[unisog] AOL and forwarding

Dave Dittrich dittrich at u.washington.edu
Fri Oct 7 16:27:23 GMT 2005

> We reject some 50% of mail as spam or virus.  Some colleges do not reject
> spam at all, but just mark it, and if we did that we'd be sending AOL even
> more spam than we do.
> Or do we forward much more mail to AOL than most places?  One reason we
> might is that we run an alumni forwarding service on the main mail system.
> Alumni get as much spam as anybody but it's not balanced by much mail
> from our own users, so their percent must be pretty high.


Your problem may be with spambots.  Programs like Agobot/Phatbot have
built in checks to see if they are able to spam AOL, and if so, they
do it very agressively.  They know how to fake several SMTP servers,
to try to bypass filters, and do their own relaying (or can proxy
through other hosts), so they bypass your own email infrastructure and
filters.  If you have some way of monitoring flows to AOL servers, and
watch for high volumes (either connections or total bytes), you may
find these spambots.  (Make sure to protect your user's privacy while
doing this.  As you know, if you don't do anything they may lose email
access, so careful and ethical monitoring benefits them more than it
threatens their privacy.)

Dave Dittrich                           Information Assurance Researcher,
dittrich at u.washington.edu               The iSchool
http://staff.washington.edu/dittrich    University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE97 0C57 0843 F3EB 49A1  0CD0 8E0C D0BE C838 CCB5

More information about the unisog mailing list