Feeds

AOL lifts Demon spam ban

Purgatory

  • alert
  • submit to reddit

SANS - Survey on application security programs

AOL lifted a block on email from ISP Demon this afternoon, after a sudden surge of spam messages provoked AOL into rejecting all email from Demon users last Friday.

In a notice to its users on Friday, Demon admitted that its users were unable to send email to a "small number of other ISPs" because of measures introduced after spammers used open mail relays within its network to send bulk email. No-one for Demon was available for comment this afternoon, so we not sure which ISPs other than AOL were involved.

Demon (probably correctly) attributed the problem to misconfiguration of its customers' machines, a point to which we'll return presently.

AOL has an in-house automated system which blocks emails from individual IP ranges or in some cases, an entire ISP, if these are identified as the source of a spam onslaught, a company spokesman told us.Spam last week from Demon reached such levels that the AOL introduced a temporary block to stem the deluge.

AOL has now restored connectivity to Demon.

While the root cause of the problem is insecure configuration by its users, Demon has an obligation both to educate its customers on the problem and to actively scan its network for open mail relays before the problem gets out of hand.

Last week Demon seemingly failed to get on top of the issue, surprising given its reputation as an ISP which takes security seriously. But, then again, there were indications that Demon had something of a spam problem as long ago as last June.

Demon argues that rejecting email is not the best approach to dealing with the spam problem and says it monitors it own automated systems. It also criticised other ISPs for not informing it directly that its customers email was being blocked.

AOL conceded it could have done more to inform Demon that its users' email was been blocked. The company estimates it is at the receiving end of a staggering 500 million spam email a day (that's what it says anyway).

AOL says its "sophisticated" spam blocking technology prevents the vast majority of these messages reaching customers. With these volumes any monitoring of automated systems is never going to be perfect.

In any case, let's put the blame for Demon users' problem on the real culprits: spammers, those pestilent parasites of the Internet age. ®

Related Stories

Demon email 'beyond a joke'
blueyonder escapes Usenet death row
Usenet demands 'death penalty' sentence for AOL

Top three mobile application threats

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.