Internet spam cops threaten anti-spam vendor

Stan Beer
Thursday, 20 July 2006 20:28

Business IT - Security

Australian anti-spam vendor TotalBlock Pty Ltd has been threatened with a service shutdown by its Internet Service Provider (ISP) after being wrongly accused of sending spam.
 
“People Telecom emailed us to say they had received numerous reports of spam activity coming from our IP address,” said TotalBlock Chairman Peter Stewart. “They threatened to suspend our service within 48 hours unless ‘appropriate action is taken.’
 
The company relies on People Telecom for servicing its TotalBlock anti-spam solution, which protects small to medium sized enterprise (SME) customers both in Australia and overseas.
 
“The shutdown threat followed a ludicrous chain of events that hinged around SpamCop, an IronPort Systems Inc product that determines the origin of unwanted email and reports it to the relevant ISPs.  The whole process was reminiscent of the Middle Ages witch hunts,” said Stewart. 
 
The events were as follows:
 
*      The web master from a domain in the UK reported to SpamCop receipt of a spam email from a TotalBlock user. The report contained details of the suspect email.
 
*      The email was actually a challenge (TotalBlock sends a challenge message to all incoming emails suspected of being spam).
 
*      SpamCop analyses suspect email and alerts all ISPs in the chain that they may be supporting a spam sender. One such ISP was People Telecom. Stewart says: “This is not surprising since the challenge message contains a link to our web site. The link is there so that receivers can click on it to verify the legitimacy of the challenge message by seeing that a credible company is behind it. Our customers have requested this process.”
 
*      SpamCop notified People Telecom that in its view, one of its users – TotalBlock Pty Ltd - was the source of spam
 
*      People Telecom advised TotalBlock that it was a source of spam, suggested that this spam could have come from five sources, and advised on how to deal with each possible source.  People Telecom said that once the “appropriate action” had been taken, TotalBlock could contact it to have the suspended service reconnected.
 
Peter Stewart said: “The report that People Telecom received was sent from a webmaster, but presumably that source could be anyone since SpamCop has a web site where suspect email can be reported. The email we received from People Telecom nominated ‘numerous reports’, but we received only one, and only after we asked for it.  People Telecom cautioned that our service would be suspended if we didn’t take “appropriate action.”
 
He added: “The process of preventing unwanted email by using black lists to detect good guys and bad guys is deeply flawed.  At present a sender can be banned when anyone – rightly or wrongly - places an IP address or a domain on a black list.”
 
Stewart said there are market concerns over the blacklist approach, in which good guys can be wrongly named as bad.  Once an IP address is put on a blacklist, the owner has to take steps to have it removed. The owner is guilty until proven innocent.
 
He said the chain of events that led to the ISP threat to TotalBlock Pty Ltd crossed many jurisdictions. The original mail that was challenged possibly came from the UK, but there is no way of knowing as it may have been “spoofed” to the UK address. The challenge to that email was sent from the Philippines, received in the UK and reported to an American service; at least two of the ISPs involved are in the Philippines and Australia and the challenge-response product is from Australia.
 
“It seems that the cyberspace cops have no geographic boundaries.”
 
Stewart added:  “The present widely used system of filtering is so flawed that unsubstantiated policing is on the rise in a vain attempt to shore it up. The methods of policing fall neatly into the hands of the spammers, who can use these methods as a weapon.  For example, spammers can set up Trojans to send spam to users ‘spoofed’ to be from legitimate IP addresses. The address is reported and denied service; the legitimate addresses are guilty until proven innocent. The addresses chosen can be random, causing widespread disruption to legitimate Internet users.”
 
He concluded: “Is this really where we want to go with one history’s greatest inventions? Load it down with complications due to the battle between spammers and the developers of anti-spam software? Wouldn’t it be smarter to solve the problem properly and using challenge-response, receive email only from wanted senders?”