AOL RLY IR Nightmares!

[4u123]

http://postmaster.info.aol.com/errors/554rlyir.html

This is a serious problem. AOL have started a new kind of blocking where they will penalise hosts for sending to addresses at AOL that dont exist. This can be any kind of message including a bounce or undelivered report.

So if you send an email to bob123fgdg@aol.com and that address does not exist on their system, they will give your server a penalty point. If this happens regualarly, they will simply blacklist your server. Currently we have three servers blacklisted bay AOL for this reason.

My issue with it is that I know for a fact that none of these servers are sending out spam or unsolicited mail. The problem must be with bounced mail. If a spammer sends a load of email with a faked header, pretending to be from a non existent AOL address (which happens alot), the bounce messages will be sent back to the reply address.

Here is an example....

A spammer sends 1000 emails in a dictionary attack to a domain on one of our servers. The spoofed header shows a return address of fgdfg454@aol.com The addresses would be like this...

accounts@domain.co.uk
adam@domain.co.uk
alice@domain.co.uk
amanda@domain.co.uk
ben@domain.co.uk
bob@domain.co.uk
etc etc

None of those addresses exist but the spammer is bombing the domain trying to get a match.

So, all the emails bounce back to fgdfg454@aol.com which of course doesnt exist. So AOL in their wisdom add penalty points to our server for sending to a non existent AOL address. Then within a week, we get blacklisted and none of our customers on that server can send email to AOL.

This is the only reason I can think of for us being blacklisted - I have spent a long time looking at the servers and they simply are not sending out unsolicited mail.

The whole this is a nightmare and I'm very upset about it. Especially as the AOL Postmaster can no longer be contacted 24hrs - we have to wait for the USA to get out of bed.

Is anyone else experiencing this issue ?

[mtindor]

Make sure you are using :fail: as your default address

You say:

accounts@domain.co.uk
adam@domain.co.uk
alice@domain.co.uk
amanda@domain.co.uk
ben@domain.co.uk
bob@domain.co.uk
etc etc

None of those addresses exist but the spammer is bombing the domain trying to get a match.

If none of those addresses exist, your server should be rejecting email to those addresses during SMTP phase rather than accepting them and then bouncing them. This is what :fail: is for. It causes mail to be rejected during SMTP phase if the recipient email address does not exist in that domain.

Of course, if any of your people have an autoresponder on, then the autoresponder will accept the mail and send out an autoresponse to the innocent AOL address and cause you to get blacklisted as well.

Mike

http://postmaster.info.aol.com/errors/554rlyir.html

This is a serious problem. AOL have started a new kind of blocking where they will penalise hosts for sending to addresses at AOL that dont exist. This can be any kind of message including a bounce or undelivered report.

So if you send an email to bob123fgdg@aol.com and that address does not exist on their system, they will give your server a penalty point. If this happens regualarly, they will simply blacklist your server. Currently we have three servers blacklisted bay AOL for this reason.

My issue with it is that I know for a fact that none of these servers are sending out spam or unsolicited mail. The problem must be with bounced mail. If a spammer sends a load of email with a faked header, pretending to be from a non existent AOL address (which happens alot), the bounce messages will be sent back to the reply address.

Here is an example....

A spammer sends 1000 emails in a dictionary attack to a domain on one of our servers. The spoofed header shows a return address of fgdfg454@aol.com The addresses would be like this...

accounts@domain.co.uk
adam@domain.co.uk
alice@domain.co.uk
amanda@domain.co.uk
ben@domain.co.uk
bob@domain.co.uk
etc etc

None of those addresses exist but the spammer is bombing the domain trying to get a match.

So, all the emails bounce back to fgdfg454@aol.com which of course doesnt exist. So AOL in their wisdom add penalty points to our server for sending to a non existent AOL address. Then within a week, we get blacklisted and none of our customers on that server can send email to AOL.

This is the only reason I can think of for us being blacklisted - I have spent a long time looking at the servers and they simply are not sending out unsolicited mail.

The whole this is a nightmare and I'm very upset about it. Especially as the AOL Postmaster can no longer be contacted 24hrs - we have to wait for the USA to get out of bed.

Is anyone else experiencing this issue ?

