Spamvertisers get the chop from UK ISPS

UK ISPs are adopting a code of practice that will enable them to shut down ecommerce sites found to have sent spam, regardless of how and from where the spam was sent.

At an extraordinary general meeting of the London Internet Exchange (LINX), which handles more than 90 per cent of the UK's internet traffic, 150 member ISPs agreed on a set of measures designed to close a loophole in the current system.

The LINX initiative aims to tackle spammers who host their ecommerce websites with a reputable ISP while sending spam from another network. ISPs' anti-spam policies will now also target website owners even when the site owner uses a third party to send the spam itself.

The initiative was published in the form of LINX's Best Current Practice (BCP) document.

Implementation will not be straightforward for two reasons, conceded LINX regulatory officer Malcolm Hutty. First, there is a danger that an ecommerce site could be shut down by a rival sending out spam on its behalf. "Obviously that's a potential concern," said Hutty. "But we're talking about best practices. Obviously, if an ISP thinks someone else is sending the spam then they shouldn't shut down an ecommerce site that may simply be a victim."

The second issue is based on the fact that most of these 'spamvertised' websites are hosted in the overseas countries where the spam also originates, because many UK ISPs already close 'spamvertised' websites under their terms of service. The success of this new initiative depends on LINX pressuring ISPs overseas into adopting more rigorous practices, said Hutty.

Hutty said he expects the measures to be adopted by RIPE, the internet policy-setting body for than 90 countries across Europe, the Middle East, Central Asia and Africa.

"The new BCP will raise the baseline, making the worldwide acceptable minimum standard tougher. We will be working to spread this standard beyond the UK at RIPE, Euro-IX and elsewhere. We shall also be asking for support from the UK government at WSIS (the World Summit on the Information Society), OECD and other international forums."

Hutty said past experience indicates that the policy will probably spread worldwide. The first LINX BCP on spam was adopted in May 1999 and has since become the basis of most anti-spam standards, having been endorsed by RIPE in 2000. "The recommendations of that first BCP have proved to be effective," said Hutty. "If we still had open relays, we would have given up on email, would have been catastrophic."

Hutty quoted figures saying that in 1999 nearly 20 per cent of UK mail servers were 'open relays' which could be used to send spam. By 2003, he said, less than one per cent of UK mail servers were open relays. "ISPs have taken action under the BCP to withdraw email services or even internet access for spammers. In fact, ISPs have also applied this sanction against each other if they knowingly fail to take action to prevent spamming by their customers."

Matt Loney writes for ZDNet UK