RealTime IT News
When Spam Policing Gets Out of Control
By Jim Wagner
May 23, 2002

Anyone who's had an e-mail account for more than a week knows the extent spam has permeated the Internet lifestyle, but the actions of over-zealous "spam cops" are shutting down and taking off-line hundreds, perhaps thousands, of legitimate businesses.

Blacklists, the controversial method of filtering out IP addresses of known spammers and their ilk, have been around almost as long as spam itself. When a person or agency files a complaint against a server that hosts mass e-mail marketers, the blacklist will put the IP address of the server in its database, which is then downloaded by Internet service providers (ISPs) and carriers alike and put in its email server to filter out the "bad" IP addresses.

There are many blacklists out there today, ranging from the well-known Relay Stop List (RSL) and Open Relay Database (ORDB) sites to the home-grown scripts written by experienced programmers.

Over the years, several have been shut down after picking a blacklist fight with a well-connected business or government site with an aggressive team of lawyers, as in the case of popular ORBZ blacklist.

Many consider the blacklist community the consumer's and ISP's best friend, saving thousands of e-mails from bogging down the network and clogging the inbox.

But sometimes whole blocks of IP addresses are included in the mix, shutting down an entire network of servers found in the block of addresses -- the innocent and guilty alike. It's a situation that affects many ISPs and Web hosts today, requiring them in many cases to beg and plead for their domain's release from the blacklist.

Consider Interland, reckoned by many anti-spam advocates as the number-one haven for spammers in the known universe. At one time or another, the Web hosting company has been the home to almost a 100 spam sites, which blanketed the Internet with "opt-in" and pornographic e-mails.

Efforts to get these spammers off the network were met with deaf ears by Interland officials, anti-spam organizations said. Putting Interland's entire block of IP addresses seemed like the best option, and one taken by blacklist Spam Prevention Early Warning System (SPEWS).

While the move certainly got the attention of Interland officials and was a victory for anti-spammers, the blacklist affected many more than just the spammers. Before the Web host was de-listed by the blacklist on Feb. 8, all of Interland's 400,000 legitimate customers were barred from the ISP and carrier networks using SPEWS' blacklist database.

According to Jeff Mitcham, part-owner of ISP and Web hosting company APEC Solutions, the ends do not justify the means and the end result of blacklists filtering out IP blocks are overkill.

"It's the equivalent to trying to kill mosquitoes using an elephant gun and not worrying whether you actually see the mosquito or not," he said.

It's an interesting dilemma for ISPs and blacklists alike. Case in point -- the largest ISP in the world, America Online , has been conducting what can only be diplomatically described as an "aggressive" e-mail mass marketing campaign.

For weeks now, AOL has been spamming its latest AOL 7 to the customers of other ISPs around the U.S. through mass-mailers Focalex.com, freebiebank.com and shopathome.com, to the tune of one e-mail per customer every three minutes.

John Keown, owner of ISP NuNet, Inc., said his servers have been bogged down with roughly 500 e-mails every day because of the AOL campaign. The answer, it would seem, would be to blacklist the three e-mail distributors.

But the root cause is AOL, which hired the companies to disseminate all those e-mails. Is the answer blocking out AOL? Doing so would put an end to the online efforts of tens of thousands of small businesses who set up shop in AOL's e-commerce area and the e-mails from its 34 million plus customers.

Given the arbitrary nature of some blacklists, it could happen.

The main problem with some of these blacklists, Mitcham said, is not the fact that blacklists exist (as an ISP he is aware of the costs spam brings to his network), but the arbitrary nature of Web hosts and ISPs finding their way onto the blacklist in the first place.

"(SPEWS) has an interesting belief of 'blacklisting by rumor'," he said. "In other words, they are too lazy to actually check to see if there is an open relay, or if the ISP is actually promoting spam. Instead, if they get any indication that you 'may' be spamming they will block your entire Class C."