RealTime IT News

Spamhaus Accuses MCI of Hosting Spam Gangs

One of the world's largest Internet providers is hosting illegal spam operations and making an estimated $5 million a year to keep those operations running, according to a report published by the anti-spam group Spamhaus Project Friday.

The non-profit organization, which tracks spam and provides lists of spammers, said it has repeatedly notified MCI that it is helping to host 187 known "spam gangs" around the world, and that it has become known as a top spam haven in the world.

The organization's report also claimed that two of the most popular spamware applications, Send-Safe.com and Direct Mail Sender (DMS), have been traced to the SoBig virus and its variants, which the organization estimates infect 80,000 - 100,000 new PCs every week.

The SoBig virus and its variants are considered among the most damaging viruses after they slowed network traffic and crashed e-mail servers across the Internet in 2003.

Send-Safe.com is listed as an MCI customer on the Spamhaus Block List (SBL) advisory service, although it should be noted that MCI offers a wholesale service, which means smaller ISPs can purchase from the carrier and pass along services.

MCI defended itself against the report, saying it isn't in a position to censor content providers.

The Spamhaus report is titled "Should ISPs Be Profiting From Knowingly Hosting Spam Gangs?" It comes on the heels of remarks earlier this week by Spamhaus founder Steve Linford. He said a new spam technique for targeting ISP e-mail servers -- if left unabated -- would result in a new plague of spam consisting of up to 95 percent of all e-mail by 2006.

Linford said the technique is an extension of the proxy spam problem, which he noted is responsible for 70 percent of today's spam.

Proxy lists are comprised of the IP addresses of computers that have been infected with a virus that allows a spammer to launch e-mail campaigns from a compromised machine anonymously.

Some spam operations rent or sell these lists of compromised IP addresses to spammers, who then use a software program -- called spamware -- to automate the launch of huge spam campaigns using the infected host computer.

Spamhaus said "pink contracts," which have been around for many years in the anti-spam community, are at the root of the problem. Defined as agreements between ISPs and spammers in which the Internet host agrees to exempt the spammer from the company's normal terms of service in exchange for a hefty fee, the practice held myth status until anti-spam groups were able to prove financial relationships between ISPs and spam groups.

"MCI is the only American, and indeed only Western network, where this spam support activity is 'not against our policy,'" the Spamhaus report said. "Spamhaus maintains that MCI's 'protected speech' excuses for servicing known spam gangs and proxy spamware distribution sites are dishonest and non-sensical in the face of the Internet's spam epidemic."

Peter Lucht, a spokesman at MCI, said the company has a very firm and clear acceptable use policy (AUP) and will cooperate with law enforcement if necessary.

"If law enforcement determines that it is illegal, we will certainly work with them to make sure it is taken down," he said. "MCI isn't in a position, legally or technically, to censor Internet content."

Lucht would not comment on the Spamhaus estimates of MCI's revenues from organizations known to traffic in spamware.

According to a recent report by Postini, a provider of e-mail security and filtering software, between 75 and 80 percent of all e-mail is spam and another 10 percent is comprised of some form of phishing , Denial of Service or virus threat. It also said compromised ("zombied") computers now send more than one-third of all spam.