Nitwittwery is alive and well: It's spelled AOL

[ljocampo]

My two cents

I have had all these adventures with AOL back when they were in their infancy.  I guess they never grew up.    Thank the Gods, AOL now doesn't know I exist.  And I love it that way!  

[kimmer]

As an sbc customer, I find myself blocked hither and thither on a reg. basis. That's why I paid for my mac.com address - it gets through when nothing else can.  

However -- the majority of the filthy spam that I receive comes from AOL! So take that mr. corporate giant.

When we were with earthlink, it was worse. Even with the spam filter thing on, I was downloading over 150 spam mails per day with each email address! When you are on dial-up, that's a long time spent download stuff to trash.

My nickels worth is that all of them are guilty, and the big boys are all out to take over the other big boys so that there is only one game left for the consumer to choose from - not that I'm cynical or anything.  :-/


kimmer

[krissel]

I am in agreement  with Dick's assessment of AOL,  spending 6 months (many years ago)  getting them to stop billing my credit card, even after I cancelled it.

 

One apparently successful spam filtering system is the one used by Yahoo mail. I used to get maybe 20-30 junk emails a day at my account there, but their SpamGuard has reduced it to perhaps 3 or 4 a day at most. I wish ATT would use it cause I get about 20 a day from them as well. Using PopMonitor does help. At least I don't have to download the garbage, just what I want.

[Gregg]

Speaking of SBC, as some were... Some friends of ours decided to sign up for their DSL service. Well, a billing nightmare ensued. Their account got so messed up, they killed it. They're now using only cell phones, which I guess many people choose to do these days. Their experience makes me wary of going with DSL.

[RHPConsult]

QUOTE

As an sbc customer, I find myself blocked hither and thither on a reg. basis. That's why I paid for my mac.com address - it gets through when nothing else can

"Hither and thither" certainly describes my experience too, insofar as blocking is concerned . . . this week. I guess I should be grateful for small favors, i.e. it  doesn't happen consistently

But I find myself confused (a not infrequent event). Even though you are using your Mac.com address (one of which I also have) aren't you still using SBC as your outgoing mail server? Or does opening Mac.com somehow overlay, so to speak, a different identity onto your message, not recognizable as a communication actually "initiated" through SBC?

You are reaching Mac.com via SBC are you not? I guess I thought the "blockers" could  figure out the "sending mac" irrespective of the particular address? Hmmmm?

With respect to Earthlink's fabled Spaninator, or whatever, it's never shown me anything especially effective. I rely on Netscape/Mozilla's little learning engine to zap the pesky things out of the way when they  arrive at my In-Box. It's seems to work quite nicely.

[tacit]

QUOTE(kimmer @ Jul 28 2003, 3:59 PM)

However -- the majority of the filthy spam that I receive comes from AOL! So take that mr. corporate giant.

No, it doesn't.

Let's say you get a piece of spam from "g1antpen1s@aol.com". Does that mean the spam came from AOL?

No. The From: address is forged. It is so easy to do, anyone can do it in under two minutes. If you like, i can send you an email that comes from; god@heaven.com or From: kimmer@techsurvivors.com or From: billg@microsoft.com or From: anything else I want. It's called "spoofing." All spammers do it.

Never, ever trust the From: address you see in any email! Just because it says From: someone@aol.com, that does not mean it came from AOL. AOL has very strict mail server control software that does an excellent job at stopping spammers.

The only way to tell where a message really came from is to look at the full headers. You will see a bunch of lines that start with "Received: from". After the "Received: from" will be information about the IP address and mail server the message came from.

Here is an example of a piece of spam I got that supposedly came from AOL. The headers say:

Received: from  rly-xk04.mx.aol.com (rly-xk04.mail.aol.com [172.20.83.41]) by air-xk01.mail.aol.com (v95.1) with ESMTP id MAILINXK14-5953f26dcbf11f; Tue, 29 Jul 2003 16:45:44 -0400
Received: from  compuserve.com (209-130-218-13.nas1.roc.ny.frontiernet.net [209.130.218.13]) by rly-xk04.mx.aol.com (v95.1) with ESMTP id MAILRELAYINXK49-5953f26dcbf11f; Tue, 29 Jul 2003 16:45:15 -0400
Date: Tue, 29 Jul 2003 19:47:35 +0000
From: 46IHEI0E63K3438E@aol.com
Subject: tT0Íîâèíêè è êëàññèêà ìèdîâîãî êèíî íà DVD!Tacitr21UfnGO
To: Tacitr <tacitr@aol.com>
References: <46IHEI0E63K3438E@aol.com>
In-Reply-To: <46IHEI0E63K3438E@aol.com>

You look at the LAST Received: from line. In this case it says:

Received: from  compuserve.com (209-130-218-13.nas1.roc.ny.frontiernet.net [209.130.218.13]) by rly-xk04.mx.aol.com (v95.1) with ESMTP id MAILRELAYINXK49-5953f26dcbf11f

In this case, what it is telling you is that the computer the message came from had IP address 209.130.218.13.

