ISPs Need To Keep Moving Against Spam
Opinion: ISPs have to do more than just pass traffic on to the Internet or they're going to be sorry. The blacklisting wars are on their way.Back in June of 2004 I argued that ISPs need to start rate-limiting use of their outbound SMTP servers. I was right, although for reasons that were a little off. But its a good example of a larger point worth making: ISPs need to be diligent in fighting spam, not just inbound but outbound as well. Ive been looking further into AOLs claims of success in fighting spam, and I find Im believing the claims more and more. Ive been asking AOL users I know, and they agree that spam through to their inboxes has gone down dramatically over the last year or so, to 1 or 2 messages a day. How does AOL do it? Every way they can. Lets go over a bit of history of how spammers have operated. In the beginning, they simply bought blocks of IP addresses and set up servers and spammed from them, operating like everyone else on the Internet. Then anti-spammers got the idea to blacklist the IP addresses of spammers. As imperfect as this method was (it caused much collateral damage), it impeded spammers, as did the ISPs refusals to sell them more accounts. Eventually, the spammers moved on.
The next technique was to search for open proxies on the Internet, generally e-mail servers that are left open to anyone to send mail, and to a lesser extent Perl mail forms on Web pages with no security on them. Eventually the good guys also got good at blocking these and even at blacklisting the remaining open proxies.