There are good ISPs, and bad ones.
The Internet Service Providers that provide Internet services to us are good, right? But those that provide services to bad folks, well, those a bad ISPs.
That seemed pretty clear in September of 2008 when a group of security researchers and network security personnel announced that they had forced the rogue ISP Atrivo offline.
Atrivo’s last uplink provider had ended its arrangement with Atrivo. Then in October the FTC said it had won an injunction against HerbalKing, an international spam operation.
Then the rogue ISP McColo was taken offline.
The Washington Post’s SecurityFix had been investigating McColo’s activities for months. Then the blog began contacting McColo’s major service providers, and along the way SecurityFix shared with the backbone providers whatever information it had on McColo.
One service provider to McColo, Global Crossing, merely responded with the pro forma “We cooperate with government investigations and security researchers.” I was disappointed to see that, because for years I had used Global Crossing’s free side for some of the online communities in which I was involved.
Hurricane Electric was more forthright. “We shut them down,” said an exec. When they saw the extent of the problem, “Within an hour we had terminated all our connections with them.”
McColo was into spam, with clients that included a nasty mix of crooks.
Does shutting down one major spam cartel make a difference? There is at least a short-term effect, usually followed by a rebound.
There is no single ISP or secret alliance of them that is so critical to the flow of spam that if it were identified and disabled, the flood of spam would be dammed. But the mathematics of spamming is instructive.
The predominant trend in spam is its steadily increasing volume. Now spam accounts for about 90 percent of all e-mail volume.
Okay, not in your mailbox, right? That’s because a lot of that spam is blocked before it reaches you. Your e-mail service uses one or more forms of spam blocking.
But think of it: malicious spam totals at least 4 billion messages a day.
Spammers have excelled at developing automation technologies and more and more powerful spam engines.
More effective spam filtering strategies are followed by more effective filter defeating strategies.
IT administrators have to manage spam volumes. They scan logs, searching for potentially valuable e-mail messages that have been diverted from recipients because they were mistaken for spam.
As moderator of some mail lists, I spend way too much time chasing down sources of wrongful spam blocking. The ISPs of various list subscribers have identified, wrongly, the mail lists or their listserv domains, as spam sources. The ISPs hide behind their spam blockers, at lower levels of these discussions. “We can’t help it. We have to do what Barracuda says,” is their mantra.
My answer to that is that, actually, Barracuda (or SpamAssassin, or whatever) has to do what the ISP says, just as my spam blocker has to blacklist according to my settings, and has to allow any e-dress or domain I whitelist. Whitelist the e-dresses that the customer has a relationship with—such as a mail list the customer is subscribed to.
But lest we think spam is just an annoying, or even an expensive, time-suck, here’s what it has become: an enormous security problem. Spam is the opener in what have come to be called “blended threats.” Recips are asked for some response or some ID, and are taken to malicious sites, or video codecs are launched, or readers are induced to open infected attachments.
Most current spam is driven by botnets (Cutwail, for example), and those networks are comprised of those computers that have been infected with code that enlists them in spam-spewing networks, unbeknownst to the computers’ legitimate users.
Are you guarded against spam? If so, how?