IP address 209.130.218.13 is owned by an ISP called frontiernet.net, who in turn gets their service from Global Crossing. So even though the message says it was from 46IHEI0E63K3438E@aol.com, it was not. It actually came from a spammer who was using Global Crossing, not AOL.

[kimmer]

QUOTE(RHPConsult @ Jul 29 2003, 7:18 AM)

But I find myself confused (a not infrequent event). Even though you are using your Mac.com address (one of which I also have) aren't you still using SBC as your outgoing mail server? Or does opening Mac.com somehow overlay, so to speak, a different identity onto your message, not recognizable as a communication actually "initiated" through SBC?

You are reaching Mac.com via SBC are you not? I guess I thought the "blockers" could  figure out the "sending mac" irrespective of the particular address? Hmmmm?

This is the configuration I have set up in Eudora:

mail server: mail.mac.com
SMTP: mail.sbcglobal.net

I just sent myelf a note from and to my mac.com addy. Looking at the full headers, it clearly shows it was sent from sbc.

QUOTE

Received: from mac.com (smtpin11-en2 [10.13.10.81])
 by ms11.mac.com (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23 2003))
 with ESMTP id <0HIU003WASJOBA@ms11.mac.com> for ***@mac.com; Wed,
 30 Jul 2003 12:52:36 -0700 (PDT)
Received: from mta7.pltn13.pbi.net (mta7.pltn13.pbi.net [64.164.98.8])
   by mac.com (Xserve/8.12.9/MantshX 2.0) with ESMTP id h6UJqYVp006444   for
 <***@mac.com>; Wed, 30 Jul 2003 12:52:35 -0700 (PDT)
Received: from [192.168.123.167]
 (adsl-66-122-61-89.dsl.sntc01.pacbell.net [66.122.61.89])
   by mta7.pltn13.pbi.net (8.12.9/8.12.3) with ESMTP id h6UJqX94029810   for
 <***@mac.com>; Wed, 30 Jul 2003 12:52:33 -0700 (PDT)

Sending to and from my sbc address gave me this:

QUOTE

X-Originating-IP: [64.164.98.52]
Received: from mtaw4.prodigy.net (mtaw4.prodigy.net [64.164.98.52])
   by vmg.prodigy.net (8.12.9/8.12.3) with ESMTP id h6UJt4Rf546864
   for <***@sbcglobal.net>; Wed, 30 Jul 2003 15:55:05 -0400
Received: from [192.168.123.167] (adsl-66-122-61-89.dsl.sntc01.pacbell.net [66.122.61.89])
   by mtaw4.prodigy.net (8.12.9/8.12.3) with ESMTP id h6UJt21f024461
   for <***@sbcglobal.net>; Wed, 30 Jul 2003 12:55:03 -0700 (PDT)

*** are my editing to remove my email address

I don't know if that helps you or not.

QUOTE(tacit @ Jul 29 2003, 1:58 PM)

No, it doesn't.

Let's say you get a piece of spam from "g1antpen1s@aol.com". Does that mean the spam came from AOL?

No. The From: address is forged. It is so easy to do, anyone can do it in under two minutes. [snippage of good stuff]

I try not to make blanket statements that I can't back up.

I check any junk mail that gets through at a reverse isp lookup. I'm fully aware of faked email address, and checking the full headers and all the info they contain.


kimmer

[tacit]

I'd love to see some headers from some spam originating from AOL. AOL's servers are pretty tightly controlled; they don't allow more than 30 copies of an outgoing message, and AOL filters for spam on both inbound and outbound mail.

I get a significant amount of spam, about 25% of it with forged AOL headers--but I haven't gotten any spam that actually came from an AOL email server in over a year.

[sandbox]

Kimmer, this

QUOTE

Received: from [192.168.123.167] (adsl-66-122-61-89.dsl.sntc01.pacbell.net [66.122.61.89])

is the same in both examples, is it not? Maybe I missed something?  

