[IP] Re: AOL/Microsoft-Hotmail Preventing Delivery of Truthout Communications NOTE DUE TO THEIR REPUTATION djf

[David Farber <dave@farber.net>]

Begin forwarded message:

From: Rich Kulawiec <rsk@gsp.org>
Date: September 18, 2007 9:58:25 PM EDT
To: David Farber <dave@farber.net>
Cc: Robert Grosshandler <rob@iGive.com>, Adam Thornton <adam@io.com>,  
Suresh Ramasubramanian <suresh@hserus.net>, Brett Glass  
<brett@lariat.net>, David Ian Hopper <imhopper@gmail.com>, Victor  
Marks <vxm@miglia.com>, "Danny O'Brien" <danny@spesh.com>, Tom  
Fairlie <tfairlie@frontiernet.net>
Subject: Re: [IP] AOL/Microsoft-Hotmail Preventing Delivery of  
Truthout Communications NOTE DUE TO THEIR REPUTATION djf

Several points in no particular order.

1. If two large ISPs independently begin blocking mail from
a given domain/IP address/network block/etc., then it's usually
a pretty good sign that there is an issue with the mail source.

2. AOL has a responsive and clueful postmaster team, and provides
pointers to contact information for it in reject notices issued
to refused SMTP traffic.  Has anyone from Truthout used those contacts
to find out what their view of the issue is?

3. Truthout's listed contacts for its domain don't work: one apparently
goes directly to Truthout's own mail server(s) and is refused with a
"user unknown" error; a message to the other has been enqueued for
several days awaiting receipt by the destination mail server.  A message
to the Truthout postmaster address (mandatory per RFC 2821 for all
domains that send or receive mail) was rejected when sent from my
own account, and *possibly* accepted when sent from my own postmaster
address -- but no response yet.

The point being that domains which make it hard for people to tell them
early on that they may have problems may find that those problems  
escalate
considerably before they finally become aware of them.

4. The socially-engineered DoS attack suggested by Adam would probably
work in some circumstances.  But it shouldn't work with a  
sufficiently-clued
ISP and a sufficently-clued mailer: the ISP should be able to detect
a flood of fabricated abuse reports, and the mailer should be able to  
produce
proof-of-subscription...which in turn can be correlated against the
ISP's own outgoing mail logs.  That is, if fred@aol.com signed
up for the republicrat-discuss-list@example.com, then example.com
should have at some point emitted a confirmation request (noted in
aol.com's logs) and fred@aol.com should have responded to it (also
noted in aol.com's logs).  This won't work perfectly of course --
log retention is one question, and confirmation-via-individual-URL
is another.  But the abuse staff at any ISP should long since be
aware of the existence of "joe jobs" (as variants on this are called)
and should be suspicious of any abuse case where the evidence is
entirely too neatly arranged.  Doubly so if example.com seems to
have been doing everything "right" in the past.

5. Brett's right about MoveOn (which has been blocked here for
several years, not because of political agenda, but because of
spamming issues).  But the same could be said of organizations
all over the political spectrum: a cursory check of the configuration
here shows domains belonging to both major US parties, as well as
some religious-oriented domains, lobbying groups, individual  
politicians,
etc., all blocked for spamming.  I don't wish to speak for anyone  
else in
this thread, but I think most of us find ourselves far too busy blocking
spammers to even begin to think about the onerous and never-ending task
of blocking every organization whose political/social/economic views
we personally happen to disagree with.  (Heh...I'll leave that to the
censorware vendors, whose affiliations and funding have already been
explored at great length by others.)

---Rsk



-------------------------------------------