MCI accused of hosting spam tools

The London Internet Exchange (LINX) has threatened tough action after MCI, a prominent ISP, was accused of hosting a bulk mailing software application called Send Safe.

Malcolm Hutty, LINX regulation officer, warned on Thursday that the UK ISP community will snub the company responsible for hosting Send Safe, as the tool helps spammers to send massive amounts of mail across the internet.

"Send Safe's product clearly provides features that are designed to make spamming easier. As such this is exactly the kind of product we are trying to stop," said Hutty.

"ISPs depend on voluntary mutual cooperation for the effective functioning of their core business. ISPs that ignore community standards risk losing the cooperation of their peers, which is more valuable than any one customer could ever be," Hutty added.

LINX's 170 members - including UUNET, which is part of MCI WorldCom - use the exchange to swap internet traffic.

On Monday, anti-spam campaigners at Spamhaus accused MCI of hosting the Send Safe website, but MCI denies this charge.

An MCI official told ZDNet UK that the Send Safe website was hosted by a company that leased a line from it. MCI also says that it does not censor the content of its customer websites.

LINX warns, though, that software designed to assist spamming makes a major and harmful contribution to the prevalence of spam. Its best current practice guide calls on ISPs to prohibit customers from distributing spamming tools and to take action to enforce this, "up to and including terminating the customer's contract".

LINX said that its 170-strong membership in the ISP community, had "collectively decided that condoning this kind of customer abuse is to make [oneself] part of the problem".

Spamhaus believes that tools such as Send Safe are responsible for a huge increase in spam.

"This Send Safe feature instructs its hijacked proxies to send the spam out via the upstream ISP's main mail server (instead of the proxy sending the spam out from the infected machine itself). This means that billions of spam emails now flood the Internet coming from the main mail servers of large ISPs," warned Spamhaus in a recent report.

Security experts at MessageLabs have confirmed that Send Safe was malicious and was able to manipulate any computer that was infected with the Sobig, Sober and MyDoom viruses. It could then force those computers to send spam via an ISP's mail server to avoid being blocked by a blacklist of domain names used by known spammers.

Mark Sunner, chief technology officer for MessageLabs, said last week: "There's a new version of Send Safe affecting anything with blacklisting capability. Are we going to see more spam because of this? Yes. I don't want to be accused of scaremongering, but we are."

Dan Ilett writes for ZDNet UK.