[jepinto]

Tacit-Here you go.  Received this morning 8-1-03

From - Fri Aug  1 07:35:31 2003
X-UIDL: <Ozmu4.S@49JEx9diK>
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <freddieacex@firstfinance1.org>
Received: from ns1.crestcommunication.com ([209.208.81.157])
          by imf13aec.mail.bellsouth.net
          (InterMail vM.5.01.05.27 201-253-122-126-127-20021220) with ESMTP
          id <20030731172136.YOQC20633.imf13aec.mail.bellsouth.net@ns1.crestcommunication.c
m>;
          Thu, 31 Jul 2003 13:21:36 -0400
Received: from 172.182.198.224 (ACB6C6E0.ipt.aol.com [172.182.198.224])
   by ns1.crestcommunication.com (8.9.3p2/8.9.3) with SMTP id NAA09230;
   Thu, 31 Jul 2003 13:20:40 -0400
To: "Bob"@ns1.crestcommunication.com
From: "James" <freddieacex@firstfinance1.org>
Subject: Americans can claim up to $2.5 million in grants this year! ZOZ
X-Priority: 3
Reply-To: freddieacex@firstfinance1.org
X-Mailer: Microsoft MimeOLE V6.00.2800.1106
Message-Id: <Ozmu4.S@49JEx9diK>
Date: Thu, 31 Jul 2003 13:20:23 +0700
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-MSMail-Priority: High
Mime-Version: 1.0
Content-Type: multipart/alternative;
   boundary="----=_NextPart_003_0035_YRMIKBBC.XUZARUDR"

------=_NextPart_003_0035_YRMIKBBC.XUZARUDR
Content-Type: text/plain;
   charset="ISO-8859-1"
Content-Transfer-Encoding: 8 bit

------=_NextPart_003_0035_YRMIKBBC.XUZARUDR
Content-Type: text/html;
   charset="ISO-8859-1"
Content-Transfer-Encoding: 8 bit

[kimmer]

QUOTE(sandbox @ Jul 31 2003, 8:24 PM)

Kimmer, this



is the same in both examples, is it not? Maybe I missed something?  

 Yes, it's the same. RHP had asked me if the emails clearly showed they were from sbc, and I was trying to show him that in the full headers they do -- BUT they get past the sbc spam blocks. That I do NOT understand.

I also don't understand why this morning MSN/webtv blocked me due to spam, then filled my hotmail box with 25 filthy porn things. This afternoon, I could once again write to my friend at webtv. None of it makes much sense to me.


kimmer

[tacit]

QUOTE(jepinto @ Aug 1 2003, 12:06 PM)

Tacit-Here you go.  Received this morning 8-1-03:

 Interesting. 209.208.81.157 is a mail exchange for Crest Communications, a small ISP in Archer, Florida. Crest Communications, not AOL, is the source of the email.

The email is being relayed through an open relay server at IP 209.208.81.157 that's being hosted by Crest Communications.

Spamcop turns up AOL as the responsible party, most likely because the spammer is using AOL for Broadband. He's relaying the spam through an open relay hosted by Crest Communications; the email is not actually originating from an AOL server, but rather from a Crest Communications server.

I'd say it's probably more likely to do some good if you report the problem to Crest Communications than if you report the problem to AOL.

[jepinto]

I should have explained more thoroughly!  Crest Communications IS NOT an open relay.  (Sorry Diana, I wouldn't want to cast any aspersions on your abilities.  Talk about red in the face!)

Crest is the host for our business account and relays the mail sent to that address to my personal account.

[Diana]

Hi Jennie, Tacit,

My server isn't an open relay.  Wanna test it for me Tacit? But, I am sorta surprised that anything sent to ns1.crestcommunication.com was forwarded to your TS account. I'm gonna have to do some looking into that since anything improperly addressed should either come to me, or postmaster, or admin@

I'm gonna go look, but did someone add the "admin" alias to one of the user profiles? If so, it will need to be removed because the system reserves admin for only one user. It shouldn't even allow it to be added to a general user profile as an alias, but maybe that got through somehow. I do know that admin is a reserved userID and if you try to create another admin user, the form will not allow it..time delay here

OK...I went and checked..and yup Jennie.. , you added the admin alias to your profile.   but no foul, I've removed it. I will look into setting up a special admin alias just for techsurvivors.

I bet you were getting some weird things via e-mail...server messages or similar stuff. I would be curious if you noticed such.

see ya,

[Bill]

"I bet you were getting some weird things via e-mail...server messages or similar stuff. I would be curious if you noticed such."

Diana, does the last post have anything to do with this topic?