I had quite a day yesterday. My hosting company, Just Host, suspended the hosting for the domain lineberry.org because of some SPAM flags sent from AOL. It took me pretty much all day to convince them that the 300-person mailman list used for our neighborhood was not sending SPAM. But how did I get to that situation in the first place and why is AOL flexing their muscles on my little community website?
As many of you know from previous posts and if you read the hibbets.net newsletter, I’m trying to build a community at lineberry.org. We have a small website, with a blog, and an email list. The messages we typically send are about the organization, promoting our blog posts, alerting the neighborhood that a house got broken into, etc.
Last week, I got a message from my hosting provider that AOL users were flagging messages sent from our Alliance mailing list as SPAM. I reviewed 8 criteria that AOL sent entitled “What should be done to prevent receiving such messages in the future?” (see below) and thought that everything would be alright.
What should be done to prevent receiving such messages in the future?
1. Send emails only to the people which you pretty sure want to receive your emails or subscribed to your mailing list
2. If you have a mailing list, please make sure that every your message contains an unsubscribe button and it is easy to find it in the email
3. Please take into account that AOL will automatically blacklist your IP address whenever you send more than 3 emails from the same IP address within 60 seconds and all messages have the same bulk code
4. You may use CAPTCHA contribute to stop bot spamming in case you have the mailing list
5. If you have the email forwarders to an AOL account, remember that all spam sent to your account is being automatically re-sent to AOL account. That is why it may be considered that you are the person who’s sending spam from our server
6. If you do not want to remove the email forwarders to your AOL account, you will need to enable the SpamAssassin feature in your cPanel
7. Change all passwords of your email accounts and cPanel either if you consider that you did not send any emails with the details provided in the headers
8. Download all your files onto your local computer and scan them by an antivirus software on malware
I was mostly concerned with item 2, but by default, mailman includes a footer in each email with a link to unsubscribe. I also attempted to set-up a Feedback Loop (FBL) with AOL to help troubleshoot the issue, but was denied. So what gives?
AOL users like to click the shiny SPAM button
Apparently, AOL users continued to click their SPAM button. Yesterday morning when I attempted to visit lineberry.org, I saw a suspended message. I then discovered that my hosting company sent me the following message:
This is to inform you that we received a complaint from AOL Inc. that spam is being sent from your account (lineberry.org). We had to suspend your account because of our Terms and Conditions violation. The spam message to which client complained you can see below. I have attached a spam message with a complaint.
Oh shit! Now what? I requested over email that they restore my services. I called the support line, twice. The first time to discover that the front line techs don’t have this power and a second time later in the afternoon to explain the situation to a supervisor. During that conversation, I asked if Just Host could provide me with a link to their Terms and Conditions for suspending accounts–and guess what? They couldn’t provide that info. (That’s a topic for another time.)
Later that evening, a senior technician restored the services to lineberry.org and I immediately began taking action. I unsubscribed all aol.com email address from the Alliance mailing list and put the mailing list in emergency moderation mode to prevent further messages from being sent out until I could better understand the problem.
I then submitted all the information I had to the AOL postmaster trying to better understand the problem and what needed to be done to be in compliance with whatever their new policy is. I’m still waiting on their non-automated response.
I then drafted a somewhat long email to the AOL users on the mailing list who were effected, explaining the situation. The long-term solution that I’m going to go with is to migrate this mailing list to Google Groups. I have also hit some technical limitations with my hosting provider where they limit outgoing email to 500 messages per hour.
AOL is a girly man
I think this entire situation should have never happened. It’s great that AOL is enabling their users to help identify what SPAM is–but is should be real SPAM, not message that they don’t want to receive. What really hurt me is that I didn’t have time to troubleshoot the issue because I didn’t fully understand what was happening.
I think that my hosting company wasn’t viewing me as a customer and bowed-down to AOL because the Internet giant said this mailing list was sending SPAM. I don’t think a real person at AOL or my hosting company took the time to evaluate the situation and help me out. AOL flexed their muscles and got some attention, but should they have this power? Being labeled a SPAMMER and getting black-listed is serious stuff. I got the raw end of the deal yesterday.
Research and open questions
I started researching this issue and saw that other people are getting hit by AOL and getting black-listed. I started looking through the email headers (see below) from the AOL complaint. I didn’t see anything out of the ordinary except an email address that looked strange, firstname.lastname@example.org. I don’t know what this is or if’s it related to mailman.
I hope this post helps others who may find themselves in this situation. If you can add any advice or other tips, please do so in the comments.
Received: from rs4.justhost.com (rs4.justhost.com [126.96.36.199]) by mtain-ma10.r1000.mx.aol.com (Internet Inbound) with ESMTP id 5FF763800016B;
Tue, 1 Feb 2011 13:00:08 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=rs4.justhost.com) by
rs4.justhost.com with esmtp (Exim 4.69) (envelope-from
<email@example.com>) id 1PkKWL-0003gn-Rl; Tue, 01 Feb 2011
Subject: redacted Digest, Vol 310, Issue 1
Date: Tue, 01 Feb 2011 12:00:03 -0600
Content-Type: text/plain; charset=”us-ascii”
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – rs4.justhost.com
X-AntiAbuse: Original Domain – aol.com
X-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain – lineberry.org
Not just me: http://www.markturner.net/2011/02/01/email-extortion/
AOL’s anti-spam page says that when they send the allegedly-infringing emails to you they remove the email addresses. That really doesn’t do much towards helping you as a mail administrator to track down any problems….
Pingback: Tweets that mention When AOL Flexes Their Internet Muscle | hibbets.net -- Topsy.com
Pingback: AOL Mail is hopelessly FUBAR « Mark Turner dot Net
Here’s the full recap of my experience:
That is awful. I would have promptly found a new hosting company (I <3 Dreamhost, btw, in case you're interested). What hosting company considers AOL legit at this point anymore? I'm also bummed to hear that they took this type of "spam" complaint serious without explicit documented proof, given the document misuse of clicking "spam" when a list has been willfully opted in to.