that sends mails out to the 500+ groups in our coalition, which is run from the EFF. It is not confirmed double opt-in in the strictest sense: instead I and three volunteers spent a several days manually whittling down the groupsthat had volunteered into 500 that I felt confident had the authority to join
the coalition. There's more to signing up here than just receiving mail: There's no point having confirmed double-opt-in when one sweet retired lady from Texas confirms sincerely believing that she represents AARP. I was concerned that if we were speaking for all 500 groups, it would be better to let them know than have them miss the confirm and be left out of the loop. My first mail had mailman's unsubscribe details, an explanatory note from meand my personal mobile phone number so that anyone could call if they had any
questions. After that, they've received around one or two mails a week, all with mailman links and most with my number. (And I should point out to Suresh that if he believes lists that aren't confirmed double opt-in are spam, he's going to have serious problems with Goodmail's acceptable use policy, which permits single opt-in for paying senders of CertifiedEmail where "At the point of email address collection, aperson has affirmatively requested to be included on an email list to receive
email. No confirmation email is sent and the person is not required to take further action to be included on the email list." Such single opt-in mail will, of course, skip AOL's spam filters entirely. From <http://www.goodmailsystems.com/aup.pdf>) We, of course, have no control over who else mentions an URL. EFF does not, of course, buy in lists. MoveOn has mentioned the site a few times in its mailouts but then MoveOn is on AOL's whitelist (and may be on their Enhanced Whitelist, I'm not sure), so AOL clearly believes their mailing lists are clean enough. No-one but me has access to DearAOL.com coalition lists, in accordance with DearAOL.com and EFF's privacy policy. As to AOL's ban, if you want my opinion, here's what happened. This is alittle long, and much is conjecture, based on the evidence that I've collected
so far.We have about 122 coalition members on the list, which is enough to trip AOL's volume filters, which I understand are set at about 100 mails from a single IP address. I sent out a mailout to our coalition around noon yesterday. I found
out that AOL was bouncing any mail with our URL in it at around 4.45pm - one of our coalition had mailed a friend at AOL with a note about our site, and received a bounce.Playing forensic scientist, I sent a mail today asking our AOL users if they'd
received yesterday's mail (carefully avoiding the D*arA*L.com word). A few had; the majority had not, which leads me to believe that the ban occurred somewhere in the middle of the mailing run. Ploughing through the error logs, I have found one person on the list whoseerror message indicates that he does not want to receive mail from my address. Whether he is simply set to only receive mail from friends or whether this is
a specific ban is unclear: but he's the only indication I have that anyone complained about the mail.Many AOL users treat the AOL client's "spam" button, rather sensibly, as a "I
don't want to receive any more of this mail". I suspect this person was unsubscribing by hitting this button. Unfortunately, AOL's semantics are rather different: they take it as meaning"treat this mail as suspect for everyone else". (This is one of the practical
problems of having intermediaries attempt to make decisions about end-useremail delivery without adequate feedback or transparency. Fixing this semantic
gap is one of the ongoing challenges of fighting spam: a consistent standard for confirm and unsubscribes may well go some way to fixing it.) Anyway, AOL clearly doesn't view the mail as spam in a strong sense, because they haven't banned my email address or IP. What they did, it appears, is check out the mentioned URL.Somehow - and this is what AOL's tech support folk told me when I called them this morning - they identified www.dearaol.com as a "morpher". This is a site
that redirects user clicks to many different sites. It's true: www.dearaol.com has round-robin DNS. I plead guilty to load-balancing of the most heinous kind. AOL appears to have taken this as a sure-fire indication of a spamming site, and instantly banned *every email that mentions this URL* from entering the AOL system.That includes, incidentally, people mailing themselves the URL. It would have
included Suresh's and Declan's mail too, if AOL hadn't fixed the problem within 30 minutes of reporters calling them for a quote. AOL's spokesman told reporters variously that that there was a softwareglitch, a technical glitch, and finally a hardware glitch that affected dozens
of web addresses. I find all of these hard to believe. The tech support guys I spoke to didn't seem surprised about the ban; one said that fixing it usually takes 3-5 working days. EFF has received reports of these kind of URL bans before. Bennett Hasselton, of the free speech group PeaceFire, has documented many innocent groups who find all mails discussing their URLs removed from AOLspace.This appears to be a private AOL ban list. Goodness knows how many URLs or how long they are held. I suspect if I hadn't received that mail from a friend, or put out a press release, www.dearaol.com would still be banned from 20 million
user's private communications, and would remain so until I made that call.This is exactly the kind of overreaching, black-and-white anti-spam filtering
that goes on all the time among ISPs and is largely unnoticed by their customers - for the simple reason that nobody notices a mail that never arrives. And that's why we're concerned about Goodmail: it rewards ISPs for such badfiltering, because with such large problems, large companies will pay a great
deal to avoid those filters. And no market forces can come into play to fix this failure to deliver when the symptoms themselves are so hard to detect.I'm more disturbed that Suresh had a similiar block, which he finally deigned
to remove because he believed us to have "legitimate" popularity. Suresh'scompany manages filters for over 40 million users. I'm happy that Suresh likes
me enough personally to let me escape his blacklists, but when advocacy campaigns find themselves removed from the inboxes of 60 million users, andthen have to wait to permitted to step back into public debate on the whims of someone judging them "legitimate" speakers, we have some serious questions to ask about our mailbox providers' anti-spam strategies and the feedback systems
that keep them in check. d. _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
Current thread:
- Details on how DearAOL.com works, and AOL's junk mail filtering [sp] Declan McCullagh (Apr 14)