Spam Ban
 
 
"Yak of the Day." It's the one thing you have to look forward to when you get home (other than your lovely and/or handsome spouse, of course) after shlepping through b the bus/train/car traffic for an hour and a half. It's the perfect before dinner pick-me-upper, getting all the bad vibes out of your system with a couple of dumb jokes. After a quick read, you almost feel human again. Without it...
 
Well, the folks at home better stay out of your way - because there will be no pre-dinner "Yak" today. The sender, Yak@aol.com, along with all the other e-mail being sent from the AOL servers, has been banned by your ISP!
 
If you've ever missed an important e-mail message you were supposed to get, not only from an AOL client, but even a local, small mail server - like the one that hosts your favorite community e-mail list - the message may never have gotten into your e-mail box in the first place!
 
The spam wars go both ways, it turns out. On the one hand, we all seek ways to reduce the amount of e-junk that seems to be increasing exponentially on a regular basis (http://tinyurl.com/yf9qx5). Customers are constantly complaining to their Internet Service Providers about abusive mail, supplying names, dates and IP numbers of the worst offenders in the hope that the people they're paying for Internet service will do something. But sometimes, when that something is done, important - and legitimate - messages get swept up in the wholesale "spam arrest.”
 
This is different than the special e-mail filter an ISP will install onto your account on their servers, to block e-mail you don't even want to download to your computer (Netvision, for example, charges NIS 9.90 for this service). While that filter (similar to filters you can install in your own e-mail box for free) will block messages based on specific keywords or other criteria (see, for example, http://www.newzgeek.com/092906_stockspam.html), ISPs will also block en masse messages from servers that appear to be sending out wholesale spam. Often this is a good thing, - for example, when banning messages from servers in China, where much of the world's spam is sent from nowadays (http://www.okean.com/).
 
But despite western ISPs' efforts in battling spam, servers in the U.S., Europe, Israel or other "civilized" places are often guilty of mass e-mailing (“civilized" meaning that they have strict rules and laws - that are enforced by the authorities - against spam being sent from local servers). Unfortunately, though, the mass sweeps against spammers conducted by ISPs sometimes affect perfectly innocent servers, and e-mail messages.
 
How do ISPs (like our local Bezeqint, Netvision, Barak, etc.) decide who to ban and who to keep? All the ISPs I spoke to were a bit cagey about exactly what their methods are - possibly fearing that they would be accused of not covering all the bases, or some other technical deficiency on their part (although I tried to explain to them in my calmest, newspaper guy type voice exactly what I wanted to know and why, and especially made it clear that I would not be discussing any complaints by customers against ISPs). But, as it happens, the scoop for local ISPs, just like the ones overseas, is easily determined with a little Web legwork.
 
ISPs use a pool of tools to determine who's a spammer and who isn't, including a number of spam tracking services that take abuse complaints from individual users and ISPs, check out the server from which that spam is being sent, and publish the information in a database for the benefit of users and ISPs. A service provider seeking to ensure that no spam comes through their system may, for example, check out the database of a service like SPEWS, (http://www.spews.org/).
 
If a host or domain gets into SPEWS' sights as a potential spammer, the suspected offender's ISP will be contacted for a resolution of the problem, If it gets fixed - great! But if not, suspects find themselves on the banned list, which will then get picked up by other ISPs. Since most users of an ISP received a dynamic IP address owned by the ISP itself, and since that is the number that will be listed in the spam directory, it's the ISP, not the user/domain, that bears the brunt of blame, at least among other ISPs worldwide.
 
So, for example, if SPEWS, Spamcop, Spamhaus, or one of the other reporting services (http://tinyurl.com/yhsspl) suspects, for example, a Bezeqint.net user/domain of distributing or forwarding spam, Bezeqint could find all the messages sent out from servers in its IP range - even legitimate messages - banned by other mail hosts. Note that it doesn't even have to be a Bezeqint user behind the spam if a customer has a virus on his/her PC that turns the computer into a "spam forwarder," a not uncommon tactic used by spammers (http://tinyurl.com/ygl9pg) to hide their tracks. They send the spam via your PC, making you (and your ISP) the heavy - while they go scot-free!
 
Bezeqint.net, of course, is concerned when they get contacted by spam cop services, because ending up on a spam list could be disastrous for their customer base - and for business. So, they'll check their own records to see just who is responsible for the problem. A user can find his/her account shut down, and if the message came through a local host (i.e an e-mail list) or domain, the ISP will likely cut off - or even sue - that servers' users, in an effort to keep its own nose clean (see http://tinyurl.com/yay4og).
 
A good ISP, in fact, will do an analysis of its own user logs before being contacted by an international spam reporting service, in a search for unusual mail activity - much like a good credit card company will contact users if they notice unusual activity on a customer's credit card. From what I have gathered from local sponsors of both domains and e-mail lists that have been banned at one time or another by a major local ISP, it seems that the abuse departments of the service providers are very proactive in cutting off suspected spammers - but they usually do not contact the hosts that are affected, who only hear about the problem secondhand when users in their domain or mailing list complain (I couldn't get any information about the specific policies regarding who gets contacted when from the ISPs, either; lots of caginess on that front, too).
 
The rules are the same for everyone, from the smallest Web host to the biggest of them all - AOL - which occasionally gets banned by ISPs and Web sites One site that has often put the kibosh on AOL users is, believe it or not, WikiPedia (http://en.wikipedia.org/wiki/Wikipedia:AOL)! WikiPedia bans certain proxy address ranges on a regular basis when they suspect that messages from those addresses are coming from a spam server, a suspicion engendered by the complicated proxy system used by AOL (proxies are especially suspected of being used for spam nowadays - see http://tinyurl.com/5o7w9).
 
If Netvision users, for example, can't get mail from AOL accounts, it's possible that Netvision took an AOL proxy address range (from, for example, the MAPS realtime blacklist - see http://tinyurl.com/bcj8u) and added it it their own blacklist in order to avoid spam. I can just imagine the flurry of e-mails from users to ISP, from ISP to AOL, and back again, as all parties work to resolve a misunderstanding
 
AOL itself, by the way, is aware of its reputation and has taken significant steps in recent years to keep itself clean of spam, but often is accused of being overzealous and blocking legitimate mail that does not follow its specific acceptance criteria (http://tinyurl.com/yylhtj). Maybe there's an element of politics involved - like an ISP blocking AOL, and the behemoth taking its vengeance by banning the rival ISPs' messages? Well, according to http://tinyurl.com/y9p5a6, if history is any example, tit-for-tat is not an unheard of business strategy in the online world!
 
 
 
digital.
newzgeek.
com
 
 
 
dec. 12, 2006
Questions? Comments?
ds@newzgeek.com
 
 
 
Link this!
 
  del.icio.usdel.icio.us
 
save_to_blinkbits
 
  Blink It!
 
FurlFurl
 
  diggdigg this!
 
  reddit
 
Â