ISPs Need To Keep Moving Against Spam

Opinion: ISPs have to do more than just pass traffic on to the Internet or they're going to be sorry. The blacklisting wars are on their way.

Back in June of 2004 I argued that ISPs need to start rate-limiting use of their outbound SMTP servers. I was right, although for reasons that were a little off. But its a good example of a larger point worth making: ISPs need to be diligent in fighting spam, not just inbound but outbound as well.

Ive been looking further into AOLs claims of success in fighting spam, and I find Im believing the claims more and more. Ive been asking AOL users I know, and they agree that spam through to their inboxes has gone down dramatically over the last year or so, to 1 or 2 messages a day. How does AOL do it? Every way they can.

Lets go over a bit of history of how spammers have operated. In the beginning, they simply bought blocks of IP addresses and set up servers and spammed from them, operating like everyone else on the Internet. Then anti-spammers got the idea to blacklist the IP addresses of spammers. As imperfect as this method was (it caused much collateral damage), it impeded spammers, as did the ISPs refusals to sell them more accounts. Eventually, the spammers moved on.

The next technique was to search for open proxies on the Internet, generally e-mail servers that are left open to anyone to send mail, and to a lesser extent Perl mail forms on Web pages with no security on them. Eventually the good guys also got good at blocking these and even at blacklisting the remaining open proxies.

Then the era of the zombied machine was born: Generally through infection by Windows e-mail worms, spammers created backdoor programs on users systems so that the computers could be used to send spam. The worms have their own SMTP servers built in partly for the purpose of propagating themselves, but also for sending out spam. Spammers control large networks of these infected systems; its generally agreed that there are zombie networks with tens of thousands of systems in them.


For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog.

AOL has been aggressive in trying to block mail from these zombie systems. They have implemented and tried persuading other ISPs, especially consumer broadband ISPs like Comcast that have a history of being abused by zombies, to TCP block port 25 (SMTP Mail) on consumer systems other than through their own mail servers. This is not necessarily an easy thing for an ISP to do, but there are a few ways to do it, including at the cable modem in some cases.

Next page: rDNS and other screws to tighten