After what an America Online spokesman described as “a huge spike in the amount and volume of e-mails” received from the Yale e-mail server, the Internet service provider has temporarily blocked mail to its users from certain Yale IP addresses.
AOL users have received tens of thousands more e-mails from Yale addresses than the usual levels, AOL spokesman Nicholas Graham said Monday. He said the increase, which began April 2, may be related to an April Fool’s Day hoax or scam that senders of spam used to compromise Yale machines.
“It’s very unusual,” Graham said. “It’s a remarkable change from the traditional volume of e-mail we see from servers assigned with Yale University.”
It was unclear as of Monday night whether all e-mails from Yale to AOL accounts had been blocked for some period of time.
Yale Information Technology Services Director Philip Long said the University had received an e-mail from AOL informing the University that, as of 5:34 p.m., the online service was restoring access to messages sent by Yale’s mail relays. Blocking the mail relays effectively blocks e-mails coming through the standard servers most members of the Yale community use, Long said.
All e-mails sent by University users go through the relays, except messages from those who have set up their own servers, Long said. He said spammers use worms and other means to take control of others’ computers and then set them up to bypass the Yale servers.
“The problem is, compromised machines can be turned into spam relays,” Long said. “And all of Yale suffers for that compromised machine.”
Senders of blocked messages have received e-mails from AOL informing them that their mail was undeliverable.
“The information presently available to AOL indicates this server is generating high volumes of member complaints from AOL’s member base,” the message said. “Based on AOL’s Unsolicited Bulk E-mail policy — AOL may not accept further e-mail transactions from this server or domain.”
AOL is the world’s largest Internet service provider, with approximately 50 million users.
Some machines from Yale’s IP addresses apparently were compromised, Long said, and AOL blacklisted those addresses. Some individual compromised machines may remain unable to send mail to AOL members, Long said.
AOL plans to stop blocking those accounts when both Yale and the Internet service provider are satisfied the problem is resolved, Graham said.
“Yale has been working with us in a very cooperative and amiable manner,” he said.
By next fall, ITS may have a way to prevent similar events from occurring, Long said. He said ITS is currently discussing a system that would require University users to register all mail servers and block all outgoing messages not sent through one of the registered pathways. The last time ITS counted, there were approximately 100 mail servers at Yale, Long said.
The system being discussed would help prevent spammers from taking over University computers by stopping them from using those computers as mail servers, Long said. Any mail sent from a compromised machine functioning as such a server would be blocked because the server would be unregistered, he said.
“People who didn’t intend to send mail — then that mail would be blocked by Yale,” Long said.