Home / Blogs

AOL Fires Across the Bow of Spam-Friendly ISPs

The North American Network Operators Group (NANOG) conference, a gathering of Internet Service Provider (ISP) engineers and vendors convenes three times a year for mostly technical conversation along with social networking. The recent NANOG conference in Reston Virginia saw some unusually direct talk about Spam and the ISPs that tolerate it from America Online’s Postmaster, Charles Stiles.

Although the usual tone of presenters is either friendly or blankly academic, Stiles’ tone was more aggressive. His message was short and sweet: ISP must change their ways or AOL will blacklist their mail servers. Stile credited ISPs for blocking TCP port 25 amongst their broadband and dialup userbases, a maneuver that has previously reduced spam output. However, he presented data showing that the majority of spam now comes from ISP mailservers directly. As port 25 access has been blocked, the common worms that send out most spam have altered their tactics and have diverted their mail through the various ISP’s own mail servers.

Stile submitted that ISPs must do more than just block port 25 outbound. Ideas included the use of anti-spam techniques on outgoing (as well as incoming) email, the use of outbound email rate limiting, and, most importantly, the implementation of SMTP Authentication for all ISP users.

Stile also addressed the issue of Sender Authentication technologies such as SPF and Sender-ID. While noting that AOL supports these technologies, he was quick to point out that they won’t stop spam coming from other ISPs’ mailservers, as most of the worms send their spam with the local ISP’s domain as the from or sender domain. He also noted that AOL will use published SPF records as the basis for their spam whitelist in the very near future and urged the attendees to register such records immediately.

Needless to say, Stile’s plain talk and hard data were extremely persuasive. ISPs have clearly entered into a new phase of the anti-spam battle where tactics will become more complex and simple measures like Access Control Lists will be insufficient. AOL appears to be quite serious about blacklisting other ISPs who fail to take aggressive enough action against mass emailers. This may result in some partitioning of the Internet mail system in the immediate future if offending mail system operators are slow to act.

Stile’s presentation is available on-line [PDF].

By Daniel Golding, VP and Research Director at Tier 1 Research

To learn more about Tier1Research, visit http://www.t1r.com.

Visit Page

Filed Under


Yakov Shafranovich  –  Nov 1, 2004 12:01 PM

AOl has been very progressive of all the ISPs for a long time, and a lot of the stuff they are doing is very good. For example, AOL’s postmater wrote a document on port 25 blocking and it seems that they are widely promoting the idea along with allowing the SUBMIT port (587) instead. Good luck!

Daniel R. Tobias  –  Nov 2, 2004 4:17 PM

I’m opposed, myself, to ISPs blocking port 25 outbound, since many users (myself included) have legitimate reasons to use outside mail servers.  In my case, I use an e-mail address in my own domain, hosted on a Web hosting provider, and wish to use both inbound and outbound servers at that provider.

Daniel Golding  –  Nov 4, 2004 8:50 PM

Need to use an outside mail server?

That’s easy to do with SMTP-Authorization running on the SMTP Submission Port, TCP port 587. This can also be accomplished by using SMTP-AUTH with TLS (aka SSL). Other alternatives include SSL and IPSec VPNs. You would be surprise how many folks support at least one of these techniques. If they don’t, find a new hoster!

Closing port 25 to dynamically assigned IP addresses is an important part of the move towards accountability and authentication in email origination.

For now, you can also “smarthost” - use your own ISP’s mailserver to relay out mails with altered message headers. As SPF and Sender-IF are adopted, however, this will stop working, as the difference between phishing and smarthosting is intent rather than technical.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign

Brand Protection

Sponsored byCSC


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix