NOTE: This blog entry is a supplement to our February 5 Downsizer-Dispatch message which can be found above (the Dispatch will be posted after this entry so we can't link to it here).
In an earlier blog item in November we told you how a hacker attacked a minor vulnerability in our "Tell-a-friend" mechanism. It was fixed almost instantly. We won't rehash that story. You can read it for yourself.
We've been blacklisted by AOL. All we were told was that we had a "compromised script." We don't know the specific nature of the compromised script, but the November Tell-a-friend hack was our first appearance on the AOL blacklist and we've had problems with that company ever since. We've been in a kind of "off and on" situation with them -- more off than on -- but it was mostly a minor, occasional annoyance. Each time that we would end up on the list, we'd wait 24 to 36 hours, and the problem would go away.
That ceased to be the case, starting in about mid-January. Now we're just plain "on" the AOL blacklist, and we're having a very hard time getting off!
To make matters worse, due to a technical mistake on AOL's part, no "trouble ticket" was filed on our problem until Thursday. It took considerable follow-up just to get that far. And, work order or no, the problem still isn't corrected.
AOL has been insistent that we didn't have a reverse DNS address on our server. Spammers frequently do not have a proper reverse DNS, and having both a forward and reverse DNS that agree is one way ISPs can ensure that there's no email forgery going on.
The problem was, AOL was wrong. We've had a reverse DNS all along. And our server sits on U.S. soil. It didn't require rocket science for AOL to find our reverse DNS, but find it they could not. So they claim.
Worse still, it took repeated attempts to actually get to the point where we knew that AOL's supposed problem was that we supposedly didn't have a reverse DNS. Then, our programmer had one of those conversations that goes like this:
AOL: We can't help you because you don't have a reverse DNS.
DownsizeDC: We've got a reverse DNS.
AOL: We show that you don't have a reverse DNS.
DownsizeDC: Really, we've got one.
AOL: We can't do anything to help you until you have one.
DownsizeDC: It's been there all along.
AOL: Well, we'll try to find it. But until then, we can't do anything.
We were really in an "Alice in Wonderland" situation. It seemed like we couldn't get a "trouble ticket" issued for an allegedly "compromised script," because AOL said we didn't have a reverse DNS, even though we did have a reverse DNS. It was like trying to convince someone they have an elephant in their living room when they won't even turn around to look where the elephant is standing.
All we could do was ask them to please notice that we really did have a reverse DNS after all, and then wait. And wait, and wait. As follow-up our programmer sent 2 messages to their DNS department, but got no reply.
We didn't know they had finally found our reverse DNS until our programmer called their postmaster again
this past Thursday.
But it still required that call to get our trouble ticket filed so the appropriate staff would remove us from the blacklist. They may have found the reverse DNS the day before, but that didn't mean our work order was filed. We were told it would take one or two business days to correct.
As of today (Monday) we're being told at least 24 more hours. Given the delays up to this point, who knows if that's accurate?
It's worthwhile to note that we've applied for the AOL white list three times and each time we were rejected. We just learned that we must have 30 days of clean mailing history. As you can tell, since November 13, we've not qualified.
On top of that, after this most recent blacklisting, our programmer set up a "feedback loop" with AOL. That's a recommended procedure. However, another ISP manager we spoke to said he has one of these for his company as well, but has found it to be "useless."
So the problem appears to be deeper. We think the reason for that is that AOL has made a very bad institutional decision and is apparently incompetent to correct the damage they impose on others.
Metaphorically speaking, somewhere along the way, someone at AOL decided that their customers want the mail delivery person to read all of their mail, sift out the stuff they wouldn't be interested in, and deliver the rest. Internet Service Providers (ISP -- i.e., like AOL, Earthlink, Road Runner, Comcast, and our friends at FBS.net) are really just mail delivery pipelines -- a virtual postal delivery service of sorts, and all ISPs have different policies about how to deal with spam. AOL's spam policy is bad.
I can only imagine the howls of consternation if the U.S. Postal service started going through our snail mail the same way AOL does! Imagine not getting a lot of your mail, and sometimes none of your mail, because the USPS decides its junk. Well, that's what AOL does a lot of the time.
Now, I hate spam as much as the next guy. I get roughly 350 spam messages a day (no joke), and as the CEO of an upstart non-profit I don't have any money to invest in a hot trade, a rare ground-floor opportunity, or a precious commodity. Plus, my penis works just fine, thank you very much. It's nice to have my ISP sorting some of this junk out of the mix, but AOL's approach to this problem is ham-handed.
I've talked with an ISP manager who explained to me that a spam filtering program is a must if an ISP wants to be competitive in today's market, but how an ISP provides this service is really important.
Here's a way to think about it: Our justice system is built on the presumption of innocence. Theoretically, we'd rather let nine guilty men go free than unjustly convict and punish one innocent man. Not all governments work this way, but we're all grateful that ours does (at least in principle).
Similarly, not all ISPs work on the presumption of innocence. Some do. The ISP manager I spoke about above says that his company grabs "obvious spam," but if there's any question, they let it through so the customer can decide. That way, his customers don't miss email they want or need. His company presumes that email sent by a list owner is innocent until it is proven guilty. This approach reduces the spam volume significantly, but not completely. This approach also makes it more likely that customers will get nearly all of the email they actually want to receive.
But in AOL's world, email from a list manager is presumed guilty of being spam for the slightest of reasons. If AOL gets so much as one complaint, AOL assumes guilt and renders a death sentence.
AOL doesn't want the inconvenience of even a single spam complaint (like it's their fault). And if AOL customers don't get the email they want, frequently they don't even realize it. This policy probably keeps AOL's call center and postmaster less busy, and AOL customers may even brag to others about how little spam they get, which is good word-of-mouth advertising for the company.
But I can pretty much guarantee you that AOL customers are also not getting a lot of email they actually want, including the Downsizer-Dispatch.
Frankly, I think AOL should be fed to Darwin's machine. They need to adapt or perish. This is a terrible and costly business decision AOL has made. It's cost us a lot, and it should cost AOL too. I've never taken a public position about the existence of a company before, but if AOL cannot fix this problem, then I look forward to the day they fold. I may even dance a jig when it happens.
The way we can make AOL bear the cost for their stupid policy to tell OUR customers how AOL is handling their email. And that will be our next step.
Other action is also being considered.