AOL bouncing Easynet smarthost mails?

Anthony Edwards

2003-10-20 15:46:54 UTC

Post by Marc Palmer
In the last few days (separate from the false SMTP AUTH bounce messages)
I've been getting bounce messages from AOL when I mail to AOL via
host mailin-04.mx.aol.com [64.12.136.153]: 554-(RLY:B1) The
information presently available to AOL indicates this
554-server is generating high volumes of member complaints from AOL's
554-member base. Based on AOL's Unsolicited Bulk E-mail policy at
554-http://www.aol.com/info/bulkemail.html AOL may not accept further
554-e-mail transactions from this server or domain. For more
information,
554 please visit http://postmaster.info.aol.com.

I have had a telephone conversation with our contact at AOL about
this matter today, and can report as follows.

Apparently, a new more aggressive mail filtering policy was adopted
by AOL in the last few days which has the intention of increasingly
blocking email from compromised hosts and/or particularly prolific
sources of Unsolicited Bulk Email.

Unfortunately however, the code used to create this filtering has
had a number of issues including a high rate of false positives,
with the result that the upgraded filters were rolled back by AOL at
approximately lunchtime Monday 20 October 2003.

It appears likely that your mail was caught by one of these new
filters, and also appears likely that, if you now re-send the email
concerned, it should now be deliverable.

Post by Marc Palmer
Is this due to blacklisting of Easynet due to this other abuse incident
that sparked the SMTP AUTH error message bug? (which seems to be solved
for my mailing lists now too - thanks).

A significant number of easynet customer mail servers have been
hijacked by unscrupulous bulk emailers in recent weeks who have
exploited a recently discovered vulnerability involving SMTP AUTH.

http://www.spamhaus.org/rokso/search.lasso?evidencefile=2669

(offline at present, however it should be back shortly)

http://www.vamsoft.com/orf/authattack.asp

(please note that the information in the above URL does not appear
to be effective in all cases, and in particular there appears to be no
current means of securing Small Business Server 2000 against these SMTP
AUTH hijacking exploits)

We have a feedback loop in place with AOL, who report all Unsolicited
Bulk Email apparently originating from easynet UK IP address ranges
that their members report to them via a specific channel set up for
this purpose. We undertake to take immediate remedial action on
receipt of such complaints (and "ordinary" complaints sent direct by
the recipient of Unsolicited Bulk Email to ***@uk.easynet.net of
course) and immediately block such vulnerable hosts from being able
to access our outbound SMTP smarthost cluster.

As a result, it is extremely unusual for our smarthosts to be
blocklisted by AOL, and when it does happen, it is almost always due
to a technical misconfiguration or administrative error. AOL are
currently receiving millions (yes, literally millions) of reports from
their members per day in respect of Unsolicited Bulk Email that they
have received however, so one can understand why they feel the need
to take measures in an attempt to reduce the amount of Unsolicited
Bulk Email that their members receive.

--
Anthony Edwards * ***@uk.easynet.net
Abuse Team Manager * Tel: 0800 053 0588
Easynet Ltd * DDI: 0161 227 0707
http://www.uk.easynet.net * Fax: 0845 333 4503