Blocking Spam

By Larry Seltzer  |  Posted 2009-01-06 Print this article Print


Spammers and other abusers are constantly attacking and testing networks. If an ISP's abuse team is unwilling to listen to outside complaints and take them seriously, then testing will be missed and perhaps develop into full-scale abuse, perhaps a botnet. Now that's expensive for an ISP.

The flip side of port 25 blocking is the Spamhaus PBL or Policy Block List. Absent special arrangements between a user and a service, the user ranges at consumer ISPs can be said not to be legitimate sources for SMTP traffic. The PBL is a list of such ranges that recipients can block wholesale, and then put in exceptions as warranted.

And it's not just spam that gets ISPs on lists like this. The Spamhaus Top 10 also reflects hosting of spam URLs, fast-flux DNS servers and other abusive practices. Look at the Spamhaus complaint list for Google, for example, and you'll see more than one incident related to hosting of spam URLs on There are also many complaints about being used as a spam redirector.

And since this is a chance to take a dig at it, I'll note that my own ISP,, is listed at No. 9 and is the source for the infamous Gevalia coffee spam.

I actually think the spam abuse flood currently sweeping over Google caught the company by surprise, as it did Yahoo and Microsoft in their day. Think of the work it must have taken for Microsoft and Comcast to dig themselves out of this hole. Of course, Microsoft may be No. 11 and I wouldn't know, but Cox said Comcast, in recent years, has become "an impressively proactive ISP and they stomp out a lot of abuse as soon as their people are aware of it."

So ISPs really can turn it around if they're willing to do the right thing. There's no doubt in my mind that the work an ISP does to eliminate this sort of abuse from its network will also improve the quality of experience and support for users, especially its own, but also outsiders.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

For insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzer's blog Cheap Hack.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel