- Related Stories
-
MCI accused of harboring spammers
February 7, 2005 -
Zombie trick expected to send spam sky-high
February 2, 2005 -
Lycos Europe: 'Make love not spam'
November 30, 2004
The Spam Prevention Early Warning System (SPEWS), whose blacklist is referenced by many antispam controls, imposed the block in response to the high number of Telewest customers whose machines have become compromised and taken over for the purpose of sending spam.
Last month, Silicon.com revealed that some of Telewest's Blueyonder.co.uk home subscribers were sending hundreds of thousands of e-mails each day--a sure sign of an open relay, pumping out spam.
At the time, Matt Peachey, a managing director of IronPort, whose Senderbase system revealed the extent of Telewest's spam problem, told Silicon.com: "The ISPs know they're spamming, but they're reluctant to put things in place which block mail. With ISPs, it's not about what comes into their networks; it's about what goes out."
Despite such apparent warnings, a representative for Telewest told Silicon.com the company believes SPEWS' actions have been "a little heavy-handed."
IronPort's Peachey is inclined to agree. "I'm not surprised this has happened, but I am surprised at the number of IP addresses which have been blacklisted," he said.
Peachey said about 17,000 IP addresses on the Blueyonder.co.uk domain are pumping out spam, yet the SPEWS blacklisting applies to more than 900,000.
"This is why blacklists are so problematic," Peachey said. "There will be a lot of people who are blacklisted who have been doing absolutely nothing wrong."
However, Telewest is holding back from any further criticism of SPEWS.
"We have to let them get on with what they do and concentrate on our own game," the representative said. He accepted that Telewest must take some responsibility for the situation reaching such a crisis point but said "it's an industry issue which every ISP suffers."
The Telewest representative said: "We're doing our best to contact customers, and we are talking them through physically cleaning up their PCs."
"Later this year we are launching a very comprehensive security package for our customers including a free firewall, free antispam and free antivirus," he added.
Currently Blueyonder.co.uk is the ninth in the Senderbase list of domains generating e-mail--two places behind Hotmail and two ahead of America Online.
According to Senderbase, Blueyonder.co.uk addresses are generating 90.4 million e-mails per day. The company confirmed it has around 700,000 customers, with updated figures due for release on Thursday.
Will Sturgeon of Silicon.com reported from London.
- More from News.com on this story's topics
Spam filtering
Spam and phishing
Europe
See more CNET content tagged:
Telewest,
Internet Service Provider,
Ironport Systems Inc.,
anti-spam,
spam
Click to Save up to $300/yr on calls
What ISPs should do is monitor for outgoing mail in large quantities going directly out of PCs or through their servers. Monitor their servers for exceptional bounce rates fromspecific users, scan outgoing email for spam, or at least sample outgoing email using automatic tools, and then automatically increase sampling when suspisious behaviour is found.
But most important: they should make subscribers aware that there are possible problems, that these problems may affect both their own computers and other people's computers, and that good security measures are important both as self protection and as responsible citizenship (netizenship), and they should promise the subscribers that they will alert them when there's trouble and help them resolve it.
The two most important things here are awareness and trust: subscribers should be aware of the possible problems, and trust their ISP both to tell them when something's wrong and to help them resolve the problem.
I believe if things don't change those who use the services of spam blacklisters are going to feel the sting of a backlash. It really comes down to the ISP though. They need to monitor their users without being intrusive.
The funny thing about blocking IP addresses and not domain names is that the spammer just moves to another server that isn't blocked while those on the blacklisted IP continue to suffer.
The amount of "colateral damage" done by blacklist services is going to become unacceptable at some point (if it already isn't) then what are we going to do?
May that be a lesson for all other ISP who neglect to take preventive measures so that their network does not become a major spamming platform.