[mtindor]

So, make sure the default address for all of the domains on your server is :fail: - or if you need to actually hav ea catchall, that is fine. But don't bounce, :fail: instead.

And more importantly, if you have any people with autoresponders on, prepare for this to happen. Autoresponders are a pain in the ass.

Mike

[4u123]

We set all accounts to :fail: by default but we are also using ASSP which uses a "no local address" filter. If you send into an address that does not exist, the mail is returned to sender with...

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[mtindor]

We set all accounts to :fail: by default but we are also using ASSP which uses a "no local address" filter. If you send into an address that does not exist, the mail is returned to sender with...

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

I see. Unfortunately I am not familiar with ASSP. Maybe there is a simple settings change in ASSP that will accomplish the same thing. If there isn't, then you should dump ASSP. It would be hard to fathom somebody creating something that is supposed to help fight spam and at the same time it causes the server itself to participate in spamming indirectly by sending bounces to forged senders. Again, maybe there is a setting in ASSP. But you'll need to find out from them. Tell them you do not wish to have the server accept/bounce mail for nonexistent users - You want the server to reject mail to invalid users during SMTP. See what they have to say to that, and go from there.

Mike

[4u123]

I'm not an expert on email but isnt it normal for the sender to receive a response even if you use fail?

If I send an email to dsfsfsfsfs@mydomain.com I would expect to get an undeliverable message returned from the server.

[4u123]

See AOL's BIZARRE response!!!!

"The reason for you getting RLY:IR is because of all those
IP`s are sending a whole lot of invalid recipients. For this IP
x.x.x.x the number of recipients attempted are 433 and the
undeliverables are 25 (30 days stats).


So - he is saying that within a month - the server sent 433 emails to AOL addresses. Of those 433, 25 were invalid and that is what caused the server to be blacklisted.

I'm totally shocked and completely amazed by that response. There are over 200 domains on that server. 25 incorrectly addressed messages should no way be sufficient to block a whole server! I think they must be insane!

I think AOL presume that every domain must have its own IP - they appear to have made a massive error of judgement somewhere when working out these rules.

He also said this....

"In addition to this you have to chane the rDNS for the IP`s
which are getting RLY:IR and the issue will be resolved."

What?

He wants me to change the reverse DNS of my servers ? Why ? There isnt anything wrong with the reverse DNS! All our servers have correctly configured PTR records.

In the last month they have blocked 5 of our servers for this same reason. I've asked him to escalate this issue to someone higher up. i cant beleive that they feel justified in telling me what they just did. it makes no sense at all!

[mtindor]

I'm not an expert on email but isnt it normal for the sender to receive a response even if you use fail?

If I send an email to dsfsfsfsfs@mydomain.com I would expect to get an undeliverable message returned from the server.

If the sender is using some mail server (besides yours) to relay the spam to your domain through that mailserver, then the sending mail server will be rejected during SMTP, will generate a bounce, and the bounce will be sent back to the sender address.

If the sender is sending directly to your mail server (using some application on their system) without going through another mail server, then the _actual_ sender gets rejected during SMTP.

So for instance, if I use :fail: on tindors.com and you send an email (through your mail server) to bob@tindors.com, my mail server would reject the mail during SMTP, and your mail server would generate a bounce that would be sent back to the sender address.

Mike

[mtindor]

I doubt they look at it as an 'error in judgement'. AOL is an elephant (one of a handful) - they dictate how the rest of the world must operate their mail servers. Nothing you can do about it really.

AOL, Hotmail, Yahoo, Comcast, and a handful of other big guys seem to get their kicks from 'setting policy'.

M

I think AOL presume that every domain must have its own IP - they appear to have made a massive error of judgement somewhere when working out these rules.

He also said this....

"In addition to this you have to chane the rDNS for the IP`s
which are getting RLY:IR and the issue will be resolved."

What?

He wants me to change the reverse DNS of my servers ? Why ? There isnt anything wrong with the reverse DNS! All our servers have correctly configured PTR records.

In the last month they have blocked 5 of our servers for this same reason. I've asked him to escalate this issue to someone higher up. i cant beleive that they feel justified in telling me what they just did. it makes no sense at all!