ISPs Pitch In to Stop Spam
Some major Internet service providers recently have come to this realization about the fight against spam: They are both part of the solution and part of the problem.
Every U.S. ISP uses antispam techniques to catch unwanted messages coming into their networks before they reach users. Recently, thanks to the urging of industry groups and coordination among providers, ISPs also are taking measures to limit the spam emanating from their networks. While no one is declaring the war won, they have discovered that making relatively simple changes to network policies can have a significant effect on reducing unwanted e-mail.
ISPs are "starting to realize that outbound spam . . . out of their networks is one of the biggest problems they need to solve," says Rich Wong, general manager of messaging with Openwave Systems, which makes ISP-class messaging software. Wong is chairman of the Messaging Anti-Abuse Working Group. "The ISP industry is clearly recognizing the issue and taking proactive steps to solve this problem," he says.
Targeting Port 25
MAAWG says one of the most effective steps ISPs can take to cut down on outgoing spam is to block or filter e-mail sent via Port 25, a gateway that pumps Internet e-mail past an ISP's server, not through it where it can be filtered. Blocking Port 25 means users must send e-mail through the ISP's mail server, therefore letting the provider monitor traffic flowing out of its network. Last month, the Anti-Spam Technical Alliance, formed last year by Yahoo, America Online, EarthLink, and Microsoft, issued a list of antispam recommendations that includes filtering Port 25.
"Installing Port 25 filters dramatically reduced our outbound spam," says Jeff Hartley, manager of engineering security and abuse with Cox Communications, a member of MAAWG. Last summer the broadband provider, which has about 2 million customers, began blocking all outbound e-mail sent by residential subscribers that used Port 25 and sent that mail through Cox's own servers. This way the company can catch spam blasts before they leave the Cox network. The company lets certain residential subscribers continue to use their e-mail servers once the company validates them as legitimate senders, he adds.
About half of the ISPs in the United States put some controls on Port 25, Hartley estimates. The most recent to do so was Comcast, the country's largest broadband provider, resulting in one-third less spam coming out of its network, according to spokeswoman Jeanne Russo.
Yet blocking Port 25 isn't a no-brainer. ISPs with commercial users who need to operate their own e-mail servers can't stop them from doing so because part of the service ISPs provide is carrying messages to and from the customer's e-mail server over their networks.
"A lot of people are . . . complaining that if ISPs shut down Port 25, it turns off their ability to run (their own) mail servers," says Matthew Prince, CEO of consulting firm Unspam. "ISPs must do it responsibly. Some people are rightful users of Port 25, and it's important that we maintain their rights."
Sprint says it is not overly concerned that customers of its SprintLink IP network will use the service for spamming because the majority of these customers are large businesses. Sprint does not block Port 25 on its SprintLink service because these business customers need to be able to send e-mail from their own servers.
However, because of the proliferation of compromised computers, or zombies--those infected by a virus or worm and turned into spammer e-mail servers--Sprint has to deal with complaints of spam coming from SprintLink when a customer site has been infiltrated, says David Ham, Sprint's director of Internet services. In those cases, Sprint determines where the unwanted messages are coming from and contacts the customer so the zombie PCs can be shut down.
"I do believe ISPs need to be spam cops; I don't know that we have any other choice," Ham says.
ISPs have found other ways to curb outbound spam. Comcast says it's experienced a one-third reduction in outgoing spam since filtering Port 25. That reduction came after it already saw a 75 percent drop in spam on its network in the two previous months from other initiatives. Those include close monitoring of its network for spamming patterns and working with industry groups to help curb spam, Russo says.
Another effort MAAWG recommends is for ISPs to keep a close eye on their acceptable-use policies, which dictate the terms of a subscriber's agreement and usually place limits on their e-mail use, such as the number of e-mails that can be sent per month or the number of recipients allowed per e-mail. Usage that violates these terms usually points to a compromised computer, MAAWG's Wong says.
In another attempt to fight outbound spam, ISPs have begun hiring staff to watch the e-mail traffic flowing in and out of the network. For example, EarthLink's abuse team is a group of 14 professionals who monitor e-mail spikes, learn spammers' patterns, and slow down the mail stream of suspected spammers, says Mary Youngblood, the ISP's abuse team manager. This team also keeps an eye on the e-mail coming from customer Web sites that it hosts.
Despite these efforts, experts say the spam war will continue to escalate, particularly as armies of zombies spread around the world. "U.S.-based ISPs are among the first wave of ISPs that need to deal with the (zombie) problem. This is because of the higher penetration of home PCs and always-on connections," says Richi Jennings, an analyst with Ferris Research. But as broadband connections become more popular in other parts of the world, there will be more take-over targets who turn unsuspecting PCs into spam blasters.