Spam-filtering software from America Online Inc. may have overstepped its bounds and blocked e-mail from customers of Internet service provider EarthLink for more than a week, resulting in potentially more than 1 million messages that were undelivered and lost for good.
Atlanta-based EarthLink estimates that 100,000 to 150,000 e-mails sent by its customers to users of AOL were blocked daily, for approximately 10 days. That could mean that more than 1 million e-mails were blocked, although EarthLink couldn't say for certain, since the undelivered mail didn't bounce back to the sender. Instead the e-mails were collected in a "bucket" and couldn't be retrieved.
In a statement today, an AOL spokesman, said the filtering software mostly did its job; it blocked spam.
"One of our top priorities is protecting our members from spam, and as part of that effort, our system automatically shields our members from those servers that are sending significant volumes of spam. A small percentage of EarthLink servers fell into that category, but we've worked with EarthLink, and that issue has been resolved," he said.
EarthLink's servers weren't the only ones blocked, the spokesman said. The software monitors all Internet e-mail coming into AOL.
Only those EarthLink customers with the earthlink.net domain were blocked from sending e-mail to AOL customers, EarthLink spokesman Arley Baker said. EarthLink also owns other domains, including mindspring.com, but customers with those domains weren't affected, Baker said.
AOL blocked legitimate messages because they came from the same servers at the same time as e-mail from spammers that used EarthLink to send electronic junk mail, the AOL spokesman said.
The AOL software kicked in when an unusually high number of e-mails coming from one IP address arrived at AOL servers at the same time, Baker said. While some of those e-mails were probably coincidental and not from spammers, AOL determined that the spike in volume could only mean a spammer was trying to flood mailboxes with unsolicited mail, Baker said. Therefore AOL's antispam software automatically kicked in to block all e-mail from that IP address.
AOL and EarthLink officials were uncertain when the problem began because the antispam software doesn't bounce back messages, but instead sends them to what Baker called a "bottomless bucket." Therefore, users may not have known and still may not know that their messages hadn't been delivered.
Of the 10 million to 20 million daily e-mails coming from EarthLink customers, only about 5 percent go to AOL. Of those, about 60 percent have the earthlink.net domain, and of that number, 30 percent of the messages were blocked, Baker said.
EarthLink doesn't have a higher-than-average incidence of spammers "spoofing" or disguising their e-mail addresses with an earthlink.net domain, Baker said. EarthLink is a subscription service, and members who are caught spamming are fined US$200, he said.
Spammers often prefer free e-mail accounts, which they can establish anonymously, changing the name slightly each time they get shut down for spamming. Some, however, use false or stolen credit card information to establish accounts.