AOL – Spammer’s Haven

Geolocation by on January 6, 2007 at 2:44 pm

Interesting post by Markus wondering whether AOL had been hacked.

They haven’t been hacked – they’ve just become the new spammer’s haven. I’ve wondered how long it would take the spammers and scammers to figure this out after AOL made their service available for free.

Here’s how it works:

  1. Scammer downloads a copy of AOL’s software
  2. Scammer uses AOL software in “AOL over broadband” mode (they use their own Internet connection)
  3. Scammer conducts bad business using the AOL client (they can’t use any non-AOL browser).

The spammer is now indistinguishable from every other AOL user – bad grammar and all.

Now, let’s suppose that someone detects the fraudulent behavior and they want to block the user. Because of AOL’s proxy systems, websites can’t block the IP address since they would be blocking hundreds of thousands of AOL users. Doh.

AOL has now become the world’s largest public, anonymizing proxy.

Many sites use IP geolocation technologies to identify traffic from proxies. The fraud from these proxies is several orders of magnitude higher than from regular IP addresses, so many ecommerce companies naturally send these transactions for extra screening. Try sending a big paypal transaction next time you’re in Africa – you’ll get to know the folks in the Paypal fraud department pretty well.

So, what happens as AOL becomes a spam gateway? One of two things:

  • they begin policing their free users. An expensive and challenging option.
  • regular users of AOL have a harder time doing things online. They get asked for extra information when they make purchases (or have them outright rejected), get rejected when they apply for credit cards, etc. The users leave and spamming gets worse. AOL eventually shuts down their proxy servers.

Anonymity is nice, but the world requires trust to operate.

BTW, never trust a message from a gmail account either. Gmail doesn’t display the source IP address of the sender in the message headers. So, the scammer can hide himself from prying eyes. Yahoo and Hotmail may have a long history of scammer usage, but the real pros are using gmail now.

Related Posts

1 Comment

  1. AOL Now the Largest Free Proxy Site in the World? « Anti AOHell — August 8, 2007 @ 7:28 pm

    […] Nafziger’s Net has an excellent article about Marcus’ problem and how it relates to AOL’s proxy issues. One highlight from it: So, what happens as AOL becomes a spam gateway? One of two things: *they begin policing their free users. An expensive and challenging option. *regular users of AOL have a harder time doing things online. They get asked for extra information when they make purchases (or have them outright rejected), get rejected when they apply for credit cards, etc. The users leave and spamming gets worse. AOL eventually shuts down their proxy servers. […]

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. | Dave Naffziger's BlogDave & Iva Naffziger